This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

A Wi-Fi controller identifies a mismatch between a first prefix of a first IPv6 address for a data packet corresponding to a first VLAN on which the data packet was sent from the station to the access point, and a prefix of a second IPv6 address for a second VLAN from which the data packet was transmitted from the access point to the Wi-Fi controller. Responsive to the VLAN mismatch identification, the Wi-Fi controller transmits a DHCP reconfiguration packet to the station using the first VLAN. The DHCP reconfiguration packet causes the station to transmit a rebind packet to the DHCP server. The rebind packet causes the DHCP server to transmit an ACK frame on the first VLAN setting the valid lifetime for the first IPv6 address to zero.

In one embodiment, a method includes determining, by a router, a common prefix pool from a transport interface associated with a transport virtual private network (VPN). The method also includes identifying, by the router, a prefix associated with a service VPN and generating, by the router, an IPv6-to-IPv6 Network Address Translation (NAT66) prefix translation using the common prefix pool and the prefix. The NAT66 prefix translation includes a predetermined prefix length. The method further includes automatically installing, by the router, the NAT66 prefix translation into a translation table.

In an attempt to establish a communication session between a first communication entity and a second communication entity, a first message is received. For example, the first message may be a SIP INVITE message. A determination is made, based on a registration message from the first communication entity and/or the second communication entity, that at least one of the first communication entity or the second communication entity is Internet Protocol (IP) version intolerant. In response to determining that the at least one of the first communication entity or the second communication entity is IP version intolerant, one or more IP addresses are adapted in messages (e.g., the SIP INVITE message) for establishing the communication session. The adaption changes/removes the one or more IP addresses to a different IP version to ensure proper IP compatibility.

In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.

Systems and methods for stretching a subnet that do not require level 2 (L2) communications to be handled are provided. A user may gradually migrate VMs or applications instead of migrating an entire subnet at one time, may fail-over specific VMs without failing-over an entire subnet or renumbering IP addresses, may deploy applications to the cloud without the need to create a VPN, or may enable hybrid network connectivity without modifying routes or (re)configuring edge routers, among other benefits. The domains over which the subnet are stretched include a virtual gateway which is associated with the layer-3 (L3) addresses of the other domains. L3 communications within the domain are routed within that domain, and L3 communications within the subnet in another domain are intercepted by the local gateway, are passed to the remote gateway of the other domain, and are forwarded to the destination while leveraging L3 communications.

The disclosed system may include (1) a cache module, stored in memory, that stores a neighbor cache entry that specifies whether a neighbor of a network node is reachable according to a detection mechanism, (2) a timeout module, stored in memory, that specifies a timing interval in which to select a reachable time threshold, (3) a reception module, stored in memory, that receives event information about whether the neighbor is active, (4) a biasing module, stored in memory, that biases, based on the received event information about whether the neighbor is active, a selection of the reachable time threshold within the timing interval, and (5) a determination module, stored in memory, that determines whether the neighbor is reachable based at least in part on a determination of whether the selected reachable time threshold has been satisfied. Various other systems and methods are also disclosed.

Relay functionality may be provided. A network device may receive a response packet and may determine that one of Option-82 and Option-18 information is not present in the received response packet. Next, in response to determining that one of Option-82 and Option-18 information is not present in the received response packet, a database may be queried for information associated with the response packet. Then, based on the information associated with the response packet, the response packet may be sent to a client device associated with the response packet.

Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

A method for filtering, distributing, and organizing domain name system queries in a communications network may include receiving a first domain name system query from a first endpoint device connected to the network, identifying a first network address of the first endpoint device from the first domain name system query, classifying the first domain name system query into a first class of a plurality of classes, wherein each class of the plurality of classes is associated with one predefined numerical range of a plurality of predefined numerical ranges, and wherein a target address unit of the first network address falls into the predefined numerical range associated with the first class, and forwarding the first domain name system query to a first collection server of a plurality of collection servers, wherein the first collection server is dedicated for collecting domain name system queries that are classified into the first class.