Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods implemented by a traceroute application implementing a Transmission Control Protocol (TCP) stack in a processing device include sending a plurality of TCP packets via a raw socket to perform a trace to a destination; receiving responses to the plurality of TCP packets; detecting the responses in the TCP stack and diverting the responses to the raw socket; and aggregating the responses by the traceroute application to determine details of a service path from the processing device to the destination.

A unified network service that connects multiple disparate private networks and end user client devices operating on separate networks is described. The multiple disparate private networks and end user client devices connect to a distributed cloud computing network that provides routing services, security services, and performance services, and that can be controlled consistently regardless of the connection type. The unified network service provides uniform access control at the L3 layer (e.g., at the IP layer) or at a higher layer using user identity information (e.g., a zero-trust model). The disparate private networks are run on top of the distributed cloud computing network. The virtual routing layer of the distributed cloud computing network allows customers of the service to have private resources visible only to client devices (e.g., user devices of the customer and/or server devices of the customer) of the organization while using address space that potentially overlaps with other customers of the distributed cloud computing network.

Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

Techniques for providing Hybrid information-centric networking (hICN) via a proxy application is described. A hICN proxy application provides hICN to legacy applications by diverting network traffic of a plurality of network traffic types to the hICN proxy application and storing network traffic information for the network traffic in a connection table. The hICN proxy application also translates the diverted network traffic to a hICN network traffic protocol and selects a forwarding strategy for the translated network traffic in order to send the hICN traffic over various non-hICN network protocol types. The hICN proxy application also transmits the translated traffic to a server proxy application using the selected forwarding strategy.

In general, techniques are described for deploying a logically-related group of one or more containers (“pod”) that supports the Data Plane Development Kit (DPDK) to support fast path packet communication on a data channel between a virtual router and the pod. In an example, a computing device comprises a virtual router comprising processing circuitry and configured to implement, in a computing infrastructure that includes the computing device, a virtual network to enable communications among virtual network endpoints connected via the virtual network. The computing devices comprises a pod comprising a containerized application, wherein the virtual router and the pod are configured to create a Unix domain socket using a file system resource that is accessible by the pod and by the virtual router and is not accessible by any other pods deployed to the computing device.

A scalable brokerless messaging network includes a service mesh implementing a plurality of service nodes in signal communication with one another to exchange a plurality of messages. A control plane is in signal communication with the plurality of service nodes and is configured to register an application service associated with a given service node included in the service mesh. The plurality of service nodes define a messaging middleware layer that establishes several point-to-point connections between each service in the network via transmission control protocol (TCP) sockets.

A method for Multipath Quick User Datagram Protocol (UDP) Internet Connections (MPQUIC) over Quick SOCKS (QSOCKS) in a wireless network is provided. The method includes receiving, by a QSOCKS server, a Client Hello (CHLO) message from a QSOCKS client device using a QSOCKS method tag, wherein the CHLO message comprises a plurality of client-supported SOCKS Authentication (AUTH) procedures, selecting, by the QSOCKS server, a candidate client-supported SOCKS AUTH procedure from the plurality of client-supported SOCKS AUTH procedures, and transmitting, by the QSOCKS server, a reject packet using the QSKM tag to the QSOCKS client device, wherein the reject packet includes information indicating the selected candidate client-supported SOCKS AUTH procedure.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.