Abstract: This application provides a key distribution method, an apparatus, and a system, includes: determining, by an identity management server based on AAA authentication information, whether AAA authentication on the terminal succeeds; if the AAA authentication succeeds, sending the ID of the terminal to a key management server; and generating, by the key management server, a private key of the terminal and returning the private key to the management server. After negotiating with the terminal to generate a first key, the identity management server encrypts the ID and the private key of the terminal, and sends an encrypted ID and an encrypted private key to the terminal. The terminal obtains the ID and the private key of the terminal. According to the key distribution method, apparatus, and system provided in this application, communication security performance of the terminal during ID-based registration authentication is improved.

Abstract: Rapid channel failure detection and recovery in wireless communication networks is needed in order to meet, among other things, carrier class Ethernet channel standards. Thus, resilient wireless packet communications is provided using a physical layer link aggregation protocol with a hardware-assisted rapid channel failure detection algorithm and load balancing, preferably in combination. This functionality may be implemented in a Gigabit Ethernet data access card with an engine configured accordingly. In networks with various topologies, these features may be provided in combination with their existing protocols.

Abstract: Some embodiments of the invention provide a method for managing logical forwarding elements (LFEs) implemented by multiple physical forwarding elements (PFEs) operating on multiple devices, each LFE including multiple logical ports. On a host computer executing a particular machine connected to the LFE and a PFE implementing the LFE, the method identifies an address discovery message associating a particular network address of the particular machine with another network address of the particular machine. The method identifies an LFE logical port associated with the particular machine, stores in an encapsulation header an identifier that identifies this port, and then forwards the encapsulated message to a set of one or more devices implementing the LFE for the devices to use in processing data messages associated with the particular machine.

Abstract: Systems and methods are described for communications between computing devices via a stateless high-volume network address translation (“NAT”) service. The stateless high-volume NAT service manages high volumes of connections between networks by encoding at least part of the information needed to manage a connection in an encoded IPv6 address, which is then used by a NAT device or application as its sending address when relaying data from a source to a destination. The encoded IPv6 address may contain information such as the IPv4 address of the source, the IPv4 address of the destination, the protocol used to communicate, the source and destination ports, and the like. When the destination sends a response to the encoded IPv6 address, the NAT device decodes the IPv6 address to obtain the encoded information, and then uses that information to deliver the response to the source.

Abstract: Systems and methods of offloading multicast virtual network packet processing to a network interface card are provided. In an example implementation, a network interface card can route packets in a virtual network. The network interface card can be configured to receive a data packet having a multicast header for transmission to a plurality of destination virtual machines. The network interface card can retrieve a list of next hop destinations for the data packet. The network interface card can replicate the packet for each next hop destination. The network interface card can encapsulate each replicated packet with a unicast header that includes a next hop destination virtual IP address indicating the next hop destination and a source virtual IP address, and transmit the encapsulated packets.

Abstract: A management server connected, to a plurality of image forming devices and an information processing device having a printer driver is provided. The server manages, for each location, network information and information of print performance of an image forming device belonging to the location; identifies a location to which the information processing device belongs, based on the network information, upon receiving from the information processing device a notification that network setting of the information processing device has been changed; and transmits, to the information processing device, a device setting of the printer driver based on information of print performance corresponding to an image forming device belonging to the location being identified.

Abstract: A method for rotating internet protocol (IP) addresses in a virtual private network (VPN), the method comprising receiving, at a first VPN server during an established VPN connection, a first data request and a second data request from a user device, retrieving first data associated with the first data request using a first exit IP address, and retrieving second data associated with the second data request using a second exit IP address, different from the first exit IP address. Various other aspects are contemplated.

Abstract: A method for controlling a wireless lighting control network includes determining, by a first network device, whether a message is received from a control device during a first time interval; in response to determining that the message was not received, transmitting, by the first network device, a message to other network devices to determine whether another network device received the message from the control device; in response to determining, during a second time interval, that the first network device did not receive the message from the control device and did not receive an indication from another network device that the message from the control device was received, transmitting a message to the other network devices to indicate that the first network device is a substitute control device; and periodically transmitting messages to the other network devices indicating that the first network device is an active substitute control device.

Abstract: Some embodiments of the invention provide a method for implementing a logical network with one or more logical forwarding elements (LFEs), each with multiple logical ports. Each LFE in some embodiments is implemented by several physical forwarding elements (PFEs) operating on several devices. On a host computer executing a particular machine connected to a PFE implementing a particular LFE, the method identifies an address discovery message associating a particular network address (e.g., a layer 2 (L2) address or media access control (MAC) address) of the particular machine with a another network address (e.g., a layer 3 (L3) or an Internet Protocol (IP) address) of the particular machine.

Abstract: Embodiments of the present invention provide a method and an apparatus for controlling a service data flow. The method includes: acquiring, by a controller, index information related to a UE, where the index information includes at least a user information index, a PDN connection index, a bearer index, and a service data flow table index that are related to the UE; sending, by the controller, the index information to a forwarder by using an entry notification message; when a first control event of a service data flow is triggered, acquiring, by the controller, a first instruction index according to the first control event, where the first instruction index includes at least one type of the index information related to the UE; and sending, by the controller, the first instruction index to the forwarder by using first control signaling.

Abstract: An integrated circuit (IC) includes a first kernel circuit implemented in programmable circuitry, a second kernel circuit implemented in programmable circuitry, and a stream traffic manager circuit coupled to the first kernel circuit and the second kernel circuit. The stream traffic manager circuit is configured to control data streams exchanged between the first kernel circuit and the second kernel circuit.

Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

Abstract: A method for determining a management domain, the method comprising: receiving, by a second network device, a first packet sent by a first network device, where the first packet includes a domain ID of a first management domain and a first IP address set corresponding to the domain ID of the first management domain, and the first IP address set includes an IP address of a network device in the first management domain; and when the second network device determines that the first IP address set includes an IP address of the second network device, determining that the second network device belongs to the first management domain, and storing the domain ID of the first management domain.

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An information concentrating center, is disclosed, wherein the information concentrating center comprises: at least one module for concentrating information from at least one information source; and at least one module coupling to the Internet, for establishing a P2P connection with a remote client device through the Internet, wherein at least one portion of the information is delivered to the remote client device on the P2P connection.

Abstract: Systems and methods for adding context to prevent data leakage over a computer network are disclosed. Data is classified and contextual information of the data is determined. A transmission policy is determined in response to the classification and contextual information. The data is either transmitted or blocked in response to the classification and the contextual information.

Abstract: The present invention is designed to provide a base station apparatus, a mobile terminal apparatus, a communication system and a communication method that cope with the shortage of downlink control channel capacity. For a mobile terminal apparatus that receives downlink signals using a resource region for downlink control signals and a resource region for downlink data signals, a base station apparatus is configured to set a plurality of virtual resources for downlink control signals in a plurality of physical resources that are arranged in a frequency direction in the resource region for downlink data signals, and allocate the downlink control signals, in a distributed manner, between virtual resources of a relatively low frequency band side and virtual resources of a relatively high frequency band side in a plurality of virtual resources.

Abstract: Provided is a wireless communication device and a wireless communication method which can maintain compatibility with a plurality of communication schemes and send a response signal back within the allowed time specified by each communication scheme. The wireless communication device includes a radio receiving unit (120) that receives a packet having a format conforming to a first communication scheme and including a second format portion conforming to a second communication scheme using a higher frequency band than the first communication scheme and a first format portion excluding the second format portion, and a processing unit (160) that, outputs a response signal at completion of demodulation and decoding of the first format portion, regardless of whether demodulation and decoding of the second format portion are completed or not.

Abstract: Certain example embodiments relate to techniques for managing communication between a plurality of Open Services Gateway initiative (OSGi) environments. A system includes a messaging broker configured to receive a message from one of the OSGi environments, with the message including a call of a service provided by one of the other OSGi environments. The broker may be further configured to transfer the message to the other OSGi environment. The plural OSGi environments communicate only via the messaging broker.

Abstract: Techniques are disclosed for determining a virtual networking framework for computing nodes to use where they are part of a plurality of computing nodes that have heterogeneous virtual networking framework capabilities. Each node may report its capabilities to a mapping server, which serves as a centrally-managed selector of policy capabilities for the two computing nodes to use in communications with each other. The mapping server selects virtual networking framework capabilities for the two computing nodes to use in communicating with each other, instructs the nodes of these selected capabilities, and the two nodes then communicate according to these selected capabilities.

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An example of network routing comprising a host route injection that can include injecting a host route and a next hop of the host route into a routing table. The host route can be injected into a top of rack network device and transferred to an Aggregation network device routing table. The routing entry can be updated by sharing routing updates from the compute host through the top of rack network device.

Abstract: Forward Error Correction (FEC) techniques that generate independently decodable resource blocks are beneficial for Successive Interference Cancellation (SIC) demodulation. One FEC technique for generating independently decodable resource blocks includes mapping locally decodable FEC codeblocks into unique resource blocks such that substantially all of the bits of the FEC codeblock are carried within a single resource block. The locally decodable FEC codeblocks can be generated from different FEC encoding modules or from a common FEC encoding module. Another technique for generating independently decodable resource blocks includes encoding a stream of information bits into low-density parity-check (LDPC) codeblocks having high ratios of inward peering parity bits. These high ratios of inward peering parity bits allow substantial portions of each LDPC codeblock to be decoded independently from information carried by other LDPC codeblocks.

Abstract: An apparatus and system are disclosed for reducing network traffic using a shared network response cache. A request filter module intercepts a network request to prevent the network request from entering a data network. The network request is sent by a client and is intended for one or more recipients on the data network. A cache check module checks a shared response cache for an entry matching the network request. A local response module sends a local response to the client in response to an entry in the shared response cache matching the network request. The local response satisfies the network request based on information from the matching entry in the shared response cache.

Abstract: A method is disclosed for reducing network traffic using a shared network response cache. The method intercepts a network request to prevent the network request from entering a data network. The network request is sent by a client and is intended for one or more recipients on the data network. The method checks a shared response cache for an entry matching the network request. The method sends a local response to the client in response to an entry in the shared response cache matching the network request. The local response satisfies the network request based on information from the matching entry in the shared response cache.

Abstract: The embodiments of the present disclosure provide a method, a device and a network system for allocating an IP address. The allocating method comprises: allocating a first IP address to a first server; allocating a second IP address to a client connected to the first server; monitoring the client allocated with the second IP address; allocating a third IP address to the first server when a monitoring result indicates that an IP address conflict exists between the first IP address and a current IP address of a second server; wherein the second server is connected to the client allocated with the second IP address. The method may reallocate the IP address automatically when a subnet conflict occurs.

Abstract: Establishing a connection is disclosed. A first communication link with a perimeter gateway located external to a private network firewall but behind a perimeter network firewall is initiated. A request to allow the connection from a requestor that has requested the connection to an internal server via the perimeter gateway is received. A second communication link with the internal server protected by the private network firewall is initiated. The connection is allowed at least in part by associating together the first communication link with the second communication link.

Abstract: An encapsulation apparatus for encapsulating data includes an input to receive the data, a machine to generate information related to the encapsulation of data and a logic coupled to the machine. A processing machine is coupled to the input and the logic.

Abstract: In accordance with an embodiment of the present invention, a network node is presented which is configured to associate each of a plurality of MAC addresses with an IP address on a network level. The network node is configured to, upon reception of a link level message comprising a target IP address and destined to multiple network nodes, compare the target IP address with associated MAC/IP addresses on a network level, and to selectively send the received link level message to at least one other network node on a link level based on the network level comparison. A method and a computer program product are also presented, according to embodiments of the present invention.

Abstract: A method is implemented in a host node for communicating with a corresponding node. The host node has connections to a plurality of networks, where each of the plurality of networks includes a network address translation 64 (NAT64) node, each NAT64 node utilizes a distinct prefix to generate virtual Internet Protocol version 6 (IPv6) addresses, each of the plurality of networks is an IPv6 network, but the corresponding node is an Internet protocol version 4 (IPv4) node. The host node implementing this method is able to maintain connectivity with the corresponding node despite having connections to the plurality of networks that each have NAT64 nodes that utilize distinct prefixes for virtual IPv6 addresses.

Abstract: The present invention filters packets and reduces traffic when communication is performed with a device on a network utilizing the IPv6 protocol. To achieve this, a printer driver operating in a personal computer correlates and stores the name of the communicating party and an address for which communication actually succeeded from among addresses that have undergone name resolution, and uses the stored address in communicating with the same communicating party from then onward.

Abstract: A method of a first DNS which can update server information in real time without necessarily using a TTL (Time To Live) by recording a network address of the first DNS, which has previously obtained server address information from a second DNS, in a notification list, by the second DNS, and transmitting the changed information from the second DNS to the first DNS recorded in the notification list when the previously obtained/requested server address changes, and updating the server address by the first DNS as provided by the second DNS. A DNS updating server address method may further include providing a first DNS with server address information corresponding to a domain, recording a network address of the first DNS in a notification list, corresponding to the domain and/or the server address information, and transmitting a changed server address information to the first DNS based on the notification list.

Abstract: An information handling system includes a server having a management system module. The management system module broadcasts an address resolution protocol request including a unique identifier in the information handling system. The management system module also receives multiple address resolution protocol responses to the address resolution protocol request. Each of the multiple address resolution protocol responses includes a different media access control address associated with the unique identifier. The management system module also creates a unique identifier table correlating each of the media access control addresses with the unique identifier.

Abstract: A system includes a name server, an edge cache server, and a local cache server. The name server is configured to provide an anycast IP address in response to a request for an IP address of an origin hostname from a client system. The edge cache server is configured to respond to the anycast IP address and a unicast IP address and to retrieve content from an origin. The local cache server includes a storage and is configured to respond to the anycast IP address, to retrieve content from the edge cache server, and provide the content to a client system.

Abstract: A method of routing internal network traffic within a computing system comprises receiving a network packet at a configurable logic device (CLD), parsing the network packet to obtain a destination address, searching a predetermined range of a routing table wherein each row of the routing table specifies a range of possible destination addresses and routing information, identifying a matching row of the routing table wherein the destination address falls within the range of possible destination addresses of the matching row, and routing the packet according to the routing information.

Abstract: In a system and method for establishing communications in a communications network, a network service provider can assign IP addresses to mobile devices dynamically to conserve IP address resources. A network service provider can also implement network address translation to further conserve IP address resources and to provide improved security. If a requestor seeks to obtain an IP address of a mobile device and the address is a local address, the system determines if the mobile device has a network address translation (NAT) binding that associates the IP address of the mobile device with a public IP address. If the mobile device does not have a NAT binding, the system creates a NAT binding that associates the IP address of the mobile device with a public IP address.

Abstract: Mechanisms are provided to improve efficiency of systems operating on internet protocol (IP) over Infiniband (IB) networks. One mechanism includes multicasting a first ARP request from a source node, the first ARP request including an IP address of a source port of the source node, and performing load-balancing of host traffic across a plurality of ports of a plurality of nodes by sending a reply from a destination node corresponding to the IP address included in the first ARP request, the reply being sent over the source port to the source node.

Abstract: When a destination address specified by a client is to be registered as a destination, determination is made as to whether name resolution of the destination address is possible or not. If it is determined that name resolution is impossible, registration of the destination address that requires name resolution is restricted.

Abstract: A technique for acquiring and disseminating network node characteristics to enable policy decisions including receiving a resolution request from one or more clients in a network environment is disclosed. Information, for example, network address, is then acquired from one or more sources regarding a specific location in a network, for example, a network node. A list of the network addresses is then generated and ranked based on one or more parameters that merit making traffic handling decisions. The network addresses are then associated with a host name on at least one directory server and then propagated to the one or more clients.

Abstract: A method for use by a subscriber device associated with a LAN in a wireless network, to enable provisioning of services to another subscriber device associated with that LAN. The method includes (i) at the first subscriber device, receiving an outgoing packet generated by the other subscriber device associated, wherein that outgoing packet has been tagged with a VLAN label; (ii) forwarding the outgoing packet towards a source MAC address of the subscriber device; (iii) associating a DSCP value with the outgoing packet; (iv) removing VLAN label and Ethernet MAC layer from the outgoing packet and forwarding the remaining IP packet to a MAC convergence sub-layer; (v) at the MAC convergence sub-layer, forwarding the outgoing packet to a service flow determined by using a DSCP value associated with the outgoing packet; and forwarding the outgoing packet along an air-link service flow connection.

Abstract: The invention discloses a mobile communication device and a communicative transmission method thereof. The mobile communication device includes a communication module and a control unit. The communication module is used for communicatively connecting to a communication server. The control unit is coupled to the communication module. The control unit utilizes the communication module to receive a one-to-one packet from the communication server according to a first period, and ignore a one-to-many packet on the communication server. The control unit utilizes the communication module to transmit a second one-to-many packet to the communication server according to a second period.

Abstract: In an example embodiment, a method and system is provided to determine and advertise a route advertisement in a reactive routing environment. In response to receiving a network address query with respect to a destination address at a routing device, an aggregate value, e.g. an address prefix, is determined and advertised in reply to the network address query. Determining of the aggregate value may comprise identifying within a range of network addresses represented by the aggregate value respective addresses for which the routing device does not have reachability information. The routing device may send address queries with respect to the identified addresses, to determine reachability via the routing device of those addresses. The aggregate value may be advertised conditional upon determining that a percentage of addresses within the corresponding range that can be reached via the routing device satisfies a predefined minimal coverage value.

Abstract: A mobile communication system according to the present invention comprising a plurality of Un radio bearers set between the plurality of mobile stations UE and the relay node RN, each of Un radio bearers for a predetermined QoS set for different mobile stations UE is configured to be mapped to a Un radio bearer for the predetermined QoS set between the relay node RN and the radio base station DeNB.

Abstract: If an address-resolution request message is received from a data processing terminal via an interface connected to the data processing terminal, it is determined whether a physical address corresponding to a target network address of the address-resolution request message has already been registered. If it has been registered, then an address-resolution response message containing the corresponding physical address is created and the created message is transferred to a terminal via the interface.

Abstract: In a system for providing an IPTV service, if a multicast address of an IPTV channel received from a head-end is a multicast address requested by a mobile node through a tunnel, an end router confirms a care of address (CoA) of the mobile node corresponding to the multicast address of the IPTV channel, sets the multicast address in the first header of broadcasting traffic, sets the CoA of the mobile node in the second header of the broadcasting traffic, and then sends the broadcasting traffic.

Abstract: Various systems and methods for detecting media access control (MAC) address conflicts are described herein. An indication to create a virtual machine on the host device is received at a host device of a plurality of host devices. A MAC address to assign to the virtual machine is identified, and a message is transmitted to at least one of the plurality of host devices, with the message including the identified MAC address. The MAC address is assigned to the virtual machine in the absence of a response from the at least one of the plurality of host devices indicating a potential conflict with the MAC address.

Abstract: Systems and methods for utilizing a PBX identifier of a PBX system in a mobile environment are provided. In exemplary systems, an enhanced DNS server maintains a central registry of PBX identifiers and corresponding locations associated with the PBX identifiers. The corresponding locations may comprise both private and public IP address. When a remote IP device attempts to access their main office PBX system via the PBX identifier, the enhanced DNS server returns the private and public IP addresses in response.

Abstract: Methods and systems for path resolving in a symmetric InfiniBand network are provided. One method includes transmitting, from a first node, a Management Datagram (MAD) to a second node, the MAD including a query for a Global Unique Identifier (GUID) for a port in the second node. The method further includes receiving the GUID for the port in response to the MAD and determining a Global Identifier (GID) for the port based on the received GUID. One system includes first and second nodes in communication with each other. The first node is configured to transmit a MAD to the second node, the MAD including a query for a GUID for a port in the second node. The first node is further configured to receive the GUID for the port in response to the MAD and determine a GID for the port based on the received GUID.

Abstract: A method and apparatus that operates two bridging protocols in a hybrid bridging node is described. The operation of the two bridging protocols in the hybrid node allows for an incremental transition of a provider bridging network from operating a legacy bridging protocol that shares MAC addresses to a bridging network that operates VPLS and/or PBB bridging protocols. The hybrid bridging node selectively broadcasts unicast packets with unknown MAC addresses from the nodes operating VPLS and/or PBB to nodes operating a legacy bridging protocol.

Abstract: A computer-readable medium stores a testing program that causes a computer having a storage device storing netmask lengths and address block utilization information associated with address blocks, to execute a process that includes acquiring first packets transmitted to a first apparatus, first addresses being regarded as transmission sources; referring to the storage device and acquiring a count of address blocks to which the first addresses belong and a netmask length; calculating based on the acquired address block count and netmask length, the netmask length less a bit count according to the number of the first addresses; referring to the storage device and selecting from among unused address blocks, an address block having a netmask length less than or equal to the calculated netmask length; and transmitting to a second apparatus, second packets obtained by setting the transmission sources of the first packets to second addresses in the selected address block.