A method and system support communication between a service executed by an edge server and a mobile application. The method includes receiving a transmission control protocol (TCP) handshake with an Internet Protocol (IP) anycast address from the mobile application; replying to the TCP handshake with an IP unicast address for the service to be utilized for a transport layer security (TLS) session; and establishing the TLS session between the service and the mobile application using the IP unicast address.

The invention relates to a method for selectively configuring a container that contains an application, wherein user-authentication data are received by a container management component and forwarded via a container applicant to an authorisation server. This server transmits an authorisation response, on the basis of which a decision is made as to whether the application is allowed to be run in the container.

The invention relates to a method for selectively configuring a container that contains an application, wherein user-authentication data are received by a container management component and forwarded via a container applicant to an authorisation server. This server transmits an authorisation response, on the basis of which a decision is made as to whether the application is allowed to be run in the container.

Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop—receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.

Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop—receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.

A method including transmitting, by a requesting user device to an infrastructure device associated with a virtual private network (VPN), a connection request for receiving VPN services; receiving, by the requesting user device from the infrastructure device, connection information associated with a VPN server selected for providing the VPN services to the requesting user device, the VPN server being selected based at least in part on a comparison between a parameter associated with the requesting user device and a current parameter associated with another user device currently receiving VPN services from the VPN server; and transmitting, by the requesting user device to the VPN server, an initiation request to receive the VPN services from the VPN server based at least in part on utilizing the connection information is disclosed. Various other aspects are contemplated.

A method including transmitting, by a requesting user device to an infrastructure device associated with a virtual private network (VPN), a connection request for receiving VPN services; receiving, by the requesting user device from the infrastructure device, connection information associated with a VPN server selected for providing the VPN services to the requesting user device, the VPN server being selected based at least in part on a comparison between a parameter associated with the requesting user device and a current parameter associated with another user device currently receiving VPN services from the VPN server; and transmitting, by the requesting user device to the VPN server, an initiation request to receive the VPN services from the VPN server based at least in part on utilizing the connection information is disclosed. Various other aspects are contemplated.

The routing of data received from a first network device into a second network device, each having a link aggregation engine, includes detecting whether or not the data has already undergone a link aggregation operation in the first device or upstream, based on markers present in the data, and then selecting an output link from all the output links of the second device participating in link aggregation if the data has not already undergone link aggregation, or selecting the output link from all the output links of the second device participating in link aggregation except for the output link towards the first device if the data has already undergone link aggregation, and transmitting the data on the output link selected.

The routing of data received from a first network device into a second network device, each having a link aggregation engine, includes detecting whether or not the data has already undergone a link aggregation operation in the first device or upstream, based on markers present in the data, and then selecting an output link from all the output links of the second device participating in link aggregation if the data has not already undergone link aggregation, or selecting the output link from all the output links of the second device participating in link aggregation except for the output link towards the first device if the data has already undergone link aggregation, and transmitting the data on the output link selected.

This application provides an address processing method and a network device. The method includes: obtaining, by a first network device, an address; determining, by the first network device, a length of a valid address of the address, where the valid address of the address is a 1.sup.st bit, whose bit value is 1, of the address to a last bit of the address; and adding, by the first network device when the length of the valid address of the address is less than a table width of a target table, S zeros before the valid address of the address to obtain an adjusted address, and processing the adjusted address based on the adjusted address and the target table, where S is a difference between the table width of the target table and the length of the valid address of the address.