A network address translation (NAT) gateway intercepts packets and determines whether they contain multicast domain name server (mDNS) query or response messages. Upon receiving an mDNS message, the NAT gateway performs address translation to assign a new source address and stores the original source address in a translation table. The NAT gateway then forwards the message to all adjacent networks in order to expand the reach of the packet. If the mDNS messages establish a new client-server connection, the NAT gateway brokers the connection by either acting as a proxy or continuing to perform network address translation.

A system and method for facilitating controlled access by a client device to one or more services provided by a server are disclosed. The client device's access to the services provided by the server may be dynamically controlled by a controller, which may generate instructions to an agent to effectuate the access control. The agent may be configured to control one or more access components associated with the server. The instructions generated by the controller may instruct the agent to cause the access control components to grant or remove the client device's access to the services provided by the server. In some implementations, the controller may generate such instructions based on a status of a session established between the controller and the client device.

A bulk material tender includes a mobile frame, a hopper, and a discharge system. The mobile frame has a left side and a right side. The hopper is disposed on the mobile frame. The discharge system is configured to discharge particulate matter from the hopper. The discharge system includes a discharge auger, a deploying actuator, and a positioning actuator. The discharge auger presents a proximal end and a distal end. The deploying actuator is configured to selectively emplace the discharge auger in a stowed orientation and a deployed orientation, wherein the distal end is adjacent to the hopper in the stowed orientation. The positioning actuator configured to selectively emplace the discharge auger along the left side and the right side of the mobile frame. Once emplaced, the discharge auger discharges particulate material from the hopper toward a target location.

A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

A method for processing a super-hot file includes: receiving a download request for a target file sent by a user client, and adding, into the download request, a cache parameter for indicating whether the target file is a super-hot file; matching an identifier of the target file against a super-hot file identifier library, and determining, according to a matching result, whether the target file is a super-hot file; if the target file is a super-hot file, generating a random identification code, and updating the cache parameter to a cache parameter indicating that the target file is a super-hot file; and determining a download server to which the random identification code is mapped, and forwarding the download request including the updated cache parameter to the download server.

Methods and systems for managing data transmissions. The methods disclosed herein may involve receiving requests for a first and a second service, and routing communications with the second service through the first service without requiring the firewall to be reconfigured to allow communications with the second service.

Disclosed are systems and methods of providing virtualized storage that may include establishing, through a load balancer, a transport connection between a device and a group of fabric-attached storage devices, and transferring data between the device and the group of fabric-attached storage devices through the transport connection using a transport protocol, wherein the group of fabric-attached storage devices comprises two or more fabric-attached storage devices and is accessed by the device as a logical storage device. A storage device may include a storage medium, a network fabric interface, and a storage controller configured to transfer data between the storage medium and a device through the network fabric interface over a transport connection, wherein the storage controller is configured to share the transport connection with another data storage device that is fabric-attached.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.

Systems and methods include obtaining a plurality of parameters associated with a host; determining a fingerprint of the host utilizing the plurality of parameters; and providing the fingerprint to cloud service for enrollment and management of the host in the cloud service. The cloud service can include microsegmentation of the host. The cloud service can include any of Internet access for the host and private resource access by the host.