Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

In one embodiment, a packet processing apparatus includes interfaces, a memory to store a representation of a routing table as a binary search tree of address prefixes, and store a marker with an embedded prefix including k marker bits providing a marker for an address prefix of a node corresponding to a prefix length greater than k, and n additional bits, such that the k marker bits concatenated with the n additional bits provide another address prefix, packet processing circuitry configured upon receiving a data packet having a destination address, to traverse the binary search tree to find a longest prefix match, compare a key with the k marker bits, extract an additional n bits from the destination address, and compare the extracted n bits with the n additional bits, and process the data packet in accordance with a forwarding action indicated by the longest prefix match.

In one embodiment, a packet processing apparatus includes interfaces, a memory to store a representation of a routing table as a binary search tree of address prefixes, and store a marker with an embedded prefix including k marker bits providing a marker for an address prefix of a node corresponding to a prefix length greater than k, and n additional bits, such that the k marker bits concatenated with the n additional bits provide another address prefix, packet processing circuitry configured upon receiving a data packet having a destination address, to traverse the binary search tree to find a longest prefix match, compare a key with the k marker bits, extract an additional n bits from the destination address, and compare the extracted n bits with the n additional bits, and process the data packet in accordance with a forwarding action indicated by the longest prefix match.

The systems and methods described herein can enable the indirect transmission of session data between different domains. The system can pass the session data through a hashing function so that the data from a given domain remains private and secure to the specific domain. The system can generate clusters of associated domains for a given client device that the system can use to maintain a session between the client device and the domain.

The systems and methods described herein can enable the indirect transmission of session data between different domains. The system can pass the session data through a hashing function so that the data from a given domain remains private and secure to the specific domain. The system can generate clusters of associated domains for a given client device that the system can use to maintain a session between the client device and the domain.

Techniques are described to automatically activate and deactivate standby backup paths in response to changing bandwidth requirements in an adaptive private network (APN). The APN includes one or more regular active wide area network (WAN) links in an active mode and an on-demand WAN link in a standby mode. The on-demand WAN link is activated to supplement the conduit bandwidth when an available bandwidth of the conduit falls below a pre-specified trigger bandwidth threshold and the conduit bandwidth usage exceeds a usage threshold of a bandwidth of the conduit that is being supplied by the active paths (BWc). The on-demand WAN link is deactivated to standby mode when an available bandwidth of the conduit is above the pre-specified trigger bandwidth threshold and the conduit bandwidth usage drops below the usage threshold of BWc techniques for adaptive and active bandwidth testing of WAN links in an APN are also described.

In an embodiment, a source node assigns a first number to a probe data packet in a probe data flow in a sending sequence, where the first number is used to select a transmission path for the probe data packet. The source node sends the probe data packet in the probe data flow to a destination node at a first sending rate. Each time the source node receives a probe data packet backhauled by the destination node, the source node sends a service data packet in a service data flow, where the service data packet is assigned a second number corresponding to the probe data packet, and the second number is used to select a transmission path for the service data packet.

Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.

Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.