A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.

A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.

Systems, methods, apparatuses, and computer program products for UPF control with coexistence of policy control and packet filters dynamically generated at the SMF. For example, if the SMF obtains an event subscription with traffic descriptors from another entity, and if there is no installed PDR with the same traffic descriptor, the SMF may construct a PDR with an action according to the subscribed event. The SMF may configure the UPF with the constructed PDR. In certain embodiments, to construct the PDR, the SMF may copy the PDR that would have previously matched the incoming traffic described by the traffic descriptor in the notification subscription, and associates the PDR with a higher priority, the traffic descriptor and a notification action according to the subscribed event. To configure the UPF, the SMF may provide the PDR with the higher priority, the received traffic descriptor, and the notification action, according to some embodiments.

Systems, methods, apparatuses, and computer program products for UPF control with coexistence of policy control and packet filters dynamically generated at the SMF. For example, if the SMF obtains an event subscription with traffic descriptors from another entity, and if there is no installed PDR with the same traffic descriptor, the SMF may construct a PDR with an action according to the subscribed event. The SMF may configure the UPF with the constructed PDR. In certain embodiments, to construct the PDR, the SMF may copy the PDR that would have previously matched the incoming traffic described by the traffic descriptor in the notification subscription, and associates the PDR with a higher priority, the traffic descriptor and a notification action according to the subscribed event. To configure the UPF, the SMF may provide the PDR with the higher priority, the received traffic descriptor, and the notification action, according to some embodiments.

Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.

Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.

A service flow processing method includes obtaining, by a terminal, policy information of a service flow, where the policy information includes at least one of a flow steering policy, a flow steering mode, and link condition information for transmitting the service flow, and a packet data unit (PDU) session to which the service flow belongs supports a plurality of access technologies, and processing, by the terminal, the service flow based on the policy information.

A service flow processing method includes obtaining, by a terminal, policy information of a service flow, where the policy information includes at least one of a flow steering policy, a flow steering mode, and link condition information for transmitting the service flow, and a packet data unit (PDU) session to which the service flow belongs supports a plurality of access technologies, and processing, by the terminal, the service flow based on the policy information.

Apparatus for global policing of a bandwidth of a flow, the apparatus including a network device including a local policer configured to perform bandwidth policing on the flow within the network device, and a communications module configured to: send local policer state information from the local policer to a remote global policer, and receive policer state information from the remote global policer and update the local policer state information based on the remote global policer state information. Related apparatus and methods are also provided.

Apparatus for global policing of a bandwidth of a flow, the apparatus including a network device including a local policer configured to perform bandwidth policing on the flow within the network device, and a communications module configured to: send local policer state information from the local policer to a remote global policer, and receive policer state information from the remote global policer and update the local policer state information based on the remote global policer state information. Related apparatus and methods are also provided.