Method for radio communication with base station, by user equipment (UE), apparatus in UE for radio communication with base station, a method for radio communication with a UE by a base station, and an apparatus in a base station for radio communication with a UE are provided. The method for radio communication with a base station, by a UE, includes determining whether to start a first timer based on a predetermined condition, in response to a buffer status reporting triggered; starting the first timer in response to the predetermined condition being satisfied; in response to an uplink resource for a buffer status report transmission being available before the first timer expires, transmitting an uplink packet including a buffer status report using the available uplink resource; and in response to no uplink resource for the buffer status report transmission being available and the first timer expiring, transmitting a scheduling request to the base station.

One embodiment provides a network system. The network system includes an application layer to execute one or more networking applications to generate or receive data packets having flow identification (ID) information; and a packet processing layer having profiling circuitry to generate a sketch table indicative of packet flow count data; the sketch table having a plurality of buckets, each bucket includes a first section including a plurality of data fields, each data field of the first section to store flow ID and packet count data, each bucket also having a second section having a plurality of data fields, each data field of the second section to store packet count data.

One embodiment provides a network system. The network system includes an application layer to execute one or more networking applications to generate or receive data packets having flow identification (ID) information; and a packet processing layer having profiling circuitry to generate a sketch table indicative of packet flow count data; the sketch table having a plurality of buckets, each bucket includes a first section including a plurality of data fields, each data field of the first section to store flow ID and packet count data, each bucket also having a second section having a plurality of data fields, each data field of the second section to store packet count data.

Disclosed herein are methods, systems, and processes for centralized containerized deployment of network traffic sensors to network sensor hosts for deep packet inspection (DPI) that supports various other cybersecurity operations. A network sensor package containing a preconfigured network sensor container is received by a network sensor host from a network sensor deployment server. Installation of the network sensor package on the network sensor host causes execution of the network sensor container that further causes deployment of an on-premise network sensor along with a network sensor management system, a DPI system, and an intrusion detection/prevention (IDS/IPS) system. The configurable on-premise network sensor is deployed on multiple operating system distributions of the network sensor host and generates actionable network metadata using DPI techniques for optimized log search and management and improved intrusion detection and response (IDR) operations.

An encrypted tunnel is established between a virtual private network (VPN) server and a VPN user device. A request to establish a connection with a target device is received from the VPN user device. The request uses initial connection parameters. The connection the converted into a first connection between the VPN user device and the VPN server and a second connection between the VPN server and the target device. The first connection uses first connection parameters and the second connection uses second connection parameters. At least one parameter of the first connection parameters or of the second connection parameters is different from a corresponding parameter of the initial connection parameters. First network packets received from the VPN user device according to the first connection parameters are converted into second network packets according to the second connection parameters. The second network packets are transmitted to the target device.

Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

A system for facilitating sender-side granular congestion control is provided. During operation, the first and second processes of an application can run on sender and receiver nodes, respectively. A first buffer on the sender node can be allocated to the first process. For the first process, the system can then identify a second buffer at a last-hop switch of the receiver node. The system can determine, based on in-flight packets, the utilization of the second buffer. The system can also determine a fraction of available space in the second buffer for packets from the first buffer based on the utilization. Subsequently, the system can determine whether the fraction of the available space can accommodate the next packet from the first buffer. If the fraction of the available space can accommodate the next packet, the system can allow the first process to send the next packet to the second process.

A device may be configured to generate data packets including a packet header and a payload. The packet header may include a value that signals whether the payload encapsulates input data according to a single short packet encapsulation, a single long packet encapsulation, a segmented encapsulation, or a concatenated encapsulation.

A device may be configured to generate data packets including a packet header and a payload. The packet header may include a value that signals whether the payload encapsulates input data according to a single short packet encapsulation, a single long packet encapsulation, a segmented encapsulation, or a concatenated encapsulation.

Techniques are provided for managing a user space protocol stack are disclosed herein. A nexus in a kernel space can receive a packet from a packet pool, and extract information from the packet to generate a flow key indicating a particular flow for the packet. The nexus can further look up the flow key in a flow table to determine whether there is an existing flow key stored in the flow table matching the flow key of the packet, and store the packet into a batch of packets of the existing flow when the existing flow key matches the flow key of the packet. When a release condition being met, the nexus can release the batch of packets of the existing flow to a user space protocol stack within a user space application through a channel communicatively coupled to the nexus and the user space protocol stack.