Middleboxes include a processor configured to determine a degree of mismatch between a sequence number in a first connection between the middlebox and a client device and a sequence number in a second connection between the middlebox and a server device. A network control module is configured to delay acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch between sequence numbers and to establish a direct connection between the client device and the server device without mediation by the middlebox upon a determination that the degree of mismatch between sequence numbers is zero.

Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Disclosed is a method includes treating, at an access point, a data flow between a first station and a second station during a first period of time as a non-fast flow. After a condition is met, the method includes marking the data flow as a fastACK flow during a second period of time and during the second period of time, storing data frames in the data flow at the access point to yield stored data frames. Next, the method includes generating a spoofed TCP acknowledgment signal on behalf of the first station and associated with the stored data frames and transmitting the spoofed TCP acknowledge signal to the second station.

Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

Some embodiments of the invention provide a method for reporting congestion in a network that includes several forwarding elements. In a data plane circuit of one of the forwarding elements, the method detects that a queue in the switching circuit of the data plane circuit is congested, while a particular data message is stored in the queue as it is being processed through the data plane circuit. In the data plane circuit, the method then generates a report regarding the detected queue congestion, and sends this report to a data collector external to the forwarding element. To send the report, the data plane circuit in some embodiments duplicates the particular data message, stores it in the duplicate data message information regarding the detected queue congestion, and sends the duplicate data message to the external data collector.

A method of reducing the bandwidth usage of a network comprises intercepting traffic between a TCP server and a TCP client using TCP protocols that use client acknowledgements; identifying client acknowledgements from the TCP protocols; identifying the sequence number of a last received client acknowledgements from the intercepted traffic; identifying the sequence number of a last sent client acknowledgement from the intercepted traffic; calculating an unacknowledged byte value based on the difference between the last received client acknowledgement sequence number and the last sent client acknowledgement sequence number; comparing the calculated unacknowledged byte value with a predetermined threshold value, to determine whether the calculated unacknowledged byte value is at least as great as the predetermined threshold value; and transmitting the identified client acknowledgements into the network when the compared unacknowledged byte value is at least as great as the predetermined threshold value.

A steering rule provision method for traffic distribution in a network and a network entity performing the same network. A session management function (SMF) may transmit a first message including a multi-access rule (MAR) to a user plane function (UPF), when establishing or modifying a packet data unit (PDU) session for ATSSS (Access Traffic Steering, Switching, and Splitting). The SMF may receive a second message that is a response message to the first message from the UPF.

A system includes a server; a plurality of wireless networks coupled to the server; and one or more mobile devices coupled to the wireless networks with intermittent access to the wireless networks, the plurality of wireless networks providing data communication between client and server applications over multiple available connections.

A method of reducing the bandwidth usage of a network comprises intercepting traffic between a TCP server and a TCP client using TCP protocols that use client acknowledgements; identifying client acknowledgements from the TCP protocols; identifying the sequence number of a last received client acknowledgements from the intercepted traffic; identifying the sequence number of a last sent client acknowledgement from the intercepted traffic; calculating an unacknowledged byte value based on the difference between the last received client acknowledgement sequence number and the last sent client acknowledgement sequence number; comparing the calculated unacknowledged byte value with a predetermined threshold value, to determine whether the calculated unacknowledged byte value is at least as great as the predetermined threshold value; and transmitting the identified client acknowledgements into the network when the compared unacknowledged byte value is at least as great as the predetermined threshold value.

Some embodiments of the invention provide a method for reporting congestion in a network that includes several forwarding elements. In a data plane circuit of one of the forwarding elements, the method detects that a queue in the switching circuit of the data plane circuit is congested, while a particular data message is stored in the queue as it is being processed through the data plane circuit. In the data plane circuit, the method then generates a report regarding the detected queue congestion, and sends this report to a data collector external to the forwarding element. To send the report, the data plane circuit in some embodiments duplicates the particular data message, stores it in the duplicate data message information regarding the detected queue congestion, and sends the duplicate data message to the external data collector.