Domain name system (DNS) configuration during virtual private network (VPN) connection includes establishing a VPN tunnel between a client device and a VPN system entry server, which includes configuring a first DNS server as an operative DNS server for the VPN tunnel, and obtaining first content by transmitting to the VPN entry server, a first request that identifies a first external source for the first content, receiving from the VPN entry server a DNS configuration message indicating a second DNS server, configuring the second DNS server as the operative DNS server, and receiving from the VPN entry server, via the VPN tunnel, the first content, wherein the VPN entry server obtained the first content from the first VPN system exit server identified by the VPN entry server using the second DNS server, and the first VPN system exit server obtained the first content from the first external source.

An extended enterprise browser installed on an endpoint device provides protection from ransomware attacks to SaaS and private enterprise applications. The extended enterprise browser monitors for alternate browser installed on the endpoint device. The extended enterprise browser may take one or more actions to block the spread of ransomware by the alternate browser.

In an example, a SDN controller may acquire a path maximum transmission unit (PMTU) of a Virtual Extensible Local Area Network (VXLAN) tunnel from a source VXLAN tunnel end point (VTEP) to a destination VTEP of a data packet, and may transmit a control entry to the source VTEP in such a way that an individual VXLAN packet has a length within the packet length corresponding to the PMTU.

A fabric manager includes: a processing unit having a service chain creation module configured to create a service chain by connecting some of a plurality of nodes via virtual links; wherein the some of the plurality of nodes represent respective network components of an auxiliary network configured to obtain packets from a traffic production network; and wherein the service chain is configured to control an order of the network components represented by the some of the plurality of nodes packets are to traverse.

A device for secure transmission of vehicle data over vehicle datalinks that may be shared with passenger devices and are connected to a publicly shared network is provided. The device comprises a processor embedded within a portion of an Ethernet cable for a vehicle. A plurality of applications resides in the processor and comprises a VPN application, and a VPN address and certificate update application. A first Ethernet transceiver communicates with the processor through the VPN application and also communicates with onboard electronic equipment. A second Ethernet transceiver communicates with the processor through the VPN application and also communicates with an external datalink. The VPN application automatically establishes a VPN when the datalink is available, provides an authentication certificate to verify that the device is a correct and legitimate node, and verifies a VPN hosting certification to determine whether the device is communicating with a correct and legitimate external facility.

A method and system for providing a NS instance satisfying a requested availability of a NSI comprises obtaining at least one VNFD for a VNF composing the NS, the VNFD being associated with at least one absolute availability value guaranteed according to at least one DF; obtaining an availability value of NFVI on which the VNF is to be deployed; determining a minimum availability value for a NS instance of the NS; selecting a VNF DF and RM for the VNF DF such that the product of the absolute availability value of the VNF DF, taking into account the selected RM, and of the availability value of the NFVI is greater than or equal to the minimum availability value for the NS instance; and instantiating the NS instance by instantiating at least one VNF instance according to the at least one selected VNF DF and corresponding RM.

There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

The present disclosure relates to multi-MAC controllers and single PHY systems and methods. An example method may include receiving, at a remote PHY device and from a first MAC device located at a headend of a network, a first data packet, including a first identifier. The example method may also include determining, by the remote PHY device and using the first identifier included in the first data packet, a first output of the PHY device onto which to transmit the first data packet, the first output including a first group of customer devices. The example method may also include receiving, at the remote PHY device and from a second MAC device located at the headend, a second data packet, including a second identifier. The example method may also include determining, by the remote PHY device and using the second identifier included in the second data packet, a second output of the PHY device onto which to transmit the second data packet, the second output including a second group of customer devices.

Controller(s) in a software defined network (SDN) are able to determine a control path towards each network switch by performing a switch-originated discovery and using an in-band control network that is an overlay on the data network. A topology tree is maintained, where each controller being the root of the tree, and where messages from the root to any switch may pass through neighboring switches to reach that switch (and vice-versa). Each switch in the SDN attempts to connect to the controller when it does not have a readily configured control connection towards the controller. Once the controller learns about the presence of a new switch and at least one or more paths to reach that switch through a novel discovery process, it can select, adjust and even optimize the control path's route towards that switch.

Systems, methods, and computer-readable storage media for automatic link security. A cloud controller can receive a signal indicating that an unauthenticated device is requesting private network resources, establish a connection between the unauthenticated device and the cloud controller, and determine that the unauthenticated device is associated with a private network. The cloud controller can facilitate the negotiation of security material between the device and the network and automatically establish a secure link between the device and the private network. The cloud controller can cause the security material to be sent to the device and can transmit a policy instruction that is effective to cause a switch port to automatically bypass a default access policy and automatically adopt a trusted policy for device to access the private network.