Systems, devices, and methods for resolving the original private Internet Protocol (IP) address of a User Equipment (UE) device in a cellular communication network; particularly where the UE device is behind a Network Address Translation (NAT) service which replaces the original private IP address of the UE device with a replacement public IP address. An IP address resolver performs an active resolution process which injects a new IP packet to the network, or performs a passive or comparison-based resolution process which compares headers of IP packets, to determine a pair of (i) an original private IP address of a particular UE device, and (ii) a replacement public IP address that is assigned to the UE device by a User Plane Function (UPF) unit. The correlation data or IP address mapping data is provided to servers or applications, to enable them to provide services to the UE device using its original private IP address.

Systems, devices, and methods for resolving the original private Internet Protocol (IP) address of a User Equipment (UE) device in a cellular communication network; particularly where the UE device is behind a Network Address Translation (NAT) service which replaces the original private IP address of the UE device with a replacement public IP address. An IP address resolver performs an active resolution process which injects a new IP packet to the network, or performs a passive or comparison-based resolution process which compares headers of IP packets, to determine a pair of (i) an original private IP address of a particular UE device, and (ii) a replacement public IP address that is assigned to the UE device by a User Plane Function (UPF) unit. The correlation data or IP address mapping data is provided to servers or applications, to enable them to provide services to the UE device using its original private IP address.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

Systems, apparatuses, and methods for generating network messages on a parallel processor are disclosed. A system includes at least a parallel processor, a general purpose processor, and a network interface unit. The parallel processor includes at least a plurality of compute units, a command processor, and a cache. A thread within a kernel executing on a compute unit of the parallel processor generates a network message and stores the network message and a corresponding indication in the cache. In response to detecting the indication of the network message in the cache, the command processor processes and conveys the network message to the network interface unit without involving the general purpose processor.

Systems, apparatuses, and methods for generating network messages on a parallel processor are disclosed. A system includes at least a parallel processor, a general purpose processor, and a network interface unit. The parallel processor includes at least a plurality of compute units, a command processor, and a cache. A thread within a kernel executing on a compute unit of the parallel processor generates a network message and stores the network message and a corresponding indication in the cache. In response to detecting the indication of the network message in the cache, the command processor processes and conveys the network message to the network interface unit without involving the general purpose processor.

A system and method for the management of client computing device DNS queries and subsequent resource requests within a content delivery network service provider domain are provided. The management of the DNS queries can include the selection of computing devices corresponding to various Point of Presence locations for processing DNS queries. Additionally, the management of the content requests can include the selection of computing devices corresponding to resource cache components corresponding to various Point of Presence locations for providing requested content. The selection of the computing devices can incorporate logic related to geographic criteria, testing criteria, and the like.

A system and method for the management of client computing device DNS queries and subsequent resource requests within a content delivery network service provider domain are provided. The management of the DNS queries can include the selection of computing devices corresponding to various Point of Presence locations for processing DNS queries. Additionally, the management of the content requests can include the selection of computing devices corresponding to resource cache components corresponding to various Point of Presence locations for providing requested content. The selection of the computing devices can incorporate logic related to geographic criteria, testing criteria, and the like.

This disclosure describes techniques for performing domain name system (DNS) support on public resolvers. For instance, an electronic device may send a query to a local DNS resolver. The electronic device may then receive an answer from the local DNS resolver that includes a pattern. Using the answer, the electronic device may generate a DNS packet that includes at least the answer and a query for a first Internet Protocol (IP) address associated with a first IP version, such as IPv6. The electronic device may then send the DNS packet to a public DNS resolver. Using the DNS packet, the public DNS resolver may generate a synthesized IP address associated with the first IP version. For example, the public DNS resolver may identify a second IP address associated with a second IP version, such as IPv4, and generate the synthesized IP address using the second IP address and the answer.

An IP-to-Domain (IP2D) resolution system predicts which domain is most likely associated with an IP address. The resolution system generates unique source vote features (FSV) from (IP, domain, source) data. The FSV features are used to train a computer learning model that predicts which domain is most likely associated with an IP address. The domain predictions can then be used to more efficiently process events, more accurately calculate consumption scores, and more accurately detect associated company surges.