A security system for a vehicle network of a vehicle is provided. The vehicle network includes a gateway and domain controllers for specific areas of the vehicle. The security system may validate messages sent from the gateway. The security system may also utilize split decryption keys in order to decrypt messages in the vehicle network. The security system may also utilize asymmetrical encryption keys in order to secure data within the vehicle network.

Disclosed is a computing apparatus implemented with a network hypervisor implementing software defined network (SDN)-based network virtualization. The computing apparatus include a statistics virtualization module configured to provide individual statistics to each of created virtual networks, a transmission disaggregation module configured to include a physical statistics cache that performs periodic monitoring of a plurality of physical switches and store statistics of the physical switches collected, and a physical statistics aggregation module configured to respond with statistics of the plurality of physical switches when a single monitoring request.

A high availability aircraft network architecture incorporating smart points of presence (SPoP) is disclosed. In embodiments, the network architecture divides the aircraft into districts, or physical subdivisions. Each district includes one or more mission systems (MS) smart network access point (SNAP) devices for connecting MS components and devices located within its district to the MS network. Similarly, each district includes one or more air vehicle systems (AVS) SNAP devices for connecting AVS components and devices within the district to the AVS network. The AVS network may remain in a star or hub-and-spoke topology, while the MS network may be configured in a ring or mesh topology. Selected MS and AVS SNAP devices may be connected to each other via guarded network bridges to securely interconnect the MS and AVS networks.

In a second group of embodiments, an electronic device that provides a virtual Bluetooth gateway is described. During operation, the electronic device may receive a first packet associated with a second electronic device and that has an Internet Protocol (IP)-compatible format (such as a JavaScript Object Notation or JSON format). Then, the electronic device may de-encapsulate a second packet from the first packet, where the second packet is compatible with a Bluetooth communication protocol. Next, the electronic may provide the second packet. Note that the electronic device may not include a physical Bluetooth radio, such as dedicated hardware for a physical Bluetooth radio. Instead, the electronic device may include a virtual Bluetooth device that communicates with the second electronic device via the virtual Bluetooth gateway. This virtual Bluetooth device may have the capabilities of a physical Bluetooth radio (without the dedicated hardware).

A control apparatus that includes an in-vehicle communication unit configured to communicate with an on-vehicle control device, a storage unit configured to store a plurality of types of communication paths from the in-vehicle communication unit to the on-vehicle control device, and a selection unit configured to select a transmission path for transmitting an update program to the on-vehicle control device, among the plurality of types of stored communication paths.

This disclosure describes techniques are described for proactively computing configuration information for policy-driven on-demand tunnel creation and deletion between sites in a software-defined networking in wide area network (SD-WAN) environment. In some examples, a controller device is configured to precompute configuration data for an overlay tunnel through the wide area network to connect a first site and a second site of a plurality of sites in the SD-WAN environment. The controller device is further configured to obtain, after precomputing the configuration data, an indication to configure the overlay tunnel. The controller device is also configured to send, in response to receiving the indication to configure the overlay tunnel, at least some of the configuration data to the first site to configure the first site with the overlay tunnel.

An example method of reserving a resource of virtualized infrastructure in a data center on behalf of a client includes: obtaining, by a distributed semantic network, a set of facts corresponding to resources in the virtualized infrastructure and a set of rules corresponding to relationships between the resources; receiving, at the first semantic network instance, a first reservation request for a first resource of the virtualized infrastructure from a first client, wherein the first reservation request comprises a first rule specifying a requested exclusive lock on the first resource; passing the first rule from the first semantic network instance to the second semantic network instance; receiving an acknowledgement from the second semantic network instance in response to passing the first rule; and sending an acknowledgement to the first client that the first rule specifying the requested exclusive lock on the first resource has been created.

An apparatus, system, method, and computer-readable recording media perform smart control in a wireless network, which includes a plurality of wireless devices. Configuration parameters are obtained to set one wireless device as an active master device in the wireless network. The active master device receives updates in the configuration parameters and learned station (STA) information, and periodically transmits the updates to the configuration parameters and the learned STA information to the other wireless devices in the wireless network. Any one of the other wireless devices in the wireless network can use the updates to the configuration parameters and the learned STA information to be set as a new active master device in the wireless network when the active master device becomes out of network.

A packet forwarding method and a network device are provided, and the method is applied to the network device. The network device includes a first virtual routing and forwarding (VRF) table and a second VRF table. The method includes: the network device receives a first packet. If the first packet carries tunnel attribute information, the network device forwards the first packet based on the first VRF table. The first VRF table includes one or more local routes, and next-hop outbound interfaces of the one or more local routes are all local outbound interfaces. The network device forwards the first packet based on the first VRF table, so that a packet from a tunnel may be forwarded to a local virtual machine for processing and may not be forwarded to another tunnel endpoint device, to avoid a routing loop during packet forwarding.

A packet forwarding method and a network device are provided, and the method is applied to the network device. The network device includes a first virtual routing and forwarding (VRF) table and a second VRF table. The method includes: the network device receives a first packet. If the first packet carries tunnel attribute information, the network device forwards the first packet based on the first VRF table. The first VRF table includes one or more local routes, and next-hop outbound interfaces of the one or more local routes are all local outbound interfaces. The network device forwards the first packet based on the first VRF table, so that a packet from a tunnel may be forwarded to a local virtual machine for processing and may not be forwarded to another tunnel endpoint device, to avoid a routing loop during packet forwarding.