A method is provided in one example embodiment and includes configuring on a network element a first tunnel from the network element to a first network, wherein the configuring comprises mapping a nexthop address of the local network element to a transport address of the tunnel on the network to create a first nexthop-to-transport mapping for the network element; and advertising the first nexthop-to-transport mapping along with routing information for the network element to remote network elements.

A network node in a service function chaining system receives a media stream from an endpoint device. The media stream is associated with a media session between the endpoint and at least one other endpoint. The network node determines a path for the media stream. The path includes an ordered list of functions to process the media stream. The network node determines a session identifier for the media stream and encapsulates the media stream with a header. The header includes an indication of the path and the session identifier.

A system comprises premises devices located at a premises. A gateway device is located at the premises and may communicate with the premises devices. A server is configured to interact with the premises devices and the gateway device. A touchscreen device may communicate with the server and configured to interact with the premises devices. The touchscreen device includes a user interface configured to interact with the gateway device. The user interface is configured to control interactions between the premises devices and the gateway device and trigger, based on at least one automation rule, an action of at least one of the premises devices. Corresponding methods, apparatuses and other systems are also provided.

A device for secure transmission of vehicle data over vehicle datalinks that may be shared with passenger devices and are connected to a publicly shared network is provided. The device comprises a processor embedded within a portion of an Ethernet cable for a vehicle. A plurality of applications resides in the processor and comprises a VPN application, and a VPN address and certificate update application. A first Ethernet transceiver communicates with the processor through the VPN application and also communicates with onboard electronic equipment. A second Ethernet transceiver communicates with the processor through the VPN application and also communicates with an external datalink. The VPN application automatically establishes a VPN when the datalink is available, provides an authentication certificate to verify that the device is a correct and legitimate node, and verifies a VPN hosting certification to determine whether the device is communicating with a correct and legitimate external facility.

A method and system for providing a NS instance satisfying a requested availability of a NSI comprises obtaining at least one VNFD for a VNF composing the NS, the VNFD being associated with at least one absolute availability value guaranteed according to at least one DF; obtaining an availability value of NFVI on which the VNF is to be deployed; determining a minimum availability value for a NS instance of the NS; selecting a VNF DF and RM for the VNF DF such that the product of the absolute availability value of the VNF DF, taking into account the selected RM, and of the availability value of the NFVI is greater than or equal to the minimum availability value for the NS instance; and instantiating the NS instance by instantiating at least one VNF instance according to the at least one selected VNF DF and corresponding RM.

There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

The present disclosure relates to multi-MAC controllers and single PHY systems and methods. An example method may include receiving, at a remote PHY device and from a first MAC device located at a headend of a network, a first data packet, including a first identifier. The example method may also include determining, by the remote PHY device and using the first identifier included in the first data packet, a first output of the PHY device onto which to transmit the first data packet, the first output including a first group of customer devices. The example method may also include receiving, at the remote PHY device and from a second MAC device located at the headend, a second data packet, including a second identifier. The example method may also include determining, by the remote PHY device and using the second identifier included in the second data packet, a second output of the PHY device onto which to transmit the second data packet, the second output including a second group of customer devices.

Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a requesting system, a data access request. After authenticating the requesting system, the computing platform may load, using a first data container, first source data from a data track. The computing platform may send the first source data to a second data container. Then, the computing platform may load, using the second data container, second source data from the data track and may produce a first combined dataset. The computing platform may send the first combined dataset to a third data container. Subsequently, the computing platform may load, using the third data container, third source data from the data track and may produce a second combined dataset. Thereafter, the computing platform may send, to the requesting system, the second combined dataset.

Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a requesting system, a data access request. After authenticating the requesting system, the computing platform may load, using a first data container, first source data from a data track. The computing platform may send the first source data to a second data container. Then, the computing platform may load, using the second data container, second source data from the data track and may produce a first combined dataset. The computing platform may send the first combined dataset to a third data container. Subsequently, the computing platform may load, using the third data container, third source data from the data track and may produce a second combined dataset. Thereafter, the computing platform may send, to the requesting system, the second combined dataset.

Controller(s) in a software defined network (SDN) are able to determine a control path towards each network switch by performing a switch-originated discovery and using an in-band control network that is an overlay on the data network. A topology tree is maintained, where each controller being the root of the tree, and where messages from the root to any switch may pass through neighboring switches to reach that switch (and vice-versa). Each switch in the SDN attempts to connect to the controller when it does not have a readily configured control connection towards the controller. Once the controller learns about the presence of a new switch and at least one or more paths to reach that switch through a novel discovery process, it can select, adjust and even optimize the control path's route towards that switch.