Systems, methods, and devices for identifying and responding to illegitimate devices on a service provider network include computing devices that are configured to collect dynamic host configuration protocol (DHCP) information related to a device (e.g., a modem, etc.) that establishes or requests to establish an internet protocol (IP) connection to the service provider network. The computing devices may determine features based on the collected DHCP information, apply the determined features to a classification model, and predict whether the device is an illegitimate device based on a result of applying the determined features to the classification model. The computing devices may perform a responsive action (e.g., blacklist or quarantine the device, etc.) in response to predicting that the device is an illegitimate device.

Systems, methods, and devices for identifying and responding to illegitimate devices on a service provider network include computing devices that are configured to collect dynamic host configuration protocol (DHCP) information related to a device (e.g., a modem, etc.) that establishes or requests to establish an internet protocol (IP) connection to the service provider network. The computing devices may determine features based on the collected DHCP information, apply the determined features to a classification model, and predict whether the device is an illegitimate device based on a result of applying the determined features to the classification model. The computing devices may perform a responsive action (e.g., blacklist or quarantine the device, etc.) in response to predicting that the device is an illegitimate device.

The method for an automated IPv6/IPv4 fallback approach in proxy networks is presented. In some embodiments, the method comprises receiving, at a proxy server, a request from a client executing on a client computer for access to a target computer; determining identification-information of the client; determining an address pair including an IPv6 address and an IPv4 address of the proxy server; assigning the address pair to the identification-information of the client; establishing a first communications connection between the client computer and the proxy server using one of IP addresses included in the address pair, and a second communications connection between the proxy server and the target computer using one of IP addresses included in the address pair; and facilitating a network packet flow between the client computer and the target computer using the first communications connection and the second communications connection.

The method for an automated IPv6/IPv4 fallback approach in proxy networks is presented. In some embodiments, the method comprises receiving, at a proxy server, a request from a client executing on a client computer for access to a target computer; determining identification-information of the client; determining an address pair including an IPv6 address and an IPv4 address of the proxy server; assigning the address pair to the identification-information of the client; establishing a first communications connection between the client computer and the proxy server using one of IP addresses included in the address pair, and a second communications connection between the proxy server and the target computer using one of IP addresses included in the address pair; and facilitating a network packet flow between the client computer and the target computer using the first communications connection and the second communications connection.

A method for allocating a device-specific resource from one or more databases is provided. The method includes receiving, at an interface, a coupling identifier including a pool identifier and a resource identifier, as part of a processing request from a requesting entity, the processing request including a request for the device-specific resource, wherein the coupling identifier associates the requesting entity with the device-specific resource based on the resource identifier, extracting, at the interface, the pool identifier from the coupling identifier, identifying, by the interface, the processing service in which the device-specific resource associated with the resource identifier is cached, based on the pool identifier, and transmitting, from the interface to the identified processing service, at least a part of the processing request to process the cached requested device-specific resource.

Disclosed are various embodiments for managing network address allocations using prefix allocation trees. In one embodiment, a request is received to allocate a particular network address block. The request specifies one or more attributes and at least one of a prefix or a size for the particular network address block. A prefix allocation tree is updated to indicate that the particular network address block corresponding to the prefix is allocated instead of free and to associate the attribute(s) with the particular network address block. An identification of an allocation of the network address block is returned in response to the request to allocate the particular network address block. An attribute index of the prefix allocation tree is updated asynchronously to index the attribute(s) in association with the particular network address block.

The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

Techniques implemented by an IP address management (IPAM) system for monitoring the usage of IP addresses in networks of computing resources and automatically notifying networking devices when IP address usage has changed. The IPAM system may create pools of IP addresses (e.g., address groups), and map those pools to prefix lists that are distributed to the networking devices. The IPAM system may monitor changes in IP address usage by resources in the networks (e.g., allocations and releases of IP addresses), update the pools that are affected by the changes, carry those changes through to the appropriate prefix lists, and propagate updated prefix lists to the networking devices (e.g., firewall devices, routing devices, etc.). In this way, the IPAM system may automatically identify and apply IP address changes to prefix lists that are used for networking operations in the networks.

Provided are a method, an apparatus and a system for implementing carrier grade network address translation, an electronic device, and a computer-readable storage medium. The method includes: transmitting a first request to a control plane of a forwarding and control separated broadband access system, where the first request is used for applying to the control plane for a public network address range; receiving a first response returned by the control plane, where the first response includes allocated public network address range information; receiving a public network address allocated to a user by the control plane according to the public network address range information; receiving a private network address allocated to the user by the control plane; and performing, according to the public network address and the private network address, public and private network address translation on received service traffic of the user.