In one embodiment, a method by an edge router configured to operate at a first site of a software-defined wide-area network includes receiving a data packet from a first host located in the first site, where the data packet is destined to a second host located in a second site, determining that an identifier of a second group to which the second host belongs is not available at the edge router, sending a request for an identifier of the second group to a network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

The present disclosure is directed to management of migration of SD-WAN solutions in a multi-cloud structure upon detection of a failover event. In one aspect, a method includes monitoring, using virtual bonds of a network orchestration component, clusters of virtual management components of multiple cloud networks, corresponding virtual management components of one of the multiple cloud networks implementing one or more services of a Software-Defined Wide Access Network (SD-WAN) solution; detecting, using the virtual bonds, a failover event at the one of the multiple cloud networks; and identifying, by the virtual bonds, a new destination cloud network to migrate the one or more services of the SD-WAN solution to, from a source cloud network at which the failover event is detected.

A broadband network gateway (BNG) in a wireline network. The BNG includes an interworking function in a control plane (IF-CP), the IF-CP configured to use a control plane interface (N1′/N2′) between the BNG in the wireline network and a fifth generation (5G) core in a 5G network to couple a control plane of the BNG to a control plane of the 5G core; an interworking function in a user plane (IF-UP), the IF-UP configured to use a user plane interface (N3′) between the BNG in the wireline network and the 5G core in the 5G network to couple a user plane of the BNG to a user plane of the 5G core; and a transmitter configured to transmit data packets toward the 5G core after the user plane of the BNG and the user plane of the 5G core have been coupled.

A method and system for supporting roaming broadband services. The method is implemented by a computing device in a parent provider network of a user having a unique user identifier to enable the user to utilize services associated with a broadband access service contract of the user of the parent provider network in a visited location in the parent provider network or in a roaming provider network. The method includes receiving a registration request from the user, determining the unique user identifier for the user, determining services for the user based on the unique user identifier, determining whether the user is connected to a home customer premise equipment (CPE) in the parent provider network, and configuring services and resources at a local data center in the parent provider network, in response to the user being connected to the visited location in the parent provider network.

A control system includes a cloud server and a terminal device. A checker of the cloud server checks pieces of MAC address data acquired by a machine MAC address acquirer against pieces of MAC address data contained in communicable-machine notification information, and specifies, among the pieces of MAC address data acquired by the machine MAC address acquirer, a piece of MAC address data that matches one of the pieces of MAC address data contained in the communicable-machine notification information. An operation authority setter generates, based on the piece of MAC address data specified by the checker, operation authority information containing a piece of MAC address data on a machine operable via the terminal device.

An apparatus for providing a connection to a wide area network for voice calls includes a wide area network circuit configured to transmit voice call data packets, a phone connection circuit configured to receive a voice call signal from a phone, a processor circuit configured to generate voice call data packets based on a voice call signal received by the phone connection circuit and a power management circuit configured to switch off at least a part of the apparatus to reach a power down mode of the apparatus, if a supply voltage drops below a supply voltage threshold.

A method for providing multiple virtual interfaces over a single physical interface of a gateway device includes configuring a first physical Wi-Fi interface with a first virtual interface for a WAN side and a second virtual interface for a LAN side by assigning SSIDs to the first virtual interface and the second virtual interface, and storing the SSIDs as virtual interface configuration data. The method further includes determining whether a packet is received over the first virtual interface or the second virtual interface based on the virtual interface configuration data, and performing virtual input processing to manage flow of the packet to a router, depending on the input virtual interface, by tagging the packet as WAN traffic associated with the first virtual interface based on the WAN SSID or as LAN traffic associated with the second virtual interface based on the LAN SSID, and forwarding the packet to the router.

A wireless communication network and wireless communication method are disclosed. The network has a plurality of transceivers forming a wireless communication network in which the plurality of transceivers include one or more central nodes and each end node capable of connecting to the one or more central nodes and forming a link. At least some of the transceivers of the network having a plurality of antennas and an array processing element coupled to the plurality of antennas and at least some of the transceivers are housed in an aerial communication node that may be a mini-satellite, a balloon or a drone.