This specification generally relates to methods and systems for applying network policies to devices based on their current access network. One example method includes identifying a proxy connection request sent from a particular client device to a proxy server over a network, the proxy connection request including a hostname and configured to direct the proxy server to establish communication with the computer identified by the hostname on behalf of the client device; determining an identity of the client device based on the proxy connection request; identifying a domain name system (DNS) response to a DNS request including the hostname from the proxy connection request; and updating DNS usage information for the particular client based on the identified DNS response including the hostname from the proxy connection request.

In an example, a VTEP device may store first routing information acquired by the VTEP device, wherein the first routing information may be routing information of a host device connected with the VTEP device. The VTEP stores second routing information sent from other VTEP devices in a VXLAN, wherein the second routing information may be routing information of a host device connected with the other VTEP devices. The VTEP receives an address resolution request from a source host device, wherein the address resolution request comprises an IP address of a target host device, and a VXLAN identifier of a VXLAN to which the target host device belongs. and in response to a determination that routing information of the target host device may be stored locally, the VTEP sends an address resolution response comprising a MAC address of the target host device to the source host device.

In an Internet Protocol Multimedia Subsystem (IMS) network in which multiple subscriber data servers are deployed with partitioned subscription data for users, a subscriber location function (SLF) is used to proxy queries to a subscriber data server (such as an HSS) in which subscription data for a user can be found. The SLF receives a query for the subscriber data server, looks up the address of appropriate subscriber data server and proxies the query to the appropriate subscriber data server. Preferably, the SLF is co-located with a subscriber data server.

In one embodiment, a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request. The DNS server sends, to a Transport Layer Security (TLS) proxy, a DNS response for the domain that includes the certificate information in metadata of an NSH of the DNS response.

A node may generate a data packet comprising an Internet Protocol (IP) header and a destination options extension header (DOEH). The DOEH may comprise one or more data fields and an IP payload. The node may send the data packet to another node in a data network.

A networked system for managing a physical intrusion detection/alarm includes a network of end nodes, e.g., sensor nodes including one or more constrained sensor nodes for sensing physical conditions, and a gateway to provide network connections for the constrained sensor nodes. The system also includes a range extender for connecting the one or more constrained sensor nodes to the gateway, with the range extender including first and second radios and corresponding processors to wirelessly communicate with the gateway and constrained nodes.

According to an example, when transmitting MAC forwarding table items to other BEB devices in an SPBM network for synchronization, a BEB device aggregates a plurality of MAC forwarding table items in a MAC forwarding table belonging to a same MAC segment into an aggregated MAC forwarding item, and transmits the aggregated MAC forwarding table item to the other BEB devices.

Mechanisms may be used for edge caching Hypertext Transfer Protocol Secure (HTTPS) content via an owner-endorsed proxy. The edge servers of a mobile-content distribution network (CDN) may work as the proxy that dynamically gets the means to serve HTTPS content through rights delegated by content owners. Mechanisms may include dynamically assigning a domain with a Canonical name (CNAME) record in DNS based on the popularity of the domain at an edge server. Each edge server from the plurality of edge servers may be associated with a mobile content distribution (mobile-CDN) network, via the mobile-CDN, the right to establish a transport layer security (TLS) session is delegated to the edge server on behalf of the content owner, so that the HTTPS request to the content server may be served by the edge server. A mechanism to restrict the scope of HTTPS content served through the delegated right is presented as well.

A system with a local network and a set of remote networks is described herein. A subnet address range associated with the local network is subdivided into sub-segment address ranges. Each remote network is assigned a sub-segment address range for communicating with the local network. Each sub-segment address range is a smaller part of the original subnet range and each sub-segment range does not overlap with other sub-segment address ranges. Using an intermediate-local function device of the local network and intermediate-remote function devices of the remote networks, client stations in both the local and remote networks may seamlessly communicate using their native private addresses as destination addresses and without indirect address mapping. Further, the intermediate-local and the intermediate-remote function devices allow client stations in the local and remote networks to communicate without installation of corresponding agents or knowledge of the location of the client stations in separate physical networks.

A single DNS NS record can establish a zone delegation to a reverse proxy access device so that the reverse proxy access device answers DNS queries directed to it under the zone delegation. A DNS label can be designated at the reverse proxy access device for each resource served by the reverse proxy access device. Upon receiving a DNS request directed to the reverse proxy access device under the zone delegation, the reverse proxy access device can use the DNS label included in a DNS request to identify the specific resource and answer with an automatically and dynamically generated A record containing the IP address of the reverse proxy access device. The client can then use the IP address to complete a TCP connection with the reverse proxy access device, after which the reverse proxy access device can use the DNS label to complete the request to the appropriate resource.