Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

Abstract: A method is provided in one example and includes communicating an access request to a network element, the access request is associated with network authentication relating to a subscriber. The method also includes receiving an access response that includes a profile associated with the subscriber. The profile can include a group attribute that defines the subscriber as being part of a group of subscribers sharing a network data plan, which defines a data allotment assigned to the group over a specified time interval. In more detailed embodiments, a unique data string sent by an Authentication, Authorization, and Accounting element is received, where the unique data string identifies a full set of subscribers belonging to the group. Data underutilization of a first subscriber is offset by data overutilization of a second subscriber, where a summation of the data underutilization and the data overutilization do not exceed the data allotment assigned.

Abstract: In general, techniques are described for handling errors in subscriber session management within mobile networks. A downstream mobile gateway comprising a forwarding unit and a service unit may implement the techniques. The forwarding unit receives a packet that includes a destination address for a subscriber and a tunnel endpoint identifier (TEID). The service unit determines whether the TEID is associated with one of a number of subscriber records that store session data for current sessions associated with subscriber devices to communicate with the mobile network. In response to determining that the TEID is not associated with one of the subscriber records, the service unit generates a message that includes the TEID and the destination address and indicates that the downstream mobile gateway has determined that the TEID is not associated with one of the subscriber records. The forwarding unit then sends the message to the upstream mobile gateway.

Abstract: A method, performed by a network device, may include sending a request to a first server, detecting a first timeout without receiving a response from the first server, and sending the request to the first server and to a second server, in response to detecting the first timeout without receiving a response from the first server.

Abstract: A method is provided in one example and includes communicating an access request to a network element, the access request is associated with network authentication relating to a subscriber. The method also includes receiving an access response that includes a profile associated with the subscriber. The profile can include a group attribute that defines the subscriber as being part of a group of subscribers sharing a network data plan, which defines a data allotment assigned to the group over a specified time interval. In more detailed embodiments, a unique data string sent by an Authentication, Authorization, and Accounting element is received, where the unique data string identifies a full set of subscribers belonging to the group. Data underutilization of a first subscriber is offset by data overutilization of a second subscriber, where a summation of the data underutilization and the data overutilization do not exceed the data allotment assigned.

Abstract: A method and apparatus are provided for preventing data-packet loss upon a switchover from an active to a standby PDSN, in a redundant PDSN environment. Data-packet loss is prevented by modifying the checking of the sequence number associated with the data-packets. The first sequence number received upon switchover is used to determine the order of the subsequent GRE frames. The standby PDSN sends keep-alive packets associated with an arbitrary sequence number to a packet control function (PCF). On receiving a response from the PCF, the arbitrary sequence number is used as a starting sequence number for sending the data-packets. Otherwise, keep-alive packets with modified numbers are sent to the PCF. In synchronized communication sessions between the PDSN and the PCF, data-packet loss can be prevented by disabling the checking of the sequence number upon a switchover. In another embodiment, data-packet loss is prevented by excluding the sequence number.

Abstract: A method and apparatus are provided for preventing data-packet loss upon a switchover from an active to a standby PDSN, in a redundant PDSN environment. Data-packet loss is prevented by modifying the checking of the sequence number associated with the data-packets. The first sequence number received upon switchover is used to determine the order of the subsequent GRE frames. The standby PDSN sends keep-alive packets associated with an arbitrary sequence number to a packet control function (PCF). On receiving a response from the PCF, the arbitrary sequence number is used as a starting sequence number for sending the data-packets. Otherwise, keep-alive packets with modified numbers are sent to the PCF. In synchronized communication sessions between the PDSN and the PCF, data-packet loss can be prevented by disabling the checking of the sequence number upon a switchover. In another embodiment, data-packet loss is prevented by excluding the sequence number.