A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.

A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.

The invention relates to the field of wireless mesh communication networks and in particular to methods, networks and nodes (101) for use in such a wireless mesh network (100) for establishing routes in the wireless mesh network (100) by pro-actively regularly sending many-to-one route requests at randomized intervals by wireless network nodes (101) that can operate as a proxy nodes for a mobile wireless device (104) communicating using a first wireless communication protocol and further nodes (102, 103) in the wireless mesh network (100) communicating using a second wireless communication protocol.

An apparatus includes an interface circuit and an encoder circuit. The interface circuit is configured to send a data packet via a plurality of segments, and to send an idle value via the plurality of segments when no data packet is available. The idle value is configured to cause a segment in a receiving apparatus to idle. The encoder circuit is configured to receive a particular data packet, and, if a portion of the particular data packet has a same value as the idle value for a subset of the plurality of segments, to replace at least a portion of the data packet with a mask value to generate a modified data packet. The mask value indicates how to recreate the particular data packet. The encoder circuit is further configured to send the modified data packet to the receiving apparatus via the plurality of segments of the interface circuit.

An apparatus includes an interface circuit and an encoder circuit. The interface circuit is configured to send a data packet via a plurality of segments, and to send an idle value via the plurality of segments when no data packet is available. The idle value is configured to cause a segment in a receiving apparatus to idle. The encoder circuit is configured to receive a particular data packet, and, if a portion of the particular data packet has a same value as the idle value for a subset of the plurality of segments, to replace at least a portion of the data packet with a mask value to generate a modified data packet. The mask value indicates how to recreate the particular data packet. The encoder circuit is further configured to send the modified data packet to the receiving apparatus via the plurality of segments of the interface circuit.

Various embodiments providing for an indicator (termed the “Traffic Category Indicator,” TCI) to be encoded into packets, different values of which can be used, e.g., to distinguish Traffic Engineered (TE) packets and non-TE packets. In an example embodiment, the TCI can be used, e.g., to configure a network node to implement different packet queues, on each link, for TE packets and non-TE packets. In embodiments corresponding to the DiffServ TE paradigm, a node can be configured to implement different queues within each Forwarding Class for each link, said different queues distinguished by different respective TCI values. Example benefits of TCI include, but are not limited to fate separation of TE and non-TE packets in a node. The TCI concept can beneficially be applied to different packet-switching technologies supporting Source Routing, such as the IP, MPLS, Ethernet, etc.

Some embodiments of the invention provide novel methods for using probabilistic filters to keep track of data message flows that are processed at an element (e.g., forwarding element or middlebox service element) of a network. In some embodiments, the method iteratively switches between two probabilistic filters as the active and backup filters as a way of maintaining and refreshing its active probabilistic filter without the need for maintaining time values for removing outdated records from its active filter.

Some embodiments of the invention provide novel methods for using probabilistic filters to keep track of data message flows that are processed at an element (e.g., forwarding element or middlebox service element) of a network. In some embodiments, the method iteratively switches between two probabilistic filters as the active and backup filters as a way of maintaining and refreshing its active probabilistic filter without the need for maintaining time values for removing outdated records from its active filter.

Some embodiments of the invention provide novel methods for using probabilistic filters to keep track of data message flows that are processed at an element (e.g., forwarding element or middlebox service element) of a network. In some embodiments, the method iteratively switches between two probabilistic filters as the active and backup filters as a way of maintaining and refreshing its active probabilistic filter without the need for maintaining time values for removing outdated records from its active filter.

Some embodiments of the invention provide novel methods for using probabilistic filters to keep track of data message flows that are processed at an element (e.g., forwarding element or middlebox service element) of a network. In some embodiments, the method iteratively switches between two probabilistic filters as the active and backup filters as a way of maintaining and refreshing its active probabilistic filter without the need for maintaining time values for removing outdated records from its active filter.