In one embodiment, a method includes processing network data models at a network device operating in a network comprising a plurality of network components, each of the network components associated with one of the network data models, performing semantic matching at the network device for at least two of the network data models, the semantic matching comprising computing labels for elements of the network data models utilizing label computation algorithms configured for notational conventions used in the network data models, computing contexts for the elements based on a hierarchy of each of the network data models, removing one or more of the labels used to form the contexts to create reduced contexts, and computing a semantic relationship for the reduced contexts of the network data models. The network data models are mapped at the network device based on the semantic matching for use in a network application. An apparatus and logic are also disclosed herein.

A network device or system can operate to enable a security pass-through with a user equipment (UE) and further define various virtual functions between a physical access point (pAP) and a virtual AP (vAP) based on one or more communication link parameters (e.g., latency). The security pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic such as by authentication or security protocol. The SP network device can receive traffic data from a UE through or via the security pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network.

A communication system includes multiple VPN termination devices that perform a first VPN communication and a configuration server that configures the first VPN communication. Each of the VPN termination devices includes a first processor programmed to implement a configuration information receiver that receives configuration information for the first VPN communication sent from the configuration server, a communication controller that controls the first VPN communication based on the configuration information, and a first VPN communication unit that performs the first VPN communication with another one of the VPN termination devices according to a control of the communication controller.

Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Systems, methods, and devices for improved routing operations in a network computing environment. A system includes a virtual customer edge router and a host routed overlay comprising a plurality of host virtual machines. The system includes a routed uplink from the virtual customer edge router to one or more of the plurality of leaf nodes. The system is such that the virtual customer edge router is configured to provide localized integrated routing and bridging (IRB) service for the plurality of host virtual machines of the host routed overlay.

A method by a network device functioning as a provider edge (PE) in an ethernet virtual private network (EVPN) to prevent transient loops between multi-home peer PEs. The method includes advertising a first EVPN label to one or more PEs that are multi-home peer PEs of the PE, advertising a second EVPN label to one or more PEs that are not multi-home peer PEs of the PE, receiving first traffic for a CE that is encapsulated with the first EVPN label as opposed to the second EVPN label, and discarding the first traffic in response to determining that a link between the PE and the CE is not operational and the first traffic for the CE is encapsulated with the first EVPN label.

Embodiments of the present disclosure relate to the field of communication technology, and disclose a resource acquisition method, including: receiving a user input event from a first browser on a client; acquiring an event result triggered at a second browser by the user input event, where the second browser runs on the server for the WebVPN; acquiring, using the second browser, resources from a source station according to the event result; and feeding back the resources to the client, to present the resources at the first browser. Embodiments of the present disclosure further disclose a proxy server for a WebVPN, a resource acquisition system, and a server.

Systems and methods associated with a node in a Segment Routing network include, responsive to what services are support at a node in a Segment Routing network, creating a bitmap to represent the plurality of services supported at the node; and transmitting an advertisement with the bitmap such that the advertisement is a single advertisement of multiple services. This approach can reduce the advertisement of rout updates by orders of magnitude.

The present invention discloses methods and systems for forward packets received from a SSID at a wireless access point to a VPN. The SSID and VPN are associated. The VPN is created according to a VPN profile. When the VPN is established, the SSID is enabled. When the VPN is not established, the SSID is disabled.

A method including transmitting, by a requesting user device to an infrastructure device associated with a virtual private network (VPN), a connection request for receiving VPN services; receiving, by the requesting user device from the infrastructure device, connection information associated with a VPN server selected for providing the VPN services to the requesting user device, the VPN server being selected based at least in part on a comparison between a parameter associated with the requesting user device and a current parameter associated with another user device currently receiving VPN services from the VPN server; and transmitting, by the requesting user device to the VPN server, an initiation request to receive the VPN services from the VPN server based at least in part on utilizing the connection information is disclosed. Various other aspects are contemplated.