Apparatuses, methods, and systems are disclosed for associating the start of an encrypted data flow with an application. One apparatus includes a memory storing instructions executable by a processor to cause the apparatus to authenticate an encrypted traffic detection function (“ETDF”) of the remote unit and to provide the remote unit with a list of application identifiers for which encrypted traffic detection information is to be provided, in response to successfully authenticating the ETDF of the remote unit. The instructions are executable by the processor to cause the apparatus to generate detection information for each application in the list of application identifiers and to send the list of application identifiers and the detection information for each application in the list of application identifiers to a network function in the mobile communication network.

Apparatuses, methods, and systems are disclosed for associating the start of an encrypted data flow with an application. One apparatus includes a memory storing instructions executable by a processor to cause the apparatus to authenticate an encrypted traffic detection function (“ETDF”) of the remote unit and to provide the remote unit with a list of application identifiers for which encrypted traffic detection information is to be provided, in response to successfully authenticating the ETDF of the remote unit. The instructions are executable by the processor to cause the apparatus to generate detection information for each application in the list of application identifiers and to send the list of application identifiers and the detection information for each application in the list of application identifiers to a network function in the mobile communication network.

A mechanism is disclosed for implementing conditional commands carried by network data packets. A data flow including a data packet is received. The data packet includes a conditional command. A condition and a command are obtained from the conditional command. The mechanism determines that the condition is satisfied. Based on the determination that the condition is satisfied, the command is executed to alter handling of the data flow, alter handling of the data packet, or alter a context for the data flow.

A device may be configured to generate data packets including a packet header and a payload. The packet header may include a value that signals whether the payload encapsulates input data according to a single short packet encapsulation, a single long packet encapsulation, a segmented encapsulation, or a concatenated encapsulation.

A device may be configured to generate data packets including a packet header and a payload. The packet header may include a value that signals whether the payload encapsulates input data according to a single short packet encapsulation, a single long packet encapsulation, a segmented encapsulation, or a concatenated encapsulation.

Techniques and architecture are described for inducing precise delays in a network device (network node) that has the capability to act on packets/traffic flows based on policy configurations of the network device and delays experienced by traffic in the network device. This capability may be used for testing and verification of the network device to verify that the network device meets the configured policies. Additionally, this capability may be utilized in an operational network to selectively induce delays and measure its impact for purposes such as, for example, planning, stress testing, resiliency, etc.

Techniques and architecture are described for inducing precise delays in a network device (network node) that has the capability to act on packets/traffic flows based on policy configurations of the network device and delays experienced by traffic in the network device. This capability may be used for testing and verification of the network device to verify that the network device meets the configured policies. Additionally, this capability may be utilized in an operational network to selectively induce delays and measure its impact for purposes such as, for example, planning, stress testing, resiliency, etc.

Disclosed herein are methods, systems, and processes for centralized containerized deployment of network traffic sensors to network sensor hosts for deep packet inspection (DPI) that supports various other cybersecurity operations. A network sensor package containing a pre-configured network sensor container is received by a network sensor host from a network sensor deployment server. Installation of the network sensor package on the network sensor host causes execution of the network sensor container that further causes deployment of an on-premise network sensor along with a network sensor management system, a DPI system, and an intrusion detection/prevention (IDS/IPS) system. The configurable on-premise network sensor is deployed on multiple operating system distributions of the network sensor host and generates actionable network metadata using DPI techniques for optimized log search and management and improved intrusion detection and response (IDR) operations.

Disclosed herein are methods, systems, and processes for centralized containerized deployment of network traffic sensors to network sensor hosts for deep packet inspection (DPI) that supports various other cybersecurity operations. A network sensor package containing a pre-configured network sensor container is received by a network sensor host from a network sensor deployment server. Installation of the network sensor package on the network sensor host causes execution of the network sensor container that further causes deployment of an on-premise network sensor along with a network sensor management system, a DPI system, and an intrusion detection/prevention (IDS/IPS) system. The configurable on-premise network sensor is deployed on multiple operating system distributions of the network sensor host and generates actionable network metadata using DPI techniques for optimized log search and management and improved intrusion detection and response (IDR) operations.

Techniques are disclosed for utilizing control packets to manage flows by a smart network interface card (smartNIC). In one example, an accelerator determines that a cache entry is a candidate for removal, the cache entry being part of a cache that is managed by the accelerator, the cache entry storing flow state of a particular flow, the accelerator being responsible for forwarding packets associated with the particular flow based at least in part on the flow state, and the flow information formatted utilizing a particular header format. The accelerator generates an instruction to remove the cache entry of the particular flow from the cache based at least in part on receiving the determination that the cache entry is the candidate for removal. The accelerator removes the cache entry of the particular flow from the cache based at least in part on the instruction.