The present techniques generally describe a computer implemented method for establishing a secure communication session between a client device and a first server, the method performed by the client device comprising: obtaining, from a second server, credential data comprising a session identifier and cryptographic key data; performing a connection handshake with the first server to establish the secure communication session; creating a security state record defining one or more parameters used to establish the secure communication session, and associating the session identifier with the security state record; performing a first resumption handshake with the first server using the session identifier to re-establish the secure communication session.

A system and method are provided to support a scenario where a cluster of HTTP – Hypertext Transfer Protocol – servers has to accept and maintain permanently open HTTP connections with a large number of client devices. The proposed system relies on HTTP/2 and Server-sent Events – SSE – in order to keep connections open and to allow bidirectional message exchange between client and server. It is comprised by following computational entities: at least one connection redirector entity, at least two connection handler entities, a location registry entity and an execution server entity configured to support an API implementation adapted to provide an interface for external systems. The connection between the system and the client device is performed through an internet connection.

A system and method are provided to support a scenario where a cluster of HTTP – Hypertext Transfer Protocol – servers has to accept and maintain permanently open HTTP connections with a large number of client devices. The proposed system relies on HTTP/2 and Server-sent Events – SSE – in order to keep connections open and to allow bidirectional message exchange between client and server. It is comprised by following computational entities: at least one connection redirector entity, at least two connection handler entities, a location registry entity and an execution server entity configured to support an API implementation adapted to provide an interface for external systems. The connection between the system and the client device is performed through an internet connection.

There is provided a system and method for controlling a plurality of endpoint devices. Multiple connection requests, each connection request originating from an endpoint device are received by a server. Each endpoint device has a client interface thereat that generates the connection request as an outbound connection request from the endpoint device to the server computer. A persistent data communication session is established between the server computer and the client interface of each endpoint device. Command data is received to control one or more of the endpoint devices. The server computer generates a data packet including the command data and transmits the data packet via the persistent data communication session to the endpoint device, to enable the endpoint device instructions to be carried out by the endpoint device, and result data is then received by the server once the instructions are carried out.

Techniques are disclosed relating to resuming a communication session. In some embodiments, a first computing device stores a session resumption token that includes metadata usable to resume a communication session. The first computing device provides a request to resume the communication session with a second computing device and receives, from the second computing device, an output of a verifiable random function (VRF) associated with the request. In response to the request, the first computing device performs a verification of the output and determines, based on the verification, whether to provide the session resumption token to the second computing device.

Importing of a UE address into a VRF of perimeter equipment is facilitate by receiving a VPN update from the perimeter equipment including a route target of the perimeter equipment and a gNodeB address. In addition, session information is obtained by intercepting traffic between the UE address and a UPF. The session information including the UE address and address of a gNodeB to which the UE is connected. By matching the gNodeB addresses from the VPN update and the session information, the route target of the perimeter equipment to which the UE is connected may be determined. The UE address may then be imported exclusively into the VRF of the perimeter equipment.

Importing of a UE address into a VRF of perimeter equipment is facilitate by receiving a VPN update from the perimeter equipment including a route target of the perimeter equipment and a gNodeB address. In addition, session information is obtained by intercepting traffic between the UE address and a UPF. The session information including the UE address and address of a gNodeB to which the UE is connected. By matching the gNodeB addresses from the VPN update and the session information, the route target of the perimeter equipment to which the UE is connected may be determined. The UE address may then be imported exclusively into the VRF of the perimeter equipment.

An example operation may include a system, comprising one or more of: receiving a status failure notification for a VNFCI, retrieving a peer VNFCI admin state and a peer VNFCI operational state, taking no action when one or more of: the peer VNFCI admin state is not online, the peer VNFCI is not reachable, and the peer VNFCI operational state is active, retrieving current issues reported on resources associated with the peer VNFCI when one or more of: the peer VNFCI admin state is online, the peer VNFCI is reachable, and the peer VNFCI operational state is not active, sending a state change request message with an active state to the peer VNFCI when the current issues do not exist, and starting a retry timer for the peer VNFCI.

An example operation may include a system, comprising one or more of: receiving a status failure notification for a VNFCI, retrieving a peer VNFCI admin state and a peer VNFCI operational state, taking no action when one or more of: the peer VNFCI admin state is not online, the peer VNFCI is not reachable, and the peer VNFCI operational state is active, retrieving current issues reported on resources associated with the peer VNFCI when one or more of: the peer VNFCI admin state is online, the peer VNFCI is reachable, and the peer VNFCI operational state is not active, sending a state change request message with an active state to the peer VNFCI when the current issues do not exist, and starting a retry timer for the peer VNFCI.

In general, embodiments relates to a method for creating an on-demand tunnel (ODT) in a network between a first network device and a second network device, the method comprising: storing by the first network device, a a potentially suboptimal path to the second network device, determining that a trigger condition to create the ODT between the first network device and the second network device is satisfied, in response to the determination: transmitting, by the first network device, an ODT signaling packet to the second network device via the potentially suboptimal path, receiving, from the second network device and in response to transmitting the ODT signaling packet, an ODT keepalive by first network device via the ODT, and transmitting, after receiving the ODT keepalive, a second packet to the second network device via the ODT.