Abstract: A method by a mesh device is described. The method includes de-obfuscating first information of a received packet with a privacy key that matches a network identifier (NID) of the packet. The method also includes determining whether to decrypt second information of the packet based on the de-obfuscated first information.

Abstract: A network service allocating system for a software defined network (SDN) includes an SDN controller, a plurality of SDN switches, a cloud server, and a local server. The SDN controller includes modules for service managing and path managing. Each SDN switch can receive a packet from a client and send the packet to the SDN controller. The service managing module analyzes the packet to identify type of service required and allocates the network service to the cloud server or to the local server according to the type of service required. The path managing module plans an optimum transmission path and sends the path to the SDN controller. Thereby, the SDN switch can obtain the network service. An SDN controller and a network service allocating method are also provided.

Abstract: Provided is a relay device and manufacturing system that relays communication based on SECS/GEM protocol to a manufacturing system using a different communication protocol, and enables integrated management via a SECS/GEM host. Relay device performs protocol conversion between a SECS/GEM protocol and an original protocol that is a non-SECS/GEM protocol, and transfers data transmitted between user host and manufacturer host. Also, relay device performs transfer processing based on a port correspondence database that specifies local IP addresses of manufacturer host and the like and TCP protocol port numbers corresponding to these IP addresses.

Abstract: In accordance with disclosed embodiments, there are provided systems, methods, and apparatuses for implementing SoC coverage through virtual devices in PCIe and DMI controllers.

Abstract: The present disclosure provides an allocation method and apparatus for Code Block Groups in a Transport Block. The Method comprises the following steps: sending a Transport Block through a first device to a second device, wherein, the Transport Block comprises at least one Code Block Group which is obtained by the first device allocating the Code Blocks in the Transport Block according to a preset allocation strategy; and sending the preset allocation strategy through the first device to the second device. The technical scheme provided by the present disclosure has an advantage of high efficiency.

Abstract: Entropy in routing tables may be increase to perform packet forwarding. Hash tables that store forwarding routes may be divided into multiple hash table segments. Forwarding routes may be stored across the hash table segments in different route segments. When looking up route segments to identify a forwarding route for a destination address of a network packet, digest values generated for previous route segments may be used to determine hash key values to identify hash table entries in a different hash table segment. The forwarding route may be identified according to the hash table entries located based on the digest values for previous route segments.

Abstract: Some embodiments provide a forwarding element that detects and handles elephant flows. In detecting, the forwarding element of some embodiments monitors statistics or measurements relating to a data flow. In handling, the forwarding element marks each packet associated with a detected elephant flow in some manner to differentiate it from a packet associated with a mouse flow. Alternatively, the forwarding element of break elephant flows into a number mouse flow by facilitating in sending packets associated with the detected elephant flow along different paths.

Abstract: Some embodiments of the invention provide a novel method of tunneling data packets. The method establishes a tunnel between a first forwarding element and a second forwarding element. For each data packet directed to the second forwarding element from the first forwarding element, the method encapsulates the data packet with a header that includes a tunnel option. The method then sends the data packet from the first forwarding element to the second forwarding element through the established tunnel. In some embodiments, the data packet is encapsulated using a protocol that is adapted to change with different control plane implementations and the implementations' varying needs for metadata.

Abstract: Assignment of network addresses and estimations of flow sizes associated with network nodes can be enhanced. Assignment management component (AMC) partitions a set of network addresses into subsets of network addresses associated with respective classes. For respective virtual machines (VMs), an estimator component estimates a flow size associated with a VM based on parameters associated with the VM. AMC classifies VMs based on threshold flow-size values and respective estimated flow sizes of VMs, and assigns VMs to respective sub-groups of VMs associated with respective subsets of network addresses based on respective classifications of VMs. AMC assigns an available network address of a subset of network addresses associated with a class to a VM of a sub-group associated with that class. Estimated flow sizes and performance metrics also are utilized to make determinations regarding VM placement, traffic management, load balancing, resource allocation, and orchestration in cloud networks.

Abstract: A data processing method and apparatus relate to the field of communications technologies and applicable to data processing used to resolve a low security problem of data stored in a memory. A memory encryption/decryption (MED) apparatus receives a data write command, encrypts to-be-written data, scrambles an address to which data is to be written, and then saves a cyclic redundancy check (CRC) code of the to-be-written data and encrypted to-be-written data in a memory according to a scrambled address to which data is to be written. Solutions provided in the embodiments of the present disclosure are.

Abstract: The embodiment of the invention provides a measurement method and a measurement device for quality of a power distribution and utilization channel. The method comprises the steps of determining priority of each branch in the power distribution and utilization channel of which the quality is to be measured; and determining quality of the power distribution and utilization channel of each branch according to the priority. The method and the device are used for improving monitoring strength on a whole optical fiber channel, and enhancing application universality.

Abstract: A highly-programmable access node is described that can be configured and optimized to perform input and output (I/O) tasks, such as storage and retrieval of data to and from storage devices (such as solid state drives), networking, data processing, and the like. For example, the access node may be configured to execute a large number of data I/O processing tasks relative to a number of instructions that are processed. The access node may be highly programmable such that the access node may expose hardware primitives for selecting and programmatically configuring data processing operations. As one example, the access node may be used to provide high-speed connectivity and I/O operations between and on behalf of computing devices and storage components of a network, such as for providing interconnectivity between those devices and a switch fabric of a data center.

Abstract: In some examples, a method includes receiving, by a first network device, a private label route message from a second network device, the private label route message specifying a private label as a destination, a route distinguisher of an egress network device for the private label, a context protocol next hop address that identifies a private Multiprotocol Label Switching (MPLS) forwarding layer, and a next hop for the private label, determining, by the first network device and based on the private label route message, a label stack having a plurality of labels to use for forwarding traffic to the next hop for the private label, and storing, in a context forwarding table associated with the private MPLS forwarding layer, a private label destination with the label stack as a next hop for reaching the private label.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: Disclosed herein are system, method, and computer program product embodiments for representing a forwarding information base (FIB) in a database. An embodiment operates by determining that a first routing prefix of a first forwarding entry in the FIB is a less specific routing prefix than a second routing prefix in a second forwarding entry in the FIB. The embodiment determines that a first next hop of the first routing prefix is equal to a second next hop of the second routing prefix. The embodiment removes the second forwarding entry from the FIB. The embodiment then inserts the first forwarding entry into a database (e.g., a longest exact match (LEM) database or a longest prefix match (LPM) database) based on a prefix length of the first routing prefix of the first forwarding entry.

Abstract: Aspects of the embodiments are directed to receiving an address resolution protocol (ARP) request message from a requesting virtual machine, the ARP request message comprising a request for a destination address for a destination virtual machine, wherein the destination address comprises one or both of a destination hardware address or a destination media access control address; augmenting the ARP request message with a network service header (NSH), the NSH identifying an ARP service function; and forwarding the augmented ARP request to the ARP service function.

Abstract: An example to preserve packet order in a multi-fabric network includes: a migration detector to, after a first host sends a first packet of a first packet flow via a first active link between a first host and a first top-of-rack (TOR) switch, detect a migration of the first active link to a second active link between the first host and a second TOR switch, the first packet destined to a second host connected to the second TOR switch; and a migration notifier to, in response to the migration, send a migration notification message to cause configuration of the second TOR switch to send a second packet of the first packet flow to the first TOR switch via an inter-switch link between the first and second TOR switches, the second packet destined to the second host.

Abstract: A garbage collection method for a data storage device includes steps of: entering a background mode from a foreground mode; selecting a plurality of source data blocks from a plurality of in-use data blocks; dividing a mapping table into a plurality of sub-mapping tables and selecting one of the sub-mapping tables as a target sub-mapping table, wherein the target sub-mapping table is used to manage one of the source data blocks; selecting a destination data block from a plurality of spare data blocks; and sequentially updating a correspondence relationship of data stored in the target sub-mapping table from the source data blocks to the destination data block, wherein the updating comprises copying the data stored in the source data blocks to the destination data block.

Abstract: Disclosed are systems and methods for scaling Massively Scalable Data Center (MSDC) networks with a large number of end-point tunnels utilizing Equal-cost multi-path routing (ECMP). The systems and methods can use the NO-OP label operations to maintain single ECMP objects to switch a set of segment routing tunnels that share the same ECMP links. The forwarding engine can determine the use of the NO-OP label operation and update a received packet to enable the use of the single ECMP objects of the set of segment routing tunnels.

Abstract: A data routing method and apparatus resolve a problem that data packet forwarding efficiency is greatly reduced because a service function instance sequence needs to be retrieved for each data packet according to a 5-tuple of a data flow to which the data packet belongs. The data routing method includes: receiving, by a traffic classifier, a data packet, where the data packet belongs to a first data flow; allocating, by the traffic classifier, a first data route identifier to the first data flow, where the first data route identifier is used to identify a service function chain of the first data flow and is used to identify the first data flow; adding, by the traffic classifier, the first data route identifier to the data packet; and sending, by the traffic classifier, the data packet to a service function forwarding device.

Abstract: Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.

Abstract: After receiving the packet, an operation type of an operation to be performed for a packet is identified, a key value is extracted from the packet and Hash calculation is performed for the extracted key value; a calculation result of the Hash calculation is taken as a Hash entrance, and at least one Hash index table entry is found from a local Hash index table; match operation is performed between the identified operation type and the at least one Hash index table entry; the packet is processed according to a matched Hash index table entry if the matched Hash index table entry is found.

Abstract: An electronic device, according to one of the various embodiments of the present disclosure, includes: a memory; a communication module that transmits and receives messages; and a processor that, when a non-IP service-based message is received, creates an IP-based message including at least some of the non-IP service-based message, and provides the created IP-based message. In addition, various embodiments are provided.

Abstract: In one embodiment, a Segment Routing network node provides efficiencies in processing and communicating Internet Protocol packets in a network. An Internet Protocol (IP) packet, possibly a Segment Routing packet, is received by a node in a network, which updates the packet according to a corresponding Segment Routing Policy, that includes an ordered list of Segment Identifiers comprising, in first-to-last order, a first Segment Identifier followed by one or more subsequent Segment Identifiers. The updating of the packet includes setting the Destination Address to the first Segment Identifier, and adding said one or more subsequent Segment Identifiers, but not the first Segment Identifier, in a first Segment Routing Header. The updated packet is sent into the network without the first Segment Identifier being added to a Segment Routing Header in response to the Segment Routing Policy.

Abstract: A routing device and a further routing device of a switched network form a virtual router and are addressable by a virtual Media Access Control (MAC) address. The further routing device receives at least one data frame and sends, to the routing device, a request instructing the routing device to send an alert message for conveying information about the virtual MAC address throughout the switched network.

Abstract: Techniques for bridging communication between multiple networks to facilitate distribution of multicast data are described herein. For example, a node that is able to communicate with its network and an adjacent network may send a subscription message indicating that the node is a member of a multicast group. The subscription message may be forwarded up both networks. The node may then forward, between the networks, data that is destined for members of the multicast group.

Abstract: A computer-implemented method for application data switching comprises receiving, by one or more processors of a computer, an application data packet received from an application running on the computer; determining, by the one or more processors and from the application data packet, an Ethernet destination of the application data packet; based on the determined Ethernet destination, identifying, by the one or more processors, a destination on a wireless personal area network (WPAN); accessing, by the one or more processors, a payload of the application data packet; creating, by the one or more processors, a WPAN data packet that includes the identified destination on the WPAN and at least a portion of the payload from the application data packet; and transmitting, by the one or more processors, the WPAN data packet to the identified destination on the WPAN via a WPAN interface.

Abstract: In general, in one aspect, the disclosures describes a method that includes receiving multiple ingress Internet Protocol packets, each of the multiple ingress Internet Protocol packets having an Internet Protocol header and a Transmission Control Protocol segment having a Transmission Control Protocol header and a Transmission Control Protocol payload, where the multiple packets belonging to a same Transmission Control Protocol/Internet Protocol flow. The method also includes preparing an Internet Protocol packet having a single Internet Protocol header and a single Transmission Control Protocol segment having a single Transmission Control Protocol header and a single payload formed by a combination of the Transmission Control Protocol segment payloads of the multiple Internet Protocol packets. The method further includes generating a signal that causes receive processing of the Internet Protocol packet.

Abstract: Automatically diagnosing operation of a communication network, including collecting, during multiple time periods spanning multiple days, a plurality of Layer-4 statistics for Layer-4 network connections on the network; determining, for each time period in the multiple time periods, a first Layer-4 condition metric for the time period based on the Layer-4 protocol statistics collected during the time period; determining a network performance indicator, based on a number of the time periods that a first threshold condition is met by the first Layer-4 condition metric; determining whether the communication network has experienced a performance issue based on the network performance indicator meeting a second threshold condition; and causing a diagnostic action, a corrective action, or a maintenance action to be performed based on the determination whether the communication network has experienced a performance issue.

Abstract: Embodiments of the present disclosure disclose an SDN-based ARP implementation method and apparatus. The method includes: receiving, by a controller, an ARP request sent by a first switch, and when it is determined that no ARP entry corresponding to the ARP request exists locally, sending, to the first switch, an instruction configured to instruct the first switch to flood the ARP request. In this way, the ARP request can be broadcast to an entire network by means of message forwarding between switches.

Abstract: The present disclosure relates to an information transmission device and apparatus, a device and a storage medium. The method includes receiving a message from a source terminal device, the message including message data and a target terminal device identification; determining whether the target terminal device identification exists in a transmission list, the transmission list including identifications of terminal devices accessing an access point device, and the access point device being an access point device corresponding to the source terminal device; and sending the message data to the target terminal device if the target terminal device identification exists in the transmission list.

Abstract: A packet processing block. The block comprises an input for receiving data in a packet header vector, where the vector comprises data values representing information for a packet. The block also comprises circuitry for performing packet match operations in response to at least a portion of the packet header vector and data stored in a match table and circuitry for performing one or more actions in response to a match detected by the circuitry for performing packet match operations. The one or more actions comprise modifying the data values representing information for a packet. The block also comprises at least one stateful memory comprising stateful memory data values. The one or more actions includes various stateful actions for reading stateful memory, modifying data values representing information for a packet, as a function of the stateful memory data values; and storing modified stateful memory data value back into the stateful memory.

Abstract: A method and a system embodying the method for data lockdown and data overlay in a packet to be transmitted, comprising providing a first and a second masks comprising one or more position(s) and a data value at each of the one or more position(s); aligning the masks with the packet; comparing the data value at each of the one or more position(s) in the first mask with the data value at the one or more aligned position(s) in the packet; optionally replacing a data value at each of the one or more position(s) in the packet with a data value at the one or more aligned position(s) in the second mask; and providing the packet for transmission if the data value at each of the one or more position(s) in the first mask and the data value at the one or more aligned position(s) in the packet agree.

Abstract: A method for configuring a fibre channel (FC) storage area network (SAN), and an apparatus, where a first server sends a login request message to a switch, where the login request message includes a first identifier of a first virtual machine (VM) and a world wide group name (WWGN) of a port group of the first VM, enables the switch to establish a correspondence between the first identifier and the WWGN, and enables a storage device to establish the correspondence between the first identifier and the WWGN. A configuration of a first zone and a correspondence of a logical unit number (LUN) are both based on the WWGN. Therefore, in a migration process of the first VM, a network administrator does not need to re-configure a zone, and the storage device does not need to re-configure a correspondence between the first VM and an accessible LUN either.

Abstract: Some embodiments of the invention provide a method for assigning a data flow-specific identification value to each packet of a data flow. In some embodiments, a particular source endpoint transmits packets belonging to several different data flows to one or more destination endpoints. When sending packets, the source endpoint inserts a unique flow identification value to a particular field of the Internet Protocol (IP) header of each packet of a data flow. The use of these flow identification values enables intermediate network elements and the destination endpoint to efficiently identify to which data flow each packet belongs. In some embodiments, the source endpoint inserts the flow identification value into the 16-bit Internet Protocol version 4 (IPv4) identification field of the IP header of the packets.

Abstract: A device for converting an address, the device includes: a memory; and a processor coupled to the memory and configured to: receive a request packet of contents from a first information processing device; convert a first transmission source address included in the request packet to a second transmission source address by using a conversion table corresponding to a communication path of the request packet; and transmit the request packet to a second information processing device which determines whether to provide the contents based on the second transmission source address included in the request packet.

Abstract: Network interface apparatus includes packet processing circuitry, comprising hardware logic coupled between a network interface and a host interface for connection to a host processor. The hardware logic accesses a list of active connections established between the local processes running on the host processor and corresponding processes on other computers on the network and maintains context information with respect to each of the active connections. Upon receiving a packet from the network having a header identifying the packet as having been transmitted to a local process in accordance with a predefined transport protocol, the hardware logic checks the list to find a connection to which the packet belongs and upon finding the connection, verifies that the packet conforms to the respective state indicated by the context information for the connection and, if so, updates the context information and passes the packet to the local process.

Abstract: A packet processing method and an apparatus are provided. A first SFC proxy of a first SF entity splits a first packet to obtain a first original packet and a first SFC header, and the first SFC proxy sends the first SFC header to a second SFF. The first SF entity processes the first original packet to obtain a second original packet, and sends the second original packet to a service classifier. The service classifier sends, to the second SFF, a second packet that is obtained after the service classifier adds a second SFC header to the second original packet. The second SFF changes the second SFC header in the second packet into the first SFC header. In this way, a first packet carrying a first SFC header can be transmitted in a network architecture in which a legacy SF exists, so that the legacy SF becomes compatible.

Abstract: System and techniques for storage device hash production are described herein. A data transmission received at an interface of the storage device is decoded. Here, the data transmission includes a command corresponding to a hash operation, a set of input identifications, and an output identification. Members of the set of input identifications are marshalled to produce an input set. A hash engine of the storage device is invoked on the input set to produce a hash product. The hash product is stored in a portion of the storage device corresponding to the output identification.

Abstract: One or more timers can be used by an originating UE during setup of a communication session. The timer(s) can be triggered by an originating UE sending a request or receiving a response that uses a first signaling protocol. The timer(s) can further be terminated by the originating UE sending a request or receiving a response that uses a second signaling protocol different from the first signaling protocol, so long as the request/response using the second signaling protocol occurs before timeout of the timer(s).

Abstract: An approach is provided in which an information handling system receives, at a network virtualization edge (NVE), a set of Diffserv parameters comprising at least one classifier parameter, at least one meter parameter, at least one marker parameter, and at least one shaper/dropper parameter. The NVE performs a deep inspection on a plurality of data packets to classify the plurality of data packets at one or more classification levels. In turn, the NVE passes the set of Diffserv parameters and the one or more classification levels to underlay switch hardware.

Abstract: A communications network is established where devices are assigned either a static or random unique device identifier based on one or more of a broad variety of network, device or user-based attributes; where network devices, using a variable identification information (VII) software or firmware client, may authenticate and communicate directly with each other, based on such attributes within or outside of a specified zone; where network devices, using a sixth-sense technology (SST) software or firmware client to detect and discover such attributes, may communicate directly and privately with other targeted network devices; with the result that the network enables customized communications with targeted devices and assures a level of privacy and anonymity desired by either device.

Abstract: Metadata may be embedded in a service chain header (SCH) appended to a packet that is forwarded over a service chain path. The metadata may include information that is used to process the packet at a downstream service function chain (SFC) entity on the service chain path. The metadata TLV field may identify a service action to be performed by a downstream SFC entity. For example, the metadata TLV field may instruct the downstream SFC entity to drop the packet, to redirect the packet (or a traffic flow associated with the packet), to mirror a traffic flow, to terminate a communication connection, to start or stop a packet accounting, and/or to apply a higher grade of service. In another embodiment, the metadata TLV field specifies an OAM service action list that identifies service actions that have been performed on the packet.

Abstract: A management device according to one mode of the present invention includes: a link information obtaining unit configured to, with respect to a plurality of communication devices capable of relaying information and capable of establishing communication connection with each other, obtain link information including communication connection relationship of each communication device and communication quality between the communication devices; a transmission information obtaining unit configured to obtain transmission information including specification information for specifying target information and required quality which is communication quality required for transmitting the target information; and a determination unit configured to search for a transmission path formed by the communication devices and capable of transmitting the target information while satisfying the required quality, on the basis of the link information obtained by the link information obtaining unit and the transmission information obtaine

Abstract: A computer and data protection system include a peripheral sharing device that is communicatively linked to an onboard internet server and a separate user computer. The onboard internet server is connected to a first communication port for communicating with the separate user computer, and a second communication port for communicating over the internet. A switch selectively transitions the system between a protected operating mode wherein the second communication port is disabled or disconnected, and an open operating mode wherein the first communication port is disabled or disconnected. The system includes an authentication unit having an input/output device for communicating with a removable key. The authentication unit functioning to provide system access only upon successful comparison of a user password that is stored on the physical key with a corresponding user password that is stored in the authentication unit.

Abstract: A hyperscale switch is implemented with a plurality of semiconductor crossbar switching elements connected to one another according to a direct point-to-point electrical mesh interconnect for transceiving data packets between peripheral devices connected to the switch and utilizing a lookup table and network device addressing for reduced switching power.

Abstract: Systems and methods for InfiniBand fabric optimizations to minimize SA access and startup failover times. Based on the combination of path record parameters defined with values from the Homogeneous Fabric/Subnet flag (or configuration parameter), as well as the GID and SLID information defined by IPoIB ARP requests and responses, there is no additional need for SA requests to obtain path records or path related information in general.

Abstract: In an embodiment, a computer-implemented method for preventing an Internet Protocol identifier (“IPID”) overflow in computer networks is disclosed. In an embodiment, the method comprises: receiving, by an edge service gateway, a first packet that requires fragmentating, and determining whether the edge service gateway is configured to prevent IPID overflow. In response to determining that the edge service gateway is configured to prevent IPID overflow, a plurality of packet fragments for the first packet is created based on, at least in part, contents of the first packet. A packet fragment, of the plurality of packet fragments, comprises an IP header, an additional header, and a portion of the first packet, wherein an additional key field in the additional header and an IPID field in the IP header of the packet fragment cumulatively store a packet sequence number for the first packet.

Abstract: A system for and method of media encapsulation is presented. The method may include receiving, via an audio digitizer, a plurality of packets of data and compressing, via a codec, the plurality of packets of data. The method may also include queuing the plurality of packets of data in a queue and encrypting, via a filter, payloads of at least two of the plurality of packets of data in the queue into a single payload. The method further include transmitting the single payload in a single encrypted data packet.

Abstract: Examples disclosed herein relate to security actions that can be taken at a network appliance based on a received copy of a neighbor discovery packet. The neighbor discovery packet copy is received on a control plane of a network that originated at a port on a data plane of the network. The neighbor discovery packet copy includes identification information including an internet protocol address, a media access control address, and information about the port. The identification information is compared to a binding state table to determine that the internet protocol address and the media access control address match the binding state table, but the port does not match a previous port on the binding state table for the internet protocol address. A security action is performed.