A router including a communication device, a first processor, and a second processor. The communication device is configured to receive a plurality of first packets of a connection and at least one second packet of the connection subsequent to the first packets The first processor, coupled to the communication device, and configured to analyze the first packets to determine at least part of a plurality of transport-layer parameters associated with the connection, receive a traffic control rule associated with the connection, and offload processing of the at least one second packet of the connection to a second processor after the at least part of the transport-layer parameters is determined. The second processor is configured to perform traffic control on the second packet according to the traffic control rule and the at least part of the transport-layer parameters.

A network device may receive, from an application on a user device, a first network packet associated with a packet flow. The network device may identify an application identifier of the first network packet, wherein the application identifier identifies the application on the user device. The network device may select, based on the application identifier, a security protocol, wherein the security protocol is associated with at least one of an authentication header (AH) or an encryption algorithm. The network device may selectively apply, to a second network packet associated with the packet flow, at least one of the AH or the encryption algorithm, associated with the security protocol, to generate a protected network packet. The network device may transmit the protected network packet.

Embodiments include methods for managing a reordering timer performed by a processor of a wireless device. The processor may receive packets from a communication network and store the packets in a memory buffer of the wireless device. The processor may detect one or more conditions that affect an amount of time required to reorder or reassemble at least some of the packets received from the communication network. The processor may determine a timer adjustment based on the detected one or more conditions. The processor may adjust a timer with the determined timer adjustment. The processor may deliver one or more packets from the memory buffer in response to expiration of the adjusted timer.

A method for utilizing quality of service information in a network with tunneled backhaul is disclosed, comprising: establishing a backhaul bearer at a base station with a first core network, the backhaul bearer established by a backhaul user equipment (UE) at the base station, the backhaul bearer having a single priority parameter, the backhaul bearer terminating at a first packet data network gateway in the first core network; establishing an encrypted internet protocol (IP) tunnel between the base station and a coordinating gateway in communication with the first core network and a second core network; facilitating, for at least one UE attached at the base station, establishment of a plurality of UE data bearers encapsulated in the secure IP tunnel, each with their own QCI; and transmitting prioritized data of the plurality of UE data bearers via the backhaul bearer and the coordinating gateway to the second core network.

A method for utilizing quality of service information in a network with tunneled backhaul is disclosed, comprising: establishing a backhaul bearer at a base station with a first core network, the backhaul bearer established by a backhaul user equipment (UE) at the base station, the backhaul bearer having a single priority parameter, the backhaul bearer terminating at a first packet data network gateway in the first core network; establishing an encrypted internet protocol (IP) tunnel between the base station and a coordinating gateway in communication with the first core network and a second core network; facilitating, for at least one UE attached at the base station, establishment of a plurality of UE data bearers encapsulated in the secure IP tunnel, each with their own QCI; and transmitting prioritized data of the plurality of UE data bearers via the backhaul bearer and the coordinating gateway to the second core network.

Techniques for using computer networking protocol extensions to route control-plane traffic and data-plane traffic associated with a common application are described herein. For instance, a traffic flow associated with an application may be established such that control-plane traffic is sent to a control-plane node associated with the application and data-plane traffic is sent to a data-plane node associated with the application. When a client device sends an authentication request to connect to the application, the control-plane node may send an indication of a hostname to be used by the client device to send data-plane traffic to the data-node. As such, when a packet including the hostname corresponding with the data-plane node is received, the packet may be forwarded to the data-plane node.

Techniques for using computer networking protocol extensions to route control-plane traffic and data-plane traffic associated with a common application are described herein. For instance, a traffic flow associated with an application may be established such that control-plane traffic is sent to a control-plane node associated with the application and data-plane traffic is sent to a data-plane node associated with the application. When a client device sends an authentication request to connect to the application, the control-plane node may send an indication of a hostname to be used by the client device to send data-plane traffic to the data-node. As such, when a packet including the hostname corresponding with the data-plane node is received, the packet may be forwarded to the data-plane node.

Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

A terminal is provided. The terminal includes a communication unit configured to perform communication, and a control unit configured to request a service with priority control related to the communication. The control unit is: an application that performs configuration related to a resource control unit for distributing communication packets associated with a communication path; or a client of the service with priority control related to the communication.