A server of a distributed computing system that is at least partially hosted on a particular access network receives a plurality of messages from a plurality of devices over a network, each of the messages associated with a corresponding source address. For each of the plurality of devices, a current access network is determined for the device. For each of the devices with a current access network being the particular access network, a first network policy is applied to the device. For each of the devices with a current access network being other than the particular access network, a second network policy is applied to the device, the second network policy defining a second encryption requirement.

A method includes receiving, by a processing system of a user endpoint device, a network cookie directly from an internet service provider who provides a subscriber who is associated with the user endpoint device with connectivity to the internet, storing, by the processing system, the network cookie in a local memory of the user endpoint device, generating, by the processing system, a request to send to the Internet service provider, wherein the request comprises a request for an internet protocol address associated with a uniform resource locator of an internet content provider, attaching, by the processing system, the network cookie to the request, and sending, by the processing system, the request including the network cookie to the Internet service provider.

Apparatus and methods are disclosed for bridging communications between a private network and a public network. A mapping that associates a first set of IP addresses of endpoints in the private network with a second set of IP addresses of endpoints in the public network is provided which enables communications between the private network and public network for network-address-translation (NAT). In response to a data packet having a first IP address of the first set of IP addresses, the data packet is used to determine whether the local line should be accessed. In response to an indication that the local line should be accessed, the identifier among the second set of IP addresses may be used to activate bridging (e.g., ATB) circuit and redirect a call associated with the data packet by passing the data packet through the ATB circuit.

Apparatus and methods are disclosed for bridging communications between a private network and a public network. A mapping that associates a first set of IP addresses of endpoints in the private network with a second set of IP addresses of endpoints in the public network is provided which enables communications between the private network and public network for network-address-translation (NAT). In response to a data packet having a first IP address of the first set of IP addresses, the data packet is used to determine whether the local line should be accessed. In response to an indication that the local line should be accessed, the identifier among the second set of IP addresses may be used to activate bridging (e.g., ATB) circuit and redirect a call associated with the data packet by passing the data packet through the ATB circuit.

A gateway device and a configuration client for supporting selective forwarding of messages published to a group address or a virtual address in a wireless mesh network of communicatively coupled communication devices, such as a Bluetooth Mesh system. The configuration client maintains a mapping between unicast addresses of communication devices and group and virtual addresses in the network. The gateway device receives, from the configuration client, unicast addresses of those communication devices collectively identified by the group or virtual address in a received message. When the retrieved unicast addresses are all serviced by the gateway device, the message is transmitted by the gateway device on all interfaces corresponding to the communication devices addressed by the retrieved unicast addresses. When the retrieved unicast addresses are not all serviced by the gateway device, the message is transmitted by the gateway device on all except one of the interfaces.

A gateway device and a configuration client for supporting selective forwarding of messages published to a group address or a virtual address in a wireless mesh network of communicatively coupled communication devices, such as a Bluetooth Mesh system. The configuration client maintains a mapping between unicast addresses of communication devices and group and virtual addresses in the network. The gateway device receives, from the configuration client, unicast addresses of those communication devices collectively identified by the group or virtual address in a received message. When the retrieved unicast addresses are all serviced by the gateway device, the message is transmitted by the gateway device on all interfaces corresponding to the communication devices addressed by the retrieved unicast addresses. When the retrieved unicast addresses are not all serviced by the gateway device, the message is transmitted by the gateway device on all except one of the interfaces.

Systems and methods for transparent high availability for customer virtual machines using a hypervisor-based side channel bonding and monitoring are disclosed herein. The method can include creating a network path bond between at least one compute instance and a plurality of Network Virtualization Devices (“NVD”), the network path bond including a plurality of network paths, each network path connecting the compute instance with the Virtualized Network Interface Card (“VNIC”) of one of the plurality of NVDs, identifying a first one of the network paths as an active network path and a second one of the network paths as an inactive network path, performing a health check on the active network path, determining that the active network path failed the health check, marking the first one of the network paths as failed subsequent to determining that the active network path failed the health check, and identifying the second one of the network paths as the active network path.

Some embodiments provide a method that configures a virtual datacenter that includes a set of workloads executing on hosts in a public cloud and an edge gateway executing on a particular host for handling data traffic between the workloads and different external entities having different sets of network addresses. The method configures a router to execute on the particular host to route data messages between the edge gateway and an underlay network of the public cloud. The router has at least two different interfaces for exchanging data messages with the edge gateway, each router interface corresponding to an interface of the edge gateway. The edge gateway interfaces enable the edge gateway to perform different sets of services on data messages between the workloads and the external entities. The method configures the router to route traffic received from the external entities and addressed to the workloads based on source network addresses.

A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.