Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Some embodiments of the invention provide a method of sending data in a network that includes at least one worker node executing one or more sets of containers and a virtual switch, the virtual switch including a gateway interface, a virtual local area network (VLAN) tunnel interface, and a set of virtual Ethernet interfaces associated with the one or more sets of containers. The method configures the gateway interface of the worker node to associate the gateway interface with multiple subnets that are each associated with a namespace. The worker node executes at least (1) first and second sets of containers of a first namespace, and (2) a third set of containers of a second namespace. The method sends data between the first and second sets of containers through a first virtual Ethernet interface associated with the first set of containers and a second virtual Ethernet interface associated with the second set of containers. The method sends data between the first set of containers and the third set of containers through the first virtual Ethernet interface associated with the first set of containers, the gateway interface, and a third virtual Ethernet interface associated with the third set of containers.

Some embodiments of the invention provide a method of sending data in a network that includes at least one worker node executing one or more sets of containers and a virtual switch, the virtual switch including a gateway interface, a virtual local area network (VLAN) tunnel interface, and a set of virtual Ethernet interfaces associated with the one or more sets of containers. The method configures the gateway interface of the worker node to associate the gateway interface with multiple subnets that are each associated with a namespace. The worker node executes at least (1) first and second sets of containers of a first namespace, and (2) a third set of containers of a second namespace. The method sends data between the first and second sets of containers through a first virtual Ethernet interface associated with the first set of containers and a second virtual Ethernet interface associated with the second set of containers. The method sends data between the first set of containers and the third set of containers through the first virtual Ethernet interface associated with the first set of containers, the gateway interface, and a third virtual Ethernet interface associated with the third set of containers.

Methods, systems, and computer readable media can be operable to facilitate the intercept and manipulation of content requested by a client device. The methods, systems, and apparatuses described herein enable the interception and redirection of packets based upon a set of rules. Intercepted packets may be redirected away from an origin server and may be forwarded to a splicing device. The splicing device may establish a session with a corresponding origin server, and retrieve content that is requested by the intercepted packet. In embodiments, the splicing device may identify alternate content that is associated with the intercepted packet and/or content that is further associated with a device or subscriber associated with the packet. One or more segments of the requested content, or the entirety of the requested content may be replaced with the alternate content, and the modified content may be output to the client device requesting the content.

Systems and methods for bypassing firewalls using a server management protocol is provided. In various embodiments, a proxy component serves as a “man-in-the-middle” between an edge client and a server client. The proxy component can receive a server connection request from the edge client to connect to a requested server client using a managed network name associated with the server client. The proxy component can establish a proxy connection with the requested server client, and routing data packets between the server client and the edge client. The edge client and the server client are connected without the public advertisement of the private addresses of the edge client and the server client.

A network device having at least one processor and one or more non-transitory memories storing programming instructions that are associated with a steering decision function (SDF) in a network system and including instructions to obtain a carrier-grade network address translation (CGN) resource pool by receiving CGN resources reported by a plurality of user planes (UPs), where the network system includes the SDF, the plurality UPs, and a control plane (CP), receive a CGN instance obtaining request sent by the CP, the CGN instance obtaining request indicating to allocate a CGN instance to a user equipment, allocate a first CGN instance to the user equipment based on the CGN resource pool, the first CGN instance indicating a first UP, of the plurality of UPs, having an available CGN resource, and send the first CGN instance to the CP.

A VPN tunnel interface is instantiated within a router based on a tunnel network namespace. One or more virtual peers corresponding to the VPN tunnel interface and one or more virtual ethernet interfaces corresponding to the one or more virtual peers are instantiated. The tunnel network namespace is configured to route, based on a source address, network traffic from a specified client device to a specified virtual peer of the one or more virtual peers via the VPN tunnel interface. A connection is established between a client device and a VPN process of the router and a traffic flow is transported to and from the client device through a VPN tunnel via the VPN tunnel interface, the one or more virtual peers, and the one or more virtual ethernet interfaces.

A VPN tunnel interface is instantiated within a router based on a tunnel network namespace. One or more virtual peers corresponding to the VPN tunnel interface and one or more virtual ethernet interfaces corresponding to the one or more virtual peers are instantiated. The tunnel network namespace is configured to route, based on a source address, network traffic from a specified client device to a specified virtual peer of the one or more virtual peers via the VPN tunnel interface. A connection is established between a client device and a VPN process of the router and a traffic flow is transported to and from the client device through a VPN tunnel via the VPN tunnel interface, the one or more virtual peers, and the one or more virtual ethernet interfaces.