Abstract: Systems and methods for altering the character of data originating from a Virtual Private Network (VPN) are provided. First data is received from the VPN by a first network interface. The first data comprises a first plurality of packets. A message is generated by combining the first plurality of packets. Second data is generated by segmenting the message into a second plurality of packets. A third plurality of packets in the second plurality of packets is equal to the network maximum transfer unit allowed by the Internet and the last packet in the second plurality of packets is less than the network maximum transfer unit allowed by the Internet. The second data is forwarded to the second network interface. The second network interface sends the data to a webserver.

Abstract: Systems and methods are provided for a computer-implemented method of implementing an on-demand computing network environment. A network specification is received from a user. Resources from one or more resource providers are provisioned. The on-demand computing network is configured, where configuring comprises assigning a first provisioned resource as a hub device and assigning one or more second provisioned resources as rim devices, where a particular rim device comprises a bridge device, where the bridge device repackages data received from the on-demand computing network prior to forwarding that data such that the data received from the on-demand computing network appears to terminate at the bridge device to an observer viewing the data between the hub device and the bridge device.

Abstract: The present invention discloses a clustering routing optimization method based on adaptive evolutionary algorithm for a wireless sensor network, comprising following steps: performing population initialization by initial position and energy information of sensor nodes; calculating fitness values, and implementing iterative operation of elite preservation, adaptive crossover and mutation; after the iteration, selecting a cluster head; routing data packet of the cluster head to a base station. Convergence process of the evolutionary algorithm is improved by nonlinearly adjusting the probability of crossover and mutation; upper and lower bound of crossover and mutation operators are dynamically adjusted by fitness value; adding an incentive factor, adjusting the crossover and mutation probability when the fitness value tends to converge, and running the algorithm again to confirm that a new optimal value is generated.

Abstract: A system described herein may identify that a first container and a second container of a virtualized environment are instantiated at a particular node that is associated with a particular address (e.g., an Internet Protocol (“IP”) address). The system may identify a logical association between the first and second containers, such as a logical and/or hierarchical association specified by a custom resource definition. The system may generate a first Domain Name System (“DNS”) record (e.g., an “A” record) associating the first container with the address of the particular node, and may a second DNS record (e.g., a “CNAME” record) associating the second container with the first container. The system may provide the first and second DNS records to a DNS server, which may provide the address of the particular node when receiving a DNS request specifying the second container.

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.

Abstract: In one example of the disclosure, a set of electronic document templates is accessed and instances of duplicated document content are identified. Display of a user notice for first duplicated document content is caused. Responsive to receipt of data indicative of a user instruction to create a component template for the first duplicated content, the component template is created and stored.

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

Abstract: A client of a metering service defines mapping data and derivation instructions comprising schema metadata and predicate metadata. The metering service provides usage information for a set of computing resources provided by one or more services of a computing resource service provider. As computing resources are utilized, usage records are generated. A derivation system may obtain one or more usage records and determine whether a predicate applies. If the predicate applies, a derivation function may be executed. For example, the derivation function may generate, from an original usage record, a derived usage record using mapping data provided by a client.

Abstract: Preserving identities and policies across replication, including: receiving, at a first storage array, a first data frame comprising data associated a dataset stored at the first storage array and an identifier of a quality of service level associated with the first data frame; generating, at the first storage array, a second data frame comprising a portion of the dataset and the identifier of the quality of service level associated with the first data frame; and transmitting the second data frame to a second storage array.

Abstract: According to various embodiments, an electronic device includes at least one processor. The at least one processor may be configured to: confirm a data session establishment request from a first application executed by the at least one processor; confirm at least one first descriptor corresponding to the first application for path selection; confirm a first network interface corresponding to the at least one first confirmed descriptor based on the at least one first confirmed descriptor; establish a first data session corresponding to the at least one first confirmed descriptor; and transmit and/or receive data related to the first application through the first network interface using the first data session.

Abstract: A method implemented by a first node in a segment routing (SR) network domain includes receiving, from a second node of another network domain, a packet that is to pass through the SR network domain in accordance with segment identifiers (SIDs). The method also includes obtaining compressed SIDs corresponding to some of the SIDs. The method includes generating, by the first node, a segment routing header (SRH) having a list of segments and a segment left (SL) field. The method finally includes adding the SRH to the packet, and forwarding the packet with the SRH to a third node in the SR network domain.

Abstract: An operation method of a boundary IAB node between a first topology and a second topology in a communication system may include: receiving, from a first IAB donor node included in the first topology, a first address of a first node included in the second topology; receiving, from a node connected to the boundary IAB node, data including a relay request using a second address as a destination address; rewriting the destination address of the data with the first address indicated by the second address in a mapping table; and routing the data towards the first node.

Abstract: The present disclosure provides systems and methods for a synergetic, multi-interface workflow designer: a visual tool that enables the design, building, and use of high-level processes and standard-configuration workflows among multiple users with varying technical capabilities on multiple systems. For example, it enables a line of business user to design and create a high-level process on a first designer interface. The process and its data are received by a second designer interface, which translates the process and data into a standard-configuration workflow. A workflow designer may access the second designer interface to create, refine, and finalize the standard-configuration workflow based on the data from the first designer interface.

Abstract: In one embodiment, a system includes a plurality of first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises at least one public-cloud virtual machine (VM) that performs network address translation; and a plurality of second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein the public-cloud VM is configured to receive, via a network tunnel from the private-cloud VM, one or more first packets to be sent to a public Internet Protocol (IP) address of a public network host, translate, using a NAT mapping, a source address of each first packet from a private IP address of the private-cloud VM to an IP address of the public-cloud VM, and send the first packet to the IP address of the public-cloud VM.

Abstract: Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to an identifier and tag.

Abstract: This disclosure provides a method, apparatus, and computer-readable medium for wireless communication at a modem, comprising receiving, via an interface with a host, an internet protocol (IP) packet including a first transport protocol header and a first IP header. The IP packet has a size greater than a maximum transport unit (MTU) size allowable for each packet transmitted over a communication link. The modem segments the IP packet into a plurality of segments based on a segment size indicated by a segmentation policy. Each segment includes a respective derived segment transport protocol header and a respective derived segment IP header derived from the IP packet. Each of these derived headers includes at least one field based on the segmentation policy, and each of the segment transport protocol headers includes a checksum for the respective segment. Additionally, the modem transmits the plurality of segments over the communication link.

Abstract: A process for defining a cloud service in an Infrastructure as Code (IaC) tool is designed to dynamically determine numbers of clusters, availability domains, compute nodes, and/or load balancers at run time. These values are then used to determine a number of subnet levels required for a classless inter-domain routing (CIDR) slicing operation to generate subnets for each of the compute nodes and load balancer nodes in the service. Because IaC languages do not provide nested loop control constructs, labels for each of the subnets can be generated and assigned using a Cartesian product of label elements. These labels can be modified by a count variable that is incremented each time a resource is duplicated in the script to simulate the effect of a nested loop structure.

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

Abstract: Methods and apparatus are disclosed for processing local area network (LAN) diagnostic data obtained in respect of a LAN, the LAN having at least one user-device located therein operable to communicate via a LAN gateway device with one or more remote devices in a communications network outside the LAN, the LAN gateway device having a wireless interface associated therewith in the LAN, the LAN diagnostic data including data packets received via the wireless interface at least some of which carry performance data relating to one or more predetermined performance characteristics of the LAN.

Abstract: A method includes obtaining, by a processing device, web traffic including a set of messages associated with a target platform, analyzing, by the processing device, the web traffic to obtain a set of data extractor code candidates for extracting a set of data from the target platform, and selecting, by the processing device, data extractor code from the set of data extractor code candidates.

Abstract: Systems, computer program products, and methods are described herein for automated data sorting in an electronic network. The method includes receiving a primary tag designation corresponding to a recipient of a data transfer from an end-point device associated with a sending user. The method also includes providing the end-point device with sub-tag(s) associated with the primary tag designation. Each of the sub-tag(s) correspond to an individual category of the data transfer. The method further includes receiving the transfer data packet that includes the primary tag designation and at least one of the sub-tag(s). The transfer data packet indicates data to be transmitted to the recipient in the data transfer. The method also includes causing the data transfer to be executed. The data transfer includes the primary tag designation and the at least one of the one or more sub-tags included in the transfer data packet.

Abstract: Techniques for tunneling Layer 2 ethernet frames over a connection tunnel using the MASQUE protocol are described herein. The MASQUE protocol may be extended to include a new entity, configured to proxy ethernet frames using a MASQUE proxy connection, and an associated CONNECT method, CONNECT-ETH. Using the extended MASQUE protocol, an Ethernet over MASQUE (EoMASQUE) tunnel may then be established between various networks that are remote from one another and connected to the internet. An EoMASQUE tunnel, established between separate remote client premises, and/or between a remote client premise and an enterprise premise, may tunnel ethernet packets between the endpoints. Additionally, a first EoMASQUE tunnel, established between a first client router provisioned in a first remote client premise and an EoMASQUE proxy node, and a second EoMASQUE tunnel, established between a second client premise and the EoMASQUE proxy node, may tunnel ethernet packets between the first and second client premise.

Abstract: A communication control device that causes a second communication device to generate a switching response frame indicating a response of connection switching that is to be transmitted to a communication terminal configured to switch a connection destination from a first communication device to the second communication device, on the basis of information regarding a connection between the first communication device and the communication terminal.

Abstract: A multi-tenant cloud native system for providing network connections between a plurality of gateway endpoints using tags and secure tunnels. The system includes an end-user device, a cloud control plane, and a cloud provider. The end-user device includes a client endpoint providing a request for establishing a network connection with a service endpoint of the gateway endpoint. Zones and tenants are identified from the request. Tags are assigned to the gateway endpoints in the network based on a tag policy. Connectivity of the tags and tunnels between the gateway endpoint are identified from network traffic of devices corresponding to the gateway endpoints. A database of devices with device addresses is identified to determine routes between the gateway endpoints. A secure tunnel is determined from the plurality of tunnels based on the tags corresponding to the tenant and the network connection is established via the secure tunnel using the routes.

Abstract: A flow identifier is described for packet sequences through a secure tunnel of an SD-WAN and an error message for recovering the flow. A method includes receiving a sequence of packets, facilitating a first secure tunnel between a first hub and a second hub, assigning a first flow identifier to the sequence of packets, encapsulating a first start packet, the wrapper including the first flow identifier, sending the encapsulated first start packet to the second hub through the first secure tunnel, receiving an error message from the second hub, the error message including the first flow identifier and an error code, facilitating a second secure tunnel, assigning a second flow identifier, encapsulating a second start packet, the wrapper including the second flow identifier, and sending the encapsulated second start packet through the second secure tunnel.

Abstract: A method for transmitting an application programming interface API request includes receiving, by a first API gateway, a first API request; obtaining, by the first API gateway, a first forwarding label corresponding to the first API request, where the first forwarding label includes a first target security domain identifier, and a security domain identifier of the first API gateway is different from the first target security domain identifier. The method also includes determining an address of a second API gateway according to a mapping relationship between the first target security domain identifier and the address of the second API gateway. The method additionally includes sending the first API request to the second API gateway based on the address which is a next-hop API gateway of the first API gateway that sends the first API request to an API gateway corresponding to the first target security domain identifier.

Abstract: The present disclosure relates to a chip placed in a full-custom layout and an electronic device for implementing a mining algorithm. There is provided a chip placed in a full-custom layout, comprising a pipeline structure having a plurality of operation stages, wherein each operation stage includes: a plurality of rows arranged sequentially in an X-direction parallel to a substrate of the chip and having a uniform row height in the X-direction, the plurality of rows including rows of a first type, each row of the first type including: a first set of register modules; and a first set of logical operation modules; wherein the first set of register modules and the first set of logical operation modules are adjacently provided in a Y-direction, and the first set of logical operation modules is used for processing data in the first set of register modules.

Abstract: A computer-implemented method according to one approach includes receiving requests to perform data operations on a first storage container, where the data operations include a read operation and a write operation. It is determined whether first data stored on the first storage container is set to a read-only status. In response to determining that the first data is set to the read-only status, the read operation is allowed to be performed on the first container for reading the first data, and the write operation is performed on a second storage container. Moreover, in response to determining that the first data is set to the read-only status, it is determined whether the read-only status has been withdrawn. In response to determining that the read-only status has been withdrawn, further write operations are allowed to be performed on the first storage container.

Abstract: A data processing system implements techniques for restricting which notifications and/or conversations are presented on a plurality of user devices associated with a user. Each user device is associated with a device category. The device categories are associated with time category information that associates each of a plurality of time periods with permitted device category information that indicates which categories of user devices associated with the user are permitted to present notifications that messages have been received for a particular time period and the categories of messages for which the notifications may be presented for that time period and/or which categories of conversations may be presented or hidden. The message category may be determined based on user input or by analyzing the message content with a machine learning model configured to predict the message category.

Abstract: Systems and methods are described for enabling graceful recovery of network connections in a virtual machine instance that has been migrated or temporarily halted. To prevent the virtual machine instance from attempting to reuse open connections, which might fail due to migration or halting, a host device identifies open connections just prior to halting the virtual machine instance on the host, and transmits to the virtual machine instance termination signals for the open connections. The host device may further transmit termination signals to the other parties to such connections. Each termination signal may be formatted so as to appear to originate from the other party to the connection, causing both parties to synchronize their knowledge of the connection. On reactivation, the virtual machine instance can recovery the connections without errors associated with attempted utilization of broken connections.

Abstract: Presented herein are system and methods for handling processing of data in cloud environments. A server receives a first dataset generated in response to a function of a first application. A server generates a set of identifiers defining a sequence of processing of the first dataset associated with the function. The identifiers include a first identifier indicating the first application as a predecessor for the first dataset and a second identifier indicating a second application as a successor for the first dataset. The server identifies the second application corresponding to the second identifier as the successor for processing the first dataset. The server communicates at least a portion of the first dataset with a second server hosting the second application to receive a second dataset generated by the second application. The server stores the second dataset in the cloud environment.

Abstract: An edge computing (EC) entity belongs to an EC system, and a mobile communication core MCC entity belongs to a MCC system, like a 3GPP system. The EC entity is configured to obtain topology information of the EC system, and expose the topology information to another network, in particular to a MCC system. The MCC entity is configured to receive topology information of an EC system from the EC entity, and provide the topology information to a network exposure function (NEF) or to a policy control function (PCF) of the MCC system.

Abstract: A method for redundancy control is disclosed. CIoT reader devices act as collaborative IoT gateways for connected objects and collect received data from the connected objects and transmit the data to a backend cloud infrastructure. The method includes assigning to each connected object an identifier ID and a freshness indicator, where the freshness indicator is a label having a value of “fresh” or “expired”, upon receiving data from at least one connected object, setting the freshness indicator to “fresh” for each respective connected object, wherein for each connected object the freshness indicator is configured to change to “expired” after a pre-determined period of time, and sending a message to coordinator device, the message containing a fresh list of ID's of connected objects for which the freshness indicator has “fresh”, wherein the coordinator device broadcasts the fresh list to CIoT reader devices within a broadcasting range of the coordinator device.

Abstract: A method and apparatus of a network element that processes a packet in the network element is described. In an exemplary embodiment, the network element receives a data packet that includes a destination address. The network element receives a packet, with a packet switch unit, wherein the packet was received by the network element on an ingress interface. The network element further determines if the packet is to be stored in an external queue. In addition, the network element identifies the external queue for the packet based on one or more characteristics of the packet. The network element additionally forwards the packet to a packet storage unit, wherein the packet storage unit includes storage for the external queue. Furthermore, the network element receives the packet from the packet storage unit and forwards the packet to an egress interface corresponding to the external queue.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: Methods and systems disclosed provide for creating private networks for secured communication between devices. The devices can communicate with each other over a secure tunnel created for a closed circle of devices. Furthermore, the methods and systems can enable offline communication between devices on a private network.

Abstract: In general, various aspects of the techniques are described in this disclosure for distributed label assignment for labeled routes. In one example, a method includes obtaining, by a first thread of a plurality of execution threads for at least one routing protocol process executing on processing circuitry of a network device, an allocation of first labels drawn from a label space for a network service; adding, by the first thread, the first labels to a first local label pool for the first thread; generating, by the first thread, after obtaining the allocation of the first labels, a labeled route comprising a route for the network service and a label assigned by the first thread from the first local label pool; and outputting, by the network device, the labeled route.

Abstract: The information code has an information code area constituted of colored information cells with two or more colors, the information code area having the specific information recorded using the information cells as information units, and a teacher code area having teacher cells with the same colors and the same number of colors as the information cells so as to identify the colors of the information cells. In the information code, the teacher code area is placed away from the information code area or inside the information code area.

Abstract: A route processing method includes obtaining, by a first network device, a flow effective time parameter and a route related to the flow effective time parameter, processing, by the first network device in the specified time interval, service traffic corresponding to the route related to the flow effective time parameter, generating a route control message, where the route control message carries the flow effective time parameter and the route, and sending, by the first network device, the route control message to a second network device.

Abstract: A CPU implements a virtual network function (VNF) associated with flow processing and can offload at least some of the flow processing to a hardware accelerator. A module (e.g., TOR switch), external to the software-based processor and the hardware accelerator, examines packet flows and determines (e.g., using a top-K elephant-flow-detection algorithm) which ones are more suitable for offloading from the software-based processor to the hardware accelerator than others. The external module communicates the relative suitability for offloading to the CPU using packet tags or out-of-band messaging, and the CPU uses the relative suitability to determine which flows to offload or onload. In some implementations, the CPU can instruct the external module to change the value of K used in the algorithm.

Abstract: In some embodiments, a computer implemented method for assessing network bandwidth availability in a network connection having unknown excess capacity beyond an initial network capacity is provided. There are two cases to be considered: (1) the network has a given capacity and the system doesn't know what it is (e.g., on a cellular network) this capacity may change over time as more users use the network and/or a user is mobile, and (2) the system is assigned capacity but by pushing the network, the system may be able to get more capacity (e.g., on a satellite hub). The excess capacity may be quantified for future potential opportunistic, emergency or priority usage, or in some embodiments, utilized periodically or continuously.

Abstract: Systems and methods are described for adapting a second user input device to resemble a first user input device while preserving new functionalities not available in the first user input device. The systems and methods may identify, based on identifiers of the first and second user input devices, a first and second set of device functionalities provided by the devices. The systems and methods may compare the sets of device functionalities to determine a set of common device functionalities and, in response, modify the display of an input of the second user input device to correspond to visual attributes of an input of the first user input device.

Abstract: A server device for use with a cable modem, a router, a user, a client device, and a CMTS, the cable modem and the router being able to be configured in a LAG configuration, the client device and/or the cable modem being configured to provide a notification to the user to configure the cable modem and the router into the LAG configuration, the CMTS being configured to provide a first and second service flow to the cable modem, the server device comprising: a memory; and a processor configured to execute instructions stored on the memory to cause the server device to: monitor the second set of data packets; and automatically transmit a LAG notification to the client device and/or the cable modem when the second set of data packets meets a predetermined threshold, the notification notifying the user to configure the cable modem and the router into the LAG configuration.

Abstract: A first device may provide, periodically throughout a test session and to neighboring devices that are in a network with the first device, a message request for measuring network performance. The neighboring devices, upon receiving the request message, are to use a relay mechanism to determine network performance indicator (NPI) values. The first device may receive, from the neighboring devices and periodically throughout the test session, a response message that includes the NPI values. The first device may determine additional NPI values that measure the network performance between the first device and the neighboring devices. The first device may determine overall NPI values based on the NPI values and the additional NPI values. The first device may identify a preferred next-hop to one of the neighboring devices based on the overall NPI values, where the preferred next-hop is part of a preferred path through the network.

Abstract: A method is provided that is performed for a wireless network that includes one or more wireless client devices that may rotate their media access control (MAC) address used for wireless communication with one or more wireless access point devices in the wireless network. The method includes determining an impact of MAC address rotation by the one or more wireless client devices on operational resources of one or more networking devices or networking processes in a network infrastructure associated with the wireless network. The method further includes scheduling MAC address rotation by the one or more wireless client devices according to the impact on operational resources of the one or more networking devices or networking processes in the network infrastructure.

Abstract: A method of capturing video and audio information includes, at a server computer, determining a capture group that includes at least a first client device and a second client device. The method further includes receiving a group capture request and transmitting an individual capture request to at least the second client device. The method further includes receiving a first individual capture from the first client device and a second individual capture from the second client device, associating the first individual capture with the second individual capture in a group capture, and providing access to the group capture to at least one of the first client device and the second client device.

Abstract: Robotic processor embodiments determine via graphical image analysis physical attributes of an engagement area of a work-piece that a specified tool physically engages to execute a specific action. The processors identify a model set plurality of alternate substitute tools that are each available within a physical environment of the engagement area and have a body portion with physical dimensions that conform to physical dimensions of the work-piece engagement area, and thereby select a substitute tool that has a body portion that best conforms to the physical dimensions of the work-piece engagement area and meets constraints for substitute tool selection for executing the specific action.

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

Abstract: Techniques are described for providing a method and apparatus for determining source address validation of a data packet in a network in the presence of asymmetric routing. When a data packet is received by a node such as a router, a reverse path forwarding lookup is performed to determine if the data packet was received on a next-hop interface and if the reverse path forwarding fails, a Shortest Path First (SPF) computation at the router advertising the source route will be performed using the link state database to determine whether the data packet arrived from a valid path of the network.

Abstract: Disclosed in the embodiments of the present disclosure are a packet forwarding method, apparatus and system, a network device and a storage medium. The method includes: carrying, according to Deterministic Networking (DetNet) requirements for a multicast packet based on Bit Index Explicit Replication (BIER), corresponding DetNet configuration information in BIER header information of the multicast packet; and sending the multicast packet carrying the BIER header information.