Systems, methods, and computer-readable media for offloading session management processing into a forwarding plane. In some examples, a subscriber is coupled to a network endpoint through a session manager during a network session of the subscriber in a network environment. A session manager offloading system of the session manager can be maintained in a vector packet processing system in a forwarding plane of the network environment. The session manager offloading system can be configured to offload processing from the session manager into the forwarding plane. Further, at least a portion of subscriber traffic in a stream between the subscriber and the network endpoint through the session manager can be intercepted. Subsequently, the at least the portion of the subscribed traffic that is intercepted can be processed at the session manager offloading system as part of offloading the processing from the session manager into the forwarding plane.

Systems, methods, and computer-readable media for offloading session management processing into a forwarding plane. In some examples, a subscriber is coupled to a network endpoint through a session manager during a network session of the subscriber in a network environment. A session manager offloading system of the session manager can be maintained in a vector packet processing system in a forwarding plane of the network environment. The session manager offloading system can be configured to offload processing from the session manager into the forwarding plane. Further, at least a portion of subscriber traffic in a stream between the subscriber and the network endpoint through the session manager can be intercepted. Subsequently, the at least the portion of the subscribed traffic that is intercepted can be processed at the session manager offloading system as part of offloading the processing from the session manager into the forwarding plane.

Systems and methods directed to a third-party gateway that controls egress traffic from Internet Data Centers (IDC) and/or Virtual Private Clouds (VPC) are described. When egress traffic reaches the third-party gateway, a forward proxy may obtain a service identified or otherwise associated with the source IP address and port. Once, the service is identified, the third-party gateway may obtain a configuration rule specified by a rule manager to determine if the service is allowed to access the destination host(s). If the destination host is approved for the service, the forward proxy may send the traffic to the internet. If the destination host is not approved for the service, the forward proxy may block or otherwise drop the respective communication. In some examples, one or more auditors or auditing agencies may access essential information from the third-party gateway to view egress traffic logs and verify egress traffic approved destinations.

Systems and methods directed to a third-party gateway that controls egress traffic from Internet Data Centers (IDC) and/or Virtual Private Clouds (VPC) are described. When egress traffic reaches the third-party gateway, a forward proxy may obtain a service identified or otherwise associated with the source IP address and port. Once, the service is identified, the third-party gateway may obtain a configuration rule specified by a rule manager to determine if the service is allowed to access the destination host(s). If the destination host is approved for the service, the forward proxy may send the traffic to the internet. If the destination host is not approved for the service, the forward proxy may block or otherwise drop the respective communication. In some examples, one or more auditors or auditing agencies may access essential information from the third-party gateway to view egress traffic logs and verify egress traffic approved destinations.

The present invention is directed to methods and systems for requesting information from a mobile device with a fencing agent. The fencing agent determines a position with a DNS resolver, queries geofences with an IP address, receives an anchor point with an IP address from the DNS resolver. The device with the fencing agent is able to receive multiple anchor points within multiple geofences within an ROI and translate fence points into fence geometries. Geofence information is stored and registered in a database of geofences, and each geofence is associated with a plurality of geographic designators, wherein each of the plurality of geographic designators is associated with an IP address.

The present invention is directed to methods and systems for requesting information from a mobile device with a fencing agent. The fencing agent determines a position with a DNS resolver, queries geofences with an IP address, receives an anchor point with an IP address from the DNS resolver. The device with the fencing agent is able to receive multiple anchor points within multiple geofences within an ROI and translate fence points into fence geometries. Geofence information is stored and registered in a database of geofences, and each geofence is associated with a plurality of geographic designators, wherein each of the plurality of geographic designators is associated with an IP address.

An information transmission method includes: receiving, by a network element selector from a user equipment (UE), a first message including identification information of the UE; determining, based on the identification information of the UE, a user group to which the UE belongs; determining a controller corresponding to the user group; and receiving and sending a further message to the controller.

Described are various embodiments of a system and method in which device-identifying data can be used to uniquely recognize and optionally track and report on device activity at one or more hotspot and/or Wi-Fi locations by way of the creation and management of a device and/or visit profile uniquely associated with such devices and stored in a network accessible knowledge base.

Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.

Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.