Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.

Abstract: Various systems and methods for performing bit indexed explicit replication (BIER) using multiprotocol label switching (MPLS). For example, one method involves receiving a packet that includes a MPLS label. The packet also includes a multicast forwarding entry. The method also involves determining, based on the value of the MPLS label, whether to use the multicast forwarding entry to forward the packet. The method further includes forwarding the packet.

Abstract: A method for transmitting a broadcast signal includes generating a packet carrying a broadcast service and service signaling information, and a packet carrying fast information for supporting rapid service scans and service acquisition, the fast information including identification information for identifying the broadcast service, service category information representing a category of the broadcast service and hidden information representing whether or not the broadcast service is related to a test service; generating a robust header compression (RoHC) packet by compressing a header of each packet, and signaling information including context information generated from the compressing the header of each packet; and transmitting a signal frame including the RoHC packet and the signaling information.

Abstract: The present disclosure provides a gateway controlling chip and a network packet processing method thereof. The gateway controlling chip is configured to: retrieve a network packet; determine that the network packet is an upstream IP tunneling network packet; determine a packet type of the upstream IP tunneling network packet; retrieve a packet operation list corresponding to the packet type, wherein the packet operation list records a plurality of packet operations; and perform the packet operations for processing the network packet.

Abstract: Aspects of the present disclosure relate to techniques that may help enable the determination of uplink resource allocation in systems that support dynamic uplink-downlink subframe configurations. An example method generally includes receiving signaling indicating a dynamic uplink-downlink (UL-DL) subframe configuration, determining hybrid automatic repeat request (HARQ) acknowledgment/negative acknowledgment (ACK/NACK) timing based on a reference UL-DL subframe configuration, and determining HARQ resource allocation based on the dynamic UL-DL subframe configuration.

Abstract: A VM receives a first ARP request from a first instance of a virtualized network function (VNF) associated with a first MAC address. The VM may determine the first MAC address and, based at least in part on the first MAC address, may a second MAC address with which to respond to the first ARP request. The VM may then send, to the first instance of the VNF, a response to the first ARP request specifying the second MAC address. The VM may also receive a second ARP request from a second instance of the VNF associated with a third MAC address. The VM may determine a fourth MAC address with which to respond to the second ARP request, and may thereafter send a response to the second ARP request to the second instance of the VNF, with the response specifying the fourth MAC address.

Abstract: Method and apparatus for carrying out the method receiving packets, each of the packets comprising a header and a payload. For a particular packet among the packets, the method includes processing at least the header of the particular packet to determine a flow associated with the particular packet; attempting to determine a payload structure based on the flow, the payload structure associated with transport of coded video data in the payload of the particular packet; and if the attempting is successful, repackaging coded video data contained in the payload of the particular packet into a new packet and forwarding the new packet to an external system or storing the new packet in memory.

Abstract: A method of controlling access through a Bluetooth connection is provided. The method comprising: detecting Bluetooth advertisements of one or more access controllers using a mobile device application; determining whether to connect to the Bluetooth advertisements using the mobile device application; connecting the mobile device application to each of the one or more access controllers using separate Bluetooth connections; enumerating services of each access controller using the mobile device application; authenticating the mobile device application by transferring a credential; detecting intent of the mobile device application to engage a specific access controller; and activating a lock actuator within the specific access controller.

Abstract: Technology for establishing network communications over an overlay network among nodes of configurable network computer systems, such as the storage system nodes of a hyper-converged infrastructure system is disclosed. The nodes are configured for communication over an overlay network and overlay endpoints corresponding to the nodes are enabled for encapsulating network communications between overlay endpoints. The nodes may then communicate over a common overlay subnetwork even though they operate in different local subnetworks with different subnetwork configurations. An installer may be similarly configured for network communications with the nodes over the overlay subnetwork.

Abstract: A link validation system includes a first device and a second device. The first device identifies that a first link to the second device has become available via a first port on the first device, and determines that the first link to the second device is not a valid link. In response to determining that the first link to the second device is not a valid link, the first device configures the first port in an auto-negotiation error state. Subsequent to configuring the first port in the auto-negotiation error state, the first device detects a port connection cycling operation associated with the first port and, in response, clears the auto-negotiation error state for the first port.

Abstract: An on-chip data packet processing method and corresponding integrated circuit, wherein data packets are received at an ingress port and processed with an on-chip wire-speed engine. The processing comprises adding metadata to the data packets, forwarding the processed data to an on-chip QoS unit, altering the metadata of the data packets and/or providing further metadata to the data packets. The data packets are forwarded from the on-chip QoS unit to an on-chip data consumer. If the data consumer is a processing unit the data packets are processed in a first processing step, redirected from the processing unit to the QoS unit and the step of forwarding the data packets to an on-chip data consumer is repeated.

Abstract: A delegate wireless terminal can receive and store messages sent to it by a receiving network node. The wireless terminal can identify a message label based on a mapping for the received message. A transmitting network node can transmit a message label to a receiving network node across a backhaul link. The receiving network node can transmit a message label to the wireless terminal. The wireless terminal can identify a stored message that corresponds to the received message label, and send the corresponding message to the receiving network node. The receiving network node can then transmit the message to its intended destination.

Abstract: Embodiments of the present application disclose a method and terminal device for data transmission. The method is applied to a vehicle-to-everything system, and comprises: a terminal device in a first protocol layer determining, according to service information of data to be sent, a transmission mechanism for transmitting the data to be sent. The method and terminal device in the embodiments of the present application enhance data transmission capabilities.

Abstract: A method, computer program product, and a computer system are disclosed for isolating data to one or more storage pools receive a packet from a host; determine whether the packet contains virtual extensible local area network (VXLAN) information; extract, in response to determining that the packet contains VXLAN information, a network identifier from the packet; determine one or more storage pools that correspond to the extracted network identifier; and store data from the packet in the one or more determined storage pools.

Abstract: Methods and systems for service integrated domain name servers are described. A method for out of path border gateway protocol (BGP) validation includes receiving, at a network component, a prefix announcement. The network component denies acceptance of the prefix announcement. A BGP monitor at the network component sends the prefix announcement to an out of path validation controller. The out of path validation controller evaluates the prefix announcement against one or more validation tests, sends a validation notification based on the one or more validation tests, and programs the network component for a validated prefix announcement.

Abstract: By splitting CGN functions based on a control plane and a forwarding plane, a CGN control plane function is put into a BRAS CP device, and a CGN forwarding plane function is retained on a CGN card on the BRAS DP device, and CGN configuration information is distributed by the BRAS CP device to the BRAS DP device.

Abstract: An apparatus is provided for control of a plurality of forwarding switches using a network controller. The network controller executes a routing configuration application that analyzes interconnections between the forwarding switches to identify a topology of the network, determine label switched paths (LSPs) between the forwarding switches, and transmits the next hop routes to the forwarding switches. The forwarding switches use the next hop routes to route packets through the network according to a multiprotocol label switching (MPLS) protocol. Each LSP includes one or more next hop routes defining a forwarding address associated with one forwarding switch to an adjacent forwarding switch.

Abstract: According to one aspect disclosed herein, a system can include a set of node peers, including a first subset implemented in software and a second subset implemented in hardware. The first subset can include a software node. The second subset can include a hardware node that includes a hardware cache, a processor, and a memory that stores computer-executable instructions. The hardware node can receive, from a network, a packet, and can determine if data that identifies a path associated with the packet is stored in the hardware cache. If not, the hardware node can query the software node to identify the path associated with the packet, and can receive, in response from the software node, the data that identifies the path, which then can be stored in the hardware cache. The hardware node can forward, along the path, the packet to a network element.

Abstract: Some embodiments of the invention provide novel methods for performing services on data messages passing through a network connecting one or more datacenters, such as software defined datacenters (SDDCs). The method of some embodiments uses service containers executing on host computers to perform different chains (e.g., ordered sequences) of services on different data message flows. For a data message of a particular data message flow that is received or generated at a host computer, the method in some embodiments uses a service classifier executing on the host computer to identify a service chain that specifies several services to perform on the data message. For each service in the identified service chain, the service classifier identifies a service container for performing the service. The service classifier then forwards the data message to a service forwarding element to forward the data message through the service containers identified for the identified service chain.

Abstract: Mechanisms are provided for evaluating a trained machine learning model to determine whether the machine learning model has a backdoor trigger. The mechanisms process a test dataset to generate output classifications for the test dataset, and generate, for the test dataset, gradient data indicating a degree of change of elements within the test dataset based on the output generated by processing the test dataset. The mechanisms analyze the gradient data to identify a pattern of elements within the test dataset indicative of a backdoor trigger. The mechanisms generate, in response to the analysis identifying the pattern of elements indicative of a backdoor trigger, an output indicating the existence of the backdoor trigger in the trained machine learning model.

Abstract: Embodiments of the present invention provide a packet processing method, including: receiving, by a first node, a first packet, where the first packet carries a first bit string, the first bit string includes M bit sets, each bit set corresponds to one node group, a value of the bit set is used to indicate whether one or more target nodes of the first packet include the corresponding node group; and determining, by the first node based on the first bit string and a second bit string, whether to send the first packet to a second node, where the second bit string includes N bit sets, each bit set corresponds to one node group, a value of the bit set is used to indicate whether a node belonging to the corresponding node group exists in one or more related nodes of the first node.

Abstract: A device receives call information associated with a call from a first user device to a second user device, where the first user device is associated with a first network, and the second user device is associated with a second network separate from the first network. The call information includes a caller identification and is received via an originating network device of the first network. The device determines whether the caller identification is verified, and adds authentication information to the call information when the caller identification is verified. The device receives the call information and the authentication information from a terminating network device of the first network, and removes the authentication information from the call information. The device adds a cryptographic signature to the call information, and causes the call information and the cryptographic signature to be provided to the second network for routing to the second user device.

Abstract: An example method of operating a network may include determining whether a flow is to be added to the network based on: a flow type of the flow, a link condition of the flow, and for each possible combination of flow type and link condition out of multiple flow types and multiple link conditions, the number of flows currently carried on the network that correspond to the respective combination.

Abstract: A data processing method comprises: in response to data to be encrypted or decrypted, determining, at a blockchain node, whether an adapter coupled to the node has been initialized; in response to determining that the adapter has not been initialized, determining an access address of the adapter; initializing the adapter based on the access address; and enabling the initialized adapter to encrypt or decrypt the data. As such, data encryption or decryption at the blockchain node is accelerated via the adapter.

Abstract: Systems and methods for enabling access to dedicated resources in a virtual network using top of rack switches are disclosed. A method includes a virtual filtering platform encapsulating at least one packet, received from a virtual machine, to generate at least one encapsulated packet comprising a virtual network identifier (VNI). The method further includes a TOR switch: (1) receiving the at least one encapsulated packet and decapsulating the at least one encapsulated packet to create at least one decapsulated packet, (2) using the VNI to identify a virtual routing and forwarding artifact to determine a virtual local area network interface associated with the dedicated hardware portion, and (3) transmitting the at least one decapsulated packet to the dedicated hardware portion based on at least one policy provided by a controller, where the at least one policy comprises information related to a customer of the service provider.

Abstract: A method includes, at a node associated with a multiprotocol label switching system (MPLS) network, identifying information associated with an application flow based on one or more unencapsulated packet headers of the application flow or based on an ingress data stream that includes the application flow. The method further includes, in response to identifying the information, and based on stored data that maps application flows with psuedowires, determining a number of pseudowires corresponding to paths through the MPLS network, where the stored data indicates, for a sending device application, a distributed mapping of the application flow via at least one of the number of psuedowires, and communicating data related to the sending device application via at least one of the number of pseudowires.

Abstract: A data center failure management system and method in a Software Defined Networking (SDN) deployment. In one embodiment, an SDN controller associated with the data center is configured to learn new flows entering the data center and determine which flows require flow stickiness. Responsive to the determination, the SDN controller generates commands to one or more switching nodes and/or one or more border gateway nodes to redirect the sticky flows arriving at the switching nodes via ECMP routes from the gateway nodes or avoid the ECMP routes by the gateway nodes in order to overcome certain failure conditions encountered in the data center, an external network, or both.

Abstract: Methods and system of traffic load balancing between a plurality of Points of Presence (PoP) of a cloud computing infrastructure are described. A first PoP of multiple PoPs of cloud computing infrastructure that provides a cloud computing service receives a packet. The packet includes as a destination address an anycast address advertised by the first PoP for reaching the cloud computing service. The first PoP identifies a network address of a second PoP that is different from the first PoP. The first PoP forwards the packets as an encapsulated packet to the second PoP to be processed in the second PoP according to the cloud computing service.

Abstract: Refrigerator appliances and methods, as provided herein, may include a cabinet, a door, a camera module, and a controller. The cabinet may define a chilled chamber. The door may be rotatably hinged to the cabinet to provide selective access to the chilled chamber. The camera module may be mounted to the cabinet within the chilled chamber. The controller may be operably coupled to the camera module. The controller may be configured to initiate an operation routine including initiating a continuous anti-fog capture sequence at the camera module, receiving a static image signal from the camera module during the continuous anti-fog capture sequence, or discarding the received static image signal.

Abstract: Disclosed is an improved implementation of a flood fill mesh radio network that utilizes message age disambiguation to prevent unnecessary propagation of repeated messages in the network. A digital counter may be used to generate a sequence of numbers based on counter values and the counter values may be associated with each message frame that is broadcast into the mesh network. The domain of generated sequence numbers can be divided up into low and high subdomains and the maximum number of message frames broadcast by a network node in the mesh network may be constrained so that no two messages broadcast by a network node remain circulating in the network longer than that required for the digital counter to wrap back to zero. Under this paradigm the counter values associated with each message can be compared to determine the relative age of the message frames to detect repeated messages.

Abstract: A method comprising instantiating virtual routers (VRs) at each of a set of nodes that form a network. Each VR is coupled to the network and to a tenant of the node. The network comprises virtual links in an overlay network provisioned over an underlay network including servers of a public network. The method comprises configuring at least one VR to include a feedback control system comprising at least one objective function that characterizes the network. The method comprises configuring the VR to receive link state data of a set of virtual links of the virtual links, and control routing of a tenant traffic flow of each tenant according to a best route of the network determined by the at least one objective function using the link state data.

Abstract: An apparatus including a storage medium and a controller is provided. The storage medium stores a first mapping of stream Identifiers (IDs) to VLAN tags, and a second mapping of the stream IDs to VLAN tag indications. The controller is coupled to the storage medium and configured to route a packet between a Time-Sensitive Networking (TSN) network and a non-TSN network according to the first and second mappings. The routing of the packet includes inserting or removing a VLAN tag in or from the packet according to the stream ID of the packet and the first and second mappings, so as to enable interoperability between the TSN network and the non-TSN network.

Abstract: System and methods are disclosed for synthesis of network, such as a network-on-chip (NoC), to generate a network description. The system generates a NoC from a set of physical constraints and performance constraints as well as a set of inputs to a sequencer. The system produces the NoC with all its elements. The resulting output includes placement of the elements on a floorplan of a chip that represents the network, such as the NoC.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with dynamically managing user access control includes receiving a request to access one or more applications from a client. Client data associated with the client and monitored application access traffic data between the client and a server for the one or more applications is obtained. One or more access control checks and an enforcement order is determined based on the obtained client data and the monitored application access traffic data. The determined one or more access control checks is applied on the client in the determined enforcement order. Access to the requested one or more applications are provided when the applied one or more access control checks authenticate the received request.

Abstract: A node (100) is configured for use in a communication network. The node (100) is configured to obtain a message with a source address and a destination address. The node (100) is also configured to determine whether the message is a type of message that is sent in response to a different message routed from the destination address to the source address, and whether a forward route (16) from the destination address to the source address has been established. The node (100) is also configured to selectively transmit the message on a backward route (18) that is the reverse of the forward route (16), depending on the determining.

Abstract: A data packet from a sub-virtual routing and forwarding (sub-VRF) in a virtual routing and forwarding (VRF) is received. The VRF includes more than one sub-VRF. A value in a Border Gateway Protocol (BGP) attribute attached to the data packet is determined. Based on the value in the BGP attribute, whether to route the data packet to a different sub-VRF in the VRF is determined.

Abstract: Mesh network resiliency technology, in which a first routing configuration for nodes of a mesh network is determined, the first routing configuration being appropriate when a first power source of the mesh network is available. Routing data that indicates routing responsibilities within the first routing configuration is provided to first nodes of the mesh network. An interruption of the first power source for the mesh network is detected by nodes of the mesh network. In response to detecting the interruption, a second routing configuration for nodes of the mesh network is determined, the second routing configuration being appropriate when the first power source of the mesh network is unavailable. Routing data that indicates routing responsibilities within the second configuration is provided to second nodes of the mesh network, each of the second nodes including a second power source that is different than the first power source.

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Abstract: Subscriber-stations for a bus-system, and data-transmission method in a bus-system. The subscriber-stations include master-subscriber-station(s) and at least two slave-subscriber-stations for the bus-system.

Abstract: A task mapping method of a NoC semiconductor device includes assigning a first task of a plurality of tasks for node control of the NoC semiconductor device to a first node of a first chip; computing tag values of second tasks of the plurality of tasks which are not assigned to the first node; and assigning the second tasks to a second node according to the tag values.

Abstract: Methods related to determining and utilizing one or more attributes to associate with an IP addresses. Attributes are determined based on request data provided with requests from an IP address and one or more available secondary information sources. Attributes may include physical locations and/or category designations for the IP address. One or more attributes may be assigned a likelihood value indicative of likelihood that the attribute is associated with the IP address. Some implementations are directed to utilizing the attributes and likelihood values to identify likely fraudulent information provided with requests. Some implementations are directed to utilizing the attributes and likelihood values to provide advertisements in response to requests from IP addresses.

Abstract: A method for implementing fault detection includes: instructing, by a detection device, a detected device to configure a detected path and a return path, where the detected path is a path from a first physical port of the detected device to a second physical port of the detected device via a target unit of the detected device, the return path is a path from the second physical port to the detection device, and the target unit is a VNF or an accelerator; sending a detection packet to the detected device through the first physical port; and when receiving the detection packet transmitted through the detected path and the return path, determining that the detected path is not faulty. According to the method, it can be further determined that the path that passes through the VNF or the accelerator is not faulty.

Abstract: In various embodiments, a network emulation application emulates network conditions when testing a software application. In response to a request to emulate a first set of network conditions for a first client device that is executing the software application, causing a kernel to implement a first pipeline and to automatically input network traffic associated with the first client device to the first pipeline instead of a default bridge. In response to a request to emulate a second set of network conditions for a second client device that is executing the software application, causing the kernel to implement a second pipeline and to automatically input network traffic associated with the second client device to the second pipeline instead of the default bridge. Each of the pipelines perform one or more traffic shaping operations on at least a subset of the network traffic input into the pipeline.

Abstract: A method of transmitting data, a UE, a network side device and a computer readable storage medium are provided. The method of transmitting data is applicable to the UE and includes: transmitting, by the UE, duplicated transmission data to different radio link control (RLC) entities respectively when a network side configures or activates a packet duplication mode for a bearer; transmitting, by one of the different RLC entities, the transmission data through one of logical channels to a master medium access control (MAC) entity and transmitting, by each of the others of the different RLC entities, the transmission data through a different one of the logical channels to a different one of one or more secondary MAC entities; and transmitting, by the master MAC entity and the one or more secondary MAC entities, the transmission data to the network side through different carriers.

Abstract: By splitting CGN functions based on a control plane and a forwarding plane, a CGN control plane function is put into a BRAS CP device, and a CGN forwarding plane function is retained on a CGN card on the BRAS DP device, and CGN configuration information is distributed by the BRAS CP device to the BRAS DP device.

Abstract: One embodiment includes a network device including multiple interfaces to serve as ingress ports for receiving network packets from nodes in remote customer-site network(s) via a tunnel in a provider network, and from nodes in a local customer-site network, and egress ports for forwarding at least some of the network packets, and control circuitry to make a decision to drop a network packet to reduce packet duplication in at least one of the nodes, responsively to the network packet being identified as a packet of broadcast, unknown unicast, or multicast traffic, the network packet being subject to decapsulation of an encapsulation header, being assigned to one of the egress ports, and having a header including one of a plurality of virtual local area network identifications, or one of a plurality of source identifications.

Abstract: A method comprises, at a first router configured to perform Bit Index Explicit Replication (BIER) for forwarding of multicast packets in a network, storing configuration information that indicates that the first router belongs to multiple subdomains of a BIER domain, and is able to forward the multicast packets for a virtual private network on the multiple subdomains. The method further comprises, during an auto-discovery procedure, generating an auto-discovery message to include an auto-discovery route and route attributes that indicate the multiple subdomains, and sending the auto-discovery message to a second router of the virtual private network the network.

Abstract: According to an embodiment of the present invention, there is provided a TCAM architecture in which a content-based search is conductible in such a manner that a search key to be searched for is used as an address of a memory element that makes up a TCAM cell and that an output from the memory element reflects whether a match or a mismatch is found as a result of the search. The memory element may be a look-up table.

Abstract: In some aspects, a method of the technology can include steps for sending a packet along a service function chain (SFC) to an egress node, the SFC comprising a plurality of service function forwarders (SFFs), wherein each SFF is associated with at least one service function (SF), and receiving the packet at a first SFF in the SFC, wherein the first SFF is associated with a first SF. In some aspects, the first SFF can also be configured to perform operations including: reading an option flag of the packet, and determining whether to forward the packet to the first based on the option flag. Systems and machine-readable media are also provided.

Abstract: Some embodiments of the invention provide a data-plane forwarding circuit (data plane) that has a flow-size detection circuit that generates flow-size density distribution for all or some of the data message flows that it processes for forwarding in a network. The flow-size (FS) detection circuit in some embodiments generates statistical values regarding the processed data message flows, and based on these statistical values, it generates a FS density distribution that expresses a number of flows in different flow-size sub-ranges in a range of flow sizes. In some embodiments, the density distribution is a probabilistic density distribution that is based on probabilistic statistical values that the flow-size detection circuit generates for the data message flows that are processed for forwarding within the network.