СПОСОБ И СИСТЕМА ОБЕСПЕЧЕНИЯ КЛИЕНТСКОМУ УСТРОЙСТВУ АВТОМАТИЧЕСКОГО ОБНОВЛЕНИЯ IP-АДРЕСА, СООТВЕТСТВУЮЩЕГО ДОМЕННОМУ ИМЕНИ

Изобретение относится к области использования цифровых сетей связи. Технический результат заключается в повышении эффективности использования преобразования доменного имени в IP-адрес. Технический результат достигается за счет обеспечения клиентскому устройству автоматического обновления IP-адреса, соответствующего доменному имени. Если доменное имя входит в состав второго набора, представляющего собой поднабор первого набора, то выполняется получение сервером от первой службы разрешения доменных имен первого IP-адреса. Если доменное имя входит в состав третьего набора, представляющего собой поднабор второго набора, то осуществляется передача клиентскому устройству первого IP-адреса. Если доменное имя входит в состав второго набора и если второй IP-адрес, соответствующий доменному имени и отличающийся от первого IP-адреса, может быть получен сервером от второй службы разрешения доменных имен, то выполняется получение сервером второго IP-адреса от второй службы разрешения доменных имен.

СПОСОБ И СИСТЕМА ПЕРЕСЫЛКИ И ОБРАБОТКИ СЕРВИСНОГО ПАКЕТА И ТОЧКА ДОСТУПА АР

Изобретение относится к технологиям связи. Технический результат заключается в повышении скорости передачи данных в сети. Способ содержит этапы, на которых: получают информацию изменения пути пересылки пакета мобильного терминала; и имитируют, в качестве реакции на получение информации изменения пути пересылки пакета мобильного терминала, но без инициирования пакетом, посланным с мобильного терминала, мобильный терминал для отправки пакета протокола определения адреса (ARP) на устройство пересылки, с тем чтобы устройство пересылки обновило таблицу ARP и таблицу управления доступом к среде передачи данных (MAC) в соответствии с этим ARP-пакетом, причем данный ARP-пакет содержит адрес протокола Интернета (IP) мобильного терминала и МАС-адрес мобильного терминала. 5 н. и 9 з.п ф-лы, 7 ил.

СПОСОБ И СИСТЕМА ОБЕСПЕЧЕНИЯ КЛИЕНТСКОМУ УСТРОЙСТВУ АВТОМАТИЧЕСКОГО ОБНОВЛЕНИЯ IP-АДРЕСА, СООТВЕТСТВУЮЩЕГО ДОМЕННОМУ ИМЕНИ

... 1. Способ обеспечения клиентскому устройству автоматического обновления по меньшей мере одного IP-адреса, соответствующего определенному доменному имени, по меньшей мере одним сервером по сети обмена данными, включающий:(a) в том случае, когда доменное имя входит в состав второго набора доменных имен, представляющего собой поднабор первого набора доменных имен:(i) получение по меньшей мере одним сервером от первой службы разрешения доменных имен по меньшей мере одного первого IP-адреса, соответствующего доменному имени; и(ii) сохранение по меньшей мере одним сервером в базе данных, связанной по меньшей мере с одним сервером, по меньшей мере одной адресной записи, включающей в себя доменное имя и по меньшей мере один первый IP-адрес;(b) в том случае, когда доменное имя входит в состав третьего набора доменных имен, представляющего собой поднабор второго набора доменных имен:передачу клиентскому устройству по меньшей мере одним сервером по меньшей мере одного первого IP-адреса;(c) в том случае ...

Management of content delivery in an IP network

Information centric networking routing in an ip network

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND DEVICE FOR THE COORDINATION OF THE CHANGE-OVER OF THE SERVICE TENDERER BETWEEN A CLIENT AND A SERVER WITH IDENTITY-BASED SERVICE ENTRANCE ADMINISTRATION

PROCEDURE, COMPUTER PROGRAMME PRODUCT, MOBILE COMMUNICATIONS EQUIPMENT AND A SYSTEM FOR THE REDUCTION OF THE ENERGY CONSUMPTION IN MOBILE DEVICES OF MEANS RUNDSENDEZU SINGLE TRANSMISSION SIGNAL CONVERSION

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

METHOD AND APPARATUS FOR COORDINATING A CHANGE IN SERVICE PROVIDER BETWEEN A CLIENT AND A SERVER WITH IDENTITY BASED SERVICE ACCESS MANAGEMENT

A method of configuring a network access device connected to an access network connected to a plurality of service networks, the network device having a first network address allocated to a subscriber of services of a first service provider provided by a first service network, with a new network address allocated to a second subscriber of services of either the first service provider, or a second service provider provided by a second service network. The method comprises the steps of: sending a request from the network access device to the access network with user credentials for the second subscriber requesting access to the first service provider or a change to the second service provider; receiving a response from the access network; and intitiating a network address change request using a configuration protocol. In this manner, a second network address allocated to the second subscriber of services of either the first or second service providers is assigned to the network access device ...

UNIQUE IDENTITIES OF ENDPOINTS ACROSS LAYER 3 NETWORKS

Systems and methods provide for determining unique identities of endpoints across L3 networks. For example, a first networking device of a network management system in a first L3 network can receive a mapping of a first L3 network address to a first L2 network address from a second networking device in a second L3 network. The system can determine that the first L2 network address is associated with a third networking device. The system can receive a mapping of the L3 address to a second L2 network address from the third device. The system can determine that the second L2 address is associated with an endpoint. The system can store the L3 address and the second L2 address as an identity of the endpoint. The system can present network utilization information of the endpoint using traffic to/from the L3 address correlated to the endpoint based on its identity.

METHOD AND SYSTEM FOR PREVENTING CACHE POISONING DNS

OPTIMIZING THE REFRESH RATE OF A DNS RECORD

L'invention concerne un procédé d'optimisation de la fréquence de rafraichissement d'au moins une partie d'un enregistrement comprenant une association entre un premier identifiant d'une ressource sur un réseau et au moins un second identifiant de la ressource, et une durée de vie pour ladite association, le procédé étant mis en œuvre par un serveur résolveur (Sres) ayant obtenu ledit enregistrement de la part d'un serveur dit faisant autorité (Saut), le procédé étant caractérisé en ce qu'il comprend : • une émission (E06) d'un message comprenant au moins ladite association, à destination d'un serveur applicatif (Sapp) référençant le premier identifiant.

A SYSTEM AND METHOD FOR PERFORMING SOFT HANDOFF IN A WIRELESS DATA NETWORK

Power-saving method and apparatus thereof for internet-of-things device

METHOD AND MOBILITY ANCHOR POINT FOR AUTHENTICATING UPDATES FROM A MOBILE NODE

A method and Mobility Anchor Point (MAP) are provided for authenticating an update message received at the MAP from a Mobile Node (MN). A table entry is created in the MAP, following receipt of a first message comprising a public key of the MN, a first pointer and a first comparison data, information elements received from the first message being stored in the table entry. The MAP then receives an update message requesting binding of a Local Care-of Address (LCoA) with a Regional Care-of Address (RCoA). The update message further comprises a second pointer and a second comparison data. The MAP locates the table entry by use of the second pointer. The MAP then authenticates the second message by hashing one of the first or second comparison data and comparing a result of the hashing with the other one of the first and second comparison data. If a match is found, the second message is authenticated and the MAP binds the LCoA and the RCoA by storing both addresses in the table entry.

Framework supporting content delivery with content delivery services

A framework supporting content delivery includes a plurality of devices, each device configured to run at least one content delivery (CD) service of a plurality of CD services. The plurality of CD services include services supporting content delivery.

TECHNIQUES FOR STEERING NETWORK TRAFFIC TO REGIONS OF A CLOUD COMPUTING SYSTEM

In various embodiments, domain name system (DNS) servers are implemented on a content distribution network (CDN) infrastructure in order to facilitate centralized control of traffic steering. Each server appliance in the CDN infrastructure acts as both an authoritative DNS nameserver and a dynamic request proxy, and each such server appliance is assigned to one of multiple cloud computing system regions. The assignment of server appliances to cloud regions is based on latency measurements collected via client application probes and an optimization that minimizes an overall latency experienced by the client applications subject to constraints that the maximum traffic to each cloud region is less than a capacity constraint for that region, the maximum deviation of traffic to each cloud regions at any point in time is less than a given percentage, and the maximum deviation of traffic between direct and indirect paths is less than a given percentage.

Detecting and marking client devices

Methods, apparatus, connection systems, and client devices are described. The apparatus receives a multiplicity of DNS query messages from multiple client devices. For each received DNS query message to a malware domain name or a particular domain name, the apparatus sends a marker DNS response message to the corresponding client device for use in detecting whether the client device is infected with malware or is accessing the particular domain name. The connection system receives a connection request from a client device of the multiple client devices for access to the communication network, and sends marker detection information to the client device for use in identifying whether client device is marked as infected with malware or accessing a particular domain name. It is determined whether the client device is infected with malware or accessed the particular domain name. The client device may be blocked or granted access to the communication network.

Method and apparatus for managing ENUM records

A method and apparatus for managing ENUM records is disclosed. An apparatus that incorporates teachings of the present disclosure may include, for example, a broker having a detection element that detects a Resource Record (RR) submission made by an IP Multimedia Subsystem (IMS), and a comparison element that retrieves from an object-oriented data storage element a zone associated with the RR, identifies a Domain Name Server (DNS) responsible for processing said zone, compares the zone with a volatile memory of the DNS, and updates the volatile memory according to one or more differences detected. Additional embodiments are disclosed.

Method and electronic device for providing multi-access edge computing service using multi-access edge computing discovery

Various embodiments of the present invention provide a method and electronic device for supporting an edge computing service (e.g., a multi-access edge computing (MEC) service). An electronic device according to various embodiments comprises a network interface, and a processor, wherein the processor is configured to: acquire, using the network interface, information relating to applications which can be provided within a base station or to at least one external server connectable through the base station by the at least one external server; select an external server including an application corresponding to a specified condition, on the basis of the information relating to the applications; and perform data transmission with the selected external server. Various embodiments are possible.

DEFENSE AGAINST NXDOMAIN HIJACKING IN DOMAIN NAME SYSTEMS

Various techniques for providing defense against NXDOMAIN hijacking in domain name systems are disclosed herein. In one embodiment, a method includes receiving a user input from a user to a search box in an application executing on a computing device connected to the Internet via a facility provided by an internal service provider (“ISP”) and resolving the received user input to the search box as a DNS query without using a caching server provided by the ISP. The method can then include determining whether the DNS query causes an NXDOMAIN condition and in response to determining that the DNS query causes an NXDOMAIN condition, indicating that the received user input does not have a corresponding IP address in the domain name system.

Address resolution protocol suppression using a flow-based forwarding element

A method of suppressing ARP packets in a logical network comprising a set of data compute nodes (DCNs). The DCNs are hosted on a set of physical hosts. Each DCN has a protocol address and is connected to a forwarding elements (FE) on the corresponding host. Each FE has a set of flows that specifies a set of conditions to match a set of fields of each received packet and a set of actions to take on a packet that matches the set of conditions. An FE on a physical host receives a packet sent by a first DCN on the physical host and determines that the received packet is an ARP request packet by matching a set of fields in the packet with a set of conditions of a particular flow. The ARP request packet identifies a protocol address of a second DCN on the logical network. The PFE utilizes the actions specified by the particular flow to determine a corresponding hardware address for the target protocol address by searching an address-mapping table that maps the protocol address of each DCN to ...

Branch office DNS storage and resolution

Maintaining DNS records. A computing network system includes a local Domain Name Service (DNS) server connected to one or more local clients or resources at a local branch office in an enterprise network. The local DNS server advertises to the local clients or resources at the local branch office that the DNS server is authoritative. The DNS server receives record information for the local clients or resources. An attempt is made to forward the record information to an enterprise hub DNS server. The record information is stored persistently in a cache. Storing the record information persistently in cache may be performed selectively or non-selectively. When performed selectively, the record information is stored or not stored depending on some result or other action. For example, the result may be stored or not stored depending on the results of attempting to forward to an enterprise hub DNS server.

IMAGE FORMING APPARATUS, IMAGE FORMING SYSTEM, AND METHOD OF IMAGE FORMING

An image forming system stores print jobs in a queue hosted by a user computer and includes a cache at an authentication server and/or an image forming device that stores address information, such as a hostname or IP address, of a user computer in association with a user ID. When a user wishes to print a document from the queue, information of print jobs in the queue is retrieved from the user computer so that the user can select print jobs to be printed. The cache allows a soft fail-over in the event of partial interruption of network communication.

ALIASING OF NAMED DATA OBJECTS AND NAMED GRAPHS FOR NAMED DATA NETWORKS

Systems, methods and computer program products for aliasing of named data objects (in named data networks) and entities for named data networks (e.g., named graphs for named data networks). In various examples, aliasing of named data objects may be implemented in one or more named data networks in the form of systems, methods and/or algorithms. In other examples, named graphs may be implemented in one or more named data networks in the form of systems, methods and/or algorithms.

RESPONSIBILITY-BASED REQUEST PROCESSING

A method is operable in a network comprising multiple service endpoints, the service endpoints running on a plurality of devices, wherein the multiple service endpoints form one or more sub-clusters. The method includes defining a group from an arbitrary set of nodes comprising service instances across the machines of the one or more sub-clusters, wherein each node in the group assumes one or more discrete responsibilities involved in processing of a request across the group. In response to a request made at a node the group, the service type of the request is dynamically determined; and, based on the type of the request, one or more nodes in the group are selected to be responsible for processing the request.

Method and System For Augmenting Network Traffic Flow Reports

Methods and systems for augmenting network traffic flow reports with domain name service (“DNS”) information are provided. A networking device system can monitor DNS response traffic through a network and extract domain name records from the response traffic that corresponds to domain names submitted in web requests. The extracted domain name records can be provided to a network traffic flow capture system for inclusion in a network traffic flow report.

Processing packets with returnable values

Technology related to processing network packets with returnable values is disclosed. In one example, a method includes intercepting a Domain Name System (DNS) request including returnable request values in respective request packet fields. A hash function can be used to characterize or modify the intercepted returnable request values. The intercepted DNS request can be forwarded to a DNS server. A DNS response including returnable response values in respective response packet fields can be received. The returnable response values and the hash function can be used to determine whether the DNS response is legitimate. A legitimate DNS response can be forwarded to a client.

DEFENSE AGAINST NXDOMAIN HIJACKING IN DOMAIN NAME SYSTEMS

Various techniques for providing defense against NXDOMAIN hijacking in domain name systems are disclosed herein. In one embodiment, a method includes receiving a user input from a user to a search box in an application executing on a computing device connected to the Internet via a facility provided by an internal service provider (“ISP”) and resolving the received user input to the search box as a DNS query without using a caching server provided by the ISP. The method can then include determining whether the DNS query causes an NXDOMAIN condition and in response to determining that the DNS query causes an NXDOMAIN condition, indicating that the received user input does not have a corresponding IP address in the domain name system.

Hybrid Unicast/Anycast Content Distribution Network System

A method includes receiving a request for an edge cache address, and comparing a requestor address to an anycast group. The method can further include providing an anycast edge cache address when the requestor address is in the anycast group. Alternatively, the method can further include determining an optimal cache server, and providing a unicast address of the optimal cache server when the requestor address is not in the anycast group.

MAPPING DATABASE SYSTEM FOR USE WITH CONTENT CHUNKS AND METHODS OF ROUTING TO CONTENT IN AN IP NETWORK

A method of retrieving content in an Internet Protocol version 6 (IPv6) network is described, including receiving from a network node a lookup request associated with content at a server comprising a mapping database. A response is generated including an IPv6 address, the IPv6 address comprising a content identifier and an indication of a location of the content. The response is transmitted to the network node. A method including receiving at a mapping database a lookup request associated with content and returning a text record comprising an ordered list of addresses for use in segment routing to the content is also described. 1. A method of retrieving content in an Internet Protocol version 6 (IPv6) network , comprising:receiving from a network node a lookup request associated with content at a server comprising a mapping database;generating a response comprising an IPv6 address, the IPv6 address comprising a content identifier and an indication of a location of the content; andtransmitting the response to the network node.2. The method of wherein a first portion of the IPv6 address carries routing information for the content and wherein a second portion of the IPv6 address carries the content identifier.3. The method according to wherein the mapping database comprises a Domain Name System (DNS) server.4. (canceled)5. (canceled)6. The method of wherein the IPv6 address is dynamically generated based on the location of the content.7. (canceled)8. (canceled)9. The method of claim 1 , wherein the indication of the location of the content comprises an anycast address.10. The method of claim 9 , further comprising:routing to the anycast address; andupdating a routing system when content is cached.11. (canceled)12. (canceled)13. The method of claim 1 , wherein the response comprises more than one IPv6 address comprising an ordered list of IPv6 addresses.14. (canceled)15. (canceled)16. (canceled)17. (canceled)18. The method of any claim 13 , wherein the IPv6 addresses in ...

Multi-phase IP-flow-based classifier with domain name and HTTP header awareness

An apparatus and method for classifying traffic data in a communication network based on IP flow. Traffic data in a communication network is monitored in order to detect an IP flow. A preliminary classification is assigned to the IP flow based on protocol information contained in its first packet. Subsequent packets within the IP flow are further monitored, and the IP flow is reclassified based, in part, on the domain name of the responding server. Web pages can also be classified, and monitored to determine their response time.

COMMUNICATION DEVICE

PROBLEM TO BE SOLVED: To provide a communication device capable of updating contents of a cache that is performed when a corresponding relationship between the other communication device being an object to communicate and an address on a network is changed in timing suitable for performing communication while suppressing a load on the network. SOLUTION: A communication device determines connection as a trigger to update correspondence information stored in a cache, and updates the correspondence information when a corresponding relationship between an identifier of the communication device being an object to communicate and the address does not maintain a corresponding relation in the correspondence information. The connection determination is controlled to be carried out according to the transmission of a packet, and stopped when the transmission is not performed for a fixed time. Therefore, when the corresponding relationship between the other communication device being the object to ...

Netzwerkübertragung

Media streaming system using content addressing

A mapping database system for use with content chunks

MULTI-LEVEL CACHE ARCHITECTURE AND CACHE ADMINISTRATIVE PROCEEDINGS FOR OF EQUAL STANDING MINUTES OF DISSOLUTION OF NAME

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

METHOD AND SYSTEM FOR AUTOMATICALLY BYPASSING NETWORK PROXIES IN THE PRESENCE OF INTERDEPENDENT TRAFFIC FLOWS

A method and system for automatically bypassing a network proxy in the presence of interdependent traffic flows. Messages from a client attempting to establish communication with an origin server are monitored to detect the presence of certain state information. If the origin server is present in one or more bypass lists, the network proxy is bypassed and communication is established between the client and origin sever directly. Otherwise, communication between the client and origin server is established though the network proxy. Messages between at least the origin server and client are monitored in order to idenify origin servers for which the network proxy should be bypassed. The bypass lists are automatically updated for such origin servers.

SINGLE PASS LOAD BALANCING AND SESSION PERSISTENCE IN PACKET NETWORKS

Methods and systems for performing load balancing and session persistence in IP (e.g., IPv6) networks are described herein. Some aspects relate to a destination options extension header that may be used to store load balancing session persistence option (LBSPO) data, including a client identifier and a server identifier for each of a client and a server. A load balancer for a server farm can perform session persistence and load balancing based on the LBSPO information. The server can include its own address in the LBSPO data when responding to an initial request from a client. The client device may then address subsequent packets to the server selected for that session, thereby bypassing the load balancer after the session is established, thereby freeing the load balancer to handle other requests. The LBSPO information may remain unchanged for the duration of the session.

LOAD BALANCING AND SESSION PERSISTENCE IN PACKET NETWORKS

Methods and systems for performing load balancing and session persistence in IP (e.g., IPv6) networks are described herein. Some aspects relate to a destination options extension header that may be defined as a load balancing session persistence option (LBSPO) for storing a client identifier and a server identifier for each of a client and a server during a session. Packets sent between the client and the server may include the LBSPO with the client and server identifiers. A load balancer with a virtual IP address of a target application can perform session persistence and assign a destination server to a client based on a preexisting session between the server and the client, as determined by the LBSPO information. While a target VIP node may process data packets based on the LBSPO information, once established, the LBSPO information may remain unchanged for the duration of the session.

In a cluster environment for control client with access to the services of the method

METHOD AND APPARATUS FOR CORRELATING NAMESERVER IPV6 AND IPV4 ADDRESSES

A method of correlating nameserver addresses is implemented in a multi-tier name server hierarchy comprising a first level authority for a domain, and one or more second level authorities to which the first level authority delegates with respect to a particular sub-domain associated with the domain. Preferably, the first level authority is IPv4-based and at least one second level authority is IPv6-based. The first level authority responds to a request issued by a client caching nameserver (a "CCNS") and returns an answer that includes both IPv4 and IPv6 authorities for the domain. The CCNS is located at an IPv4 source address that is passed along to the first level authority with the CCNS request. According to a feature of this disclosure, the first level authority encodes the CCNS IPv4 source address in the IPv6 destination address of at least one IPv6 authority. Then, when the CCNS then makes a follow-on IPv6 request (with respect to the sub-domain) directed to the IPv6 authority, the ...

A METHOD AND NETWORK NODE FOR USE IN LINK LEVEL COMMUNICATION IN A DATA COMMUNICATIONS NETWORK

A network node is presented which is configured to associate each of a plurality of MAC addresses with an IP address on a network level. The network node is characterized in that it is configured to, upon reception of a link level message comprising a target IP address and destined to multiple network nodes,compare the target IP address with associated MAC/IP addresses on a network level, and to selectively send the received link level message to at least one other network node on a link level based on the network level comparison. A method and a computer program product are also presented.

Lock-free updates to a domain name blacklist

A computer-implemented method updates a domain name system blacklist in a lock-free manner is disclosed. In the method, an entry of the domain name blacklist is read at a DNS resolver in a plurality of DNS resolvers. The entry specifies a policy for the DNS resolver to execute when the DNS resolver receives a request to resolve a domain name. Before the reading is complete, an updated entry of the domain name blacklist is received, a new record to the domain name blacklist is added, and the entry being read is placed into a garbage pool having a current version number. Independently from the reading of the entry, the current version number is incremented and a new garbage pool is created for the incremented version number. When the reading is complete, the current version number is assigned to the DNS resolver.

Content delivery framework with dynamic service network topologies

A content delivery framework (CDF) includes a plurality of devices, each device configured to run at least one of a plurality of content delivery (CD) services. The plurality of CD services form one or more CD service networks, and each CD service network having a dynamic network topology.

Systems and methods for detecting certificate pinning

The disclosed computer-implemented method for detecting certificate pinning may include (i) attempting, by a security network proxy, to break a network connection between a client device and a server device, (ii) detecting, by the security network proxy, whether the network connection between the client device and the server device is certificate pinned based on a result of attempting to break the network connection, and (iii) performing a security action by the security network proxy to protect the client device at least in part based on detecting whether the network connection between the client device and the server device is certificate pinned. Various other methods, systems, and computer-readable media are also disclosed.

Internet infrastructure survey

A system for surveying Internet access quality includes a nameserver, registered to be authoritative for a domain name and configured to receive a DNS query to resolve a pseudo-hostname and to extract from the pseudo-hostname an access quality indicator, and a web portal configured to transmit a data survey code to a web browser, the data survey code being configured to access a resource, to determine the access quality indicator responsively to the resource access, to generate the pseudo-hostname including the access quality indicator and the domain name, and to initiate the DNS query.

Communication apparatus, control method therefor, and computer-readable storage medium

In connection establishment processing in TCP communication, a next transmission destination IP address is decided by referring to a routing table. A next transmission destination MAC address associated with the next transmission destination IP address is decided by referring to the ARP table. The transmission destination IP address and the next transmission destination MAC address are stored as the connection management information in a connection management table. A transmission packet is created using the transmission destination IP address and the next transmission destination MAC address which are managed by the connection management information stored in the connection management table.

Domain name resolution using a distributed DNS network

A distributed DNS network includes a central origin server that actually controls the zone, and edge DNS cache servers configured to cache the DNS content of the origin server. The edge DNS cache servers are published as the authoritative servers for customer domains instead of the origin server. When a request for a DNS record results in a cache miss, the edge DNS cache servers get the information from the origin server and cache it for use in response to future requests. Multiple edge DNS cache servers can be deployed at multiple locations. Since an unlimited number of edge DNS cache servers can be deployed, the system is highly scalable. The disclosed techniques protect against DoS attacks, as DNS requests are not made to the origin server directly.

Systems and methods of providing DNS services using separate answer and referral caches

Systems and methods of determining DNS information, such as an IP address, associated with a domain name. The methods using a cache segregated to store various domain name system (DNS) data in different data structures. The data structures are configured for minimization of data retrieval times. In some embodiments, answer information is stored in a hash table. In these and other embodiments, times required to search for answers are essentially constant as a function of the number of labels comprising the domain name.

System and method for using a mapping between client addresses and addresses of caches to support content delivery

Various information object repository selection procedures for determining which of a number of information object repositories should service a request for the information object include a direct cache selection process, a redirect cache selection process, a remote DNS cache selection process, or a local DNS cache selection process. Different combinations of these procedures may also be used. For example different combination may be used depending on the type of content being requested. The direct cache selection process may be used for information objects that will be immediately loaded without user action, while any of the redirect cache selection process, the remote DNS cache selection process and/or the local DNS cache selection process may be used for information objects that will be loaded only after some user action.

Preventing DNS cache poisoning

The present disclosure provides a method and a device for preventing DNS cache poisoning. According to an example of the method, a preventing equipment may forward a first DNS query request packet sent by a DNS server to a first authoritative DNS server. The preventing equipment may construct a second DNS query request packet including the target domain name and send the second DNS query request packet to a second authoritative DNS server when a first DNS reply packet received for the first DNS query request packet indicates a DNS cache poisoning attack occurs. When a second DNS reply packet received for the second DNS query request packet indicates no DNS cache poisoning attack occurs, the preventing equipment may generate a final DNS reply packet according to the second DNS reply packet and feed back the final DNS reply packet to the DNS server.

INTERNET CONNECTION TERMINAL APPARATUS AND INTERNET CONNECTION STATUS DETERMINING METHOD

In order to provide an Internet connection terminal apparatus which is capable of correctly determining the Internet connection status without the influences of a DNS cache or the like, an Internet printer (100) includes: a communication unit (102) which provides a communication interface with a network; a TCP/IP protocol stack (103) which provides a protocol processing function in TCP/IP communication; an Internet print application (104) which performs communication processing, print data analysis processing and the like required for a URI print function; a status inquiry processing unit (105) which performs processing for responding to an inquiry about the Internet connection status from another apparatus; an Internet connection checking unit (106) which performs processing for determining whether or not it itself is connected to the Internet; a connection status cache (107) which stores the result of the determination made by the Internet connection checking unit (106); and a DNS client ...

ХРАНЕНИЕ И РАЗРЕШЕНИЕ В DNS ФИЛИАЛА

Настоящее изобретение относится к поддержке записей DNS. Техническим результатом является возможность передачи запроса и получения соответствующего ответа на разрешение адресов при отсутствии соединения между филиалом и концентратором предприятия, снижение объема сетевого трафика между филиалом и концентратором предприятия. Сетевая вычислительная система включает в себя локальный сервер службы доменных имен (DNS), подключенный к одному или нескольким локальным клиентам или ресурсам в местном филиале сети предприятия. Локальный сервер DNS оповещает локальные клиенты или ресурсы в местном филиале об аутентичности сервера DNS. Сервер DNS принимает информацию записей для локальных клиентов или ресурсов. Производится попытка пересылки информации записей на сервер DNS концентратора сети предприятия. Информация записей сохраняется в кэше на постоянной основе. Сохранение информации записей в кэше на постоянной основе может осуществляться избирательно или неизбирательно. 4 н. и 17 з.п. ф-лы, 4 ил ...

ANORDNUNG UND VERFAHREN ZUR ENTDECKUNG VON GERÄTEN

Content delivery from home networks

Media streaming system using content addressing

NO DETAILS

ARRANGEMENT AND PROCEDURE FOR THE DISCOVERY OF DEVICES

PROCEDURE AND DEVICE FOR THE COORDINATION OF THE CHANGE-OVER OF THE SERVICE TENDERER BETWEEN A CLIENT AND A SERVER

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

PROCEDURE AND SYSTEM FOR THE SAVING OF BATTERY ENERGY OPERATING IN WIRELESS DEVICES IN RESTAURANTS A WIRELESS NETWORK

System and Method for Managing Page Variations in a Page Delivery Cache

Embodiments disclosed herein provide a high performance content delivery system in which versions of content are cached for servicing web site requests containing the same uniform resource locator (URL). When a page is cached, certain metadata is also stored along with the page. That metadata includes a description of what extra attributes, if any, must be consulted to determine what version of content to serve in response to a request. When a request is fielded, a cache reader consults this metadata at a primary cache address, then extracts the values of attributes, if any are specified, and uses them in conjunction with the URL to search for an appropriate response at a secondary cache address. These attributes may include HTTP request headers, cookies, query string, and session variables. If no entry exists at the secondary address, the request is forwarded to a page generator at the back-end. 1. A method for high performance content delivery , the method comprising:subsequent to finding an entry at a first cache address of a cache responsive to a request from a client device, determining that the request from the client device is subject to variation negotiation, the determining performed by a high performance delivery (HPD)-enabled system embodied on one or more server machines, the HPD-enabled system further performing:extracting at least one variation parameter from the request;computing a second cache address based at least partially on the at least one variation parameter extracted from the request; andaccessing the cache at the second cache address to locate a variation of content residing at the first cache address of the cache for delivery to the client device.2. The method according to claim 1 , wherein the determining comprises examining metadata associated with the content residing at the first cache address of the cache.3. The method according to claim 1 , wherein the at least one variation parameter is extracted from the request as indicated by ...

SYSTEM AND METHOD FOR IDENTIFYING OTT APPLICATIONS AND SERVICES

A computer implemented method for determining the identity of an Over-the Top (OTT) application or service being accessed over the Internet from a HTTP, HTTPS or QUIC connection request received in a network monitoring device. Determine if one or more entries are present in the received connection request have an IP address that matches a known server IP address. A determination is then made as to whether if the received connection request is one of a HTTP, HTTPS or QUIC connection request, and if this cannot be determined than determine if a subject field in the received connection request is available. And determine if a candidate domain name is available from IP cache created from one or more of the above steps if a subject field is not available in the received connection request. Identify and categorize OTT applications associated with the received connection request if it is determined: the connection is either a HTTP, HTTPS or QUIC connection type; a subject field is available; or a candidate domain name is available utilizing a lookup table that is periodically updated with new OTT applications. 1. A computer implemented method for determining the identity of an Over-the Top (OTT) application or service being accessed over the Internet , comprising the steps:receiving a connection request in a network monitoring device;determining if one or more entries are present in the received connection request have an IP address that matches a known server IP address;determining if the received connection request is a HTTP connection request;determining if the received connection request is a HTTPS or QUIC connection request;determining if a subject field in the received connection request is available if no determination is made as to whether if the received connection request is either a HTTP, HTTPS or QUIC connection request;determining if a candidate domain name is available from IP cache created from one or more of the above steps if no determination is made as to ...

Optimizing routing of access to network domains via a wireless communication network

A wireless communication network includes a Domain Name System (DNS) caching server. The DNS caching server receives a request from a client device to access a network site and queries one or more DNS servers for potential Internet Protocol (IP) addresses for accessing the network site. The DNS caching server receives, from the one or more DNS servers, a plurality of IP addresses for accessing the network site and evaluates the plurality of IP addresses. Based at least in part upon the evaluating, the DNS caching server selects an IP address from the plurality of IP addresses and provides the IP address to the client. The DNS caching server may be located some place other than the wireless communication network and perform the same functions for client devices not accessing the wireless communication network.

Determining cache time to live in an object storage system

A method for execution by a computing device of an access layer of an object storage system includes receiving, via a network, a request message from an edge node, wherein the request message indicates a requested access of a data object. An update frequency of the data object is determined in response to receiving the request message, and a cache time to live (TTL) is determined based on the update frequency. Performance of the requested access of the data object is facilitated in response to receiving the request message, and a response message that includes the cache TTL is generated in response to performing the requested access. The response message is transmitted to the edge node via the network

Establishing caches that provide dynamic, authoritative dns responses

Embodiments are directed to establishing caches that provide authoritative domain name system (DNS) answers to DNS requests. In one scenario, a computer system establishes a cache that stores authoritative DNS answers to DNS queries. The cache corresponds to a specified DNS zone that includes authoritative DNS answers for a subset of DNS queries. The cache is configured to store the authoritative DNS answers for at least a specified period of time during which the authoritative DNS answers are updatable. The cache then receives an update indicating that at least one cached DNS answer is out-of-date and the computer system purges the out-of-date DNS answer from the cache, ensuring that the cache continually provides authoritative DNS answers for DNS queries assigned to the specified DNS zone.

HYBRID ACCESS DNS OPTIMIZATION FOR MULTI-SOURCE DOWNLOAD

A method for operating a home gateway that implements hybrid access with a number of interfaces to different access networks includes resolving, by a domain name service (DNS) proxy function of the home gateway, DNS resolution requests received from a client of the home gateway; and returning, by the DNS proxy function, corresponding DNS resolution responses to the client. The DNS proxy function, based on a single DNS resolution request from the client, requests a number of DNS resolutions via different interfaces of the home gateway transparently to the client. 1. A method for operating a home gateway that implements hybrid access with a number of interfaces to different access networks , the method comprising:resolving, by a domain name service (DNS) proxy function of the home gateway, DNS resolution requests received from a client of the home gateway, andreturning, by the DNS proxy function, corresponding DNS resolution responses to the client,wherein the DNS proxy function, based on a single DNS resolution request from the client, requests a number of DNS resolutions via different interfaces of the home gateway transparently to the client.2. The method according to claim 1 , wherein the DNS proxy function claim 1 , upon receiving a DNS resolution request from the client claim 1 , generates a number of new DNS resolution requests using an IP address of an interface as the source IP address for the respective request.3. The method according to claim 1 , wherein the home gateway compares DNS resolution requests it receives from the client to a local cache of requests.4. The method according to claim 3 , wherein the home gateway claim 3 , in case there is no entry for a domain name of a DNS resolution request claim 3 , creates a new entry mapping the respective domain name to a map that contains the interfaces of the home gateway together with associated entries for the resolved IP addresses of the domain names.5. The method according to claim 1 , wherein the home ...

CONTROLLING ACCESS OF CLIENTS TO SERVICE IN CLUSTER ENVIRONMENT

First, second, and third sets of addresses are created. The first set includes addresses registered in a name server; both the second and third sets include addresses not registered in the name server and that are disjoint. A first address of a first server that has failed and to which access is to be prohibited is moved from the first to the third set, is removed from the first server, assigned to a second server, and removed from the name server. Usage parameter values of the first address are monitored to determine whether at least one is below a value. If so, the first address is removed from the second server and moved from the third to the second set. Upon access to the first server no longer being prohibited, a second address of the second set is assigned to the first server and added to the name server. 1. A method performed by an address pool controller , comprising:moving a first address of a first set of addresses registered in a name server from a first server that has failed to a second server;prohibiting access to the first server;moving the first address from the first set of addresses to a second set of addresses not registered in the name server;removing, by the address pool controller, the first address from a name server;evaluating one or more monitored usage parameter values of the first address to determine whether at least one of the monitored usage parameter values is below a minimum usage threshold value; andin response to determining that the at least one of the monitored usage parameter values is below the minimum usage threshold value, moving the first address from the second set of addresses to a third set of addresses not registered in the name server and that is disjoint to the second set of addresses.2. The method of claim 1 , further comprising:determining that access to the first server is no longer prohibited; andin response to determining that access is no longer prohibited, assigning a second address of the second set of addresses ...

METHOD AND APPARATUS FOR DETERMINING VIRTUAL MACHINE MIGRATION

Embodiments of this application provide a method and an apparatus for determining virtual machine VM migration. The method includes: after a VM is migrated, sending a gratuitous ARP packet or a RARP packet to an in-migration VTEP device; obtaining, by the VTEP device, a MAC address of the VM, searching an ARP cache table based on the MAC address, and obtaining an IP address of the VM; and constructing an ARP unicast request packet by using the IP address as a destination IP address, and if the VTEP device receives an ARP response packet sent by the VM for the ARP unicast request packet, determining that the VM is migrated. 1. A method for determining virtual machine (VM) migration , the method comprising:obtaining, by a first virtual extensible local area network tunnel end point (VTEP) device, a Media Access Control (MAC) address of a VM from a first interface, wherein the first interface is connected to an attachment circuit (AC);searching, by the first VTEP device by using the MAC address of the VM as a keyword, an Address Resolution Protocol (ARP) cache table stored in the first VTEP device, and determining that the ARP cache table records that the VM accesses a second VTEP device;obtaining, by the first VTEP device, an Internet Protocol (IP) address of the VM according to the ARP cache table, and generating and sending an ARP unicast request packet by using the IP address as a destination IP address;receiving, by the first VTEP device from the first interface, an ARP response packet sent by the VM for the ARP unicast request packet; andin response to the received ARP response packet, determining, by the first VTEP device, that the VM is migrated.2. The method according to claim 1 , further comprising:generating, by the first VTEP device, a host route of the VM based on the ARP unicast request packet or the ARP response packet, and synchronizing the host route of the VM to another VTEP device.3. The method according to claim 1 , wherein after determining claim 1 ...

System And Method For Suppressing DNS Requests

A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Content requests may be sent to the intermediary server, which may instruct the VPR to bypass the server when bypass is needed. 1. A method comprising:receiving, by a first server, a plurality of content requests, each request of the plurality of requests including a domain name and received from a source; obtaining, by a module on the first server, a selected option for processing the each request from a group of options;', resolving, by the first server, the domain name of the each request to a first routable internet protocol (IP) address;', 'retrieving, by the first server, the content referenced by the each request from a second server corresponding to the first routable IP address; and', 'returning, by the first server to the client device, the content referenced by the each request to a source of the each request; and, 'when the selected option is (a) retrieving content referenced by the each request by the first server, 'returning, by the first server to the source of the each request, a bypass response indicating that the source of the each request should retrieve the content referenced by the each request in bypass of the first server.', 'when the selected option is (b) retrieving the content referenced by the each request in bypass of the first server], 'for each ...

SURROGATE NAME DELIVERY NETWORK

A method for providing access to an Internet resource includes registering a surrogate nameserver to be an authoritative nameserver in a DNS network, receiving at the surrogate nameserver a DNS query, maintaining at the surrogate nameserver a cache that includes a resolution of the DNS query, and executing at the surrogate nameserver a policy code to make a determination of validity of one or more of the DNS query and the cached resolution. 112-. (canceled)13. A method for providing access to an Internet resource comprising:maintaining a first nameserver that is registered to be an authoritative nameserver and that includes a cache of DNS resolutions to DNS queries;accepting at the first nameserver directions pushed by a second nameserver to purge DNS cached resolutions and to blacklist DNS queries;receiving at the first nameserver a DNS query;executing at the first nameserver a policy code to determine how to respond to the DNS query, including checking the blacklist and checking for a valid cached resolution; andresponding to the DNS query based at least in part on results of the checking, by throwing a blacklist error, requesting a DNS resolution from the second nameserver or returning the cached resolution.14. The method of claim 13 , and comprising receiving the policy code at the first nameserver claim 13 , wherein the policy code includes a set of conditions and actions.15. The method of claim 13 , wherein a hostname specified by the DNS query indicates an infrastructure at which the Internet resource is to be accessed claim 13 , wherein the checking comprises determining that the DNS query is invalid claim 13 , and wherein generating the DNS response comprises generating a response that does not allow access to the infrastructure.16. The method of claim 15 , wherein determining that the DNS query is invalid comprises determining that a parameter of the DNS query is on the blacklist.17. The method of claim 13 , wherein the DNS query is received from a web ...

ARITHMETIC PROCESSING DEVICE, ITS ARITHMETIC PROCESSING METHOD, AND STORAGE MEDIUM STORING ARITHMETIC PROCESSING PROGRAM

An arithmetic processing device includes a first storage for storing processing contents in a state where the processing contents are associated with addresses, a second storage for storing each of the addresses of the processing contents stored in the first storage, a holding portion, a reading portion-for successively reading the addresses stored in the second storage and outputting the read addresses to the holding portion, and an execution portion for reading the processing content corresponding to the address output from the holding portion from the first storage and executing the read processing content. When the holding portion holds no address, the holding portion temporarily holds the address read by the reading portion and outputs the held address, whereas when the holding portion holds the address, the holding portion waits for completion of the execution of the processing content by the execution portion and outputs the held address after the completion of the execution. 1. An arithmetic processing device comprising:a first storage for storing a plurality of processing contents in a state where the plurality processing contents are associated with addresses;a second storage for storing each of the addresses of the plurality of processing contents stored in the first storage;a holding portion for temporarily holding the address;a reading portion for successively reading the addresses stored in the second storage and outputting the read addresses to the holding portion; andan execution portion for reading the processing content corresponding to the address output from the holding portion from the first storage and executing the read processing content, whereinwhen the holding portion holds no address, the holding portion temporarily holds the address read by the reading portion and outputs the held address, whereas when the holding portion holds the address, the holding portion waits for completion of the execution of the processing content by the ...

Systems and Methods for Optimized Route Caching

A method for optimized route caching includes comparing a destination address of a network packet to a first set of prefixes in a routing cache, and comparing the destination address to a second set of prefixes in a full routing table when a longest matching prefix for the destination address is not found in the routing cache. The method further includes copying the longest matching prefix and a set of sub-prefixes of the longest matching prefix from the full routing table to the routing cache, and forwarding the network packet. 1. A system , comprising:a memory that stores instructions; comparing, when a longest matching prefix of a destination address of a network packet is not found in a routing cache, the destination address of the network packet to a first set of prefixes in a full routing table;', 'copying, when the longest matching prefix of the destination address is found in the full routing table and not found in the routing cache, the longest matching prefix to the routing cache;', 'merging a plurality of contiguous sub-prefixes of the longest matching prefix into a super-prefix when the plurality of contiguous sub-prefixes have a same output port, wherein the super-prefix is inserted into the routing cache; and', 'forwarding the network packet., 'a processor that executes the instructions to perform operations, the operations comprising2. The system of claim 1 , wherein the operations further comprise comparing the destination address of the network packet to a second set of prefixes in the routing cache.3. The system of claim 1 , wherein the operations further comprise inserting the super-prefix as a single entry into the routing cache.4. The system of claim 1 , wherein the operations further comprise copying claim 1 , to the routing cache claim 1 , a sub-prefix of the longest matching prefix claim 1 , wherein the sub-prefix is a special-purpose prefix that represents a plurality of sub-prefixes having different output ports.5. The system of claim 1 , ...

CLIENT SUBNET EFFICIENCY BY EQUIVALENCE CLASS AGGREGATION

A method for improving client subnet efficiency by equivalence class aggregation includes receiving a Domain Name System (DNS) query from a client, determining, based on predetermined class criteria, that the client is associated with an equivalency class, searching a cache associated with the equivalence class for an answer corresponding to the DNS query, and upon locating the answer, serving the answer to the client. If it is determined that the cache does not include the answer, the method proceeds with querying, by a recursive server, an authoritative server using client subnet data associated with the equivalence class, receiving the answer from the authoritative server, storing the answer to the cache associated with the equivalency class, and serving the answer to the client. The client subnet data may include a representative CIDR block, the representative CIDR block being used to make queries on behalf of all clients associated with the equivalence class. 120.-. (canceled)21. A method operable at a domain name system (DNS) resolver , the method comprising:receiving class criteria from an Internet Service Provider (ISP), the class criteria comprising at least one of the following: Classless Inter-Domain Routing (CIDR) blocks, a geographical area, a network topology, and an organization;receiving a DNS query from a client;determining, based on the class criteria provided by the ISP and data in the DNS query, that the client is associated with an equivalency class amongst a plurality of equivalency classes; andresolving the DNS query based at least in part on the determined equivalency class.22. The method of claim 21 , wherein resolving the DNS query includes:searching a cache associated with the determined equivalence class for an answer corresponding to the DNS query; andupon locating the answer, serving the answer to the client.23. A computer-implemented domain name system (DNS) resolver comprising at least one processor and a memory storing processor- ...

METHOD AND SYSTEM FOR INCREASING SPEED OF DOMAIN NAME SYSTEM RESOLUTION WITHIN A COMPUTING DEVICE

A system for resolving domain name system (DNS) queries, contains a communication device for resolving DNS queries, wherein the communication device further contains a memory and a processor that is configured by the memory, a cache storage for use by the communication device, and a network of authoritative domain name servers, where in a process of the communication device looking up a DNS request within the cache storage, if the communication device views an expired DNS entry within the cache storage, the communication device continues the process of looking up the DNS request in the cache storage while, in parallel, sending out a concurrent DNS request to an authoritative domain name server that the expired DNS entry belongs to. 1. A method for resolving Domain Name System (DNS) queries for use with a network of authoritative domain name servers and a communication device configured to resolve DNS queries , the communication device comprising a cache storage , the method comprising the communication device performing the steps of:receiving a first DNS request;identifying a DNS entry within the cache storage;checking if the DNS entry is an expired DNS entry; andif the DNS entry is an expired DNS entry, sending out a query of second DNS request to an authoritative domain name server that the expired DNS entry belongs to.2. The method according to claim 1 , further comprising the step of in parallel to the sending out the query claim 1 , looking up the first DNS request within the cache storage.3. The method according to claim 1 , further comprising the step of:receiving a final result from the authoritative domain name server in response to the sent query;storing the final result in the cache storage; andusing the final result to resolve the expired DNS entry if the same answer as the expired DNS entry is received as the final result.4. The method according to further comprising the step of:receiving a final result from the authoritative domain name server in ...

User-side detection and containment of arp spoofing attacks

Aspects of the disclosure are related to a method, comprising: detecting an incorrect first address to second address mapping in an Address Resolution Protocol (ARP) cache of one or more of: a user device or a gateway device; and performing one or more containment operations, wherein the containment operations comprise one or more of: transmitting an ARP request message that requests an Internet Protocol (IP) address to Media Access Control (MAC) address mapping for a gateway device onto a subnetwork, transmitting an ARP message that comprises an IP address to MAC address mapping for a user device onto the subnetwork, or alerting a user.

SYSTEM AND METHOD FOR FACILITATING DISTRIBUTION OF LIMITED RESOURCES HAVING AN ADD GRACE PERIOD

A method for distributing a domain name to one of a plurality of registrars, in communication with a drop zone server, the method executing stored instructions by a computer processor to: recognize a delete command of the domain name; determine if the delete command is inside or outside of an Add Grace Period (AGP), the AGP defined as a period of time post registration of the domain name by a registrar; if the delete command is inside of the AGP, then send the domain name to the drop zone server in a path that bypasses a delete queue for subsequent purchase by said one of the plurality of registrars; or if the delete command is outside of the AGP, then send the domain to the delete queue. 1. A server for distributing a domain name to one of a plurality of registrars , the server in communication with a drop zone server , the server having stored instructions for execution by a computer processor to:recognize a delete command of the domain name;determine if the delete command is inside or outside of an Add Grace Period (AGP), the AGP defined as a period of time post registration of the domain name by a registrar;if the delete command is inside of the AGP, then send the domain name to the drop zone server in a path that bypasses a delete queue for subsequent purchase by said one of the plurality of registrars; orif the delete command is outside of the AGP, then send the domain to the delete queue.2. The server of claim 1 , wherein a time stamp ID of the delete command is compared to a create time ID of the domain name in order to implement said determine.3. The server of claim 1 , wherein the AGP has a start point and an end point claim 1 , the end point being before a defined expiry data of the domain name claim 1 , the start point being associated with a create time ID of the domain name.4. The server of further comprising generating a publication to include the domain name as available for an upcoming drop zone session and sending the publication to the plurality ...

MANAGE ENCRYPTED NETWORK TRAFFIC USING DNS RESPONSES

This present disclosure generally relates to managing encrypted network traffic using Domain Name System (DNS) responses. One example method includes requesting an address associated with the a domain name from a resolution server, the domain name included in a predetermined set of domain names for which secure requests are to be identified domain name from a resolution server; receiving a response from the resolution server including one or more addresses associated with the domain name; associating with the domain name a particular address selected from the received one or more addresses; receiving a request to resolve the domain name; sending a response to the request to resolve the domain name, the sent response including the particular address associated with the domain name; receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name; and determining that the secure request is directed to the domain name based on the association between the particular address and the domain name. 1. A computer-implemented method executed by one or more processors , the method comprising:requesting an address associated with a domain name from a resolution server, the domain name included in a predetermined set of domain names for which secure requests are to be identified;receiving a response from the resolution server including one or more addresses associated with the domain name;associating with the domain name a particular address selected from the received one or more addresses;receiving a request to resolve the domain name;sending a response to the request to resolve the domain name, the sent response including the particular address associated with the domain name;receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name; anddetermining that the secure request is directed to the domain name based on the association between the ...

SYSTEM AND METHOD FOR FACILITATING DISTRIBUTION OF LIMITED RESOURCES USING A DROPZONE

A server for distributing a domain name to one of a plurality of registrars using a drop zone session implemented via a communications network, by establishing a set of drop zone windows having a first window and a second window, a defined start time of the second window being subsequent to a defined end time of the first window, the first window having a first set of acquisition parameters and the second window having a second set of acquisition parameters, such that the first set of acquisition parameters are different from the second set of acquisition parameters. Also provided is a shared server for distributing a domain name to one of a plurality of registrars using a drop zone session, the shared server having: a first network endpoint connected to a communications network, the first network endpoint having a first connectivity policy: a second network endpoint connected to the communications network, the second network endpoint having a second connectivity policy, such that the first connectivity policy is different from the second connectivity policy. 1. A server for distributing a domain name to one of a plurality of registrars using a drop zone session implemented via a communications network , the server having stored instructions for execution by a computer processor for:establishing a set of drop zone windows having a first window and a second window, a defined start time of the second window being subsequent to a defined end time of the first window, the first window having a first set of acquisition parameters and the second window having a second set of acquisition parameters, such that the first set of acquisition parameters are different from the second set of acquisition parameters;assigning the domain name to the first window with the associated first set of acquisition parameters;determining the domain name remains unacquired upon reaching the end time of the first window;assigning the domain name to the second window with the associated second ...

FAST ARP CACHE REWRITES IN A CLOUD-BASED VIRTUALIZATION ENVIRONMENT

Disclosed is an improved approach for updating address mappings when migrating a virtual entity in a virtualization environment that is installed onto a bare metal cloud infrastructure. The solution reacts to VM migration events rapidly and converges faster with minimal packet loss, as well as avoiding any interruption to existing connections between the VMs. 1. A non-transitory computer readable medium having stored thereon a sequence of instructions which , when stored in memory and executed by a processor cause the processor to perform acts , comprising:migrating a virtual machine in a virtualization environment that is implemented within a bare metal cloud infrastructure, wherein the virtual machine migrates from a first node to a second node;updating a first ARP cache within the first node, wherein the first ARP cache is updated by requesting a cloud-provisioned MAC address from the bare metal cloud infrastructure and inserting the cloud-provisioned MAC address into the first ARP cache; andupdating a second ARP cache in the second node, wherein the second ARP cache is updated by generating GARP to that inserts a VM-specific MAC address into the second ARP cache.2. The non-transitory computer readable medium of claim 1 , wherein the second ARP cache corresponds to another virtual machine that is located in the second node claim 1 , and the GARP is generated to the another virtual machine on behalf of the virtual machine that was previously migrated.3. The non-transitory computer readable medium of claim 1 , wherein the second ARP cache corresponds to the virtual machine that was migrated claim 1 , and the GARP is generated to the virtual machine on behalf of another virtual machine on the second node.4. The non-transitory computer readable medium of claim 3 , wherein a packet addressed from the virtual machine to the another virtual machine is trapped by a virtual switch or a virtual router.5. The non-transitory computer readable medium of claim 4 , wherein the ...

Dynamic Access-Point Link Aggregation

An access point that provides link aggregation is described. During operation, this access point receives a message that may include a Dynamic Host Configuration Protocol (DHCP) response with an Internet protocol (IP) address of a gateway for an electronic device to access a network and a media access control (MAC) address of the electronic device. Based on the MAC address and/or at least a characteristic of the electronic device (such as a configuration, a capability and/or an operating system of the electronic device), the access point may determine a different IP address of another gateway for the electronic device to access the network. Moreover, the access point may modify the DHCP response by substituting the IP address of the other gateway for the IP address of gateway in a modified DHCP response. Next, the access point provides the modified DHCP response to the electronic device. 120-. (canceled)21. An access point , comprising:an antenna node configured to couple to an antenna; and receiving, at the antenna node, Gratuitous Address Resolution Protocol (ARP) packets associated with the second access point;', 'when the access point subsequently does not receive a Gratuitous APR packet associated with the second access point within a time interval, assuming a second logical address of the second access point, which is in addition to an existing logical address of the access point; and', 'in response to receiving an ARP request associated with an electronic device that comprises the second logical address of the second access point, providing, to the antenna node, an ARP response intended for the electronic device, wherein the ARP response comprises a physical address of the access point, so that subsequent packets or frames associated with the electronic device are directed to the access point instead of the second access point., 'an interface circuit, coupled to the antenna node, configured to wirelessly communicate with a second access point in a subnet, ...

ENHANCED THREAD HANDLING IN SECURITY HANDSHAKINGDOMAIN NAME SYSTEM BYPASS IN USER APPLICATIONS

Disclosed herein are methods, systems, and software for bypassing a domain name system. In one example, a method of operating a user communication device includes receiving a user instruction requesting content within a user application of the user communication device. The method further provides, in response to the user instruction, processing at least a domain name system bypass data structure on the user communication device to identify a network address for retrieving the content. The method further includes, requesting the content from a content node using the network address. 1. A method of operating a user communication device , the method comprising:maintaining a domain name system bypass data structure on the user communication device, wherein the domain name system bypass data structure comprises network addresses for content servers, the content servers configured to store content for a user application on the user communication device, and wherein the network addresses are prioritized based on accessibility factors for the network addresses from the user communication device;receiving a user instruction requesting new content within the user application of the user communication device;in response to the user instruction, processing at least the domain name system bypass data structure on the user communication device to identify a network address in the network addresses for retrieving the new content; andrequesting the new content from a content server using the network address.2. The method of claim 1 , wherein the accessibility factors for the network addresses are tested at least partially at the user communication device.3. The method of claim 1 , wherein the accessibility factors comprise at least latency and availability for each of the network addresses.4. The method of claim 1 , wherein identifying the network address comprises identifying the network address with highest priority of the network addresses.5. The method of claim 1 , wherein ...

COLLECTING PASSIVE DNS TRAFFIC TO GENERATE A VIRTUAL AUTHORITATIVE DNS SERVER

The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised. 1. A method , comprising:capturing domain name system (DNS) data;receiving a trigger notification, the trigger notification indicating a zone associated with an authoritative DNS server is compromised;determining whether a recursive DNS resolver has valid cached information associated with the zone; and causing the recursive DNS resolver to retrieve last known valid information associated with the zone from an observer system, the last known valid information being captured from the DNS data;', 'generating a virtual zone using the last known valid information; and', 'causing the recursive DNS resolver to host the virtual zone., 'when it is determined the recursive DNS resolver does not have valid cached information associated with the zone2. The method of claim 1 , wherein the authoritative DNS server is associated with a first entity and the recursive DNS resolver is associated with a second entity.3. The method of claim 1 , wherein the domain name system data is passively captured by the observer system.4. The method of claim 1 , further comprising deconstructing the virtual zone when the trigger notification is resolved.5. The method of claim 1 , wherein the cached information is an internet protocol (IP) address associated with the authoritative DNS server.6. The method of claim 1 , further comprising causing the virtual zone to provide a last known valid internet protocol (IP) address associated with the authoritative DNS server.7. The method of claim 1 , further comprising causing the virtual zone to provide public key data ...

AUTOMATIC NETWORK FORMATION AND ROLE DETERMINATION IN A CONTENT DELIVERY FRAMEWORK

A computer in a content delivery network (CDN) may take on one or more roles within the CDN. A particular computer takes on a first at least one role within the CDN; and then, in response to a change in configuration information, takes on a second at least one role within the CDN, the second at least one role being distinct from the first at least one role. 1. A method , operable within a content delivery network (CDN) , said CDN comprising at least one computer , wherein a computer takes on one or more roles within the CDN , the method comprising , by a particular computer:(A) taking on a first at least one role within the CDN, wherein a role within the CDN corresponds to at least one type of content delivery (CD) service, and wherein said first at least one role corresponds to a first at least one type of CD service; and then,(B) in response to a change in configuration information for the particular computer, in addition to said first at least one role within the CDN, taking on a second at least one role within the CDN, said second at least one role is being distinct from said first at least one role, wherein said second at least one role corresponds to a second at least one type of CD service,wherein the one or more roles of the particular computer are changed based on feedback from the CDN, and wherein the feedback is based on state information from CD services running on at least two devices in said CDN, andwherein the change in configuration information for the particular computer was determined by one or more control services based on said state information.2. The method of claim 1 , wherein the first at least one type of CD service is distinct from the second at least one type of CD service.3. The method of claim 1 , wherein the state information from CD services running on at least two devices comprises: load information and/or health information of said CD services.4. The method of claim 1 , wherein the at least two devices in the CDN are distinct from ...

METHOD AND SYSTEM FOR INCREASING SPEED OF DOMAIN NAME SYSTEM RESOLUTION WITHIN A COMPUTING DEVICE

A system for resolving domain name system (DNS) queries, contains a communication device for resolving DNS queries, wherein the communication device further contains a memory and a processor that is configured by the memory, a cache storage for use by the communication device, and a network of authoritative domain name servers, where in a process of the communication device looking up a DNS request within the cache storage, if the communication device views an expired DNS entry within the cache storage, the communication device continues the process of looking up the DNS request in the cache storage while, in parallel, sending out a concurrent DNS request to an authoritative domain name server that the expired DNS entry belongs to. 1. A method by a client device for resolving Domain Name System (DNS) queries , for use with first and second servers operative to provide address over the Internet in response to DNS queries , the method comprising:executing an operating system;executing a software application that uses the operating system;receiving or intercepting by the operating system from the software application a DNS query;sending the DNS query to the first server over the Internet and in parallel sending the DNS query to the second server over the Internet;receiving an Internet Protocol (IP) address resulting from a DNS resolution over the Internet from at least one of the first and second servers; andproviding, by the operating system, the first received IP address to the software application; andusing the first received IP address by the software application.2. The method according to claim 1 , wherein the first or second server is a DNS recursor server.3. The method according to claim 2 , wherein each of the first and second servers is an authoritative domain name server.4. The method according to claim 2 , wherein the client device comprises first and second network interfaces claim 2 , and wherein the communication with the first server is via the first ...

METHOD AND SYSTEM FOR INCREASING SPEED OF DOMAIN NAME SYSTEM RESOLUTION WITHIN A COMPUTING DEVICE

A system for resolving domain name system (DNS) queries, contains a communication device for resolving DNS queries, wherein the communication device further contains a memory and a processor that is configured by the memory, a cache storage for use by the communication device, and a network of authoritative domain name servers, where in a process of the communication device looking up a DNS request within the cache storage, if the communication device views an expired DNS entry within the cache storage, the communication device continues the process of looking up the DNS request in the cache storage while, in parallel, sending out a concurrent DNS request to an authoritative domain name server that the expired DNS entry belongs to. 1. A method by a client device for use with a memory storing content items where each of the content items is associated with a memory stored content query and a memory stored expiration time , and for use with a server operative to provide content items over the Internet in response to received queries , the method comprising:executing an operating system;executing a software application that uses the operating system;receiving or intercepting by the operating system from the software application a query for a content item;checking if a content item that corresponds to the query is found in the memory and has not expired using the associated expiration time; 'fetching the found content item from the memory, and providing, by the operating system, the fetched content to the software application and using the fetched content item by the software application; and', 'in response to the found content item being found and being valid sending the query to the server over the Internet and receiving the corresponding content item and the associated expiration time over the Internet from the server;', 'providing, by the operating system, the received content item to the software application and using the received content item by the software ...

SECURE DYNAMIC ADDRESS RESOLUTION AND COMMUNICATION SYSTEM, METHOD, AND DEVICE

The present invention is directed to a method for providing secure dynamic address resolution and communication directly between two nodes, without communication to third party DNS and/or MX server(s). A first a second node are initially paired, which may include the identification of an authentication scheme and creating a DNS record with the current address of the other node, the address of the other node may be dynamically updated. Further secure transmission of messages may be implemented, which include first resolving based on the DNS record a current address of the other node, authentication the destination node, and transmitting a message upon successful authentication. Dynamic message encryption and the provision of a DNS cache may further be implemented. 1. A method for providing secure dynamic address resolution and communication directly between two nodes comprising: identifying an authentication scheme for the first and second node pair,', 'creating a DNS record on the first node including a current address associated with the second node,', 'creating a DNS record on the second node including a current address associated with the first node,, '(a) pairing a plurality of nodes including at least a first node with a second node, comprising receiving a new address associated with the second node, upon a change of address of the second node,', 'storing the new address as the current address associated with the second node on the first node,', 'storing the previous address associated with the second node within a DNS cache on the first node., '(b) updating, dynamically, the DNS record associated with the second node on the first node, comprising resolving, based on the DNS record stored on the first node, the current address associated with the second node,', 'authenticating the first node with the current address associated with the second node,', 'if the authentication fails, resolving, based on a DNS cache stored on the first node, a previous address ...

DNS NETWORK SYSTEM, DOMAIN-NAME PARSING METHOD AND SYSTEM

The present disclosure provides a DNS network system, and a domain-name parsing method and system. A local DNS server receives a domain-name parsing request from a client terminal a network operator in the same network and sends the domain-name parsing request to a root server; based on an NS record of an upper-level authoritative DNS server returned by the root server, sends the domain-name parsing request to the upper-level authoritative DNS server; based on an NS record of an external authorized server returned by the upper-level authoritative DNS server, sends the domain-name parsing request to the external authorized server; based on an A-record of a lower-level authoritative DNS server returned by the external authorized server, sends the domain-name parsing request to the lower-level authoritative DNS server and receives a domain-name parsing result sent by the lower-level authoritative DNS server. 1. A domain name system (DNS) network system , comprising:a local DNS server of at least one network operator, configured to receive a domain-name parsing request from a client terminal of the at least one network operator, and sending the domain-name parsing request from a root server to a lower-level authoritative DNS server level by level for performing a recursive query;a lower-level authoritative DNS server, configured to parse the domain-name parsing request to provide a domain-name parsing result to the local DNS server when receiving the domain-name parsing request sent by the local DNS server;an external authorized server storing at least one IP address and geographical location information of the at least one network operator having a one-to-one correspondence relationship with the at least one IP address; andan upper-level authoritative DNS server storing NS records of at least one type of external authorized servers, configured to, when receiving the domain-name parsing request from the local DNS server, provide a corresponding NS record to the local ...

CONTENT NODE NETWORK ADDRESS SELECTION FOR CONTENT DELIVERY

Systems, methods, apparatuses, and software that select network addresses of a content node of a content delivery network are provided herein. In one example, a method of operating a control node to perform network address selection that selects between different communication service providers according to network characteristics is presented. The control node receives a domain name lookup request from an end user device to reach a content node. The control node processes network characteristics and the domain name lookup request to select a network address that corresponds to one of the communication service providers. The end user device can use the selected network address to reach the content node over the selected communication service provider. 1. A method of operating a control node to select a network address for an end user device to reach a content node of a content delivery network , the method comprising:receiving a lookup request from the end user device for content cached by the content node;identifying network characteristics for ones of the end user device and a plurality of communication service providers that handle traffic for the content node;processing the network characteristics and the lookup request to select a network address for the end user device to reach the content node, the network address corresponding to one of the plurality of communication service providers; andtransferring the network address for receipt by the end user device.2. The method of claim 1 , wherein identifying the network characteristics for the plurality of communication service providers comprises receiving performance data of network communications between the content node and a second end user device routed through at least one of the plurality of communication service providers.3. The method of claim 2 , wherein receiving the performance data of the network communications comprises receiving the performance data transferred by at least one of the content node ...

A NODE AND METHOD FOR HANDLING INFORMATION CENTRIC NETWORKING BASED COMMUNICATIONS

A base station and wireless device, as well as corresponding methods, for Information Centric Networking (ICN) based communications with radio bearers, to provide a means for using ICN bearers in parallel with standard Packet Data Network (PDN) bearers. 1. A method , in a base station , for Information Centric Networking based communications with radio bearers , the method comprising:receiving, from a wireless device, a request for content on an ICN dedicated radio bearer;determining if the content in the request is in a cache associated to or in the base station; andwhen the content is cached, sending, to the wireless device, the content;when the content is not cached, sending, to an ICN based network, the request on an interface dedicated for ICN communications.2. The method of claim 1 , further comprising:receiving an indication that the wireless device is compatible for ICN based communications; andcreating the ICN dedicated bearer.3. The method of claim 1 , further comprising registering claim 1 , within the base station claim 1 , the request for content with respect to the wireless device.4. The method of claim 1 , wherein the content is multimedia data.5. The method of claim 1 , wherein the wireless device is a machine-to-machine claim 1 , (M2M) device and the content is M2M related data.6. The method of claim 1 , wherein the interface dedicated for ICN communications is further dedicated for communications to and from the wireless device.7. The method of claim 1 , further comprising:receiving, from the ICN based network, a content response; andtransmitting, to the wireless device, the content response on the ICN dedicated radio bearer.8. The method of claim 1 , further comprising:determining a frequency in which the content has been requested; andwhen the frequency is above a predetermined threshold, caching the content within the base station.9. A base station for Information Centric Networking claim 1 , (ICN) based communications with radio bearers claim 1 ...

HIGHLY-AVAILABLE DISTRIBUTED NETWORK ADDRESS TRANSLATION (NAT) ARCHITECTURE WITH FAILOVER SOLUTIONS

This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information. 1. A system comprising:one or more processors; and receive, from a mapping server, a flow table including a cache of network address translation (NAT) mapping, the flow table includes rules to direct IP traffic;', 'receive, from a host device, an internet protocol (IP) packet;', 'determine that a mapping information for the IP packet is not included in the cache of NAT mapping;', 'send, to the mapping server, a state request to determine the mapping information for the IP packet; and', 'receive, from the mapping server, a state reply including the mapping information for the IP packet., 'one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to2. The system of claim 1 , wherein sending the state request includes caching the IP packet.3. The system of claim 2 , wherein sending the state request includes sending meta-data associated with ...

Method and system for increasing speed of domain name system resolution within a computing device

A system for resolving domain name system (DNS) queries, contains a communication device for resolving DNS queries, wherein the communication device further contains a memory and a processor that is configured by the memory, a cache storage for use by the communication device, and a network of authoritative domain name servers, where in a process of the communication device looking up a DNS request within the cache storage, if the communication device views an expired DNS entry within the cache storage, the communication device continues the process of looking up the DNS request in the cache storage while, in parallel, sending out a concurrent DNS request to an authoritative domain name server that the expired DNS entry belongs to.

SECURE RECOVERY FROM A REPLAY PROTECTION LIST CONDITION

Methods, systems, and devices for secure recovery from full replay protection lists are described. The method includes receiving, at a second device from a first device in a wireless mesh network, a first message indicating that a replay protection list (RPL) of the first device has reached a defined capacity, determining whether the first device is configured with a fixed RPL or a dynamic RPL based on the first message or a provisioning message received before the first message, sending, from the second device, a second message indicating at least one of an increase of a capacity of the RPL or a set of source addresses to be included in or removed from the RPL based on determining whether the first device is configured with the fixed RPL or dynamic RPL, and receiving, from the first device, an indication that the RPL has been updated based on the second message. 1. A method for secure recovery from full replay protection lists , comprising:receiving, from a first device in a wireless mesh network at a second device in the wireless mesh network, a first message indicating that a replay protection list (RPL) of the first device has reached a defined capacity;determining whether the first device is configured with a fixed RPL or a dynamic RPL based at least in part on the first message or a provisioning message received before the first message;sending, from the second device, a second message indicating at least one of an increase of a capacity of the RPL or a set of source addresses to be included in or removed from the RPL based at least in part on determining whether the first device is configured with the fixed RPL or the dynamic RPL; andreceiving, from the first device, an indication that the RPL has been updated based at least in part on the second message.2. The method of claim 1 , further comprising:configuring the second message to indicate the set of source addresses to be included in a whitelist of the RPL based at least in part on determining the first ...

RESENDING A HYPERTEXT TRANSFER PROTOCOL REQUEST

Technologies related to resending hypertext transfer protocol (HTTP) requests are disclosed. One or more operations performed on a first web page is monitored. One or more HTTP requests that include the monitored one or more operations are sent to a server. Information associated with the one or more HTTP requests are recorded. Upon determining that an HTTP request of the one or more HTTP requests has failed to be sent, the HTTP request is recorded to a list of HTTP requests that failed to be sent. The HTTP request recorded to the list is deleted after receiving a normal response message from the server, and whether the list of HTTP requests that failed to be sent is empty is determined when redirecting from the first web page to a second web page. 1. A computer-implemented method , comprising:monitoring one or more operations performed on a first web page;sending one or more hypertext transfer protocol (HTTP) requests that include the monitored one or more operations to a server;recording information associated with the one or more HTTP requests;upon determining that an HTTP request of the one or more HTTP requests has failed to be sent, recording the HTTP request to a list of HTTP requests that failed to be sent;deleting the HTTP request recorded to the list after receiving a normal response message from the server; anddetermining whether the list of HTTP requests that failed to be sent is empty when redirecting from the first web page to a second web page.2. The computer-implemented method of claim 1 , wherein that the HTTP request failed to be sent is determined based on no response received from the server.3. The computer-implemented method of claim 1 , wherein that the HTTP request failed to be sent is determined based on an abnormal response received from the server.4. The computer-implemented method of claim 1 , wherein the list of HTTP requests that failed to be sent is saved in a cache pool.5. The computer-implemented method of claim 1 , wherein recording ...

DNS-Based Determining Whether a Device is Inside a Network

In a computing device a domain name system (DNS) query is generated and sent, and a check is made as to whether a verified DNS response to the DNS query is received. The computing device is determined to be inside a particular network if a verified DNS response is received, and is determined to be outside that particular network if a verified DNS response is not received. A DNS response can be determined to be verified if both the DNS response has an expected value and the DNS response is digitally signed by a trusted authority, and otherwise can be determined to be not verified.

DOMAIN NAME SYSTEM BYPASS IN USER APPLICATIONS

Disclosed herein are methods, systems, and software for bypassing a domain name system. In one example, a method of operating a user communication device includes receiving a user instruction requesting content within a user application of the user communication device. The method further provides, in response to the user instruction, processing at least a domain name system bypass data structure on the user communication device to identify a network address for retrieving the content. The method further includes, requesting the content from a content node using the network address. 1. A method of operating a user communication device , the method comprising:receiving a user instruction requesting content within a user application of the user communication device;in response to the user instruction, processing at least a domain name system bypass data structure on the user communication device to identify a network address for retrieving the content; andrequesting the content from a content node using the network address.2. The method of claim 1 , wherein the domain name system bypass data structure comprises one or more network addresses corresponding to at least one content node.3. The method of claim 2 , wherein the domain name system bypass data structure is prioritized based on at least latency and availability of the at least one content node.4. The method of claim 3 , wherein identifying the network address comprises identifying the network address with highest priority.5. The method of claim 1 , further comprising:receiving domain name system bypass information from a domain name system bypass system comprising network addresses of one or more content nodes;storing the domain name system bypass information into the domain name system bypass data structure; andprioritizing the domain name system bypass data structure based on at least a testing of latency and availability of the network addresses of the one or more content nodes.6. A system for domain name ...

DOMAIN-NAME-BASED NETWORK-CONNECTION ATTESTATION

A domain-name-based network-connection attestation system provides for more user friendly and less error prone (compared to IP-address-based attestation systems) updating of a whitelist used to determine whether or not to allow a requested network connection. A guest agent extracts from a DNS reply a domain name, and an IP address mapped to a domain name. The agent enters these values in an agent DNS cache. When a process requests a connection to an IP address, the agent uses the IP address to determine the domain name from the agent DNS cache. The agent then determines whether the IP address is mapped to the process identity in a domain-name-based whitelist. If it is, the connection is attested to and allowed; if it is not, a secondary IP address whitelist can be checked. 1. A network-connection attestation process comprising:extracting, by an agent, domain-name service (DNS) data from a DNS reply to a DNS query, the DNS data mapping an IP address to a domain name;mapping the domain name to the IP address in a DNS entry of an agent DNS cache;capturing process data of a process instance of an application process making a network-connection request that specifies the IP address, the process data including a process identity for the application process;determining the domain name mapped to the IP address in the agent DNS cache; andattesting to and allowing the connection in an event the domain name is mapped to the process identity in a domain-name whitelist.2. The network-connection attestation process of wherein the agent DNS cache contains a superset of the information contained in an OS DNS cache maintained by an operating system (OS) on which the application process runs.3. The network-connection attestation process of further comprising mapping a process-instance identifier (PIID) for the process instance with the domain name and IP address in the DNS entry claim 2 , the process data including the PIID claim 2 , the DNS data further specifying a time-to-live ( ...

METHOD, DEVICE AND SYSTEM FOR PROCESSING DNS CACHE INFORMATION

Provided are a DNS cache information processing method, device and system. The method comprises: upon reception of a client request, resolving and obtaining domain name information requested by the client; querying in a database a data structure corresponding to the domain name information; when finding the data structure, acquiring read lock information corresponding to the data structure, the read lock information being permission information allowing performing a read operation of the cache information stored in the data structure; reading the cache information in the data structure by using the permission of the read lock information, and transmitting the read cache information to a sender requested by the client. The embodiment of the present invention can improve caching speed and cache information throughput, improving the flexibility of cache information, and enhancing the quality of stored information. 1. A method for processing DNS cache information , comprising:resolving and obtaining domain name information of a client request when receiving the client request;querying a data structure corresponding to the domain name information in a database;acquiring read lock information corresponding to the data structure when querying the data structure out, wherein the read lock information is permission information allowing performing a read operation on cache information stored in the data structure;reading the cache information in the data structure by using a permission of the read lock information, and transmitting the read cache information to a sender of the client request.2. The method according to claim 1 , wherein the querying in a database a data structure corresponding to the domain name information comprises:performing a hash value operation on the domain name information to obtain a hash value of the domain name information; andquerying in a hash table a data structure corresponding to the domain name information according to the hash value of the ...

Reliable Address Discovery Cache

Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.

Systems and Methods for Optimized Route Caching

A method for optimized route caching includes comparing a destination address of a network packet to a first set of prefixes in a routing cache, and comparing the destination address to a second set of prefixes in a full routing table when a longest matching prefix for the destination address is not found in the routing cache. The method further includes copying the longest matching prefix and a set of sub-prefixes of the longest matching prefix from the full routing table to the routing cache, and forwarding the network packet. 1. A system , comprising:a memory that stores instructions; merging a plurality of contiguous sub-prefixes of a longest matching prefix of a network packet into a super-prefix when the plurality of contiguous sub-prefixes have a same output port; and', 'forwarding the network packet., 'a processor that executes the instructions to perform operations, the operations comprising2. The system of claim 1 , wherein the operations further comprise inserting the super-prefix into a routing cache.3. The system of claim 1 , wherein the operations further comprise copying claim 1 , when the longest matching prefix is found in a full routing table and not found in a routing cache claim 1 , the longest matching prefix to the routing cache.4. The system of claim 1 , wherein the operations further comprise receiving the network packet.5. The system of claim 1 , wherein the operations further comprise forwarding the network packet to an intermediary when the longest matching prefix is not found in a routing cache.6. The system of claim 1 , wherein the operations further comprise comparing a destination address of the network packet to a set of prefixes in a full routing table.7. The system of claim 1 , wherein the operations further comprise updating a routing cache when the longest matching prefix is found in the routing cache.8. The system of claim 1 , wherein the operations further comprise evicting claim 1 , when a routing cache is full claim 1 , a ...

NDN AND IP FUSION NETWORK CONTENT CONTROL METHOD AND APPARATUS, AND STORAGE MEDIUM

An NDN and IP fusion network content control method and apparatus. The method comprises: obtaining a request packet issued by a client in a TCP/IP network; performing application layer protocol deep packet analysis on the request packet; upon determining that the request packet is a request packet which satisfies a first type target site, determining a replacement content name according to a pre-established name mapping table; according to the replacement content name and request content of the request packet in the TCP/IP network, generating an interest packet in an NDN protocol format, and forwarding to an NDN network; obtaining a data packet in the NDN protocol format returned after the interest packet in the NDN protocol format was forwarded to the NDN network; converting the data packet in the NDN protocol format into a data packet in an IP protocol format, and returning to the client in the TCP/IP network. The present invention implements content granularity level content control, and modifies or replaces content for return to a user, something which cannot be achieved in traditional TCP/IP networks. 1. A method for content management and control of a hybrid network of NDN and IP , comprising:capturing a request packet sent by a client in TCP/IP network;performing deep packet inspection of application layer on the request packet to determine whether the request packet is conformed to a first-type target website;determining the name of replacement content according to a pre-established naming mapping table when it is determined that the request packet is conformed to the first-type target website, wherein the replacement content is used for replacing requested content of the request packet in TCP/IP network;generating an Interest packet in NDN protocol format according to the name of replacement content and the request content of the request packet in TCP/IP network, and forwarding it to an NDN network;acquiring a Data packet in NDN protocol format returned ...

COLLECTING DOMAIN NAME SYSTEM TRAFFIC

Examples relate to collecting domain name system traffic. In one example, a computing device may: receive, from a first intermediary network device, a DNS query packet that was sent by a client computing device operating on a private network, the DNS query packet specifying i) a query domain name, and ii) a source address that specifies the client computing device; store, in a data storage device, a query record specifying the query domain name and the source address specified by the DNS query packet; receive, from a second intermediary network device, a DNS response packet; determine that the DNS response packet specifies a response domain name that matches the query domain name; in response to the determination, extract, from the DNS response packet, a resolved address that corresponds to the response domain name; and store, in the query record, the resolved address specified by the DNS response packet. 1. A non-transitory machine-readable storage medium encoded with instructions executable by a hardware processor of a computing device for collecting domain name system (DNS) traffic , the machine-readable storage medium comprising instructions to cause the hardware processor to:receive, from a first intermediary network device, a DNS query packet that was sent by a client computing device operating on a private network, the DNS query packet specifying i) a query domain name, and ii) a source address that specifies the client computing device;store, in a data storage device, a query record specifying the query domain name and the source address specified by the DNS query packet;receive, from a second intermediary network device, a DNS response packet;determine that the DNS response packet specifies a response domain name that matches the query domain name;in response to the determination, extract, from the DNS response packet, a resolved address that corresponds to the response domain name; andstore, in the query record, the resolved address specified by the DNS ...

Method for controlling a network

A method for controlling a network. The network includes a plurality of forwarding elements (FE) connected with each other, one or more end hosts (EH) connected to one or more of the FE, and a controller for controlling the FE. The method includes installing packet processing rules for end-host control protocols (ECP) on the FE. When an ECP Request (ECPRQ) is received by an FE and the ECPRQ was not processed by the controller, the ECPRQ is provided to the controller and an ECP response is computed by the receiving FE based on extracted information from the ECPRQ mapped onto forwarding information based on mapping information if provided, otherwise if the ECPRQ was processed by the controller, the ECPRQ is forwarded according to forwarding information of the ECPRQ. When an ECP response (ECPR) is received by an FE, the ECPR is forwarded according to forwarding information.

RESENDING A HYPERTEXT TRANSFER PROTOCOL REQUEST

Technologies related to resending hypertext transfer protocol (HTTP) requests are disclosed. One or more operations performed on a first web page is monitored. One or more HTTP requests that include the monitored one or more operations are sent to a server. Information associated with the one or more HTTP requests are recorded. Upon determining that an HTTP request of the one or more HTTP requests has failed to be sent, the HTTP request is recorded to a list of HTTP requests that failed to be sent. The HTTP request recorded to the list is deleted after receiving a normal response message from the server, and whether the list of HTTP requests that failed to be sent is empty is determined when redirecting from the first web page to a second web page. 120.-. (canceled)21. A computer-implemented method , comprising:determining that an HTTP request has failed to be sent to a server;upon determining that the HTTP request has failed to be sent to the server, recording the HTTP request to a list of HTTP requests that failed to be sent to the server;receiving, from the server, a normal response message;upon receiving the normal response message, deleting the HTTP request recorded to the list of HTTP requests; anddetermining whether the list of HTTP requests is empty when redirecting from a first web page to a second web page.22. The computer-implemented method of claim 21 , wherein determining that the HTTP request has failed to be sent to the server is based on not receiving a response from the server.23. The computer-implemented method of claim 21 , wherein determining that the HTTP request has failed to be sent to the server is based on an abnormal response received from the server.24. The computer-implemented method of claim 21 , wherein the list of HTTP requests that failed to be sent is saved in a cache pool.25. The computer-implemented method of claim 21 , further comprising:monitoring, as monitored operations, one or more operations performed on a first web page; ...

Robust Domain Name Resolution

A recursive DNS nameserver system and related domain name resolution techniques are disclosed. The DNS nameservers utilize a local cache having previously retrieved domain name resolution to avoid recursive resolution processes and the attendant DNS requests. If a matching record is found with a valid (not expired) TTL field, the nameserver returns the cached domain name information to the client. If the TTL for the record in the cache has expired and the nameserver is unable to resolve the domain name information using DNS requests to authoritative servers, the recursive DNS nameserver returns to the cache and accesses the resource record having an expired TTL. The nameserver generates a DNS response to the client device that includes the domain name information from the cached resource record. In various embodiments, subscriber information is utilized to resolve the requested domain name information in accordance with user-defined preferences. 1. A computer-implemented method of processing domain name system requests , comprising:storing at a recursive nameserver domain name records for a plurality of domain names including a first domain name;issuing a domain name system (DNS) request for the first domain name to one or more authoritative nameservers associated with the first domain name after said storing;in response to a failure associated with the DNS request for the first domain name, identifying a subset of the plurality of domain names that are associated with the one or more authoritative nameservers, the subset including the first domain name and at least one additional domain name of the plurality of domain names; andmodifying the domain name records at the recursive nameserver for the subset of domain names in response to the failure associated with the DNS request for the first domain name.2. The computer-implemented method of claim 1 , wherein the subset of domain names includes a second domain name claim 1 , the method further comprising:issuing a ...

SELECTIVELY EXTENDING LIFE OF PREFETCHED CONTENT FOR DOMAIN NAME SYSTEM CONTENT DELIVERY

A method for selectively extending a life of prefetched content for DNS content delivery is disclosed. The method includes providing a cache to keep at least one DNS entry. The DNS entry includes a domain name and a DNS answer associated with the domain name. The DNS entry is assigned a lifetime. The method includes determining that a DNS query is received, wherein the DNS query includes a further domain name matching the domain name of the DNS entry. The method further includes determining that the lifetime of the DNS entry is to expire within a pre-determined interval. In response to the determination, the method allows sending the DNS query to an authoritative DNS to obtain a further DNS answer associated with the domain name. If the further DNS answer is not received, the method generates a copy of the DNS entry with a shorter lifetime. 1. A computer-implemented method for domain name system (DNS) content delivery , the method comprising:providing a cache to keep at least one DNS entry, the at least one DNS entry including a domain name and a DNS answer associated with the domain name, the at least one DNS entry being assigned a first lifetime; a DNS query is received, the DNS query including at least a further domain name, the further domain name matching the domain name of the at least one DNS entry; and', 'the first lifetime of the at least one DNS entry is scheduled to expire within a pre-determined interval; and, 'determining that sending the DNS query to an authoritative DNS to obtain at least a further DNS answer associated with the domain name;', 'determining that the further DNS answer is not received; and', generating a further DNS entry, the further DNS entry being a copy of the at least one DNS entry; and', 'assigning a second lifetime to the further DNS entry, the second lifetime being shorter than the first lifetime., 'in response to the further DNS answer not being received], 'in response to the determination2. The computer-implemented method of ...

Router Node, Network and Method to Allow Service Discovery in a Network

A router node for a network is described. The router node comprises: a transceiver; an interface operably coupled to the transceiver; and a signal processor operably coupled to the transceiver and configured to support a consensus protocol. The signal processor is operably coupled to a cache and configured to receive and distribute resource records to other nodes in the network via the interface and store the resource records in the cache. 2. The router node of wherein the resource records stored in the cache comprise router node multicast Domain Name System claim 1 , mDNS claim 1 , information.3. The router node of claim 2 , wherein the signal processor is configured to support a use of DNS service discovery claim 2 , DNS-SD claim 2 , to determine an internet protocol claim 2 , IP claim 2 , address of devices and other router nodes located in the network.4. The router node of wherein the resource records include a Type-Length-Value claim 1 , TLV claim 1 , describing mDNS claim 1 , cache information of other nodes in the network.5. The router node of wherein the consensus protocol is a Distributed Node Consensus Protocol claim 1 , DNCP.6. The router node of claim 5 , wherein a Home Network Control Protocol claim 5 , HNCP profile is used as an extension to the DNCP.7. The router node of wherein the signal processor and transceiver are configured to publish a resource record whenever the cache is updated.8. The router node of wherein the cache is updated following a receipt of an Announcement message of a new service within the network.9. The router node of wherein the transceiver receives an mDNS query and the signal processor determines whether the mDNS queried service is contained in the cache claim 2 , and if the queried service is contained in the cache claim 2 , the signal processor sends a response to the query.10. The router node of wherein the signal processor is further configured to determine whether the DNS records for the queried service have been learned ...

CONFIGURING DNS CLIENTS

Techniques are provided for increasing the efficiency and efficacy of DNS clients. In one technique, DNS clients log information about performance of one or more DNS servers that the DNS clients use to resolve DNS resolution requests. The DNS clients send, to a control server, performance data regarding the DNS resolution requests and/or subsequent connections to servers associated with resolved domain names. Based on the performance data, the control server sends, to one or more DNS clients, configuration data that adjusts the configuration of the DNS clients. For example, if a particular DNS server is taking a considerable amount of time to resolve DNS resolution requests from one or more DNS clients, then the control server may send, to a plurality of DNS clients, configuration data that indicates a different set of one or more DNS servers for the plurality of DNS clients to contact for subsequent DNS resolution requests. 1. A method comprising:receiving from a DNS client, at a control server, first performance data of a first DNS server to which the first DNS client sends DNS resolution requests, wherein the control server is different from the first DNS server and the first DNS client;performing an analysis of the first performance data;based at least in part on the analysis of the first performance data, sending first configuration instructions from the control server to a second DNS client.2. The method of claim 1 , wherein the configuration instructions include configuration data indicating one or more of:a fallback time indicating when the second DNS client is to use a first fallback DNS server;a time to live (TTL) with respect to the second DNS client, or with respect to a group of one or more DNS servers that includes the second DNS client, ora rank order indicating an order in which the second DNS client is to query a first set of DNS servers.3. The method of claim 1 , further comprising:receiving, at the control server from a third DNS client that is ...

Methods, Systems, and Products for Monitoring Domain Name Servers

Methods, systems, and products infer performance of a domain name system. Queries to, and responses from, the domain name system are logged and categorized. Each category is associated with a different performance issue related to the domain name system. The number of entries in each category may be used to infer the performance of the domain name system 1. A method , comprising:capturing, by a server, queries requesting a domain name resolution of a corresponding domain name;capturing, by the server, responses to the queries generated after performing the domain name resolution;categorizing, by the server, all the responses in a single category in which the corresponding domain name successfully resolves to a corresponding Internet Protocol address; anduniquely categorizing, by the server, the queries in which the corresponding domain name fails the domain name resolution.2. The method of claim 1 , further comprising determining a response time associated with each one of the responses.3. The method of claim 2 , further comprising determining that the corresponding domain name is locally stored based on the response time associated with a corresponding response.4. The method of claim 2 , further comprising determining the response time exceeds a threshold time.5. The method of claim 4 , further comprising inferring the domain name is not locally stored in response to the response time exceeding the threshold time.6. The method of claim 1 , further comprising querying a domain tree for the domain name resolution of the corresponding domain name.7. The method of claim 6 , further comprising retrieving an address associated with the corresponding domain name.8. A system claim 6 , comprising:a processor; anda memory device, the memory device storing code, the code when executed causing the processor to perform operations, the operations comprising:capturing queries requesting a domain name resolution of a corresponding domain name;capturing responses to the queries ...

FAN NETWORK MANAGEMENT

A method performed by a physical computing system includes, with a first virtual entity manager of a first host machine, detecting an Address Resolution Protocol (ARP) request from a first virtual entity supported by the first virtual entity manager to a second virtual entity having a first logical address within a fan network. The method further includes, with the first virtual entity manager, translating the first logical address to a second logical address and transmitting the ARP request to a second host machine using a physical address resolved from the second logical address, the second host machine supporting the second virtual entity. The method further includes receiving a response to the ARP request, the response including a virtualized physical address of the second virtual entity. The method further includes with the first virtual entity manager, forwarding a data packet from the first virtual entity to the virtualized physical address. 1. A method comprising:with a host machine, receiving a unicast Address Resolution Protocol (ARP) request from a source virtual entity supported by a source virtual entity manager, the ARP request having a destination logical address corresponding to a destination virtual entity supported by the host machine; andwith the host machine, forwarding a response to the ARP request to the source virtual entity, the response including a virtualized physical address of the destination virtual entity.2. The method of claim 1 , wherein the source virtual entity comprises a virtual machine.3. The method of claim 1 , wherein the source virtual entity comprises a container.4. The method of claim 1 , wherein the destination virtual entity comprises a virtual machine.5. The method of claim 1 , wherein the destination virtual entity comprises a container.6. The method of claim 1 , wherein the destination logical address is an IP address.7. The method of claim 1 , wherein the virtualized physical address is a MAC address.8. The method of ...

SECURE DYNAMIC ADDRESS RESOLUTION AND COMMUNICATION SYSTEM, METHOD, AND DEVICE

The present invention is directed to systems and methods for providing secure dynamic address resolution and communication. Accordingly, a node may include processor and memory having instructions thereon, that when executed, cause the node to pair with another node. The pairing may include creating a DNS record on the node including a current address associated with the second node, this current address may be dynamically updated. The instructions may further allow the node to transmit a message to the second node, based on a resolved address from the DNS record on the first node. Authentication, dynamic message encryption and the provision of a DNS cache may further be implemented on the node. 1. A method for node-based DNS resolution , the method comprising:creating a first DNS record on a first node, said first DNS record comprising a second-node address;creating a second DNS record on a second node, said second DNS record comprising a first-node address; anddynamically updating, via at least one microprocessor, said first DNS record, comprising:receiving a new second-node address from said second node;storing said new second-node address on said first node;designating said new second-node address as a current second-node address of said second node;designating said second-node address as a previous second-node address of said second node; andstoring said previous second-node address on said first node.2. The method as recited in claim 1 , further comprising:dynamically updating, via said at least one microprocessor, said second DNS record, comprising:receiving a new first-node address from said first node;storing said new first-node address on said second node;designating said new first-node address as a current first-node address of said first node;designating said first-node address as a previous first-node address of said first node; andstoring said previous first-node address on said second node.3. The method as recited in claim 1 , further comprising ...

Virtual distributed domain name server

An approach for intercepting and caching Domain Name System (DNS) related data and sharing the cached DNS related data among hypervisors is provided. In an embodiment, a method comprises: receiving a DNS query from a virtual machine, determining whether a DNS reply to the DNS query has been received from a DNS server and whether an Internet Protocol (IP) address has been stored in a local DNS cache; in response to determining that tire DNS reply to the DNS query has been received from the DNS server and the IP address has been stored in the local DNS cache; retrieving the IP address from the local DNS cache; and providing the IP address to the virtual machine.

MITIGATING NETWORK/HARDWARE ADDRESS EXPLOSION IN NETWORK DEVICES

A source host device masks the hardware address of a hosted container from a network device to mitigate the use of resources in the network device. A virtual switch on the source host receives a frame from a hosted container. The frame includes a source hardware address of the hardware address corresponding to the hosted container. The frame also includes a source network address of the network address corresponding to the hosted container. The virtual switch replaces the source hardware address of the frame with the hardware address associated with the source host, and send the frame to the network device. The frame sent to the network device includes the host hardware address as the source hardware address and the container network address as the source network address. 1. A method comprising:on a first computing device associated with a first host Layer 2 address, receiving a frame from a first container, wherein the frame includes a source hardware address of a first container Layer 2 address corresponding to the first container and a source network address of a first container Layer 3 address corresponding to the first container;saving a correlation of the first container Layer 2 address with the first container Layer 3 address, enabling the first computing device to bridge a response message directed to the first container Layer 3 address to the first container, wherein the response message includes the first host Layer 2 address and the first container Layer 3 address;responsive to a determination that the frame includes a destination hardware address that is different than the first host Layer 2 address, replacing the source hardware address of the frame with the first host Layer 2 address; andsending the frame to a network device, wherein the frame includes (i) the first host Layer 2 address as the source hardware address and (ii) the first container Layer 3 address as the source network address.2. The method of claim 1 , further comprising storing a ...

RESOLVER-BASED DATA STORAGE AND RETRIEVAL SYSTEM AND METHOD

System and method for associating general data with an end-user based on the domain name system (DNS) resolver that the end-user uses to map the canonical domain names of internet services to their associated network addresses. The present invention elegantly addresses concerns of scale regarding the key-space, for example the global number of distinct DNS resolvers, and the data-space, for example the number of distinct geographical areas to associate 1. A system for associating general information with an end-user through the development of an association key comprising:a plurality of association key servers configured to decode encoded information and for communicating with an end-user device using the protocol required by the end-user,at least one DNS resolver system associated with an end-user for receiving service requests from the end-user, and for requesting mappings of network addresses, andauthoritative name server for communicating to the DNS resolver system a sequence of encoded information for use by the association key servers in response to contacts from an end-user device made in the sequence provided by the authoritative name server to iteratively transcribe data encoded within an operational process of standard DNS into metadata specific to the protocol required by the end-user.2. The system of wherein the key association servers are web servers.3. The system of wherein at least some of the association key servers and the authoritative name server comprise a service host.4. The system of wherein a service endpoint system comprises the authoritative name server.5. The system of wherein a service endpoint system is a third party system.6. (canceled)7. The system of wherein potential keys are mapped to an N-tree where N is the number of association key servers.8. (canceled)9. (canceled)10. (canceled) This application is related to, and claims the benefit of provisional U.S. Patent Application Ser. No. 61/790,474, filed Mar. 15, 2013; Ser. No. 14/206, ...

METHOD AND DEVICE FOR STARTING APPLICATION

A method for starting an application in a router includes establishing a connection with a terminal, detecting whether the terminal supports a private protocol, and starting an application based on the private protocol if the terminal supports the private protocol. 1. A method for starting an application in a router , comprising:establishing a connection with a terminal;detecting whether the terminal supports a private protocol; andstarting, if the terminal supports the private protocol, an application based on the private protocol.2. The method according to claim 1 , further comprising:detecting, when the terminal is disconnected from the router, whether there is another terminal supporting the private protocol being connected to the router; andclosing, if there is no other terminal supporting the private protocol being connected to the router, the application based on the private protocol.3. The method according to claim 2 , wherein detecting whether the terminal supports the private protocol comprises:acquiring and adding a host name of the terminal into a Dynamic Host Configuration Protocol (DHCP) file when the terminal is connected to the router;reading the host name from the DHCP configuration file;detecting whether a name list contains a matching host type that matches the host name, the name list storing host types of terminals supporting the private protocol; anddetermining that the terminal supports the private protocol if the name list contains the matching host type.4. The method according to claim 3 , wherein:the name list is a first name list stored in the router and corresponds to a first private-protocol-based application,a second name list is stored in the router and corresponds to a second private-protocol-based application, and determining whether the matching host type belongs to the first name list or the second name list; and', 'starting one of the first or the second private-protocol-based application based on one of the first or the second ...

BLOCKCHAIN-BASED DOMAIN NAME RESOLUTION SYSTEM

The invention relates to a blockchain-based domain name resolution system, characterized in that the domain name resolution system adopts a layered structure comprising a top-level domain name chain network, a second-level domain name chain network, a future network node and an existing DNS system network; the top-level domain name chain network links the second-level domain name chain network, the future network node and the existing DNS system network respectively, and the top-level domain name chain network is used for each professional organization to deploy the server nodes having a reliable performance respectively to form a union blockchain network, wherein each node server records the information of all the current top-level domain names, the second-level domain name chain nodes, the future network nodes and the root nodes of the existing DNS system; the second-level domain name chain network is used for the registration and management of domain names, and recording of all the second-level domain names and their subdomain names; the future network node is used for the storage of the metadata and index in the future network. The invention reduces the resolution request, thus effectively improving the efficiency of domain name resolution. 1. A blockchain-based domain name resolution system , wherein the domain name resolution system adopts a layered structure comprising a top-level domain name chain network , a second-level domain name chain network , a future network node and an existing DNS system network; the top-level domain name chain network links the second-level domain name chain network , the future network node and the existing DNS system network respectively , and each professional organization deploys the server nodes having a reliable performance respectively to form a union blockchain network , wherein each node server records the information of all the current top-level domain names , the second-level domain name chain nodes , the future network ...

METHOD AND APPARATUS FOR DETERMINING VIRTUAL MACHINE MIGRATION

Embodiments of this application provide a method and an apparatus for determining virtual machine VM migration. The method includes: after a VM is migrated, sending a gratuitous ARP packet or a RARP packet to an in-migration VTEP device; obtaining, by the VTEP device, a MAC address of the VM, searching an ARP cache table based on the MAC address, and obtaining an IP address of the VM; and constructing an ARP unicast request packet by using the IP address as a destination IP address, and if the VTEP device receives an ARP response packet sent by the VM for the ARP unicast request packet, determining that the VM is migrated. 1. A method by a first device , comprising:obtaining, after a virtual machine (VM) is migrated from a second device to the first device, a media access control (MAC) address of the VM from a local interface;sending an address resolution protocol (ARP) request packet to the VM according to the MAC address of the VM;receiving an ARP response packet from the VM; anddetermining that the VM has migrated based on the received ARP response packet.2. The method according to claim 1 , further comprising:advertising a route to the second device, the route is a route to the VM.3. The method according to claim 1 , wherein obtaining a media access control (MAC) address of the VM from a local interface comprises:obtaining the MAC address of the VM according to a packet obtained from the local interface.4. The method according to claim 3 , whereinthe packet is a reverse address resolution protocol (RARP) packet sent by the VM; orthe packet is a gratuitous ARP packet sent by the VM.5. The method according to claim 1 , wherein the method further comprises:storing a correspondence between the MAC address of the VM and the local interface.6. The method according to claim 1 , wherein the method further comprises:updating an APR table locally stored by the first device, wherein the ARP table is used to store the correspondence between the MAC address of the VM and the ...

NAME TRANSLATION MONITORING

Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information. 1. A method comprising:accessing network traffic;accessing name translation traffic from the network traffic;accessing name information and address information from the name translation traffic;storing the name and address information;accessing subsequent network traffic sent by a device, wherein the network traffic includes address information;determining a match between address information of the subsequent network traffic and the address information of the name translation traffic; andassociating network traffic from the device with the name information.2. The method of claim 1 , wherein the name translation traffic is a domain name system (DNS) response and the address information comprises an internet protocol (IP) address.3. The method of claim 1 , further comprising:classifying the device based on the name information.4. The method of claim 3 , wherein the classifying of the device is based on at least one of a domain name or a subdomain name of the name information.5. The method of claim 1 , further comprising:determining a session classification based on the name information.6. The method of claim 1 , further comprising:determining an indication of compromise (IoC) of the device based on the name information.7. The method of claim 1 , further comprising:determining an indication of intrusion based on the name information.8. The method of claim 7 , wherein the indication of intrusion is based on a signature.9. The method of claim 1 , wherein the name translation traffic is accessed from an intermediate naming device.10. The method of claim 1 , further comprising:accessing time information from the name ...

COMMUNICATION APPARATUS, METHOD FOR CONTROLLING THE SAME, AND STORAGE MEDIUM

A communication apparatus that transmits data outside via different communication interfaces performs operations, including setting an interface correspondence between a domain name identifying a domain and a communication interface for use with an external apparatus belonging to the domain, generating, from the set interface correspondence, a setting indicating a Domain Name System (DNS) server correspondence between the domain name and the DNS server to which name resolution for a host name of the external apparatus is to be transferred, and activating a DNS cache server that operates from the generated setting. A DNS client requested for the host name resolution by an application of the communication apparatus transmits a name resolution request to the DNS cache server. Based on the received host name, the DNS cache server determines an external DNS server to which the name resolution is requested, and requests the determined external DNS server for the name resolution. 1. A communication apparatus to transmit data outside the communication apparatus via a plurality of different communication interfaces , the communication apparatus comprising:at least one memory that stores instructions; andat least one processor to execute the instructions to perform operations including:setting a communication interface correspondence between a domain name and a communication interface, from the plurality of different communication interfaces, to be used for communication with an external apparatus belonging to a domain identified by the domain name,generating, based on the set communication interface correspondence, a setting indicating a Domain Name System (DNS) name resolution server correspondence between the domain name and the DNS name resolution server to which name resolution for a host name of the external apparatus belonging to the domain identified by the domain name is to be transferred, andactivating a DNS cache server,wherein the DNS cache server operates based ...

ADAPTIVE DNS PRE-RESOLUTION

Embodiments of the present invention include methods and systems for domain name system (DNS) pre-resolution. A method for DNS pre-resolution is provided. The method includes initiating a DNS lookup call for one or more sub-resource uniform resource locator (URL) hostnames associated with a referring URL prior to navigation to the referring URL, whereby a resolution result for at least one of the sub-resource URL hostnames is cached in a DNS cache in preparation for navigation to the sub-resource URLs. The method further includes learning relationship information including the sub-resource URLs associated with the referring URL for DNS pre-resolution. A system for DNS pre-resolution is also provided. The system includes a DNS pre-resolver, a navigation monitor and a relationship data store. 1. A method for domain name system (DNS) pre-resolution in a processor executing a browser that utilizes a DNS to resolve network addresses comprising:storing, by the browser, relationship information including one or more relationships, each relationship including one or more sub-resource uniform resource locators (URLs) in association with a referring URL, wherein each of the sub-resource URLs is determined by the browser based on content received upon a first navigation to the referring URL by the browser;initiating, by the browser, and using the stored relationship information, a DNS lookup call for resolving one or more hostnames of the sub-resource URLs associated with the referring URL, the DNS lookup call being initiated by the browser prior to a second navigation by the browser to the referring URL, whereby a resolution result including a resolved internet protocol (IP) address for at least one of the one or more sub-resource URLs hostnames is cached in a DNS cache in preparation for the second navigation to the referring URL by the browser; andinitiating the another navigation to the referring URL and utilizing the resolution result cached in the DNS cache to resolve at ...

Hybrid Unicast/Anycast Content Distribution Network System

A method includes receiving a request for an edge cache address, and comparing a requestor address to an anycast group. The method can further include providing an anycast edge cache address when the requestor address is in the anycast group. Alternatively, the method can further include determining an optimal cache server, and providing a unicast address of the optimal cache server when the requestor address is not in the anycast group. 1. A system comprising:a memory that stores instructions; and comparing an address of a requestor to an anycast group,', 'wherein when the anycast group is in a stable network, an existing relationship causes requests from the anycast group to enter the network at a same router, and', 'wherein when the anycast group is in an unstable network, the traffic enters the network at multiple provider edge routers., 'a processor that executes the instructions to perform operations, the operations comprising2. The system of claim 1 , wherein the operations further comprise receiving claim 1 , from the requestor claim 1 , a request for an edge cache address of a cache server.3. The system of claim 2 , wherein the operations further comprise providing claim 2 , to the requestor claim 2 , the edge cache address as an anycast address when the address of the requestor is in the anycast group.4. The system of claim 1 , wherein the operations further comprise determining an optimal cache server for the requestor.5. The system of claim 1 , wherein the operations further comprise utilizing the address of the requestor to determine an optimal edge cache router for the requestor.6. The system of claim 1 , wherein the existing relationship relates to regulating how traffic enters a network that includes a cache server.7. The system of claim 1 , wherein the operations further comprise selecting an optimal cache server for the requestor based on a network distance claim 1 , a network cost claim 1 , an available bandwidth claim 1 , an available server ...

Low-Impact Proactive Monitoring of Customer Access to Virtualized Network Elements in a Cloud Platform

A system can collect, from an address resolution protocol (“ARP”) cache of a managed virtual network function (“VNF”), at least one active entry corresponding to at least one active element of a plurality of virtual local area network (“VLAN”) networks. The system can check the ARP cache for an entry associated with at least one of the plurality of VLAN elements. The system can determine whether an entry associated with at least one of the plurality of VLAN elements was found. In response to determining that an entry associated with at least one of the plurality of VLAN elements was not found, the system can send an ARP request to the plurality of VLAN elements, wait for an ARP response, and, in response to determining that an ARP response has not been received, generate a notification that VLAN connectivity has been lost. 1. A system comprising:a processor; and generating an address resolution protocol request,', 'sending the address resolution protocol request to a plurality of virtual local area network elements of a customer premises portion of a virtual local area network, wherein the managed virtual network function is also part of the virtual local area network,', 'determining whether an address resolution protocol response has been received from at least one of the plurality of virtual local area network elements of the customer premises portion of the virtual local area network, and', determining that connectivity between the managed virtual network function of the virtual local area network and the plurality of virtual local area network elements of the customer premises portion of the virtual local area network has been lost, wherein determining that connectivity between the managed virtual network function of the virtual local area network and the plurality of virtual local area network elements of the customer premises portion of the virtual local area network has been lost is performed without installation, on any of the plurality of virtual local area ...

MULTIPLE LINK LAYER ADDRESS RESOLUTION PROTOCOL (ARP)

A computer-implemented method comprising a processor providing a Multiple Address Resolution Protocol (MARP) message, wherein the MARP message comprises multiple Media Access Control (MAC) addresses associated with an Internet Protocol (IP) address. 1. A computer-implemented method comprising a processor providing a Multiple Address Resolution Protocol (MARP) message , wherein the MARP message comprises multiple Media Access Control (MAC) addresses associated with an Internet Protocol (IP) address.2. The method of claim 1 , wherein the MARP message is provided in response to receiving an Address Resolution Protocol (ARP) request.3. The method of claim 2 , further comprising the processor detecting a MARP indicator in the ARP request; and not providing an ARP response to the ARP request.4. The method of claim 1 , where the MARP message is a gratuitous MARP message.5. The method of claim 2 , further comprising the processor providing an ARP response to the ARP request wherein the MARP message has a higher priority than the ARP response.6. The method of claim 1 , wherein the MARP message comprises a data payload.7. The method of claim 1 , wherein the MARP message comprises a weighting for a MAC address among the multiple MAC addresses.8. The method of claim 1 , wherein the processor providing a MARP message further comprises consulting an ARP cache to identify MAC addresses sharing the IP address.9. A computer-implemented method of balancing network load comprising claim 1 , by a processor:receiving a Multiple Address Resolution Protocol (MARP) message containing multiple Media Access Control (MAC) addresses associated with an Internet Protocol (IP) address; andallocating traffic between the multiple MAC addresses associated with the IP address.10. The method of claim 9 , wherein the MARP message is a gratuitous MARP message.11. The method of claim 9 , further comprising the processor sending an ARP request to the IP address.12. The method of claim 9 , wherein the MARP ...

SYSTEM AND METHOD FOR IMPROVING PROXY SERVER PERFORMANCE USING LOCAL DOMAIN NAME SYSTEM (DNS) CACHE AND CONNECTIVITY MONITORING

A system and method for improving proxy server performance in a communication network. The system and method employ a proxy server configured to, in response to a request identifying a domain name, determine whether domain name resolution information associated with the domain name is stored in a storage accessible by the proxy server and has exceeded an expiration time for the domain name resolution information, provide the domain name resolution information from the storage in response to the request via the network upon determining that the domain name resolution information is stored in the storage, has exceeded the expiration time and meets a delivery condition, and request from a domain name server updated domain name resolution information upon determining that the domain name resolution information is at least one of absent from the storage and has exceeded the expiration time. 1. A system for use with a communication network , the system comprising:a proxy server configured to, in response to a request identifying a domain name, determine whether domain name resolution information associated with the domain name is stored in a storage accessible by the proxy server and has exceeded an expiration time for the domain name resolution information, provide the domain name resolution information from the storage in response to the request via the network upon determining that the domain name resolution information is stored in the storage, has exceeded the expiration time and meets a delivery condition, and request from a domain name server updated domain name resolution information upon determining that the domain name resolution information is at least one of absent from the storage and has exceeded the expiration time.2. The system according to claim 1 , whereinthe proxy server is further configured to provide the updated domain name resolution information as requested from the domain name server in response to the request upon determining that the domain name ...

METHOD AND APPARATUS FOR MANAGING REHOMING OF USER ENDPOINT DEVICES IN A COMMUNICATION NETWORK

A system that incorporates teachings of the present disclosure may include, for example, a Domain Name System (DNS) server having a controller to receive new provisioning information for updating a Fully Qualified Domain Name (FQDN), and update the FQDN with the new provisioning information. The new provisioning information can include among other things a start time for rehoming one or more user endpoint devices (UEs) assigned to a current session border Controller (S/BC), a move-from record comprising a descriptor of at least the current S/BC, a move-to record comprising a descriptor of at least a new S/BC to which to rehome the one or more UEs, a transfer window representing a total time for the rehoming the one or more UEs to the new S/BC, and a pacing parameter for rehoming the one or more UEs to the new S/BC during the transfer window. Additional embodiments are disclosed. 1. A non-transitory , machine-readable storage medium , comprising executable instructions that , when executed by a processing system including a processor , facilitate performance of operations , comprising:receiving, by a domain name server, new provisioning information to rehome user equipment from a current session controller to a new session controller by updating a fully qualified domain name associated with the user equipment; andupdating the fully qualified domain name with the new provisioning information as an updated fully qualified domain name2. The non-transitory claim 1 , machine-readable storage medium of claim 1 , wherein the new provisioning information comprises a start time for rehoming a user endpoint device assigned to a current session border controller claim 1 , a move-from record comprising a descriptor of the current session border controller claim 1 , a move-to record comprising a descriptor of a new session border controller to which to rehome the endpoint device claim 1 , a transfer window representing a time for the rehoming of the user endpoint device to the ...

MICRO AND MACRO SEGMENTATION IN ENTERPRISE NETWORKS WITHOUT A PER SEGMENT LAYER-3 DOMAIN

Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to a Virtual Network Identifier (VNI) and Scalable Group Tag (SGT). 1. A method comprising:initiating a default external interface comprising a default switched virtual interface (SVI) corresponding to a virtual local area network (VLAN);establishing a logical subnet segment interface from a main subnet segment, wherein the logical subnet segment interface comprises a segment virtual routing and forwarding (VRF) instance for a logical subnet segment and an unassigned logical subnet segment SVI for the logical subnet segment;assigning a segment virtual network identifier (VNI) to the logical subnet segment interface for the logical subnet segment; andmapping at least one scalable group tag (SGT) to the segment VNI.2. The method of claim 1 , further comprising:receiving a DHCP discover request from an endpoint;creating a host entry in a local cache for the endpoint;mapping the host entry to a SGT of the at least one SGT and the segment VNI;forwarding the DHCP discover request to a wide area network (WAN) router via the VLAN;receiving a DHCP offer for the endpoint from the WAN router via the VLAN, wherein the DHCP offer comprises an IP address;determining from the DHCP offer and the host entry the mapped SGT and segment VNI for the endpoint;providing the DHCP offer to the endpoint;receiving a DHCP request from the endpoint ...

ENDPOINT-ASSISTED ACCESS CONTROL FOR NETWORK SECURITY DEVICES

A network security device has at least one Fully Qualified Domain Name (FQDN) access policy that permits traffic to flow to at least one resource associated with at least one FQDN. The network security device receives, from a managed endpoint device, a packet directed to the at least one resource associated with the at least one FQDN. The network security device obtains DNS information associated with the managed endpoint device and, based on the domain name system (DNS) information, substitutes a network address of the at least one resource into the at least one FQDN access policy to open a traffic flow to the at least one resource associated with the at least one FQDN. The network security device then provides the packet to the at least one resource associated with the at least one FQDN. 1. A method comprising:at a network security device having at least one Fully Qualified Domain Name (FQDN) access policy that permits traffic to flow to at least one resource associated with at least one FQDN:receiving, from a managed endpoint device, a packet directed to the at least one resource associated with the at least one FQDN, wherein the packet includes a network address of the at least one resource and an identifier of the managed endpoint device;obtaining Domain Name System (DNS) information associated with the managed endpoint device;based on the DNS information associated with the managed endpoint device, substituting the network address of the at least one resource into the at least one FQDN access policy to open a traffic flow to the at least one resource associated with the at least one FQDN; andproviding the packet to the at least one resource associated with the at least one FQDN.2. The method of claim 1 , wherein obtaining the DNS information associated with the managed endpoint device includes:sending a resolution request to an endpoint service, wherein the resolution request is configured to cause the endpoint service to query the managed endpoint device for ...

SERVICE PROCESSING METHOD AND APPARATUS

The present invention discloses a service processing method and apparatus, which belong to the field of Internet technologies. After the AP and an STA first perform MAC address change notification and then establish a first MAC connection, the AP sends service data of the STA to the STA through the first MAC connection by using a resource related to a second MAC connection. Therefore, in a MAC address change process, there is no need to re-establish a resource at an upper layer of a MAC layer, and only a change in invoking a MAC layer resource is required at a layer at which the MAC layer resource is used. Time and a resource for processing a service can be reduced without affecting service continuity and stability of the upper layer. Therefore, the service is processed in a timely manner and service processing efficiency is improved. 1. A service processing method , wherein the method comprises:receiving, by an access point, a connection request that is sent by a station (STA) by using a first media access control (MAC) address; and establishing a first MAC connection to the STA according to the first MAC address, wherein the first MAC address is the MAC address of the STA after the STA changes its MAC address from a second MAC address to the first MAC address;receiving, by the access point, a MAC address change message that is sent by the STA in an encryption mode, wherein the MAC address change message carries the second MAC address; determining, according to the MAC address change message, that the STA has changed its MAC address; and determining that a second MAC connection to the STA has been established by using the second MAC address; andsending, by the access point, service data of the STA to the STA through the first MAC connection by using a resource related to the second MAC connection.2. The method according to claim 1 , wherein after receiving the MAC address change message claim 1 , no new Internet Protocol (IP) address is assigned to the STA.3. The ...

Domain Name Resolution Method, DNS Cache Server, and Final DNS Server

Provided are a domain name resolution method, a DNS cache server and a final DNS server. In the method, a DNS cache server establishes a connection with a final DNS server according to address information of the final DNS server, and acquires information of all domain name records about a predetermined domain name from the final DNS server, to determine a domain name resolution result of the predetermined domain name according to the information of all the domain name records about the predetermined domain name, wherein the information of all the domain name records about the predetermined domain name is a correlation between the predetermined domain name and different IP addresses. By virtue of the technical solution, a DNS cache server can determine a domain name resolution result according to a current link condition. 1. A domain name resolution method , comprising:establishing, by a Domain Name System (DNS) cache server, a connection with a final DNS server according to address information of the final DNS server; andacquiring, from the final DNS server by the DNS cache server, information of all domain name records about a predetermined domain name, to determine a domain name resolution result of the predetermined domain name according to the information of all the domain name records about the predetermined domain name, wherein the information of all the domain name records about the predetermined domain name is a correlation between the predetermined domain name and different Internet Protocol, IP, addresses.2. The method as claimed in claim 1 , wherein before the DNS cache server establishes the connection with the final DNS server according to the address information of the final DNS server claim 1 , the method further comprises:in a condition that the DNS cache server receives a domain name resolution result returned from the final DNS server, acquiring the address information of the final DNS server; or,in a condition that the DNS cache server is ...

SURROGATE NAME DELIVERY NETWORK

A method for providing access to an Internet resource includes registering a surrogate nameserver to be an authoritative nameserver in a DNS network, receiving at the surrogate nameserver a DNS query, maintaining at the surrogate nameserver a cache that includes a resolution of the DNS query, and executing at the surrogate nameserver a policy code to make a determination of validity of one or more of the DNS query and the cached resolution. 112-. (canceled)13. A method for providing access to an Internet resource comprising:maintaining a first nameserver that is registered to be an authoritative nameserver and that includes a cache of DNS resolutions to DNS queries;accepting at the first nameserver directions pushed by a second nameserver to purge DNS cached resolutions and to blacklist DNS queries;receiving at the first nameserver a DNS query;executing at the first nameserver a policy code to determine how to respond to the DNS query, including checking the blacklist and checking for a valid cached resolution; andresponding to the DNS query based at least in part on results of the checking, by throwing a blacklist error, requesting a DNS resolution from the second nameserver or returning the cached resolution.14. The method of claim 13 , and comprising receiving the policy code at the first nameserver claim 13 , wherein the policy code includes a set of conditions and actions.15. The method of claim 13 , wherein a hostname specified by the DNS query indicates an infrastructure at which the Internet resource is to be accessed claim 13 , wherein the checking comprises determining that the DNS query is invalid claim 13 , and wherein generating the DNS response comprises generating a response that does not allow access to the infrastructure.16. The method of claim 15 , wherein determining that the DNS query is invalid comprises determining that a parameter of the DNS query is on the blacklist.17. The method of claim 13 , wherein the DNS query is received from a web ...

MANAGE ENCRYPTED NETWORK TRAFFIC USING DNS RESPONSES

This present disclosure generally relates to managing encrypted network traffic using Domain Name System (DNS) responses. One example includes requesting an address; receiving a response from the resolution server including one or more addresses associated with the domain name; associating with the domain name a particular address selected from the received one or more addresses; receiving a request to resolve the domain name; sending a response to the request to resolve the domain name, the sent response including the particular address associated with the domain name; receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name; and determining that the secure request is directed to the domain name based on the association between the particular address and the domain name. 1. A computer-implemented method executed by one or more processors , the method comprising:maintaining, before receiving a request to resolve a domain name, a predetermined set of domain names for which secure requests are to be identified and, for each of the domain names, at least one particular addressesreceiving from a particular client device, the request to resolve the domain name from a network that hosts a plurality of client devices including the particular client device;sending a response to the request to resolve the domain name, the sent response including the particular address associated with the domain name;receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name; anddetermining that the secure request is directed to the domain name based on the association between the particular address and the domain name.2. The method of claim 1 , wherein the domain name is a first domain name claim 1 , the method further comprising:requesting an address associated with a second domain name different than the first domain name from the resolution server; ...

Method of Operating a Switch or Access Node in a Network and a Processing Apparatus Configured to Implement the Same

There is provided a method of operating a switch () or an access node () in a network (), the switch or access node having a plurality of interfaces () through which data packets () can be received and forwarded, the network () further comprising one or more gateway nodes () and one or more user terminals (), each of the gateway nodes and the user terminals having a respective address, the method in the switch or access node comprising identifying the address for at least one of the gateway nodes (); comparing a source address () specified in a data packet received from a user terminal at one of the interfaces of the switch or access node to the identified addresses for the one or more gateway nodes (); storing the source address specified in the data packet and the identity of the interface through which the data packet was received if the source address specified in the data packet does not match an address for any of the one or more gateway nodes (); and discarding the data packet if the source address specified in the data packet matches an address for any of the one or more gateway nodes (). 1. A method of operating a switch or an access node in a network , the switch or access node having a plurality of interfaces through which data packets can be received and forwarded , the network further comprising one or more gateway nodes and one or more user terminals , each of the gateway nodes and the user terminals having a respective address , the method in the switch or access node comprising: 'comparing a source address specified in a data packet received from a user terminal at one of the interfaces of the switch or access node to the identified addresses for the one or more gateway nodes;', 'identifying the address for at least one of the gateway nodes;'} 'discarding the data packet if the source address specified in the data packet matches an address for any of the one or more gateway nodes.', 'storing the source address specified in the data packet and the ...

Low-Impact Proactive Monitoring of Customer Access to Virtualized Network Elements in a Cloud Platform

A system can collect, from an address resolution protocol (“ARP”) cache of a managed virtual network function (“VNF”), at least one active entry corresponding to at least one active element of a plurality of virtual local area network (“VLAN”) networks. The system can check the ARP cache for an entry associated with at least one of the plurality of VLAN elements. The system can determine whether an entry associated with at least one of the plurality of VLAN elements was found. In response to determining that an entry associated with at least one of the plurality of VLAN elements was not found, the system can send an ARP request to the plurality of VLAN elements, wait for an ARP response, and, in response to determining that an ARP response has not been received, generate a notification that VLAN connectivity has been lost. 1. A system comprising:an interface to a managed virtual network function, wherein the managed virtual network function is part of a virtual local area network along with a plurality of virtual local area network elements of a customer premises portion of the virtual local area network;a processor; and generating an address resolution protocol request,', 'sending the address resolution protocol request to the plurality of virtual local area network elements of the customer premises portion of the virtual local area network,', 'waiting for an address resolution protocol response from at least one of the plurality of virtual local area network elements of the customer premises portion of the virtual local area network,', 'determining whether an address resolution protocol response has been received from at least one of the plurality of virtual local area network elements of the customer premises portion of the virtual local area network, and', determining that connectivity between the managed virtual network function of the virtual local area network and the plurality of virtual local area network elements of the customer premises portion of the ...

DATA FORWARDING METHOD AND APPARATUS BASED ON OPERATING SYSTEM KERNEL BRIDGE

A data forwarding method is provided for a data forwarding apparatus. The method includes, when a first port receives a to-be-forwarded data packet, executing a network adapter driver corresponding to the first port to read the to-be-forwarded data packet from a network adapter cache corresponding to the first port. The network adapter cache stores address forwarding information obtained from an operating system kernel bridge. The method also includes searching the address forwarding information in the network adapter cache for address forwarding information corresponding to the data packet and, when the address forwarding information corresponding to the data packet is found, determining a target network adapter driver for forwarding the data packet based on the found address forwarding information, and directly sending the data packet to the target network adapter driver, such that the target network adapter driver forwards the data packet through a second port. 1. A data forwarding method based on an operating system kernel bridge for a data forwarding apparatus , comprising:when a first port of the data forwarding apparatus receives a to-be-forwarded data packet, executing a network adapter driver corresponding to the first port to read the to-be-forwarded data packet from a network adapter cache corresponding to the first port, the network adapter cache storing address forwarding information obtained from the operating system kernel bridge;searching the address forwarding information in the network adapter cache for address forwarding information corresponding to the data packet; andwhen the address forwarding information corresponding to the data packet is found, determining a target network adapter driver for forwarding the data packet based on the found address forwarding information, and directly sending the data packet to the target network adapter driver, such that the target network adapter driver forwards the data packet through a second port.2. The ...

System and method for correlating routing protocol information

Aspects of the present disclosure involve systems, methods, computer program products, and the like, for correlating information associated with one networking transmission protocol, such as Internet Protocol version 6 (IPv6), to information associated with a different networking transmission protocol, such as Internet Protocol version 6 (IPv4). More specifically, when resolving an Internet Protocol (IP) address associated with a requesting device to a network, the system may base the resolved destination on one or more attributes of a known address to build a network mapping of the received IP address. In one specific example, an IPv6 address is received and associated with a known IPv4 address to map the network.

Identification Services for Internet-Enabled Devices

An identification service may provide a device identifier that is available in both browser and non-browser applications on an electronic device. The identification service may include a domain name system server that handles domain name system queries for certain HTTP requests originating from the browser and non-browser applications. An HTTP request in the non-browser application may result in the domain name system server embedding the device identifier into an IPv6 address that is then stored in a local domain name system cache on the device. An HTTP request in the browser application may cause the browser to connect to the IPv6 address stored in the local domain name system cache. The identification service may have an HTTP server bound to the IPv6 address. The HTTP server may extract the device identifier from the IPv6 address and may provide the device identifier to the browser application. 1. A method for operating computing equipment , comprising:receiving a domain name system query from an electronic device;generating a device identifier for the electronic device;embedding the device identifier in an internet protocol address; andreturning a domain name system result to the electronic device, wherein the domain name system result includes the internet protocol address.2. The method defined in wherein the internet protocol address comprises an internet protocol version 6 address.3. The method defined in wherein the computing equipment has a cache and the electronic device has a device internet protocol address claim 1 , the method further comprising:in response to receiving the domain name system query from the electronic device, encrypting the device internet protocol address; andstoring the encrypted device internet protocol address and the device identifier in the cache.4. The method defined in wherein the domain name system query requests information for a first hostname claim 3 , the method further comprising:returning a canonical name record to the ...

DOMAIN NAME RESOLUTION METHOD, SERVER AND STORAGE MEDIUM

A domain name resolution method includes: obtaining a domain name resolution request packet; caching the obtained domain name resolution request packet to a first cache area; modifying, in the first cache area, header data included in the cached domain name resolution request packet, to obtain header data of a domain name resolution reply packet corresponding to the cached domain name resolution request packet; extracting a requested record type and a domain name to be resolved in the cached domain name resolution request packet; searching a second cache area for pre-cached reply data that corresponds to the extracted domain name and that belongs to the extracted record type; and combining the pre-cached reply data with the domain name resolution request packet obtained through modification, to obtain a domain name resolution reply packet. 1. A domain name resolution method performed at a server having one or more processors and memory storing a plurality of programs to be executed by the one or more processors , the method comprising:obtaining, by the server, a domain name resolution request packet;caching, by the server, the obtained domain name resolution request packet to a first cache area;modifying, by the server in the first cache area, header data in the cached domain name resolution request packet, to obtain header data of a domain name resolution reply packet corresponding to the cached domain name resolution request packet;extracting, by the server, a requested record type and a domain name to be resolved in the cached domain name resolution request packet;searching, by the server, a second cache area for pre-cached reply data that corresponds to the extracted domain name and that belongs to the extracted record type; andcombining, by the server, the pre-cached reply data with the domain name resolution request packet obtained through modification, to obtain the domain name resolution reply packet.2. The method according to claim 1 , wherein the first ...

Systems and methods to operate devices with domain name system (dns) caches

Described embodiments provide systems and methods for invalidating a cache of a domain name system (DNS) information based on changes in internet protocol (IP) families. A mobile device having one or more network interfaces configured to communicate over a plurality of networks using a plurality of internet protocol (IP) families is configured to maintain a cache storing DNS information of one or more IP addresses of a first IP family of the plurality of IP families used by the mobile device for a connection to a first network of the plurality of networks. The device can detect a change in the connection of the mobile device from the first network using the first IP family to a second network using a second IP family different from the first IP family and flush at least the DNS information of one or more IP addresses of the first IP family from the cache to prevent use by the mobile device of an IP address that corresponds to an invalid cache entry.

Correlating nameserver IPv6 and IPv4 addresses

Nameserver addresses are correlated in a multi-tier name server hierarchy comprising a first level authority for a domain, and one or more second level authorities to which the first level authority delegates with respect to a particular sub-domain associated with the domain. Preferably, the first level authority is IPv4-based and at least one second level authority is IPv6-based. The first level authority responds to a request issued by a client caching nameserver (a “CCNS”) and returns an answer that includes both IPv4 and IPv6 authorities for the domain. The CCNS is located at an IPv4 source address that is passed along to the first level authority with the CCNS request. The first level authority encodes the CCNS IPv4 source address in the IPv6 destination address of at least one IPv6 authority. Then, when the CCNS then makes a follow-on IPv6 request (with respect to the sub-domain) directed to the IPv6 authority, the IPv6 authority knows both the IPv6 address of the CCNS (as well as its IPv4 address. The IPv6 authority maintains the IPv4-IPv6 correlation. Over time, the IPv6 authority builds up a database of these CCNS IPv6-IPv4 associations. 1. A method , comprising:in response to receipt at a first level authority of a first request for a domain, the first level authority operative within a nameserver hierarchy, the first request including an IPv4 source address of a caching nameserver making the first request, returning to the caching nameserver information identifying at least an IPv6 authority and zero or more IPv4 authorities, where the IPv4 source address of the caching nameserver is encoded in an IPv6 address of the IPv6 authority;receiving, at the IPv6 authority that is a second level authority within the nameserver hierarchy, a second request, the second request having associated therewith an IPv6 address of the caching nameserver that includes the IPv4 source address of the caching nameserver encoded therein;at the IPv6 authority, saving, as an IPv4- ...

Correlating nameserver IPv6 and IPv4 addresses

Nameserver addresses are correlated in a multi-tier name server hierarchy comprising a first level authority for a domain, and one or more second level authorities to which the first level authority delegates with respect to a particular sub-domain associated with the domain. Preferably, the first level authority is IPv4-based and at least one second level authority is IPv6-based. The first level authority responds to a request issued by a client caching nameserver (a “CCNS”) and returns an answer that includes both IPv4 and IPv6 authorities for the domain. The CCNS is located at an IPv4 source address that is passed along to the first level authority with the CCNS request. The first level authority encodes the CCNS IPv4 source address in the IPv6 destination address of at least one IPv6 authority. Then, when the CCNS then makes a follow-on IPv6 request (with respect to the sub-domain) directed to the IPv6 authority, the IPv6 authority knows both the IPv6 address of the CCNS (as well as its IPv4 address. The IPv6 authority maintains the IPv4-IPv6 correlation. Over time, the IPv6 authority builds up a database of these CCNS IPv6-IPv4 associations. 1in response to receipt at a first level authority of a first request for a domain, the first level authority operative within a nameserver hierarchy, the first request including an IPv4 source address of a caching nameserver making the first request, returning to the caching nameserver information identifying at least an IPv6 authority and zero or more IPv4 authorities, where the IPv4 source address of the CCNS is encoded in an IPv6 address of the IPv6 authority;receiving, at the IPv6 authority that is a second level authority within the nameserver hierarchy, a second request, the second request having associated therewith an IPv6 address of the caching nameserver that includes the IPv4 source address of the caching nameserver encoded therein; andat the IPv6 authority, saving an association between the IPv4 source address ...

METHOD, SERVER AND SYSTEM FOR RESOLVING DOMAIN NAME

A method, server and system for resolving a domain name are provided for improving efficiency of domain name resolution. A recursive DNS server receives a resolution request sent by a terminal, and determines the IP address of the domain name to be resolved according to a pre-stored association relation, where the association relation is obtained by the recursive DNS server from an authoritative DNS server corresponding to the domain name to be resolved, and is an association relation between a set of IP address segments, the domain name to be resolved, and the IP address of the domain name to be resolved. The recursive DNS server further generates a resolution response including the IP address of the domain name to be resolved, and returns the resolution response to the terminal, when the IP address of the domain name to be resolved exists in the recursive DNS server. 1. A method for resolving a domain name , comprising:receiving, by a recursive domain name system DNS server, a resolution request sent by a terminal; wherein the resolution request comprises a domain name to be resolved and an Internet protocol IP address of the terminal;determining, by the recursive DNS server, the IP address of the domain name to be resolved according to a pre-stored association relation; wherein the association relation is an association relation between a set of IP address segments, the domain name to be resolved, and the IP address of the domain name to be resolved; wherein the association relation is obtained by the recursive DNS server from an authoritative DNS server corresponding to the domain name to be resolved, and the set of IP address segments is a set of IP address segments to which the IP address of the terminal belongs in the authoritative DNS server; andgenerating, by the recursive DNS server, a resolution response comprising the IP address of the domain name to be resolved, and returning, by the recursive DNS server, the resolution response to the terminal, when ...

SYSTEM AND METHOD FOR CORRELATING ROUTING PROTOCOL INFORMATION

Aspects of the present disclosure involve systems, methods, computer program products, and the like, for correlating information associated with one networking transmission protocol, such as Internet Protocol version 6 (IPv6), to information associated with a different networking transmission protocol, such as Internet Protocol version 6 (IPv4). More specifically, when resolving an Internet Protocol (IP) address associated with a requesting device to a network, the system may base the resolved destination on one or more attributes of a known address to build a network mapping of the received IP address. In one specific example, an IPv6 address is received and associated with a known IPv4 address to map the network. 1. A method for operating a telecommunications network , the method comprising:receiving a first request associated with a communication on the telecommunications network, the first request comprising a first address in a first address protocol, the first address related to a requesting device from which the request was sent;storing the first address related to the requesting device in a database of routing protocol information;receiving a second request at the telecommunications network, the second request comprising a second address in a second address protocol, the second address related to the requesting device from which the request was sent, wherein the second address protocol is different than the first address protocol; andcorrelating the first address stored in the database and the second address of the requesting device.2. The method as recited in further comprising:assigning an attribute of the second address to the first address of the requesting device.3. The method as recited in wherein the database of routing protocol information comprises the attribute of the second address.4. The method as recited in wherein the attribute of the second address is an estimated geographic location of the requesting device.5. The method as recited in further ...

Method for detection of dns spoofing servers using machine-learning techniques

The present disclosure is related to the network communication technology field and relates to a method for the classification and recognition of the Domain Name System (DNS) server, using machine-learning techniques. The classification process assigns a given DNS server as belonging to a preset of classes. For example, it enables to label a DNS server as either benign or malicious. On the other hand, the recognition process seeks the identification of the DNS server behavioral profile, which, consequently, can be used to assess the DNS server trustworthiness before DNS responses can be reliably used, e.g. identification of well-known and trusted DNS servers. Hence, the present patent, by the means of detecting the DNS server RFC adherence improves user security through the classification and recognition of DNS characteristics. Therefore, security solutions can use the DNS server characteristics to assess its trustworthiness before DNS responses can be reliably used.

METHOD AND DEVICE OF FILTERING ADDRESS

The present disclosure relates to a method and device of filtering an address. The method includes: acquiring a Uniform Resource Locator (URL) address corresponding to a material resource of a webpage, wherein the material resource of the webpage includes at least one of a picture resource, an audio resource, a video resource and a literal resource; searching whether the URL address is stored in an address caching list, wherein the address caching list is used to store URL addresses having been matched by a predefined matching algorithm; and if the URL address is not stored in the address caching list, performing a matching operation on the URL address according to the predefined matching algorithm to determine whether the URL address is a URL address needing filtering. 1. A method of filtering an address , comprising:acquiring a Uniform Resource Locator (URL) address corresponding to a material resource of a webpage, wherein the material resource of the webpage includes at least one of a picture resource, an audio resource, a video resource and a literal resource;searching whether the URL address is stored in an address caching list, wherein the address caching list is used to store URL addresses having been matched by a predefined matching algorithm; andif the URL address is not stored in the address caching list, performing a matching operation on the URL address according to the predefined matching algorithm to determine whether the URL address is a URL address needing filtering.2. The method according to claim 1 , wherein acquiring the URL address corresponding to the material resource of the webpage comprises:sending a webpage accessing request to a webpage resource server, wherein the webpage accessing request carries a web address of the webpage, and the webpage resource server searches webpage code corresponding to the webpage according to the web address;receiving the webpage code from the webpage resource server, wherein the webpage code includes a URL ...

DNS CACHE PROTECTION

Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry. 1. A method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked , the method comprising:during a first operational phase of an agent executing on the DCN, building a DNS cache that stores entries comprising (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service;during a second operational phase of the agent, detecting that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry; andbased on the detection, sending an alert to the centralized service, wherein the centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.2. The method of claim 1 , wherein the modified entry violates the policy based on a new network address of the modified entry violating the policy.3. The method of claim 2 , wherein the policy comprises a rule requiring that a network address associated with the domain name is a private network address and the new network address of the modified entry is a public network address.4. The method of claim 2 , ...

Load Balancing and Session Persistence in Packet Networks

A node may generate a data packet comprising an Internet Protocol (IP) header and a destination options extension header (DOEH). The DOEH may comprise one or more data fields and an IP payload. The node may send the data packet to another node in a data network.

Home or Enterprise Router-Based Secure Domain Name Services

There is disclosed in one example a home router, including: a hardware platform including a processor and a memory; a local area network (LAN) interface; a data store including rules for domain name-based services; and instructions encoded within the memory to instruct the processor to: provision a certificate and key pair to provide domain name system (DNS) over hypertext transfer protocol secure (DoH) or DNS over transport layer security (DoT) services; receive on the LAN interface an encrypted DNS request; decrypt the DNS request; query the data store according to the DNS request; receive a rule for the DNS request; and execute the rule. 1. A home router , comprising:a hardware platform comprising a processor and a memory;a local area network (LAN) interface;a data store comprising rules for domain name-based services; and provision a certificate and key pair to provide domain name system (DNS) over hypertext transfer protocol secure (DoH) or DNS over transport layer security (DoT) services;', 'receive on the LAN interface an encrypted DNS request;', 'decrypt the DNS request;', 'query the data store according to the DNS request;', 'receive a rule for the DNS request; and', 'execute the rule., 'instructions encoded within the memory to instruct the processor to2. The home router of claim 1 , wherein executing the rule comprises dropping the request.3. The home router of claim 1 , wherein executing the rule comprises serving a webpage that indicates a domain name for the request is blocked.4. The home router of claim 1 , wherein executing the rule comprises locating a domain name in a DNS cache.5. The home router of claim 1 , wherein executing the rule comprises forwarding the DNS request.6. The home router of claim 1 , wherein executing the rule comprises looking up a local domain name.7. The home router of claim 1 , wherein provisioning the certificate and key pair comprises receiving the certificate and key pair from a home router management service.8. The home ...

Parallel, Side-Effect Based DNS Pre-Caching

Embodiments of the present invention include methods and systems for domain name system (DNS) pre-caching. A method for DNS pre-caching is provided. The method includes receiving uniform resource locator (URL) hostnames for DNS pre-fetch resolution prior to a user hostname request for any of the URL hostnames. The method also includes making a DNS lookup call for at least one of the URL hostnames that are not cached by a DNS cache prior to the user hostname request. The method further includes discarding at least one IP address provided by a DNS resolver for the URL hostnames, wherein a resolution result for at least one of the URL hostnames is cached in the DNS cache in preparation for the user hostname request. A system for DNS pre-caching is provided. The system includes a renderer, an asynchronous DNS pre-fetcher and a hostname table. 1. A method for domain name system (DNS) pre-caching comprising:selecting one or more uniform resource locator (URL) hostnames for DNS pre-fetch resolution from one or more predicted hostnames based on detecting a user gesture for a predetermined period of time, wherein the selecting occurs prior to a user performing another user gesture;making a DNS lookup call for at least one of the one or more URL hostnames that are not cached by a DNS cache, wherein the making occurs concurrent with the selecting and prior to the another user gesture; andcaching at least one IP address provided by a DNS resolver for the one or more URL hostnames in the DNS cache in preparation for a user hostname request based on the user gesture.2. The method of claim 1 , wherein the selecting and making steps are performed by one or more parallel threads.3. The method of further comprising gathering the one or more URL hostnames from one or more URL links in a web page prior to the user selecting a URL link in the web page.4. The method of further comprising:determining a context associated with the one or more one or more uniform resource locator (URL) ...

APPLYING A CONSISTENT HASH TO A DISTRIBUTED DOMAIN NAME SERVER CACHE

Implementations are provided herein for using a distributed DNS cache that is distributed among nodes of a cluster of nodes operating as a distributed file system. A consistent hash can be used to determine a resolution node for a DNS request asking to resolve a specific FQDN. The inputs to the consistent hashing algorithm can be the FQDN, a set of available nodes, and a set of all possible nodes. By using a consistent hash, the process can reduce the sensitivity of the hashing algorithm output from changing when nodes added or removed as participants in the distributed cache service. As each node in the cluster of nodes can independently calculate a resolution node for specific FQDN, there is no need to send control messages between nodes, as each node only needs to be aware of the set of available nodes in the cluster of nodes. 1. A method comprising:maintaining a distributed Domain Name Server (“DNS”) cache among nodes of a cluster of nodes operating as a distributed file system;receiving by a first node among the cluster of nodes a request from a client to resolve a Fully Qualified Domain Name (“FQDN”);using a consistent hash to associate the request with a resolution node among the cluster of nodes, wherein a set of inputs to the consistent hash include at least the FQDN, a set of available nodes among the cluster of nodes, and the cluster of nodes;directing the request to the resolution node;determining by the resolution node a DNS result based on the request; andsending the DNS result to the client.2. The method of further comprising:determining whether the FQDN is associated with a previously cached DNS result within the distributed DNS cache of the resolution node; andin response to the FQDN being associated with the previously cached DNS result, resolving the DNS result as the previously cached DNS result;3. The method of claim 2 , further comprising: looking up the DNS result in a DNS server external to the cluster of nodes; and', 'storing the DNS result ...

Load Balancing and Session Persistence in Packet Networks

A node may generate a data packet comprising an Internet Protocol (IP) header and a destination options extension header (DOEH). The DOEH may comprise one or more data fields and an IP payload. The node may send the data packet to another node in a data network. 1. A method comprising:receiving, by a load balancer, a first packet comprising a first header;determining, by the load balancer and based on an analysis of the first header and one or more load balancing criteria, that the first packet is to be transmitted to a server;transmitting, by the load balancer and to the server, the first packet;receiving, by the load balancer, a second packet comprising a second header;determining, by the load balancer and based on an analysis of the second header, that the second packet is associated with a same session as the first packet; andtransmitting, by the load balancer and to the server, the second packet.2. The method of claim 1 , wherein at least one of the first header and the second header is a destination options extension header (DOEH).3. The method of claim 1 , wherein the first header is a destination options extension header (DOEH) and wherein the analysis of the first header comprises a determination that a server address field of the DOEH is null.4. The method of claim 1 , wherein the second header is a destination options extension header DOEH claim 1 , and wherein the analysis of the second header comprises a determination that a server address field of the DOEH indicates the server.5. The method of claim 2 , wherein the first packet is a Hyper Text Transfer Protocol (HTTP) packet.6. The method of claim 5 , wherein the second packet is a Hyper Text Transfer Protocol Secure (HTTPS) packet.7. The method of claim 1 , wherein the first header is a destination options extension header (DOEH) claim 1 , wherein the first packet further comprises an Internet Protocol (IP) header claim 1 , and wherein the transmitting claim 1 , by the load balancer claim 1 , the ...

EFFICIENT ADDRESS CACHING FOR PACKET TELEPHONY SERVICES

A method for telephony includes receiving at an Internet telephony service provider a subscriber request to place a call to a telephone number. A cache associated with the internet telephony service provider is queried to check if the cache holds a record for the telephone number. If the cache holds the record, the record is obtained. If the cache does not hold the record, a request is sent to a database server that maintains a database of records associating endpoint user terminal telephone numbers of subscribers with respective packet network addresses of the endpoint user terminal. The call is placed to the endpoint user terminal telephone number via a public switched telephone network whilst the request is sent to the database server to retrieve the packet network address of the endpoint user terminal to which calls to the telephone number should be placed. 1receiving at an Internet telephony service provider a subscriber request from an Internet Protocol, IP, telephony user terminal which is directly connected to the Internet telephony service provider via a packet switched data link to place a call to a telephone number;in response to the subscriber request, querying a cache associated with the Internet telephony service provider to check if the cache holds a record for the telephone number;if the cache holds a record for the telephone number, obtaining the record and:if the record is a packet network address, placing the call to the packet network address associated with the endpoint user terminal telephone number; andif the record indicates that there is no packet network address associated with the telephone number, placing the call to the endpoint user terminal telephone number via a public switched telephone network (PSTN);if the cache does not hold a record for the telephone number, sending a request to a database server, which maintains a database of records associating endpoint user terminal telephone numbers of subscribers with respective packet ...

SYSTEMS AND METHODS FOR USING AN HTTP-AWARE CLIENT AGENT

Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described. 1. A method comprising:(a) intercepting, by a client agent executing on a client device, one or more transport layer packets below an application layer of a network stack of the client device, the one or more transport layer packets comprising application layer content data of a web page from a server for a request from a user agent executing on the client device;(b) identifying, by the client agent operating below the application layer of the network stack of the client device, request object data from uniform resource locators (URLs) embedded in application layer content data contained in a payload of the intercepted one or more transport layer packets; and(c) placing, by the client device, the request object data on a request object list;(d) querying, by the client device, a data cache of the client device to determine whether the request object data of the request object list in stored in the data cache;(e) marking, by the client device responsive to determining that request object data is not stored in the cache, in the request object list the request object data as to be downloaded to the client device; and(e) transmitting, by the client device, the request object list to a second device.2. The method of claim 1 , wherein (a) further comprises intercepting claim 1 , by the client agent claim 1 , the one or ...

METHOD AND APPARATUS FOR DETERMINING BANDWIDTH REQUIRED FOR A PAGE FEATURE

A computer implemented method, a computer system, and computer code stored on tangible, non-transient media, for determining bandwidth of a page load for a specific feature associated with the page. Network traffic associated with requests of a loading of a page to be displayed on a device is monitored. Requests of the loaded page are assigned to an associated function of the page. A set parameters associated with loading of each of the plural features is determined and a scoring function is applied to each set of parameters to determine a raw score. The raw score is normalized into a performance score for the corresponding feature in accordance with a standard total performance score for the page. 1. A computer implemented method for managing bandwidth of a page bad of a page having plural features associated with the page , the method comprising:determining a set parameters associated with loading of each of the plural features;applying a scoring function to each set of parameters to determine a raw score; andnormalizing each raw score into a performance score for the corresponding feature in accordance with a standard total performance score for the page.2. The method of claim 1 , wherein the total performance score is 100 and each raw score represents the percentage of resources required by the corresponding feature.3. The method of claim 1 , wherein the total performance score is 10 claim 1 ,000 and each raw score represents the portion of resources claim 1 , out of 10 claim 1 ,000 claim 1 , required by the corresponding feature.4. The method of claim 1 , wherein the load time of the page is acceptable and further comprising:determining updated performance scores for modified functions on the page;adjusting the functions to maintain the total performance score to be within a threshold range corresponding to acceptable page load time.5. The method of claim 1 , wherein the set of parameters includes BC claim 1 , RC claim 1 , RS claim 1 , PI where: BC=Bandwidth ...

PROTOCOL TO QUERY FOR HISTORICAL NETWORK INFORMATION IN A CONTENT CENTRIC NETWORK

One embodiment provides a system that facilitates querying of historical network information. During operation, the system generates a query for historical information associated with interest and content object packets, wherein a name for an interest is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level, wherein the query is based on a name prefix that includes one or more contiguous name components. The system transmits the query to a responding entity. In response to receiving the historical information from the responding entity, the system performs an operation that increases network efficiency based on the historical information, thereby facilitating a protocol for querying the historical information to increase network efficiency. 1. A computer system for facilitating querying of historical network information , the system comprising:a processor; and generating a query for historical information associated with interest and corresponding content object packets, wherein a name for an interest packet is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level, wherein the query is based on a name prefix that includes one or more contiguous name components;', 'transmitting the query to a responding entity; and', 'in response to receiving the historical information from the responding entity, performing an operation that increases network efficiency based on the historical information, thereby facilitating a protocol for querying the historical information to increase network efficiency., 'a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising2. The computer system of claim 1 , wherein the query is an interest packet that indicates one or more of:a routable prefix which includes one ...

Systems and Methods for Optimized Route Caching

A method for optimized route caching includes comparing a destination address of a network packet to a first set of prefixes in a routing cache, and comparing the destination address to a second set of prefixes in a full routing table when a longest matching prefix for the destination address is not found in the routing cache. The method further includes copying the longest matching prefix and a set of sub-prefixes of the longest matching prefix from the full routing table to the routing cache, and forwarding the network packet. 1. A system , comprising:a memory that stores instructions; copying, when a longest matching prefix of a destination address of a network packet is found in a full routing table and not found in a routing cache, the longest matching prefix to the routing cache;', 'merging a plurality of contiguous sub-prefixes of the longest matching prefix into a super-prefix when the plurality of contiguous sub-prefixes have a same output port, wherein the super-prefix is inserted into the routing cache; and', 'forwarding the network packet., 'a processor that executes the instructions to perform operations, the operations comprising2. The system of claim 1 , wherein the operations further comprise comparing claim 1 , when the longest matching prefix of the destination address of the network packet is not found in the routing cache claim 1 , the destination address of the network packet to a first set of prefixes in the full routing table.3. The system of claim 2 , wherein the operations further comprise comparing the destination address of the network packet to a second set of prefixes in the routing cache.4. The system of claim 1 , wherein the operations further comprise updating the routing cache when the longest matching prefix is found in the routing cache.5. The system of claim 1 , wherein the operations further comprise updating the routing cache by incrementing a number of times the longest matching prefix has been used.6. The system of claim 1 , ...

LAYER 2 ADDRESS CONNECTIVITY UPDATES FOR PACKET ROUTING

An example method of routing a packet includes receiving, at a networking device, a first packet storing a first destination address of a first type and a second destination address of a second type. The example method also includes determining whether a mapping between the first and second destination addresses is valid. The example method further includes in response to a determination that the mapping is not valid: obtaining, at the networking device, a second packet storing the first destination address of the first type and a third destination address of the second type, the first destination address operating at a different network layer than the second and third destination addresses; and transmitting, at the networking device, the second packet to a receiver node, the first and third destination addresses being assigned to the receiver node. 1. A method of routing a packet , the method comprising:receiving, at a networking device, a first packet storing a first destination address of a first type and a second destination address of a second type;determining whether a mapping between the first and second destination addresses is valid; and obtaining, at the networking device, a second packet storing the first destination address of the first type and a third destination address of the second type, the first destination address operating at a different network layer than the second and third destination addresses; and', 'transmitting, at the networking device, the second packet to a receiver node, the first and third destination addresses being assigned to the receiver node., 'in response to a determination that the mapping is not valid2. The method of claim 1 , further comprising:in response to a determination that the mapping is valid, transmitting, at the networking device, the first packet to a second receiver node different from the first receiver node, the first and second destination addresses being assigned to the second receiver node.3. The method of ...

PREVENTING DNS CACHE POISONING

The present disclosure provides a method and a device for preventing DNS cache poisoning. According to an example of the method, a preventing equipment may forward a first DNS query request packet sent by a DNS server to a first authoritative DNS server. The preventing equipment may construct a second DNS query request packet including the target domain name and send the second DNS query request packet to a second authoritative DNS server when a first DNS reply packet received for the first DNS query request packet indicates a DNS cache poisoning attack occurs. When a second DNS reply packet received for the second DNS query request packet indicates no DNS cache poisoning attack occurs, the preventing equipment may generate a final DNS reply packet according to the second DNS reply packet and feed back the final DNS reply packet to the DNS server. 1. A method of preventing Domain Name System (DNS) cache poisoning , comprising:forwarding, by a preventing equipment, a first DNS query request packet sent by a DNS server to a first authoritative DNS server, wherein the first DNS query request packet includes a target domain name requested to be resolved;constructing, by the preventing equipment, a second DNS query request packet including the target domain name when a first DNS reply packet received for the first DNS query request packet indicates a DNS cache poisoning attack occurs;sending, by the preventing equipment, the second DNS query request packet to a second authoritative DNS server, wherein the second authoritative DNS server is different from the first authoritative DNS server and has a same mapping relation between domain name and Internet Protocol (IP) address with the first authoritative DNS server;generating, by the preventing equipment, a final DNS reply packet according to a second DNS reply packet when the second DNS reply packet received for the second DNS query request packet indicates no DNS cache poisoning attack occurs, wherein the second DNS ...

DOMAIN NAME SERVICE CACHING IN DISTRIBUTED SYSTEMS

Systems and methods for domain name system (DNS) caching in a distributed processing engine include a first processing engine which may receive a DNS request for accessing a domain from a client. The first processing engine may generate a DNS query for a DNS controller based on the DNS request, The first processing engine may receive a DNS record corresponding to the domain from the DNS controller. The first processing engine may store data corresponding to the DNS record in cache of the first processing engine. The first processing engine may transmit a message including data corresponding to the DNS record for the domain to a second processing engine, to cause the second processing engine to store data corresponding to the DNS record in cache of the second processing engine. 1. A method , comprising:receiving, by a first processing engine from a client, a domain name service (DNS) request for accessing a domain;transmitting, by the first processing engine, responsive to determining that a DNS record for the DNS request is not stored in cache of the first processing engine, a DNS query to a DNS controller based on the DNS request;receiving, by the first processing engine from the DNS controller, a DNS record corresponding to the domain;determining, by the first processing engine, subsequent to transmitting the DNS query to the DNS controller and prior to storing data corresponding to the DNS record from the DNS controller in the cache, that the DNS record is not stored in the cache of the first processing engine;storing, by the first processing engine responsive to the determination, the data corresponding to the DNS record in the cache of the first processing engine; andtransmitting, by the first processing engine to a second processing engine, a message including data corresponding to the DNS record for the domain, to cause the second processing engine to store data corresponding to the DNS record in cache of the second processing engine.2. The method of claim 1 ...

SYSTEMS AND METHODS FOR INTELLIGENT TRANSPORT LAYER SECURITY

Systems and methods for detecting a domain name in a mobile network session for use in applying mobile policy and enforcement functions based on the domain name. A computing device receives a packet associated with a request from a user equipment to access a domain at a server. The computing device determines a traffic type associated with the packet, the traffic type including one of Hypertext Transfer Protocol (HTTP) traffic, Hypertext Transfer Protocol Secure (HTTPS) traffic, and non HTTP or HTTPS traffic. The computing device determines a domain name based on the traffic type and determines a service to apply to the packet based on the domain name.

Method and apparatus for managing dns addresses

Provided are a method and apparatus to manage Domain Name System (DNS) addresses in an electronic device. The method includes monitoring the path of a network. The method also includes converting, upon detecting a change in the network path to a new network, DNS addresses stored in a DNS cache to conform to the new network. The method also includes updating the DNS cache with the converted DNS addresses. It is possible to make various modifications to the above method.