Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

Techniques for transferring address rights (e.g., internet protocol address(es), media access control address(es), etc.) amongst devices in a data center network fabric. A data center (DC) authority (e.g., network controller and/or a service controller) of a data center network fabric may determine that a device in the network is to communicate on an address in the network. The DC authority may create and sign a token that indicates a verifiable authorization to communicate on the address. The token may allow any device that posses the token to communicate on the address, following verification from an associated network switch. Additionally, the token may be signed by a device in the network in possession of the token, and delegated to another device in the data center network fabric following a migration of a service from one server to another, for example.

Embodiments of the disclosure include a method comprising storing a first identifier of a first host device in an Address Resolution Protocol (ARP) cache of a first VXLAN Tunnel Endpoint (VTEP); making a first determination that an age of the first identifier exceeds a defined age threshold; sending, as a result of the first determination, a first request to the first host device to confirm liveness of the first identifier; and removing the first identifier from the ARP cache as a result of failing to receive a first response from the first host device within a defined time period.

One aspect provides a method and system for managing address resolution requests in a network. During operation, a gateway of the network advertises a route for sending address resolution requests and determines whether a cached entry corresponding to an address resolution request received via the route exists in a neighbor table. In response to determining that the cached entry exists, the gateway responds to the address resolution request based on the cached entry; in response to determining that the cached entry does not exist, the gateway replicates the address resolution request to edge devices in the network, thereby facilitating discovery of a target host corresponding to the address resolution request.

In a cable network, embodiments detect and remediate a non-responsive customer premise equipment (CPE) device in a customer's premise with minimal or no interaction with a customer. Embodiments may detect and remediate a non-responsive CPE device without rebooting the non-responsive CPE device or the associated cable modem. Embodiments include troubleshooting a data link layer (e.g., Open System Interconnection (OSI) layer 2, or media access control (MAC) layer) and a network layer (e.g., OSI layer 3, or Internet layer) between a service operator network and the non-responsive CPE device. Embodiments include a guided integration and a proactive integration method, computer program product, and system to reduce and/or eliminate the need for a customer service representative to reboot a cable modem, and/or for a customer to reboot a non-responsive CPE device resulting in a fast and less disruptive service experience for the customer.

A method for obtaining a cross-domain link. The method includes: a control device sends a first message to a forwarding device in an internet protocol (IP) domain, where the first message is used to instruct the forwarding device to search for a device adjacent to the forwarding device in an optical domain; the control device receives a second message from an optical network element adjacent to the forwarding device in the optical domain, where the second message includes a first identifier identifying the optical network element, a second identifier identifying a port communicating with the forwarding device and being on the optical network element, and a media access control (MAC) address of the forwarding device; and obtains the cross-domain link between the forwarding device and the optical network element based on the first identifier, the second identifier, and the MAC address of the forwarding device.

To realize a low power consumption and a small area of a network communication system and a semiconductor device for mounting the same. In the processing method of the network router or network communication frame, the received frame is input to the hash generator, to obtain an address based on the resulting hash value, the position of the address in the rule table, stores the rule corresponding to the received frame.

A system includes a memory including a plurality of rings, an endpoint associated with a ring of the plurality of rings, and a gateway. The gateway is configured to receive a notification from the endpoint regarding a packet made available in the ring associated with the endpoint, access the ring with an RDMA read request, retrieve the packet made available in the ring, and forward the packet on an external network.

A network management apparatus includes a first controller, a memory, and a second controller. The first controller configured to operate a first virtual machine including a first container monitoring the mirror packet and a virtual switch transferring the mirror packet. The memory configured to store a destination information of the mirror packet and an address corresponding to the first container in association with each other. The second controller configured to cause the virtual switch to perform an operation to transmit the address corresponding to the first container from the virtual switch and cause the virtual machine to perform an operation to transfer the mirror packet to the first container from the first virtual machine, using the address corresponding to the first container when the virtual machine receives the mirror packet from the virtual switch and requests address resolution for the destination information of the mirror packet.