This disclosure describes techniques for applying a policy proximate to a source of data traffic in a network. The techniques include indicating to a destination edge node that a policy relevant to the data traffic has not been applied at a source edge node. The destination edge node may send the policy to the source edge node. The source edge node may apply the policy to a subsequent packet of the data traffic. Application of the policy proximate to the source of the data traffic may conserve network resources and improve performance of the network.

Described herein are methods and devices (e.g., routers) that add in-network services to a multiprotocol label switching (MPLS) network. A method can include a router of the MPLS network receiving a packet and modifying the packet by adding one or more MPLS extension headers, adding a header of the extension header(s), and adding an indication within an MPLS label stack that one or more MPLS extension headers have been added to the packet. The method can also include the router forwarding the packet as modified to another router of the MPLS network. In certain embodiments, an extension header label (EHL) within a label value field of a label stack entry indicates that one or more MPLS extension headers have been added to the packet. In other embodiments, a forward equivalent class (FEC) indicates that one or more MPLS extension headers follow the MPLS label stack.

In one embodiment, network nodes coordinate recording of In-Situ Operations, Administration, and Maintenance (IOAM) data in packets traversing the network nodes, including a node adding IOAM data of another node to packets on behalf of the another node. After receiving a particular packet, a network node adds first IOAM data and second IOAM data to the particular packet, with the first IOAM data related to the first network node and the second IOAM data related to a second network node. The packet is then sent from the first network node. The coordinated offloading of the adding of IOAM data to packets allows a node to free up resources currently used for IOAM operations to be used for other packet processing operations, while still having IOAM data related to the node recorded in packets. The coordinated offloading may include control plane communication (e.g., via a routing or other protocol).

Systems and methods include a method for securing an Internet protocol (IP) Multimedia Subsystem (IMS)-based voice over IP (VoIP) network with multiple virtual private networks (VPNs). A call sent by a first user endpoint (UE) to a second UE is received by a SBC. The SBC provides security for an IMS-based VoIP network and controls traffic between a first VPN connecting IMS core servers, a second VPN connecting IP phones, and a third VPN connecting non-IP-phone devices. The call originates from either of the second VPN connecting the IP phones or from the third VPN connecting the non-IP-phone devices. A signaling for the call is encrypted and routed by the SBC to the second UE. A media flow for the call is encrypted and routed by the SBC through the third VPN before routing the call to the second UE.

Systems and methods for controlling satellites are provided. In one example embodiment, a computing system can obtain a request for image data. The request can be associated with a priority for acquiring the image data. The computing system can determine an availability of a plurality of satellites to acquire the image data based at least in part on the request. The computing system can select from among a plurality of communication pathways to transmit an image acquisition command to a satellite based at least in part on the request priority. The plurality of communication pathways can include a communication pathway via which the image acquisition command is indirectly communicated to the satellite via a geostationary satellite. The computing system can send the image acquisition command to the selected satellite via the selected communication pathway.

A system includes a first processing circuit, a second processing circuit, and a network interface device. The network interface device includes a first communications interface, a second communications interface, and a filtering engine. The first communications interface is configured to receive first data packets from the first processing circuit and communicate the first data packets for transmission to the second processing circuit via a first network pathway. The second communications interface is configured to receive second data packets from the second processing circuit and communicate the second data packets to the first processing circuit via a second network pathway physically separated from the first network pathway. The filtering engine is configured to determine whether the first data packets satisfy an inspection criteria, and transmit the first data packets to the second processing circuit responsive to determining that the first data packets satisfy the inspection criteria.

A technique for identity governance (IG) data exchange includes receiving, by a first adapter, an identity governance message from a first identity governance resource for transmission of the identity governance message to a second identity governance resource. The first adapter analyzes the message and, based on the analysis, selects a routing policy to apply to the message. Based on the routing policy, the adapter determines a select input queue from a plurality of input queues to receive the message and writes the message to the select input queue. The message is then routed from the select input queue to an output queue, and then a second adapter transfers the message from the output queue to the second identity governance resource.

In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.

In an embodiment, a computer implemented method comprises at an internetworking device that is logically located in an edge position with respect to an internet protocol network and a plurality of industrial devices, receiving packet and frame data from a first computing device that is associated with an industrial system and communicates using a device-level Ethernet data communication protocol that does not define a management layer; at the internetworking device, generating an Operations, Administration, Management (OAM) header using, at least in part, the packet and frame data, wherein the OAM header comprises a device identifier, a data type, and a variable; encapsulating the packet and frame data with the OAM header to generate encapsulated packet and frame data; storing the encapsulated packet and frame data in a database; sending the encapsulated packet and frame data to a second internetworking device that is associated with the industrial system and communicates using the device-level Ethernet data communication protocol that does not define a management layer.

A method for transmitting a broadcast signal, includes processing one or more Internet Protocol (IP) packets into link layer packets, the one or more IP packets carrying components of one or more services and service signaling information for signaling the components of one or more services; and processing the link layer packets to output the broadcast signal includes PLPs, wherein a PLP of the PLPs includes a service list table, the service list table including a service identifier identifying a service, capabilities information representing required capabilities for decoding content for the service, protocol information representing a type of protocol used to deliver the service signaling information, the type of protocol representing either ROUTE or MMTP and an IP address for an IP packet carrying the service signaling information for the service.