Abstract: This application provides a packet scheduling method and a related device. The method includes: An access device receives a to-be-scheduled packet, and obtains an actual packet length of the to-be-scheduled packet; the access device determines a first compensation value and a second compensation value based on the to-be-scheduled packet, and determines a first packet length and a second packet length; and the access device schedules the to-be-scheduled packet based on the first packet length and the second packet length. By implementing the method in this application, the access device estimates a packet length of a packet received by each device on a packet forwarding path, and then schedules the packet based on the estimated packet length of the packet received by each device, so that the access device can manage bandwidth of each device on a network more accurately.

Abstract: Methods, systems and computer program products for distributed computing systems. Techniques for dynamic service location discovery operate in environments having a first computing system that hosts a client and a second computing system that hosts a service. A service discovery request is transmitted from the first computing system to access a service that is hosted at the second computing system. An IP address corresponding a next IP hop on a route to the IP address of the service is resolved. After traversing the next IP hop, the second computing system that hosts the service receives the service discovery request and responds with an IP address of the service. In accordance with these techniques, the determination of the IP address of the service is performed at a computing system that is different from the first computing system.

Abstract: Embodiments of the disclosure provide a data transmission method. The method can include receiving a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located, converting the first destination address to a second destination address, generating a second packet according to the second destination address and the first packet, and sending the second packet outside the virtual private network where the virtual private network user is located.

Abstract: Embodiments of the present disclosure provide a method for indicating a multicast forwarding entry and a device. The method includes: receiving a packet from a first node, wherein the packet comprises a multicast control message and an access loop identifier; obtaining, according to a multicast Internet Protocol (IP) address in the multicast control message, a multicast Media Access Control (MAC) address; obtaining an identifier of a first port according to the access loop identifier, wherein the first port is an egress port, on the multicast path, of the first port; sending a first forwarding entry to the first node, wherein a destination address of the first forwarding entry is the multicast MAC address and egress port information of the first forwarding entry is the identifier of the first port.

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding SDN security. The method comprises checking whether messages in the user plane comply to a preconfigured rule, and if it is determined that the messages comply to the preconfigured rule, checking whether a number of specific signaling messages related to address allocation that are sent to a controller has reached a predetermined threshold, and if the predetermined threshold has been reached, throttling transmission of the specific signaling messages to the controller.

Abstract: A management server comprises a memory section including at least two memory areas, a message reception section which receives a message, a message conversion section which converts the message and generates a transmission message and a message transmission section which transmits the transmission message to a specified destination, wherein the memory section stores in the memory areas a temporary Identification (ID) link in which a real ID of a user and a temporary ID of the user are associated, and wherein the message conversion section converts, in a case where the message includes a first temporary ID which corresponds to a real ID and is stored in a first memory area, the first temporary ID to a second temporary ID which corresponds to the real ID, on a basis of the temporary ID link stored in a second memory area, and generates the transmission message.

Abstract: A network node encapsulates an IPv6 packet into a data frame including a layer-2 forwarding header and a MAC header, where the data frame includes a 6LoWPAN compressed IPv6 packet, and the layer-2 forwarding header and the MAC header are located in an outer layer of the 6LoWPAN compressed IPv6 packet. The network node obtains a MAC address of a next-hop node based on a final MAC address in the layer-2 forwarding header, and sends the data frame to the next-hop node, so that the next-hop node forwards the data frame directly based on the layer-2 forwarding header.

Abstract: A server system is provided that includes a plurality of servers, each server including at least one hardware acceleration device and at least one processor communicatively coupled to the hardware acceleration device by an internal data bus and executing a host server instance, the host server instances of the plurality of servers collectively providing a software plane, and the hardware acceleration devices of the plurality of servers collectively providing a hardware acceleration plane that implements a plurality of hardware accelerated services, wherein each hardware acceleration device maintains in memory a data structure that contains load data indicating a load of each of a plurality of target hardware acceleration devices, and wherein a requesting hardware acceleration device routes the request to a target hardware acceleration device that is indicated by the load data in the data structure to have a lower load than other of the target hardware acceleration devices.

Abstract: An acceleration proxy device includes a network module, an application acceleration module, and a strategy routing module. The network module includes at least one bridge, and each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and a routing table of each bridge includes a gateway corresponding to the bridge.

Abstract: A method and an apparatus for enhancing multicast group membership protocols are described. An adjacent multicast network device, coupled with a plurality of host NDs, determines the number of host NDs that are to receive query messages. The adjacent multicast ND determines its current processing capacity for processing group membership reports to be received from the host NDs. The adjacent multicast ND determines a query response interval based on the number of host NDs and its current processing capacity. The adjacent multicast ND transmits, to each one of the plurality of host NDs, a query message including the query response interval. The query message causes the adjacent multicast ND to receive from each one of the plurality of host NDs a group membership report at a time interval defined based on the query response interval.

Abstract: A method and device for efficiently using IPv4 public addresses applied to a core translator deployed between an IPv4 Internet and an IPv6 network, which maps an IPv4 public address into a first-type IPv6 address having a first-type prefix according to a transport layer protocol port range used by an IPv6 server in the IPv6 network, so that the IPv6 server uses the first-type IPv6 address to communicate with a client in the IPv4 Internet; and maps the IPv4 public address into a second-type IPv6 address having a second-type prefix according to a transport layer protocol port range used by an client in the IPv6 network, so that the client in the IPv6 network uses the second-type IPv6 address to communicate with a IPv4 server in the IPv4 Internet. The IPv6 server and the client in the IPv6 network can use the same IPv4 public address to provide different services.

Abstract: Systems, methods, and apparatuses enable agent-less network traffic interception using an overlay network. The system creates an inspection namespace on a server computer and clones namespace properties of a default namespace on the server computer to the inspection namespace. The system creates an overlay network in the inspection namespace connecting the server computer to a security service. The system creates a namespace bridge between the default namespace and the inspection namespace to pass server traffic between the namespaces. The system then transmits server traffic to the security service using the overlay network and an encapsulation protocol.

Abstract: A method for network communications from a first device to a second device includes communicating data from the first device to the second device by spawning a first virtual machine for a first network connection that virtualizes network capabilities of the electronic device, and using the virtualized network capabilities of the first virtual machine, transmitting a plurality of packets for communication to a first network address and port combination associated with the second device. The method further includes repeatedly changing to a respective another network address and port combination by repeatedly spawning a respective another virtual machine for a respective another network connection that virtualizes network capabilities of the electronic device, and using the virtualized network capabilities of the spawned respective another virtual machine, transmitting a plurality of packets for communication to the respective another network address and port combination associated with the second device.

Abstract: Example implementations relate to performing converged address translation for devices in a local area network. An example non-transitory computer-readable storage medium stores instructions for performing converged network address translation for devices within a network segmented into multiple VLANs. The instructions when executed by a processing resource of a computing device cause the device to create a local namespace for each VLAN in the network, each local namespace having a list of first level IP addresses unique across all of the created local namespaces. The instructions further cause the processing resource to, for each local namespace, associate a first level IP address from the local namespace's list of first level IP addresses with a static IP address of each device within the respective VLAN and store the associated IP addresses in a routing table for the local namespace.

Abstract: Embodiments relate to a host encrypting network communications of virtual machines (VMs) in ways that minimize exposure of the network communications in cleartext form. The host captures and registers a measure of a secure state of the host. The measure is registered with a guardian service communicable via a network. The guardian service also securely stores keys of the VMs. Each VM's key is associated with authorization information indicating which machines are authorized to obtain the corresponding VM's key. The host obtains access to a VM's key based on a confirmation that its state matches the registered measured state and based on the authorization information of the VM indicating that the host is authorized to access the key. The VM's key is then used to transparently encrypt/decrypt network communications of the VM as they pass through a virtualization layer on the host that executes the VMs.

Abstract: Conditional address translation is performed in a multi-tenant cloud infrastructure to effectively support tenant-assigned addresses. For each tenant, the multi-tenant cloud infrastructure deploys both a private network used to communicate between the tenant and the cloud and a tenant-facing gateway to manage the private network. The multi-tenant cloud infrastructure also includes an externally-facing gateway used to communicate between the multi-tenant cloud and a public network. The tenant-facing gateways are configured to bypass address translation—providing consistent addressing across each private network irrespective of the physical location of resources linked by the private network. By contrast, the public-facing gateway is configured to translate source addresses in outgoing packets to addresses that are unique within the public network.

Abstract: Certain embodiments described herein are generally directed to deterministic load balancing of processing encapsulated encrypted data packets at a destination tunnel endpoint. In some embodiments, an IPSec component residing within a destination tunnel endpoint is configured to select a CPU core ID of a virtual CPU using a CPU selection function. In some embodiments, the IPSec component selects an SPI value corresponding to the CPU core ID. In some embodiments, the IPsec component indicates the SPI value to a source tunnel endpoint for use in establishing an in-bound security association, wherein the in-bound security association is used by the source tunnel endpoint to encrypt a data packet received from the source endpoint and destined for the destination endpoint.

Abstract: Provided is a process of correlating information organized according to a logical architecture of a distributed application to information organized according to a network architecture of computers executing the distributed application, the process including: obtaining a logical-architecture topology of a logical architecture of a distributed application executing on a plurality of computing devices; obtaining a network-architecture topology of a physical architecture of the plurality of computing devices executing the distributed application; inferring pairs of logical-architecture host identifiers and network-architecture host identifiers that refer to the same computing device to produce a cross-namespace mapping that correlates the logical-architecture namespace with the network-architecture namespace; and storing the cross-namespace mapping in memory.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method for managing a hybrid automatic repeat request (HARQ) process of a base station in a mobile communication system according to an embodiment of the present disclosure includes confirming whether a first data corresponding to a first service and a second data corresponding to a second service collide with each other.

Abstract: A method for processing input data in a transmitter is discussed. The method includes processing a link layer packet.

Abstract: Generally discussed herein are methods, systems, and apparatuses for tracking user interaction with sponsored and/or unsponsored content. A method can include receiving a tracking event packet including data fields comprising a packet identification, a tracking event identifier, a content identifier, a cost, a campaign identifier, and/or an advertiser identifier, determining whether the tracking event packet is a duplicate based on the packet identification, aggregating non-duplicate tracking event packets by advertiser identification such that packets with advertiser identifications that hash to a same value are aggregated together, and transferring aggregated tracking event packets to a first database and a second database, the first database includes data stored for analytics and the second database includes data stored for billing and campaign performance monitoring.

Abstract: A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.

Abstract: Certain embodiments described herein are generally directed to performing receive side scaling at a virtual network interface card for encapsulated encrypted data packets based on an security parameter index value of the encapsulated encrypted data packets.

Abstract: An acquisition request, received at a server, for acquiring activity information of an activity account includes location information of a terminal, an activity identifier, and a target quantity of the activity information. The server is in a server group. Each server is located at a different location and separately stores activity information. A determination is made whether a quantity of locally stored activity information meets the target quantity of the acquisition request. The target quantity of activity information is locally acquired and sent to the terminal. A second server is selected when the quantity does not meet the target quantity. The acquisition request is sent to the second server, such that the second server repeats the process. The second server is nearest to the terminal from among other servers in the server group that did not receive the request.

Abstract: A server system is provided that includes a plurality of servers, each server including at least one hardware acceleration device and at least one processor communicatively coupled to the hardware acceleration device by an internal data bus and executing a host server instance, the host server instances of the plurality of servers collectively providing a software plane, and the hardware acceleration devices of the plurality of servers collectively providing a hardware acceleration plane that implements a plurality of hardware accelerated services, wherein each hardware acceleration device maintains in memory a data structure that contains load data indicating a load of each of a plurality of target hardware acceleration devices, and wherein a requesting hardware acceleration device routes the request to a target hardware acceleration device that is indicated by the load data in the data structure to have a lower load than other of the target hardware acceleration devices.

Abstract: A system and method for efficient management of network traffic management of highly data parallel computing. A processing node includes one or more processors capable of generating network messages. A network interface is used to receive and send network messages across a network. The processing node reduces at least one of a number or a storage size of the original network messages into one or more new network messages. The new network messages are sent to the network interface to send across the network.

Abstract: A packet transmission method includes packaging a plurality of data in the form of a payload; storing information on whether the plurality of data are packaged in a header, the payload or a CRC area including a transmission error check code of the plurality of data; combining the header, the payload, and the CRC area with each other to generate a transaction layer packet; and outputting a packet including the transaction layer packet.

Abstract: An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed.

Abstract: Provided are a computer program product, system, and method for processing a chain of a plurality of write requests including a commit wait flag and plurality of write requests, wherein each write request group includes write transactions directed to the storage. A determination is made as to whether the commit wait flag has a first value or a second value. The write requests are processed by requiring a current write request comprising one of the write requests being processed to complete before beginning to write data for a next write request following the current write request in the write request chain in response to the commit wait flag having the first value. The write requests are processed by processing the next write request before completing the current write request in response to the commit wait flag having the second value.

Abstract: In an example, there is disclosed a computing apparatus for providing an integrated service engine on a service appliance requiring switching or routing services, including one or more logic elements providing a service appliance engine operable for performing a service appliance function; and one or more logic elements providing a protocol engine operable for: creating a route required by the service appliance; and sending an integrated service engine message (remote route programmability and distribution (RRPD) to an upstream network member comprising instructions to realize the route on the upstream network member. There is also disclosed a method of performing the foregoing operations, and one or more computer-readable mediums having stored thereon instructions for realizing the operations.

Abstract: Provided are a computer program product, system, and method for generating a chain of a plurality of write requests including a commit wait flag and plurality of write requests. The commit wait flag is set to one of an indicated first value or a second value. The commit wait flag is set to the first value to cause a storage server to process the write requests by requiring a current write request being processed to complete before transferring data for a next write request following the current write request. The commit wait flag is set to the second value to cause the storage server to process the write requests by transferring data for the next write request before completing the current write request preceding the next write request. The write request chain is sent to the storage server to apply the write requests to the storage.

Abstract: A technique that assists in identifying services for monitoring data traffic in a communication network is provided. The communication network includes a terminal configured to transceive data traffic and a component configured to measure data traffic. As to a method aspect of the technique, the terminal associates one or more communication services that are executed or executable at the terminal with one or more communication endpoints. The terminal further sends a service identification report indicative of the association to the component.

Abstract: The present invention provides a method of transmitting broadcast signals. The method includes, generating input packets including broadcast content data; generating a link layer packet by using the generated input packets, wherein the link layer packet includes a link layer header and a link layer payload including the generated input packets, wherein the link layer header includes a count field indicating number of the input packets included in the link layer payload, wherein the link layer header further includes a length part, wherein the length part includes a plurality of length fields as many as that the count field indicates, wherein each of the length fields indicates length of the each input packets included in the link layer payload; generating a broadcast signal including the generated link layer packet; and transmitting the broadcast signal.

Abstract: Transferring data over a network includes identifying an application flow and mapping the application flow to a network bound connection.

Abstract: A method for a host machine that hosts at least one tenant virtual machine (VM) of a particular tenant logical network that accesses service VMs of a particular service logical network. The method, prior to a packet being received at a PFE on the host, intercepts the packet that sent by the tenant VM to one of the service VMs based on a set of forwarding rules. The packet includes a source IP address and a source port number of the tenant VM. The method, prior to the packet leaving the PFE in the host, replaces the source IP address and source port number with a replacement IP address and port number pair from a set of replacement IP address and port number pairs allocated to the host for accessing service VMs. The method sends the modified packet to the PFE to forward the modified packet to the service VM.

Abstract: A virtual machine (VM) runs on system hardware, which includes a physical network interface device that enables transfer of packets between the VM and a destination over a network. A virtual machine monitor (VMM) exports a hardware interface to the VM and runs on a kernel, which forms a system software layer between the VMM and the system hardware. Pending packets (both transmit and receive) issued by the VM are stored in a memory region that is shared by, that is, addressable by, the VM, the VMM, and the kernel. Rather than always transferring each packet as it is issued, packets are clustered in the shared memory region until a trigger event occurs, whereupon the cluster of packets is passed as a group to the physical network interface device. Optional mechanisms are included to prevent packets from waiting too long in the shared memory space before being transferred to the network.

Abstract: Disclosed herein are techniques to enable remote discovery of connectivity capabilities and remote connection of devices in a power efficient manner. In particular, discovery and connection requests for connectivity capabilities utilizing a first radio may be communicated using a second radio, the second radio utilizing a lower amount of power relative to the first radio. For example, connectivity capabilities such as Wi-Fi, Wi-Fi Direct, WiGig, Zigbee can be discovered and connection request communicated using a Bluetooth radio.

Abstract: A management server and a management method thereof are provided. The management server is connected to a switch on a trunk port. The switch is connected to a plurality of cloud appliances in different virtual local area networks (VLANs). The management severs operates a management system and a translation system for managing cloud appliances. The translation system is operated to modify the receiving data packet by converting the source MAC address or the source IP address and removing the VLAN tag, and to modify the transmitting data packet by converting the destination MAC address or the destination IP address and adding a VLAN tag.

Abstract: There are provided measures for handling policy controlled groups. Exemplarily, such measures comprise receiving, in a first rules function, a notification informing that a user equipment is to be included in a policy controlled group, checking whether the policy controlled group is controlled by the first rules function, and, in case the policy controlled group is not controlled by the first rules function, causing a transfer of the policy control session for the user equipment to a second rules function controlling the policy controlled group.

Abstract: A content-name-resolution (CNR) system can resolve IP addresses for named data objects (NDOs) based on their name. During operation, a CNR server can receive a query from a client device for a source to a named data object. The query can include at least a name prefix for the named data object. The CNR server can identify a cache server that corresponds to the named data object's name prefix, and determines one or more sources associated with the named data object's name prefix. The CNR server then returns, to the client device, a query response that includes a network address for the cache server, and includes a content record specifying the one or more sources.

Abstract: A method of localizing failures occurring along a transmission path is provided. A data signal is transmitted along the transmission path, which comprises a path segment. A first network node performs a tandem connection monitoring source function of a tandem connection. A second network node monitors the transmission along the path segment, by performing a tandem connection monitoring sink function. When the first network node detects a failure of the data signal, the first network node enters information indicating a data signal failure into the data signal's overhead field. When the second network node detects a failure by the tandem connection monitory sink function, the second network node enters information into the overhead field. When a third network node detects a failure of the data signal, the third network node uses the information in the overhead field to determine whether the failure occurred within or outside of the path segment.

Abstract: A first header compression table for compressing a message header is generated based on a first communication connection established between communication apparatuses. A message is transmitted from a communication apparatus to another communication apparatus based on the first communication connection, and a header of the message has been compressed based on the first header compression table. It is determined whether the first header compression table is used as a second header compression table for compressing a message header to be communicated based on a second communication connection which is different from the first communication connection and has been established between the communication apparatuses. The header of the message to be communicated based on the second communication connection is compressed using the first header compression table as the second header compression table in accordance with the determination.

Abstract: The present invention comprises a method and apparatus for e-mail communications with members of a group of members. In one or more embodiments, a server computer system determines whether a sender of an incoming e-mail message addressed to a recipient member of the group is a member of the group. If the sender is a member of the group, the server computer system replaces the senders existing e-mail address in the incoming e-mail message with a created e-mail address created by the server computer system for the sender.

Abstract: Network services infrastructure systems and methods are disclosed. Policies for client access to a services network and network services available in the services network are enforced at client gateways. Once authenticated and authorized at a client gateway, a client of the services network may make its own network service(s) available in the services network, use network services provided by other clients of the services network, or both. The policies are centrally managed within a services network and distributed to the client gateways. Various registries which store policies, information associated with network services, and possibly other information may also be provided.

Abstract: A system includes: multiple access points, the multiple access points including at least a first access point and a second access point; the system performs operations including: receiving, by the second access point from a client device, a data packet to be transmitted to a device outside of the system; forwarding the data packet by the second access point to the first access point; assigning, by the first access point, a first sequence number to the data packet to be used for transmitting the data packet outside of the system; transmitting the data packet with the first sequence number to the device outside of the system.

Abstract: Aspects of the disclosure provide a packet processing system. The packet processing system includes a plurality of processing units, a ternary content addressable memory (TCAM) engine, and an interface. The plurality of processing units is configured to process packets received from a computer network, and to perform an action on a received packet. The action is determined responsively to a lookup in a table of rules to determine a rule to be applied to the received packet. The TCAM engine has a plurality of TCAM banks defining respective subsets of a TCAM memory space to store the rules. The interface is configured to selectably associate the TCAM banks to the processing units. The association is configurable to allocate the subsets of the TCAM memory space to groups of the processing units to share the TCAM memory space by the processing units.

Abstract: Methods for use with computing devices implementing a plurality of nodes of a ring-shaped overlay network. A joining node implemented by a joining computing device requests a connection with a bootstrap one of the plurality of nodes. In response, the bootstrap node sends a handshake identifier to the joining node. The joining node loads one or more portions of selected software code as a byte stream, and performs an operation (e.g., a hash function) on the handshake identifier and the byte stream to determine a first value. The joining node transmits the first value to the bootstrap node. The bootstrap node compares the first value to a second value. When the first and second values are identical, the bootstrap node validates the joining node. When the first and second values are not identical, the bootstrap node rejects the joining node thereby preventing the joining node from joining the overlay network.

Abstract: A method of providing efficient access to cloud services in a network that includes a several tenant logical networks and a set of service logical networks. The method receives, from a particular tenant VM, a first packet that specifies a destination address associated with a service VM of a service logical network. The method, based on the destination address of the first packet, replaces the source network address and source port number of the first packet with one of a set of network address and port number pairs allocated for accessing service VMs. The method receives from the particular VM a second packet that specifies a destination address outside the tenant logical network but not associated with any service VM. The method, without modifying the source address and port number of the second packet, forwards the second packet to a network element outside the host for network NAT processing.

Abstract: A method, apparatus and computer program product for performing optimized distributed routing for stretched data center models through updating route advertisements based on changes to Address Resolution Protocol (ARP) Tables is presented. Port members of an Internet Protocol I (IP) interface or Virtual Local Area Network (VLAN) are distinguished into Access Interfaces which only lead to hosts on said subnet and Trunk Interfaces which lead to other redundant routers on said subnet. In the subnet of a network a network route for the subnet is always advertised. A separate host route corresponding to an Internet Protocol (IP) address of each Address Resolution Protocol (ARP) table record that points to an Access Interface is advertised and route advertisements are changed for a host in said subnet for tracked access interfaces.

Abstract: A port provision system includes a packet network device having a plurality of ports. A port provisioning system is coupled to the packet network device. The port provisioning system obtains configuration information from a host device coupled to the packet network device. The configuration information includes a virtual network identification assigned to a virtual machine included on the host device. The port provisioning system then retrieves packet information from a packet sent form the host device. The port provisioning system then provisions at least one of the plurality of ports with the virtual network identification included in the configuration information in response to determining that the packet information matches the configuration information.