A system and method for optimizing processing of keyboard/video/mouse (KVM) data in an internet protocol (IP) network environment receives via public interface access requests from users directed to KVM targets. The system includes a public and private virtual local area network (VLAN) linked by a bonded interface and general-purpose and optimized application containers. The general-purpose container initiates a KVM session and creates a network address translation (NAT) route (associated with an IP address visible to the user) and a dedicated interface via which the user may send KVM data directly and through the optimized application container, which prioritizes KVM data so it can pass without preemption through the private VLAN and to its intended KVM target in real-time or near real-time. The NAT route and external IP address may be reused for multiple access sessions to different KVM targets from the same user.

An on-vehicle communication system includes: a plurality of function units; and one or a plurality of switch devices, each switch device being configured to perform a relay process of relaying communication data between the function units. When unauthorized communication by a function unit has been detected, the switch device performs a validation process of validating a function unit other than an unauthorized-communication function unit that is the function unit for which the unauthorized communication has been detected.

Systems and methods are provided herein for allocating the same ESI label on multihomed peers for a given ES. In some embodiments, each network device that provides multihoming to a host using an ES, advertises EVPN AD per ES routes to each other, wherein the EVPN AD per ES routes comprise an ESI label associated with the ES. Because the network devices advertise the same ESI label for the ES, a first network device generates a bitmap. The first network device uses the bitmap to include the advertised ESI label in replicated packets that the first network device forwards to the other network devices that provide multihoming to the host via the ES. The network devices that consider themselves non-DF devices will drop the packet. The network devices that consider themselves the DF device will not forward the packet to the host via the ES because of the ESI label.

Techniques are described to provide efficient protection for a virtual private network. In one example, a method is provided that includes obtaining a packet at a first network entity; determining that the packet is a packet type of an authentication type; determining whether authentication content for the packet matches known good criteria for the packet type of the authentication type; based on determining that the authentication content for the packet does not match the known good criteria, performing at least one of dropping the packet and generating an alarm; and based on determining that the authentication content for the packet does match the known good criteria, processing the packet at the first network entity or forwarding the packet toward a second network entity.

Various embodiments are generally directed to improved channel quality information feedback techniques. In one embodiment, for example, an evolved node B (eNB) may comprise a processor circuit, a communication component for execution by the processor circuit to receive a channel quality index for a physical downlink shared channel (PDSCH), the channel quality index associated with a defined reference resource, and a selection component for execution by the processor circuit to select a modulation and coding scheme (MCS) for transmission over the PDSCH of user equipment (UE) data in one or more resource blocks, the selection component to compensate for a difference between a cell-specific reference signal (CRS) overhead of the defined reference resource and a CRS overhead of the one or more resource blocks when selecting the MCS. Other embodiments are described and claimed.

This disclosure provides a method and an apparatus for implementing a composed VPN. The method includes: obtaining a business type and a customer site that are input by a user; determining an access point corresponding to the customer site; determining one or more segment VPNs according to the business type and the access point corresponding to the customer site; obtaining a composed VPN according to the one or more segment VPNs; and outputting an access point list and a segment VPN list of the composed VPN to the user. In the solutions provided in this application, a user can learn a correlation between businesses in different domains related to a composed VPN, and can readily estimate a range affected by a business change of the composed VPN.

Virtual private network (VPN) service provider infrastructure (SPI) receives a request to access a VPN from a client device. The VPN SPI selects an Internet Protocol (IP) address for access to the VPN by the client device from a pool of IP addresses. The VPN SPI provides access to the VPN for the client device via the IP address. The VPN SPI receives one or more handshake notifications from the client device. The VPN SPI determines that a threshold time period has passed since a latest-in-time handshake notification of the one or more handshake notifications. The VPN SPI disconnects the client device from the VPN in response to determining that the threshold time period has passed. The VPN SPI adds the IP address to the pool of IP addresses in response to disconnecting the client device from the VPN.

Described embodiments provide systems and methods for accessing a web application hosted in an intranet from outside said intranet. A server hosting a domain name service configured for the intranet can receive a request from a client that is outside the intranet to access the web application. The request may include a fully qualified domain name (FQDN) of the web application in the intranet. Responsive to the FQDN of the web application in the intranet, the server may send a notification to an access service, to cause the access service to pre-establish a connection to the intranet. Responsive to the FQDN of the web application in the intranet, the server may direct the client to send a handshake message to the access service to request access to the web application.

A method includes receiving, at a home controller of a home domain and from a first device in the home domain, a first message concerning a user device that is anchored to the home domain and that has roamed from the home domain to a visitor domain. The method also includes, in response to determining that the first device is a router, opening a tunnel between the home controller and a visitor controller of the visitor domain and communicating the first message to the user device through the tunnel. The method further includes receiving, at the home controller and from a second device in the home domain, a second message concerning the user device and in response to determining that the second device is not a router, communicating, to the second device, a proxy response to the second message.

In general, this disclosure describes a programmable network platform for dynamically programming a cloud exchange to provide a layer three (L3) routing instance as a service to customers of the cloud exchange. In one example, a cloud exchange comprises an L3 network located within a data center and configured with an L3 routing instance for an enterprise; and for the L3 routing instance, respective first and second attachment circuits for first and second cloud service provider networks co-located within the data center, wherein the L3 routing instance stores a route to a subnet of the second cloud service provider network to cause the L3 routing instance to forward packets, received from the first cloud service provider network via the first attachment circuit, to the second cloud service provider network via the second attachment circuit.