Abstract: A method for rotating internet protocol (IP) addresses in a virtual private network (VPN), the method comprising receiving, at a first VPN server during an established VPN connection, a first data request and a second data request from a user device, retrieving first data associated with the first data request using a first exit IP address, and retrieving second data associated with the second data request using a second exit IP address, different from the first exit IP address. Various other aspects are contemplated.

Abstract: A method for controlling a wireless lighting control network includes determining, by a first network device, whether a message is received from a control device during a first time interval; in response to determining that the message was not received, transmitting, by the first network device, a message to other network devices to determine whether another network device received the message from the control device; in response to determining, during a second time interval, that the first network device did not receive the message from the control device and did not receive an indication from another network device that the message from the control device was received, transmitting a message to the other network devices to indicate that the first network device is a substitute control device; and periodically transmitting messages to the other network devices indicating that the first network device is an active substitute control device.

Abstract: Some embodiments of the invention provide a method for implementing a logical network with one or more logical forwarding elements (LFEs), each with multiple logical ports. Each LFE in some embodiments is implemented by several physical forwarding elements (PFEs) operating on several devices. On a host computer executing a particular machine connected to a PFE implementing a particular LFE, the method identifies an address discovery message associating a particular network address (e.g., a layer 2 (L2) address or media access control (MAC) address) of the particular machine with a another network address (e.g., a layer 3 (L3) or an Internet Protocol (IP) address) of the particular machine.

Abstract: An integrated circuit (IC) includes a first kernel circuit implemented in programmable circuitry, a second kernel circuit implemented in programmable circuitry, and a stream traffic manager circuit coupled to the first kernel circuit and the second kernel circuit. The stream traffic manager circuit is configured to control data streams exchanged between the first kernel circuit and the second kernel circuit.

Abstract: Embodiments of the present invention provide a method and an apparatus for controlling a service data flow. The method includes: acquiring, by a controller, index information related to a UE, where the index information includes at least a user information index, a PDN connection index, a bearer index, and a service data flow table index that are related to the UE; sending, by the controller, the index information to a forwarder by using an entry notification message; when a first control event of a service data flow is triggered, acquiring, by the controller, a first instruction index according to the first control event, where the first instruction index includes at least one type of the index information related to the UE; and sending, by the controller, the first instruction index to the forwarder by using first control signaling.

Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

Abstract: A method for determining a management domain, the method comprising: receiving, by a second network device, a first packet sent by a first network device, where the first packet includes a domain ID of a first management domain and a first IP address set corresponding to the domain ID of the first management domain, and the first IP address set includes an IP address of a network device in the first management domain; and when the second network device determines that the first IP address set includes an IP address of the second network device, determining that the second network device belongs to the first management domain, and storing the domain ID of the first management domain.

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An information concentrating center, is disclosed, wherein the information concentrating center comprises: at least one module for concentrating information from at least one information source; and at least one module coupling to the Internet, for establishing a P2P connection with a remote client device through the Internet, wherein at least one portion of the information is delivered to the remote client device on the P2P connection.

Abstract: Systems and methods for adding context to prevent data leakage over a computer network are disclosed. Data is classified and contextual information of the data is determined. A transmission policy is determined in response to the classification and contextual information. The data is either transmitted or blocked in response to the classification and the contextual information.

Abstract: The present invention is designed to provide a base station apparatus, a mobile terminal apparatus, a communication system and a communication method that cope with the shortage of downlink control channel capacity. For a mobile terminal apparatus that receives downlink signals using a resource region for downlink control signals and a resource region for downlink data signals, a base station apparatus is configured to set a plurality of virtual resources for downlink control signals in a plurality of physical resources that are arranged in a frequency direction in the resource region for downlink data signals, and allocate the downlink control signals, in a distributed manner, between virtual resources of a relatively low frequency band side and virtual resources of a relatively high frequency band side in a plurality of virtual resources.

Abstract: Provided is a wireless communication device and a wireless communication method which can maintain compatibility with a plurality of communication schemes and send a response signal back within the allowed time specified by each communication scheme. The wireless communication device includes a radio receiving unit (120) that receives a packet having a format conforming to a first communication scheme and including a second format portion conforming to a second communication scheme using a higher frequency band than the first communication scheme and a first format portion excluding the second format portion, and a processing unit (160) that, outputs a response signal at completion of demodulation and decoding of the first format portion, regardless of whether demodulation and decoding of the second format portion are completed or not.

Abstract: Techniques are disclosed for determining a virtual networking framework for computing nodes to use where they are part of a plurality of computing nodes that have heterogeneous virtual networking framework capabilities. Each node may report its capabilities to a mapping server, which serves as a centrally-managed selector of policy capabilities for the two computing nodes to use in communications with each other. The mapping server selects virtual networking framework capabilities for the two computing nodes to use in communicating with each other, instructs the nodes of these selected capabilities, and the two nodes then communicate according to these selected capabilities.

Abstract: Certain example embodiments relate to techniques for managing communication between a plurality of Open Services Gateway initiative (OSGi) environments. A system includes a messaging broker configured to receive a message from one of the OSGi environments, with the message including a call of a service provided by one of the other OSGi environments. The broker may be further configured to transfer the message to the other OSGi environment. The plural OSGi environments communicate only via the messaging broker.

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An example of network routing comprising a host route injection that can include injecting a host route and a next hop of the host route into a routing table. The host route can be injected into a top of rack network device and transferred to an Aggregation network device routing table. The routing entry can be updated by sharing routing updates from the compute host through the top of rack network device.

Abstract: Forward Error Correction (FEC) techniques that generate independently decodable resource blocks are beneficial for Successive Interference Cancellation (SIC) demodulation. One FEC technique for generating independently decodable resource blocks includes mapping locally decodable FEC codeblocks into unique resource blocks such that substantially all of the bits of the FEC codeblock are carried within a single resource block. The locally decodable FEC codeblocks can be generated from different FEC encoding modules or from a common FEC encoding module. Another technique for generating independently decodable resource blocks includes encoding a stream of information bits into low-density parity-check (LDPC) codeblocks having high ratios of inward peering parity bits. These high ratios of inward peering parity bits allow substantial portions of each LDPC codeblock to be decoded independently from information carried by other LDPC codeblocks.

Abstract: An apparatus and system are disclosed for reducing network traffic using a shared network response cache. A request filter module intercepts a network request to prevent the network request from entering a data network. The network request is sent by a client and is intended for one or more recipients on the data network. A cache check module checks a shared response cache for an entry matching the network request. A local response module sends a local response to the client in response to an entry in the shared response cache matching the network request. The local response satisfies the network request based on information from the matching entry in the shared response cache.

Abstract: A method is disclosed for reducing network traffic using a shared network response cache. The method intercepts a network request to prevent the network request from entering a data network. The network request is sent by a client and is intended for one or more recipients on the data network. The method checks a shared response cache for an entry matching the network request. The method sends a local response to the client in response to an entry in the shared response cache matching the network request. The local response satisfies the network request based on information from the matching entry in the shared response cache.

Abstract: Establishing a connection is disclosed. A first communication link with a perimeter gateway located external to a private network firewall but behind a perimeter network firewall is initiated. A request to allow the connection from a requestor that has requested the connection to an internal server via the perimeter gateway is received. A second communication link with the internal server protected by the private network firewall is initiated. The connection is allowed at least in part by associating together the first communication link with the second communication link.

Abstract: The embodiments of the present disclosure provide a method, a device and a network system for allocating an IP address. The allocating method comprises: allocating a first IP address to a first server; allocating a second IP address to a client connected to the first server; monitoring the client allocated with the second IP address; allocating a third IP address to the first server when a monitoring result indicates that an IP address conflict exists between the first IP address and a current IP address of a second server; wherein the second server is connected to the client allocated with the second IP address. The method may reallocate the IP address automatically when a subnet conflict occurs.

Abstract: An encapsulation apparatus for encapsulating data includes an input to receive the data, a machine to generate information related to the encapsulation of data and a logic coupled to the machine. A processing machine is coupled to the input and the logic.

Abstract: In accordance with an embodiment of the present invention, a network node is presented which is configured to associate each of a plurality of MAC addresses with an IP address on a network level. The network node is configured to, upon reception of a link level message comprising a target IP address and destined to multiple network nodes, compare the target IP address with associated MAC/IP addresses on a network level, and to selectively send the received link level message to at least one other network node on a link level based on the network level comparison. A method and a computer program product are also presented, according to embodiments of the present invention.

Abstract: A method is implemented in a host node for communicating with a corresponding node. The host node has connections to a plurality of networks, where each of the plurality of networks includes a network address translation 64 (NAT64) node, each NAT64 node utilizes a distinct prefix to generate virtual Internet Protocol version 6 (IPv6) addresses, each of the plurality of networks is an IPv6 network, but the corresponding node is an Internet protocol version 4 (IPv4) node. The host node implementing this method is able to maintain connectivity with the corresponding node despite having connections to the plurality of networks that each have NAT64 nodes that utilize distinct prefixes for virtual IPv6 addresses.

Abstract: A method of a first DNS which can update server information in real time without necessarily using a TTL (Time To Live) by recording a network address of the first DNS, which has previously obtained server address information from a second DNS, in a notification list, by the second DNS, and transmitting the changed information from the second DNS to the first DNS recorded in the notification list when the previously obtained/requested server address changes, and updating the server address by the first DNS as provided by the second DNS. A DNS updating server address method may further include providing a first DNS with server address information corresponding to a domain, recording a network address of the first DNS in a notification list, corresponding to the domain and/or the server address information, and transmitting a changed server address information to the first DNS based on the notification list.

Abstract: The present invention filters packets and reduces traffic when communication is performed with a device on a network utilizing the IPv6 protocol. To achieve this, a printer driver operating in a personal computer correlates and stores the name of the communicating party and an address for which communication actually succeeded from among addresses that have undergone name resolution, and uses the stored address in communicating with the same communicating party from then onward.

Abstract: A system includes a name server, an edge cache server, and a local cache server. The name server is configured to provide an anycast IP address in response to a request for an IP address of an origin hostname from a client system. The edge cache server is configured to respond to the anycast IP address and a unicast IP address and to retrieve content from an origin. The local cache server includes a storage and is configured to respond to the anycast IP address, to retrieve content from the edge cache server, and provide the content to a client system.

Abstract: An information handling system includes a server having a management system module. The management system module broadcasts an address resolution protocol request including a unique identifier in the information handling system. The management system module also receives multiple address resolution protocol responses to the address resolution protocol request. Each of the multiple address resolution protocol responses includes a different media access control address associated with the unique identifier. The management system module also creates a unique identifier table correlating each of the media access control addresses with the unique identifier.

Abstract: A method of routing internal network traffic within a computing system comprises receiving a network packet at a configurable logic device (CLD), parsing the network packet to obtain a destination address, searching a predetermined range of a routing table wherein each row of the routing table specifies a range of possible destination addresses and routing information, identifying a matching row of the routing table wherein the destination address falls within the range of possible destination addresses of the matching row, and routing the packet according to the routing information.

Abstract: In a system and method for establishing communications in a communications network, a network service provider can assign IP addresses to mobile devices dynamically to conserve IP address resources. A network service provider can also implement network address translation to further conserve IP address resources and to provide improved security. If a requestor seeks to obtain an IP address of a mobile device and the address is a local address, the system determines if the mobile device has a network address translation (NAT) binding that associates the IP address of the mobile device with a public IP address. If the mobile device does not have a NAT binding, the system creates a NAT binding that associates the IP address of the mobile device with a public IP address.

Abstract: Mechanisms are provided to improve efficiency of systems operating on internet protocol (IP) over Infiniband (IB) networks. One mechanism includes multicasting a first ARP request from a source node, the first ARP request including an IP address of a source port of the source node, and performing load-balancing of host traffic across a plurality of ports of a plurality of nodes by sending a reply from a destination node corresponding to the IP address included in the first ARP request, the reply being sent over the source port to the source node.

Abstract: A method for use by a subscriber device associated with a LAN in a wireless network, to enable provisioning of services to another subscriber device associated with that LAN. The method includes (i) at the first subscriber device, receiving an outgoing packet generated by the other subscriber device associated, wherein that outgoing packet has been tagged with a VLAN label; (ii) forwarding the outgoing packet towards a source MAC address of the subscriber device; (iii) associating a DSCP value with the outgoing packet; (iv) removing VLAN label and Ethernet MAC layer from the outgoing packet and forwarding the remaining IP packet to a MAC convergence sub-layer; (v) at the MAC convergence sub-layer, forwarding the outgoing packet to a service flow determined by using a DSCP value associated with the outgoing packet; and forwarding the outgoing packet along an air-link service flow connection.

Abstract: When a destination address specified by a client is to be registered as a destination, determination is made as to whether name resolution of the destination address is possible or not. If it is determined that name resolution is impossible, registration of the destination address that requires name resolution is restricted.

Abstract: A technique for acquiring and disseminating network node characteristics to enable policy decisions including receiving a resolution request from one or more clients in a network environment is disclosed. Information, for example, network address, is then acquired from one or more sources regarding a specific location in a network, for example, a network node. A list of the network addresses is then generated and ranked based on one or more parameters that merit making traffic handling decisions. The network addresses are then associated with a host name on at least one directory server and then propagated to the one or more clients.

Abstract: The invention discloses a mobile communication device and a communicative transmission method thereof. The mobile communication device includes a communication module and a control unit. The communication module is used for communicatively connecting to a communication server. The control unit is coupled to the communication module. The control unit utilizes the communication module to receive a one-to-one packet from the communication server according to a first period, and ignore a one-to-many packet on the communication server. The control unit utilizes the communication module to transmit a second one-to-many packet to the communication server according to a second period.

Abstract: In an example embodiment, a method and system is provided to determine and advertise a route advertisement in a reactive routing environment. In response to receiving a network address query with respect to a destination address at a routing device, an aggregate value, e.g. an address prefix, is determined and advertised in reply to the network address query. Determining of the aggregate value may comprise identifying within a range of network addresses represented by the aggregate value respective addresses for which the routing device does not have reachability information. The routing device may send address queries with respect to the identified addresses, to determine reachability via the routing device of those addresses. The aggregate value may be advertised conditional upon determining that a percentage of addresses within the corresponding range that can be reached via the routing device satisfies a predefined minimal coverage value.

Abstract: A mobile communication system according to the present invention comprising a plurality of Un radio bearers set between the plurality of mobile stations UE and the relay node RN, each of Un radio bearers for a predetermined QoS set for different mobile stations UE is configured to be mapped to a Un radio bearer for the predetermined QoS set between the relay node RN and the radio base station DeNB.

Abstract: If an address-resolution request message is received from a data processing terminal via an interface connected to the data processing terminal, it is determined whether a physical address corresponding to a target network address of the address-resolution request message has already been registered. If it has been registered, then an address-resolution response message containing the corresponding physical address is created and the created message is transferred to a terminal via the interface.

Abstract: In a system for providing an IPTV service, if a multicast address of an IPTV channel received from a head-end is a multicast address requested by a mobile node through a tunnel, an end router confirms a care of address (CoA) of the mobile node corresponding to the multicast address of the IPTV channel, sets the multicast address in the first header of broadcasting traffic, sets the CoA of the mobile node in the second header of the broadcasting traffic, and then sends the broadcasting traffic.

Abstract: Various systems and methods for detecting media access control (MAC) address conflicts are described herein. An indication to create a virtual machine on the host device is received at a host device of a plurality of host devices. A MAC address to assign to the virtual machine is identified, and a message is transmitted to at least one of the plurality of host devices, with the message including the identified MAC address. The MAC address is assigned to the virtual machine in the absence of a response from the at least one of the plurality of host devices indicating a potential conflict with the MAC address.

Abstract: Systems and methods for utilizing a PBX identifier of a PBX system in a mobile environment are provided. In exemplary systems, an enhanced DNS server maintains a central registry of PBX identifiers and corresponding locations associated with the PBX identifiers. The corresponding locations may comprise both private and public IP address. When a remote IP device attempts to access their main office PBX system via the PBX identifier, the enhanced DNS server returns the private and public IP addresses in response.

Abstract: Methods and systems for path resolving in a symmetric InfiniBand network are provided. One method includes transmitting, from a first node, a Management Datagram (MAD) to a second node, the MAD including a query for a Global Unique Identifier (GUID) for a port in the second node. The method further includes receiving the GUID for the port in response to the MAD and determining a Global Identifier (GID) for the port based on the received GUID. One system includes first and second nodes in communication with each other. The first node is configured to transmit a MAD to the second node, the MAD including a query for a GUID for a port in the second node. The first node is further configured to receive the GUID for the port in response to the MAD and determine a GID for the port based on the received GUID.

Abstract: A method and apparatus that operates two bridging protocols in a hybrid bridging node is described. The operation of the two bridging protocols in the hybrid node allows for an incremental transition of a provider bridging network from operating a legacy bridging protocol that shares MAC addresses to a bridging network that operates VPLS and/or PBB bridging protocols. The hybrid bridging node selectively broadcasts unicast packets with unknown MAC addresses from the nodes operating VPLS and/or PBB to nodes operating a legacy bridging protocol.

Abstract: A computer-readable medium stores a testing program that causes a computer having a storage device storing netmask lengths and address block utilization information associated with address blocks, to execute a process that includes acquiring first packets transmitted to a first apparatus, first addresses being regarded as transmission sources; referring to the storage device and acquiring a count of address blocks to which the first addresses belong and a netmask length; calculating based on the acquired address block count and netmask length, the netmask length less a bit count according to the number of the first addresses; referring to the storage device and selecting from among unused address blocks, an address block having a netmask length less than or equal to the calculated netmask length; and transmitting to a second apparatus, second packets obtained by setting the transmission sources of the first packets to second addresses in the selected address block.

Abstract: In an example embodiment, a method and system is provided to determine and advertise a route advertisement in a reactive routing environment. In response to receiving a network address query with respect to a destination address at a routing device, an aggregate value, e.g. an address prefix, is determined and advertised in reply to the network address query. Determining of the aggregate value may comprise identifying within a range of network addresses represented by the aggregate value respective addresses for which the routing device does not have reachability information. The routing device may send address queries with respect to the identified addresses, to determine reachability via the routing device of those addresses. The aggregate value may be advertised conditional upon determining that a percentage of addresses within the corresponding range that can be reached via the routing device satisfies a predefined minimal coverage value.

Abstract: Methods and apparatus to provision cloud computing network elements are disclosed. A disclosed example method includes receiving a selection of a cloud networking template from a client, wherein the cloud networking template includes a data center connector type and a wide area network connector type, configuring a virtual machine on a host server based on the cloud networking template, configuring a data center connector based on the data center connector type, configuring a wide area network connector based on the wide area network connector type, and coupling the wide area network connector to the data center connector and coupling the data center connector to the virtual machine within the host server to enable the client to access the virtual machine.

Abstract: In general, techniques are described for single prefix address allocation within computer networks. Typically, a network device that allocates addresses within a computer network implements the techniques. The network device comprises an interface and a control unit. The interface receives first and second messages from a subscriber network. The first message requests at least one address be allocated to the subscriber network according to a first address allocation mechanism. The second message requests at least one address be allocated to the subscriber network in accordance with a second address allocation mechanism. The control unit automatically determines a topology of the subscriber network based on the second message. Based on the determined topology, the control unit selectively allocates either a single network address prefix or one or more addresses of the network address prefix in response to the second message without allocating an address in response to the first message.

Abstract: The present invention is a method and apparatus for obtaining information transmitted between a source station and a destination station in a non broadcast multiple access network. A connection between the source station and a server for the destination station is established. The server has a cache containing the information. The source station transmits a request packet having parameters relating to the information to the server. The source station receives a reply packet containing the information from the server. The reply packet matches the parameters of the request packet.

Abstract: A method for operating a wireless mesh data network with multiple nodes, wherein data frames are transmitted from a source node via one or more intermediate nodes to a destination node, wherein the source node, the one or more intermediate nodes, and the destination node constitute network nodes of the data network, wherein during transmission of a data frame, at least some of the network nodes which receive the data frame, using a precursor list for the destination nodes which is assigned to the destination nodes of the data frame, check whether the network node sending the data frame is in the precursor list, and wherein in the case of a positive result, the data frame is transmitted to a further network node, and in the case of a negative result, the data frame is thrown out or processed by an error recovery routine.

Abstract: Mechanisms are provided to improve efficiency of systems operating on internet protocol (IP) over Infiniband (IB) networks. One mechanism includes multicasting a first ARP request from a source node, the first ARP request including an IP address of a source port of the source node, and performing load-balancing of host traffic across a plurality of ports of a plurality of nodes by sending a reply from a destination node corresponding to the IP address included in the first ARP request, the reply being sent over the source port to the source node.