The invention relates to a method of a communication node communicating in a network comprising a plurality of nodes, said nodes belonging to at least one virtual network, wherein the method comprises the communication node identifying whether a first data packet belongs to said virtual network based on at least one of:—a cryptographic key used for the data packet;—a cryptographic key identifier present in the first data packet;—a Personal Area Network identifier present in the first data packet; or the combination of a cryptographic key and a sender IP address used for the first data packet.

A network management center includes a Dynamic Host Configuration Protocol (DHCP) server. The network management center obtains from an identity server, client information indicating authentication of a client device in a wireless network that is connected to a network fabric. The network management center obtains from an edge node in the network fabric an Internet Protocol (IP) address request for the client device. The IP address request including a fabric domain identifier associated with the edge node. The network management center allocates an IP address for the client device based on the client information obtained from the identity server and the fabric domain identifier contained in the IP address request obtained from the edge node. The network management center provides to the edge node an Identifier Locator Addressing (ILA) address based on the IP address.

A private network device such as a security device is inserted in a local network and is operable to isolate networked devices on the local network. The networked security device uses Internet Protocol spoofing to intercept network traffic between at least two networked devices on the same local network as the networked security device, and selectively blocks intercepted network traffic between the at least two networked devices on the local network.

Methods and systems are described for automatically detecting network routing peers and establishing route peering sessions. An illustrative method includes retrieving, at a network router, route peer configuration for the network router. The route peer configuration identifies one or more network interfaces for route peering but typically does not identify an address of peer routers. The method identifies, based on the route peer configuration, a network interface from a plurality of network interfaces of the network router for route peering and configures the network interface to participate in route peering. The method then detects a peer router on the network interface and initiates a peering session on the network interface with the peer router. Using the peering session, the method exchange route information with the peer router.

A network includes at least two nodes that employ a routing protocol to communicate across a network. One of the nodes is a parent node and another of the nodes is a child node of the parent node. An address generator assigns a unique network address to the child node by appending an address value of a number of bits to a parent address of the parent node to create the unique network address for the child node.

Disclosed is an architecture that distributes session control logic across multiple points of a telecommunications network. Also disclosed are techniques and systems using Internet Protocol (IP)-based routing to establish communication sessions. A user equipment (UE) may receive user input to initiate a communication session, derive a destination IP address, generate a session request having at least the destination IP address, and send the session request a server. The server may receive the session request from the UE, replace the destination IP address in the session request with an IP address of an endpoint device to generate a modified session request, and route the modified session request to the endpoint device based at least in part on the IP address of the endpoint device.

Systems and methods are provided to implement moving target defense techniques for transportation systems. The moving target defense techniques can randomly change the IP addresses of the nodes associated with both the vehicles and the corresponding control centers. The nodes for the vehicles and the control centers can be “mobile” nodes that use a “care-of” IP address for communications. The care-of address used by the nodes can be updated through a binding update process. During the binding update process, the one node sends the binding update notice (with a new care-of address) to the care-of address of the other node while maintaining its prior care-of address. The node that receives the binding update notice can send a binding acknowledgement back to the node that sent the binding update. Once the binding acknowledgement is received, the prior care-of address can be removed by the node that sent the binding update.

A control plane (CP) entity is to adaptively reroute user plane traffic of a mobile node (MN) with use of a segment routing (SR) for IPv6. A message indicating an attachment of the MN to the mobile network is received selecting a first user plane (UP) anchor node. A first set of home network prefixes (HNPs) are allocated to the MN. An IP traffic flow using a first HNP prefix is established between the MN and a correspondent node (CN) along a first network path—defined at least in part by the first UP anchor node and an anchor node of the CN. In response to a handover of the MN, a message indicating a subsequent attachment of the MN is received selecting a second UP anchor node. The second UP anchor node is instructed to host the first HNP prefix previously allocated by the first UP anchor node.

In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.

An information processing device includes storage and a controller. In a case where a change of network address occurs in a communication channel, the storage stores a pre-change network address for a terminal connected to the communication channel in association with a post-change network address for a terminal whose network address has changed. In a case where communication to a terminal is performed using the pre-change network address, the controller controls the communication by using the storage such that, in a case where the network address of the terminal has not changed, the communication is performed as-is, whereas in a case where the network address of the terminal has changed, the pre-change network address is converted to the post-change network address to communicate with the terminal.