Abstract: A source routing method and apparatus are provided. The method includes receiving a data packet that comprises a destination address, a source address, and a payload, determining a plurality of next-hops along a service chain path between the source address and the destination address, generating a source routed data packet that comprises the destination address, the source address, the plurality of next-hops, and the payload, setting the destination address of the source routed data packet to a first next-hop from the plurality of next-hops along the service chain path, and forwarding the source routed data packet in accordance with the destination address.

Abstract: A method and apparatus for connecting/attaching a mobile device to a network. Service information, such as pricing and plan information, associated with one or more networks is provided to a mobile device. The mobile device requests and receives configuration details for a selected one of the networks. The configuration details can include identity information such as is stored in a reprogrammable SIM, usable for connecting/attaching the mobile device to the selected network. The mobile device then registers and connects with the selected network based on the configuration details.

Abstract: The present disclosure is drawn to systems and methods for activating a mobile device in an enterprise mobile management context. The mobile device is configured to generate a first device security certificate which comprises a device key and an identifier of the mobile device. The device key corresponds to a shared secret known to the mobile device and to an authentication server. The mobile device sends the first device security certificate to the authentication server. The authentication server validates the mobile device by comparing the device key to a server key and by locating the identifier in a list of known identifiers. When the mobile device is validated, the authentication server sends a first server security certificate to the mobile device. The first device and server security certificates may then be used to establish a secure connection, over which a second set of device and server certificates may be enrolled.

Abstract: A measurement initiation method for inter-frequency/inter-system cell reselection and UE thereof are described. A signal quality value of a current serving cell is obtained for many times, and a signal quality value smaller than or equal to a threshold of measurement initiation of a neighboring inter-frequency/inter-system cell is stored storing until L signal quality values are obtained; a mean signal quality value is obtained by calculation according to the obtained L signal quality values, and when the mean signal quality value is greater than a signal quality reference threshold, UE initiates the measurement of the neighboring inter-frequency/inter-system cell. By using the method and UE, the problem that UE frequently initiates measurement of a neighboring inter-frequency/inter-system cell even when UE does not move or moves a little can be solved, the power of the UE can be saved, and the radiation produced by the UE on a mobile user can be reduced.

Abstract: The present disclosure is drawn to systems, methods, and computer-readable media for mitigating cookie-injection and cookie-replaying attacks using a VPN client. The VPN client receives a session request regarding access to a private intranet. In response to the request, the VPN client retrieves cookie deleting criteria, and deletes all cookies which satisfy the cookie deleting criteria. Once all cookies satisfying the cookie deleting criteria are deleted, the VPN client proceeds with the session request.

Abstract: Aspects of the invention pertain to methods and devices that allow user equipment (UE), such as for example wireless devices, to reconfigure their respective antennas in a dynamic manner to allow connection to additional or fewer logical networks, also being referred to as network slices. Changing the configuration of the array of antennas may include changing an existing configuration, or allocation, of the antennas that are currently communicating with a first number of logical networks into a different configuration of antennas for communicating with a second, different second number of logical networks. In some cases this may mean that antennas that were allocated for communicating with a primary logical network are re-allocated for communicating with a second logical network, with other antennas remaining in communication with the primary logical network.

Abstract: A service chaining method comprising receiving a source routed data packet, wherein the source routed data packet comprises a destination address and identifies a plurality of next-hops along a service chain path, identifying a next-hop for the source routed data packet using the plurality of next-hops, determining whether the next-hop is source routing capable, setting the destination address of the source routed data packet in accordance with the determination, wherein the destination address is set to the next-hop when the next-hop is source routing capable, and wherein the destination address is set to a next downstream network node that is source routing capable when the next-hop is not source routing capable, and forwarding the source routed data packet to the next-hop.

Abstract: A method for operating a source node includes receiving a data path validation request command requesting validation of a path associated with a traffic flow identified in the data path validation request command, and determining a first hop sequence in accordance with the path being validated, wherein the first hop sequence is identical to a second hop sequence associated with a non-validation request packet associated with the path being validated. The method also includes generating, by the source node, a validation request packet in accordance with the data path validation request command, the validation request packet comprises route information associated with the first hop sequence, an alert flag set to a specified value, and a path validation header specifying processing performed by nodes receiving the validation request packet, and transmitting, by the source node, the validation request packet in accordance with the route information.

Abstract: A method for operating a source node includes receiving a data path validation request command requesting validation of a path associated with a traffic flow identified in the data path validation request command, and determining a first hop sequence in accordance with the path being validated, wherein the first hop sequence is identical to a second hop sequence associated with a non-validation request packet associated with the path being validated. The method also includes generating, by the source node, a validation request packet in accordance with the data path validation request command, the validation request packet comprises route information associated with the first hop sequence, an alert flag set to a specified value, and a path validation header specifying processing performed by nodes receiving the validation request packet, and transmitting, by the source node, the validation request packet in accordance with the route information.

Abstract: Routers using virtual routing and forwarding nodes to implement a service fabric of service chains. The router may configure M+1 virtual routing and forwarding instances, M being an integer representing a number of a plurality of service appliances in a data center network. Each virtual routing and forwarding instance may be associated with a routing table of routing rules to define various service chain routing paths. The routing rules are based on destination addresses in data packets.

Abstract: The devices, systems, and methods test network connectivity, where the physical network is used to provide one or more service chains connecting service appliances, including firewalls, intrusion detection systems, load balancers, network address translators, web servers, and so on. A service chain may involve multiple routing paths. The devices, systems, and methods test network connectivity test network connectivity by injecting customized echo request packets on each routing path and collecting customized echo reply packets in response. The customized echo reply packets are processed and aggregated to isolate network connectivity problems.

Abstract: An authorization method comprising receiving command signals from a plurality of controlling accounts, determining whether the number of received command signals meets a threshold, wherein the threshold is at least two, and executing a controlled function in response to the determination. An authorization method comprising accessing a control interface as a first controlling account for a controlled function, communicating command instructions for sending a command with a second controlling account for the controlled function, and sending the command in accordance with the command instructions, wherein sending the command satisfies an authorization condition for executing the controlled function.

Abstract: A method implemented by a network firewall, comprising obtaining a first authentication token for a network test, receiving a test request message for performing the network test on a network element (NE) connected to the network firewall, authenticating the test request message by determining whether the test request message includes a second authentication token that matches the first authentication token, and granting the network test on the NE when the second authentication token matches the first authentication token.

Abstract: A packet obfuscation method comprising receiving a data packet having a routing header portion and a payload portion, performing a first obfuscation on the routing header portion to generate an obfuscated routing header portion, performing a second obfuscation on at least the payload portion to generate an obfuscated payload portion, and combining the obfuscated routing header portion and the obfuscated payload portion to form an obfuscated packet. A packet forwarding method comprising obfuscating routing information using a packet obfuscation function, generating a plurality of forwarding rule entries in accordance with the obfuscated routing information, transmitting the plurality of forwarding rule entries to at least one network node in a network, transmitting the packet obfuscation function to at least one network node in the network, and transmitting a de-obfuscation function to at least one network node in the network.

Abstract: An address resolution method, comprising obtaining an Internet Protocol (IP) address for a destination network node, computing a Media Access Control (MAC) address for the destination network node using a mapping function and the IP address for the destination network node, and sending data traffic using the MAC address computed for the destination network node.

Abstract: A service chaining method comprising receiving a source routed data packet, wherein the source routed data packet comprises a destination address and identifies a plurality of next-hops along a service chain path, identifying a next-hop for the source routed data packet using the plurality of next-hops, determining whether the next-hop is source routing capable, setting the destination address of the source routed data packet in accordance with the determination, wherein the destination address is set to the next-hop when the next-hop is source routing capable, and wherein the destination address is set to a next downstream network node that is source routing capable when the next-hop is not source routing capable, and forwarding the source routed data packet to the next-hop.

Abstract: Routers using virtual routing and forwarding nodes to implement a service fabric of service chains. The router may configure M+1 virtual routing and forwarding instances, M being an integer representing a number of a plurality of service appliances in a data center network. Each virtual routing and forwarding instance may be associated with a routing table of routing rules to define various service chain routing paths. The routing rules are based on destination addresses in data packets.

Abstract: A virtual Internet Protocol (IP) address is assigned to a client device having a client IP address associated therewith. The virtual IP address is then mapped to the client IP address and to an identifier of a Secure Socket Layer (SSL) Virtual Private Network (VPN) tunnel. An incoming packet received through the SSL VPN tunnel and destined to a server device has the client IP address as its source address, which is in turn rewritten with the virtual IP address mapped to the client IP address, resulting in a modified incoming packet that is sent to the server device. An outgoing packet received from the server device for transmission to the client device has the virtual IP address as its destination address, which is in turn rewritten with the client IP address mapped to the virtual IP address, resulting in a modified outgoing packet that is forwarded into the tunnel.

Abstract: The devices, systems, and methods test network connectivity, where the physical network is used to provide one or more service chains connecting service appliances, including firewalls, intrusion detection systems, load balancers, network address translators, web servers, and so on. A service chain may involve multiple routing paths. The devices, systems, and methods test network connectivity test network connectivity by injecting customized echo request packets on each routing path and collecting customized echo reply packets in response. The customized echo reply packets are processed and aggregated to isolate network connectivity problems.

Abstract: A service description may be used in network virtualization in order to specify requirements of an application. In order to provide network virtualization for generic networking components, including legacy networking components, the service description is mapped to a logical network implementation and then subsequently mapped to a physical implementation.