Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines. The context engine then provides the contextual attributes to the service engines, which, in turn, use these contextual attributes to identify service rules for processing.

A system and method for implementing M-TIF to integrate one or more non-IP tactical nodes as an integral part of a 5G network includes a tactical translator. The tactical translator provides I/O functionality, message encapsulation, message translation, and IP-to-non-IP address translation. The tactical translator may be interposed between a tactical gateway and a tactical proxy to securely bridge legacy non-IP waveforms with the 5G Core.

A load-balancing cluster includes a switch having a plurality of ports; and a plurality of servers connected to at least some of the plurality of ports of the switch. Each server is addressable by the same virtual Internet Protocol (VIP) address. Each server in the cluster has a mechanism constructed and adapted to respond to connection requests at the VIP by selecting one of the plurality of servers to handle that connection, wherein the selecting is based, at least in part, on a given function of information used to request the connection; and a firewall mechanism constructed and adapted to accept all requests for the VIP address for a particular connection only on the server that has been selected to handle that particular connection. The selected server determines whether it is responsible for the request and may hand it off to another cluster member.

A method of address resolution broadcasting in a networked device is provided. The method includes receiving, at a switch fabric of the networked device, an address resolution request from one of a plurality of nodes of the networked device and substituting, as a source address, a cluster MAC address for a MAC address of the one of the plurality of nodes in the address resolution request. The method includes sending the address resolution request over a network and receiving, at the switch fabric, an address resolution reply over the network. The method includes substituting, as a destination address, an address for transmission to each of the plurality of nodes for the cluster MAC address in the address resolution reply, and transmitting the address resolution reply to the plurality of nodes.

The method of synchronizes network address translation (NAT) records between an active gateway and a standby gateway. The method of some embodiments synchronizes NAT records of long-term data flows more frequently than those of short-term flows. Multiple data flows pass between a device at an internal source address and a device at an external destination address through the active NAT gateway. For each flow, the method generates a NAT record. The method then determines whether the data flow is a short-term flow or a long-term flow and synchronizes the NAT records of the long-term flows, but not the NAT records of the short-term flows, with the standby gateway. The method of some embodiments synchronizing NAT records more frequently when NAT records are being generated quickly relative to prior generation rates and less frequently when NAT records are being generated slowly relative to the prior generation rates.

A communication system includes a user plane function (UPF) configured to receive a domain name system (DNS) query from a user equipment (UE). The DNS query includes a first destination address of a first DNS server. The DNS query is for determining an address of a data server in proximity to the UE. According to the first destination address of the first DNS server, the UPF obtains, from a session management function (SMF), a second destination address of a second DNS server for providing the address of the data server. The SMF is configured to provide, to the UPF, the second destination address of a second DNS server.

Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

This application discloses example application instance address translation methods. One example method includes receiving, by a control plane device from a mobile edge cloud control device, an address of a target application instance of an application service accessed by a terminal. The control plane device can then send the address of the target application instance to a first user plane device. The control plane device can then instruct the first user plane device to set, as the address of the target application instance, a destination address of an uplink packet that is of the terminal and is associated with the application service

A network device configured to perform scalable, in-network computations is described. The network device is configured to process pull requests and/or push requests from a plurality of endpoints connected to the network. A collective communication primitive from a particular endpoint can be received at a network device. The collective communication primitive is associated with a multicast region of a shared global address space and is mapped to a plurality of participating endpoints. The network device is configured to perform an in-network computation based on information received from the participating endpoints before forwarding a response to the collective communication primitive back to one or more of the participating endpoints. The endpoints can inject pull requests (e.g., load commands) and/or push requests (e.g., store commands) into the network. A multicast capability enables tasks, such as a reduction operation, to be offloaded to hardware in the network device.