Abstract: An enhanced device and method for anonymization also offering improved security properties of data exchanged bidirectionally between a client and a server in a communication network. A protocol in respect of data exchange between client and server which relies on a two-level third-party servers architecture as well as on a system for bidirectional communication between the client and the server through these two levels of third-party servers.

Abstract: A controller, including a processor and a non-transitory computer-readable storage medium storing a program to be executed by the processor for managing a first autonomous system (AS), the program including instructions to receive a first Border Gateway Protocol (BGP) routing message, determine a destination node, the destination node belonging to the first AS, determine, according to a node that sends the first BGP routing message, whether to perform incoming-traffic adjustment and control, allocate a source node from a second AS directly connected to the first AS, obtain a preferred path between the source and destination nodes according to a network topology, determine a first BR and a second BR on the preferred path, and send a routing control message to a specified BR belonging to the first AS instructing the specified BR to use the first BR as a next hop for packet forwarding of the second BR.

Abstract: Embodiments of a method for redirecting, by a network device, a host to a captive portal are disclosed. The method includes receiving an incoming frame originating from the host. The incoming frame has a payload specifying information associated with an external server. A user of the host has not been authenticated by the captive portal at a time when the incoming frame is received by the network device. The network device matches at least a portion of the incoming frame to a custom redirect rule of a unified access control list (ACL) implemented by the network device. In response to the matching, the network device forwards the incoming frame towards an internal redirection server executing on the network device. The network device receives a redirection frame from the internal redirection server. The payload of the redirection frame is generated by the internal redirection server using at least a portion of the incoming frame. The redirection frame is transmitted towards the host.

Abstract: Approaches, techniques, and mechanisms are disclosed for maintaining efficient representations of prefix tables for utilization by network switches and other devices. In an embodiment, the performance of a network device is greatly enhanced using a working representation of a prefix table that includes multiple stages of prefix entries. Higher-stage prefixes are stored in slotted pools. Mapping logic, such as a hash function, determines the slots in which a given higher-stage prefix may be stored. When trying to find a longest-matching higher-stage prefix for an input key, only the slots that map to that input key need be read. Higher-stage prefixes may further point to arrays of lower-stage prefixes. Hence, once a longest-matching higher-stage prefix is found for an input key, the longest prefix match in the table may be found simply by comparing the input key to lower-stage prefixes in the array that the longest-matching higher-stage prefix points to.

Abstract: A modem configured to operate in a Multimedia over Coax Alliance, MoCA, access network is provided. The modem comprises a combiner having a coaxial interface for connection to a coaxial cable network and at least two frequency-separated southbound interfaces, SBIs; at least two MoCA chips, wherein each MoCA chip is configured to operate a MoCA access link and comprises a MoCA northbound interface, NBI, connected to one each of said SBIs of the combiner, and a data SBI; a link aggregation switch having at least two switchports connected to one each of the data SBIs, and a port to a data communication interface for connection to a client device for communication at a client data rate; wherein the MoCA chips are configured to operate separate MoCA access links at different MoCA access frequency bands over the coaxial cable network.

Abstract: The present disclosure provides systems and methods for a synergetic, multi-interface workflow designer: a visual tool that enables the design, building, and use of high-level processes and standard configuration workflows among multiple users with varying technical capabilities on multiple systems. For example, it enables a line of business user to design and create a high-level process on a first designer interface. The process and its data are received by a second designer interface, which translates the process and data into a standard configuration workflow. A workflow designer may access the second designer interface to create, refine, and finalize the standard configuration workflow based on the data from the first designer interface.

Abstract: Aspects of the subject disclosure may include, for example, a device that performs operations including receiving a request for a communication session, determining participants of the communication session, determining a location of each participant of the communication session, selecting a virtual media server from among a group of media servers according to a location that reduces a communication path among the participants for the communication session, instantiating the virtual media server at a start time of the communication session, grouping the participants of the communication session into end points, and relaying communication session data between the end points. Other embodiments are disclosed.

Abstract: The disclosure relates to a method and a state controller running in a Kubernetes system. The state controller being operative to assign labels to pods, the labels indicating services to which the pods are assigned and high-availability states of the pods; detect a failed pod having a label indicating a high-availability state of not ready; and reassign the label indicating the high-availability state of the failed pod to a healthy pod, thereby changing endpoints of services provided and service flows from the failed pod to the healthy pod.

Abstract: A method for enabling event consumption is described. Upon receipt of a request for events associated with a first initial topic, a determination that the request includes a request for historical events is performed. Responsive to determining that one or more rules apply to the request for historical events, a determination of a first path from the first initial topic to a first aggregate topic is performed based on the one or more rules. The first path is different from a second path from the first initial topic to a second aggregate topic that is defined according to a current multiplexed framework definition. The current multiplexed framework definition is used for storing new events associated with the first initial topic in a second multiplexed event recordation system at a time that follows the time of receipt of the request. A first set of historical events is retrieved based on the first path.

Abstract: A method and apparatus for relaying messages in a mesh network.

Abstract: Systems and methods for detecting and preventing user terminal displacement are disclosed herein. In an embodiment, a method for managing access to a data network includes determining a baseline timing parameter based on at least one first communication signal transmitted between a gateway and a terminal, determining a current timing parameter based on at least one second communication signal transmitted between the gateway and the terminal, calculating the difference between the baseline timing parameter and the current timing parameter, and restricting access of the terminal to the data network when the difference between the baseline timing parameter and the current timing parameter exceeds a delay threshold.

Abstract: Systems and methods are provided for a computer-implemented method of implementing an on-demand computing network environment. A network specification is received from a user. Resources from one or more resource providers are provisioned. The on-demand computing network is configured, where configuring comprises assigning a first provisioned resource as a hub device and assigning one or more second provisioned resources as rim devices, where a particular rim device comprises a bridge device, where the bridge device repackages data received from the on-demand computing network prior to forwarding that data such that the data received from the on-demand computing network appears to terminate at the bridge device to an observer viewing the data between the hub device and the bridge device.

Abstract: Various methods, apparatuses/systems, and media for implementing an SSH connector are disclosed. A processor deploys a first API to get an active directory groups with a first user list data from a repository. The processor deploys a second API that calls an active directory to get a second user list data that lists users who are in given active directory groups that are authenticated and authorized. The processor also compares the first user list data to the second user list data; deploys a third API that returns active directory groups with users who are listed in the first user list data in the repository but not in the second user list data in the active directory groups; and deploys a fourth API that calls the repository to remove the users from groups in the repository who are not in the second user list data in the active directory groups.

Abstract: A system and method for FIB aggregation. FIB Aggregation with Quick Selections (FAQS) is a FIB aggregation algorithm that leverages compact data structures and three unique optimization techniques to quickly and incrementally select next hops when handling route updates. As a result, FAQS can run up to 2.53 and 1.75 times faster for IPv4 and IPv6, respectively, than the optimal FIB aggregation algorithm while achieving a near-optimal aggregation ratio. Meanwhile, it consumes much less memory and generates much smaller number of FIB changes when carrying out frequent updates. The performance enhancement of the new algorithm addresses many concerns from ISPs regarding performance issues, and enhances the probability to push FIB aggregation techniques further to the level of production adoption by the industry.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: A primary internet connection via a gateway or router located at a premises may be used to route internet traffic from devices located at the premises. A change in the primary internet connection, such as a loss or a degradation of the connection, may occur. Based on the change in the primary internet connection, metrics of alternative internet connections, such as cellular or hotspot connections, may be used to select one of the alternative internet connections. Internet traffic may be routed via the selected alternative internet connection until the primary internet connection is reestablished or improves.

Abstract: System and methods are disclosed to qualify networks properties and that can be used for topology synthesis of networks, such as a network-on-chip (NoC). In accordance with various embodiments and different aspects of the invention, quality metric are generated, analyzed, and used to determine a quantitative quality set of values for a given generated solution for a network. The method disclosed allows the network designer or an automated network generation process to understand if the results produced are a good, an average or a bad solution. The advantage of the invention includes simplification of design process and the work of the designer by using quality metrics. Various quality metrics are generated using network definitions. These quality metrics provide quality evaluation and the quality assessment of the optimization process for a generated (optimized) network. The quality metrics include analyzing latency through a network and analyzing total wore length used by the network.

Abstract: A method and system elects a master node from a plurality of nodes in a distributed system. A serverless elector function periodically outputs an election API call to a load balancer. The load balancer elects a master node from a plurality of candidate nodes each time the load balancer receives the election API call.

Abstract: A method for routing requests to a plurality of server clusters is disclosed. The method comprises establishing a first server cluster responding to requests concerning a first software via a first version of that software and to requests concerning a second software via a first version of that software, and a second server cluster responding to requests concerning the first software via a second version of that software and to requests concerning the second software via a second version of that software. A gateway router initially routes requests concerning the first and second software by default to the first server cluster. Upon receiving a request to change default routing of requests, a configuration of the gateway router is updated. Subsequent requests concerning the first software are routed to the second server cluster while subsequent request concerning the second software remain routed to the first server cluster.

Abstract: The present disclosure includes apparatuses and methods for proactive corrective actions in memory based on a probabilistic data structure. A number of embodiments include a memory, and circuitry configured to input information associated with a subset of data stored in the memory into a probabilistic data structure and proactively determine, at least partially using the probabilistic data structure, whether to take a corrective action on the subset of data stored in the memory.

Abstract: Systems and methods are provided herein for a mechanism for faster convergence of network traffic after a network device's link is interrupted by leveraging the withdrawal of the ethernet virtual private network (EVPN) auto discovery (AD) route. This may be accomplished by a first device checking an ethernet segment identifier (ESI) status flag before generating an entry in the first device's forwarding table, where the entry is based on an IP route for a host received by a second network device. In response to receiving a withdrawal of an EVPN AD route from the second device, the first device may update the ESI status flag to indicate that the host on the ethernet segment (ES) is reachable only via the third device and update the entry that was based on the IP route for the host received by the second network device to prevent sending traffic to the host via the second device.

Abstract: Logic may enable client devices or access points to relay medium access control (MAC) frames. Logic may extend the range of IEEE 802.11 devices, such as IEEE 802.11ah devices.

Abstract: Presented herein are techniques for dynamic optical network programming using Segment Routing (SR) using an Optical Provisioning SR Label (OPSL). In one form, a method is provided that is performed by a network element that has received an OPSL from another network element to create an optical circuit. In another form, a method is provided that is performed by a network element that sends an OPSL to another network element to cause that other network element to create an optical circuit.

Abstract: A method may include assigning, to a category, a current email in response to a removal of one or more recipients of the current email, such that the remaining recipients of the current email are part of a same user group. The current email may be a response to a previous email having one or more recipients who are not part of the same user group. Furthermore, a subsequent email responding to the current email and/or is similar to the current email may also be assigned to the same category. One or more actions may be performed based on the current email and the subsequent email being assigned to the category. The actions may be performed to prevent the current email and the subsequent email from being sent to a recipient who is not part of the same user group. Related systems and computer program products are also provided.

Abstract: Described herein are methods, systems and computer products for supporting user interactive actions in workflows integrating multiple disparate web applications by adding (embedding) one or more User Interface (UI) elements in one or more webpages of one or more web applications and linking them with respective workflows. Users visiting these webpages may engage with the added UI elements to interact with the linked workflows. Further described are methods, systems and computer products for enhancing performance of one or more workflows integrating multiple disparate web applications by adjusting the workflows to asynchronously initiate actions which are independent of each other such that the independent actions are executed simultaneously.

Abstract: A data transmission method according to an embodiment is performed by a computing device including one or more processors and a memory in which one or more programs to be executed by the one or more processors are stored. The data transmission method includes receiving, from connected client devices, peer-to-peer (P2P) network information of the client devices, extracting one or more of information on whether network access is successful and network quality information, which are matched with the P2P network information and pre-stored, and determining one of a first data transmission path and a second data transmission path as a data transmission path for the client devices based on one or more of the information on whether network access is successful and the network quality information.

Abstract: Embodiments are directed to host discovery for firewall coordination. An embodiment of a storage medium includes instructions for discovering a network topology for a network branch, the network branch including multiple access points including a first access point, the first access point having an interface to a network, the discovery of the network topology including identifying any access point that is linked to the first access point directly or via one or more intermediary access points; discovering one or more host devices that are connected by wireless or wired connections to one or more access points in the network branch; and generating a firewall coordination plan for the network branch based on the discovered network topology and the discovered one or more hosts, the firewall coordination plan including applying a firewall process for an access point to which a first host device is attached and bypassing one or more other firewall processes.

Abstract: A first communication, received from a first communication device operated by a first user, is parsed according to a policy to determine associated metadata comprising a first set of attributes. The policy dictates rules for use of the metadata. The first set of attributes is compared to attributes of a plurality of communication devices. Based on the comparing, at least one recipient communication device for the first communication is identified from the plurality of communication devices, wherein at least one of the first set of attributes matches at least one of the attributes of the plurality of communication devices. Based on the policy and the metadata, at least one of a feature available to the at least one identified recipient communication device and behavior of the at least one identified recipient communication device as perceived by a particular user associated with the at least one recipient communication device is determined.

Abstract: In a domain name system (DNS) server allocation method, a session management function (SMF) receives a session establishment request message sent by UE, where the request message includes a name of a data network to be accessed by the UE. The SMF obtains an IP address of a first DNS server based on the name of the data network and a geographical location of the UE. The SMF then sends to the UE a session establishment response message that includes the IP address of the first DNS server.

Abstract: The present technology provides a system and method for implementing targeted collection of in-situ Operation, Administration and Maintenance data from select nodes in a Segment Routing Domain. The selection is programmable and is implemented by setting an iOAM bit in the function arguments field of a Segment Identifier. In this way only the nodes associated with local Segment Identifiers (Function field of a Segment Identifier) with an iOAM argument bit are directed to generate iOAM data. The iOAM data generated by target nodes may be stored in TLV field of the segment routing header. The Segment Routing packet is then decapsulated at a Segment Routing egress node and the Header information with the collected iOAM data is sent to a controller entity for further processing, analysis and/or monitoring.

Abstract: An electronic device is provided, which includes a wireless communication module; at least one processor; and a memory configured to store instructions that, when executed by the at least one processor, cause the electronic device to perform a transaction with an external device using the wireless communication module, receive, from a payment server, payment approval information indicating that the transaction is approved, the payment approval information including device information of an access point (AP) located in an offline merchant and period information, establish, in response to receiving the payment approval information, a connection with the AP using the wireless communication module based on the device information of the AP, after the connection with the AP is established, operate a timer corresponding to the period information, and terminate the connection to the AP when the timer expires.

Abstract: Systems and methods described herein provide for building policies using namespaces. A device may receive a request to access a resource in a computing environment. The request may include one or more attributes. The device may identify a set of namespaces having domain-specific policy grammar to generate domain-specific policies. The device may determine a namespace from the identified set of namespaces which corresponds to the one or more attributes of the request. The device may generate, using domain-specific policy grammar of the determined namespace, a domain-specific policy to apply to the request.

Abstract: Described herein are methods, systems and computer products for supporting user interactive actions in workflows integrating multiple disparate web applications by adding (embedding) one or more User Interface (UI) elements in one or more webpages of one or more web applications and linking them with respective workflows. Users visiting these webpages may engage with the added UI elements to interact with the linked workflows. Further described are methods, systems and computer products for enhancing performance of one or more workflows integrating multiple disparate web applications by adjusting the workflows to asynchronously initiate actions which are independent of each other such that the independent actions are executed simultaneously.

Abstract: A method of manipulating a three-dimensional image file including a virtual object includes obtaining image information in a processing device of a non-instrumented physical object manipulated by a user, such image information including movement information; and causing virtual movement of the virtual object based on the movement information. A method of shaping a virtual object includes obtaining image information including movement information; and determining a shape of the virtual object based on the movement information. A method of modifying a virtual object includes obtaining image information including movement information; and altering a virtual surface appearance of at least a part of the virtual object based on the movement information. Systems and computer-readable media are also described.

Abstract: An example first device may include a processor to establish a plurality of links associating between the first network device and a second network device, the plurality of links corresponding to a plurality of virtual local area networks (VLANs) that a plurality of client devices associated with the first network device belong to; create a mapping between the plurality of links and the plurality of VLANs; and forward data received from a particular client device among the plurality of client devices in a particular VLAN of the plurality of VLANs to the second network device via a particular link corresponding to the particular VLAN based on the mapping.

Abstract: Systems and methods for altering the character of data originating from a Virtual Private Network (VPN) are provided. First data is received from the VPN by a first network interface. The first data comprises a first plurality of packets. A message is generated by combining the first plurality of packets. Second data is generated by segmenting the message into a second plurality of packets. A third plurality of packets in the second plurality of packets is equal to the network maximum transfer unit allowed by the Internet and the last packet in the second plurality of packets is less than the network maximum transfer unit allowed by the Internet. The second data is forwarded to the second network interface. The second network interface sends the data to a web server.

Abstract: A wearable device that communicates with a host device can be used to initiate a communication functionality of the host device (e.g., telephone calls, text messages). The wearable device can obtain user input indicating a recipient of the communication and in some instances content for the communication and can provide an instruction to the host device. The host device can use the indicated recipient and content to initiate communication and where applicable to send the content. Recipients and/or content can be selected from predefined lists available on the wearable device.

Abstract: A system and method support can subnet management in a cloud environment. During a virtual machine migration in a cloud environment, a subnet manager can become a bottleneck point that delays efficient service. A system and method can alleviate this bottleneck point by ensuring a virtual machine retains a plurality of addresses after migration. The system and method can further allow for each host node within the cloud environment to be associated with a local cache that virtual machines can utilize when re-establishing communication with a migrated virtual machine.

Abstract: A segmentation server configures and distributes rules for enforcing a segmentation policy that includes one or more virtual patches. The rules including the virtual patches are enforced by distributed enforcement modules that may execute on host devices or on network devices upstream from the host devices. An enforcement module enforces the rules using traffic filters that filter traffic based on network layer data. To implement a virtual patch, the traffic filters are configured to redirect traffic to or from an application being patched to a transparent application proxy. The transparent application proxy implements an application layer filter that filters traffic based on application layer data to block specific types of traffic associated with a vulnerability addressed by the virtual patch.

Abstract: A method for determining the location of mobile devices, comprising providing at least one mobile device and at least two access points distributed over two or more locations; noting the identity of access points the device is connected to over time; noting transitions between access points a device is connected to and identifying two or more access points as belonging to the same location if the mobile device transitions between connecting to said access points within a certain time period; allocating a first location to a group of access points to which a device transitions within said certain period of time and a second or further location to access points to which a device does not transition to from the first set of access points within said certain period of time; thereby associating groups of one or more access points with one or more locations, and determining the location of the device when it is subsequently connected to one of the located access points.

Abstract: Disclosed is a method for selecting a path in a communication network. The method comprises transmitting, through a device connected to a target node, a beacon, to one or more nodes in the communication network. The beacon comprises a set of informative parameters. The method comprises calculating, by each node, a selective score towards one more paths to be selected for reaching the target node in the communication network. The method further comprises identifying, by each node, a target path from the one or more path. The target path is a path having a highest value of the selective score as compared to selective score for other paths in the one or more paths. The method further comprises selecting, by each node, the target path from the one or more paths for reaching the target node.

Abstract: In general, various aspects of the techniques are described in this disclosure for distributed label assignment for labeled routes. In one example, a method includes obtaining, by a first thread of a plurality of execution threads for at least one routing protocol process executing on processing circuitry of a network device, an allocation of first labels drawn from a label space for a network service; adding, by the first thread, the first labels to a first local label pool for the first thread; generating, by the first thread, after obtaining the allocation of the first labels, a labeled route comprising a route for the network service and a label assigned by the first thread from the first local label pool; and outputting, by the network device, the labeled route.

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

Abstract: Trusted nodes in a network perform secure out-of-band symmetric encryption key delivery to user devices. A first trusted node receives a request from a first user device to deliver symmetric encryption keys to the first user device and a second user device, as a pair of user devices. The first trusted node delivers a second symmetric encryption key to the second user device, via trusted nodes. The first trusted node receives confirmation of delivery of the second symmetric encryption key. Responsive to the confirmation of delivery, the first trusted node delivers the first symmetric encryption key to the first user device.

Abstract: Examples include registering a device driver with an operating system, including registering available hardware offloads. The operating system receives a call to a hardware offload, inserts a binary filter representing the hardware offload into a hardware component and causes the execution of the binary filter by the hardware component when the hardware offload is available, and executes the binary filter in software when the hardware offload is not available.

Abstract: Devices and techniques for Information Centric Network (ICN) packet transmission control are described herein. An interest (or data) packet may be received at an ICN router. Here, the packet includes quality of service (QoS) information. For an interest packet, the ICN router creates a pending interest table (PIT) entry for the packet. The ICN router determines that it does not have a route for the packet. Thus, if it is an interest packet, there is no forward route in a forwarding information base (FIB). If it is a data packet, there is no corresponding PIT entry. However, after extracting the QoS information from the packet, the ICN router broadcasts the packet in accordance with the QoS information.

Abstract: Various example embodiments relate generally to supporting flow-specific fast rerouting of source routed packets in communication networks. Various example embodiments for supporting flow-specific fast rerouting of source routed packets may be configured to support flow-specific fast rerouting of source routed packets based on use of various source routing protocols which may be based on various underlying communication protocols. Various example embodiments for supporting flow-specific fast rerouting of source routed packets in communication networks may be configured to support flow-specific fast rerouting of source routed packets by supporting use of a source routed packet including a payload and a header where the header encodes a set of hops of a primary path for the source routed packet and where the header also encodes a set of hops of a protection path configured to protect one of the hops of the primary path for the source routed packet.

Abstract: A method for operating a mobile device in a mobile communication network. The method comprises transmitting a mobile device component identifier to a network node within the mobile communication network. The mobile device component identifier identifies at least one hardware or software component of the mobile device. The mobile device component identifier is indicative of capability information specifying at least one capability of the mobile device for communication with the mobile communication network. A corresponding method for operating a network node is also provided.

Abstract: In a mobile network, an identity of a security group associated with user equipments (UEs) may be obtained. A segment route (SR) path for session communications in the mobile network for the UEs may be selected based on the identity of the security group. The SR path may be one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs (SIDs). An identity of a virtual network associated with the security group may also be obtained. The selected SR path and the identity of the virtual network may be provisioned in one or more routers of the transport network, such that IP messages communicated for the UEs in the mobile network are forwarded via the selected SR path and (at least ultimately) via the tunnel associated with the security group.

Abstract: A method for displaying differences between a first executable dataflow graph and a second executable dataflow graph includes comparing a specification of the first executable dataflow graph and a specification of the second executable dataflow graph, including at least one of identifying a particular node or link of the first dataflow graph that does not correspond to any node or link of the second dataflow graph; and identifying a first node or link of the first dataflow graph that corresponds to a second node or link of the second dataflow graph, and identifying a difference between the first node or link and the second node or link. The method includes formulating and displaying a graphical representation of at least some of the nodes or links of the first dataflow graph or the second dataflow graph, the graphical representation including a graphical indicator of at least one of the identified particular node or link the identified difference between the first node or link and the second node or link.