Abstract: System, method, and computer program product to perform an operation, the operation comprising capturing, at one or more peering routers, parameters for a plurality of data packets sent by a client device and specifying a destination network address, identifying which peering router captured the parameters for each of the plurality of data packets, determining, based on the identified peering routers, a first peering router nearest to the client, relative to the other peering routers, identifying a first content cache, of a plurality of content caches in a content distribution network, nearest to the first peering router, and fulfilling a content request from the client device using content stored on the first content cache.

Abstract: Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers.

Abstract: In one embodiment, a client device queries a location server using a client-selected interface for content retrieval from a content distribution network (CDN), and receives a location attribute from the location server based on a location of the client device. The client device then presents the location attribute to a CDN selector within a first content retrieval request, and may receive a redirection from the CDN selector to a selected content source based on the location attribute. As such, the client device may then initiate a second content retrieval request to the selected content source. In another embodiment, a CDN selector receives a content retrieval request from a client device, and determines that the content retrieval request contains a location attribute indicating a location of the client device. Based on the location attribute, the CDN selector selects a content source, and redirects the client device to the selected content source.

Abstract: Techniques are presented herein for optimizing secure communications in a network. A router in a virtual private network determines whether or not it has successfully registered with a key server that provides cryptographic keys for routers in the virtual private network. The router stores state information that is indicative of whether or not the router has successfully registered with the key server.

Abstract: A first virtual machine is established in a virtual private service chain to provide a first network service to virtual private service chain traffic. A second virtual machine is also established the virtual private service chain to provide a second network service to the virtual private service chain traffic. The virtual private service chain traffic is encrypted for transmission within the virtual private service chain from the first virtual machine to the second virtual machine, wherein the encryption uses a key shared by the first and second virtual machines.

Abstract: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.

Abstract: Techniques are presented herein for optimizing secure communications in a network. A router in a virtual private network determines whether or not it has successfully registered with a key server that provides cryptographic keys for routers in the virtual private network. The router stores state information that is indicative of whether or not the router has successfully registered with the key server.

Abstract: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.

Abstract: A slave resource router may receive a client request. The slave resource router may be the nearest representation of an Anycast IP address in a network to a client sending the client request in the network. The slave resource router may then determine that the slave resource router has been authorized to cache content for a delivery service corresponding to the client request. Next, the slave resource router may determine that content corresponding to the client request is cached locally in a blind cache. Then the slave resource router may provide the client with the content from the blind cache.

Abstract: Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers.

Abstract: Techniques are presented herein for optimizing secure communications in a network. A router in a virtual private network determines whether or not it has successfully registered with a key server that provides cryptographic keys for routers in the virtual private network. The router stores state information that is indicative of whether or not the router has successfully registered with the key server.

Abstract: A slave resource router may receive a client request. The slave resource router may be the nearest representation of an Anycast IP address in a network to a client sending the client request in the network. The slave resource router may then determine that the slave resource router has been authorized to cache content for a delivery service corresponding to the client request. Next, the slave resource router may determine that content corresponding to the client request is cached locally in a blind cache. Then the slave resource router may provide the client with the content from the blind cache.

Abstract: A system and methods for providing dynamic transcoder rate adaption for an adaptive bit streaming function is described. In a first embodiment, a client may select from all available bit rates during the encoding session, wherein the bit rates are provided to the client via a manifest file from a media gateway. In a second embodiment, a subset of the bit rates are provided to the client, from which a client chooses a selected bit rate. The encoding session continues until a request for a new bit rate is received from the client, at which time a new subset of bit rates are generated. This new subset of bit rates is presented to the client, and this loop continues until the termination of the encoding session.

Abstract: System, method, and computer program product to perform an operation, the operation comprising capturing, at one or more peering routers, parameters for a plurality of data packets sent by a client device and specifying a destination network address, identifying which peering router captured the parameters for each of the plurality of data packets, determining, based on the identified peering routers, a first peering router nearest to the client, relative to the other peering routers, identifying a first content cache, of a plurality of content caches in a content distribution network, nearest to the first peering router, and fulfilling a content request from the client device using content stored on the first content cache.

Abstract: Consistent with embodiments of the present invention, a system may be provided to provide per-subscriber stream management comprising: a client capable of receiving a playlist containing a subset of segments associated with a video asset; a video application server to request subscriber state information and to build state representations in a subscriber database on a per-subscriber basis; a media segmenter capable of providing the video asset in multiple bit rates; a subscriber state manager capable of managing the current state of one or more subscribers in a subscriber database; and a stream manager capable of requesting the assignment of bandwidth from a wireless infrastructure on a per-subscriber basis.

Abstract: In one embodiment, a client device queries a location server using a client-selected interface for content retrieval from a content distribution network (CDN), and receives a location attribute from the location server based on a location of the client device. The client device then presents the location attribute to a CDN selector within a first content retrieval request, and may receive a redirection from the CDN selector to a selected content source based on the location attribute. As such, the client device may then initiate a second content retrieval request to the selected content source. In another embodiment, a CDN selector receives a content retrieval request from a client device, and determines that the content retrieval request contains a location attribute indicating a location of the client device. Based on the location attribute, the CDN selector selects a content source, and redirects the client device to the selected content source.

Abstract: Consistent with embodiments of the present invention, a system may be provided to provide per-subscriber stream management comprising: a client capable of receiving a playlist containing a subset of segments associated with a video asset; a video application server to request subscriber state information and to build state representations in a subscriber database on a per-subscriber basis; a media segmenter capable of providing the video asset in multiple bit rates; a subscriber state manager capable of managing the current state of one or more subscribers in a subscriber database; and a stream manager capable of requesting the assignment of bandwidth from a wireless infrastructure on a per-subscriber basis.

Abstract: Systems and/or methods of secure communication of information between multi-domain virtual private networks (VPNs) are presented. A dynamic group VPN (DGVPN) can reside in one domain and a disparate DGVPN can reside in a disparate domain. An administrative security authority (ASA) can be employed in each domain. Each ASA can generate and exchange respective keying material and crypto-policy information to be used for inter-domain communications when routing data from a member in one DGVPN to a member(s) in the disparate DGVPN, such that an ASA in one domain can facilitate encryption of data in accordance with the policy of the other domain before the data is sent to the other domain. Each ASA can establish a key server to generate the keying material and crypto-policy information associated with its local DGVPN, and such material and information can be propagated to intra-domain members.

Abstract: A system and method directed to carrying out dynamic secured group communication is provided. The method includes: obtaining a first packet that includes a first header; forming a frame that includes the first header in encrypted form; combining the first header and the frame to form a second packet and forming a second header; encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network.

Abstract: In one embodiment, a method for receiving a request from a first interface to establish a session with at least a second interface in a communication network is provided. The request is transmitted to an application layer signaling device via an application layer signaling protocol dialog, wherein the application layer signaling protocol dialog is configured to facilitate communication between the first interface and the application layer signaling device. The method further includes communicating parameters for establishing a session tunnel to a first edge router via the application layer signaling protocol dialog, wherein the first edge router is configured to dynamically establish the session tunnel between the first edge router and at least a second edge router, wherein the second edge router is positioned proximate to the at least second interface in the communication network.