Techniques implemented by an IP address management (IPAM) system for monitoring the usage of IP addresses in networks of computing resources and automatically notifying networking devices when IP address usage has changed. The IPAM system may create pools of IP addresses (e.g., address groups), and map those pools to prefix lists that are distributed to the networking devices. The IPAM system may monitor changes in IP address usage by resources in the networks (e.g., allocations and releases of IP addresses), update the pools that are affected by the changes, carry those changes through to the appropriate prefix lists, and propagate updated prefix lists to the networking devices (e.g., firewall devices, routing devices, etc.). In this way, the IPAM system may automatically identify and apply IP address changes to prefix lists that are used for networking operations in the networks.

Systems and methods described herein use a variable 2MSL timer (also referred to herein as a “port reuse timer”) for a core network/gateway. A network device in a core network detects closing of a session that uses a port designated for Network Address Translation (NAT), monitors an overall NAT port utilization level, and manages release timing for the port based on the overall port utilization level.

Systems and methods described herein use a variable 2MSL timer (also referred to herein as a “port reuse timer”) for a core network/gateway. A network device in a core network detects closing of a session that uses a port designated for Network Address Translation (NAT), monitors an overall NAT port utilization level, and manages release timing for the port based on the overall port utilization level.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

A Dynamic Host Configuration Protocol (DHCP) server includes a memory storing computer-readable instructions, and a processor configured to execute the computer-readable instructions to determine a media access control (MAC) address associated with a client, determine the MAC address associated with the client is a randomized MAC address, and assign an IP address the client from a DHCP IP server pool. The processor assigns an IP address to the client from a DHCP IP server pool using one of identifying, in a DHCP server table, at least one host name of the client and assigning a previously assigned IP address to the at least one host name of the client, and when the host name of the client is not available, assigning the IP address using a first lease with a first duration shorter than a default lease duration used for non-randomized MAC addresses.

Examples of electronic devices are described herein. In some examples, an electronic device includes a first network device and a second network device. In some examples, the electronic device includes a processor to assign a single media access control (MAC) address to the first network device and the second network device. In some examples, the processor is to determine that the first network device is connected to a network using the single MAC address. In some examples, the processor is to disable the second network device in response to determining that the first network device is connected to the network.

In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

An edge switching device of an edge switching system includes: a remaining lease time information obtainment unit configured to obtain remaining lease time information for each of user terminals from a DHCP server; a submission order determination unit configured to determine a submission order for user configuration information in order from a shortest remaining lease time; a user configuration information submission unit configured to submit, to a backup system edge router, user configuration information of each of the user terminals, according to the determined submission order; and a reconnection inducement instruction unit configured to send, to the DHCP server, an instruction to send reconnection inducement information to the user terminals for which the user configuration information has been submitted.

An edge switching device of an edge switching system includes: a remaining lease time information obtainment unit configured to obtain remaining lease time information for each of user terminals from a DHCP server; a submission order determination unit configured to determine a submission order for user configuration information in order from a shortest remaining lease time; a user configuration information submission unit configured to submit, to a backup system edge router, user configuration information of each of the user terminals, according to the determined submission order; and a reconnection inducement instruction unit configured to send, to the DHCP server, an instruction to send reconnection inducement information to the user terminals for which the user configuration information has been submitted.