In general, embodiments described herein relate to methods and systems for automating the configuration of network devices. More specifically, embodiments of the invention relate to using configuration commands that specify protocol-specified relationships in order to generate granular (or specific) filtering rules (also referred to as rules). The rules are subsequently programmed into the network device.

In general, embodiments described herein relate to methods and systems for automating the configuration of network devices. More specifically, embodiments of the invention relate to using configuration commands that specify protocol-specified relationships in order to generate granular (or specific) filtering rules (also referred to as rules). The rules are subsequently programmed into the network device.

A server receives internet traffic from a client device. The server is one of multiple servers of a distributed cloud computing network which are each associated with a set of server identity(ies) including a server/data center certification identity. The server processes, at layer 3, the internet traffic including participating in a layer 3 DDoS protection service. If the traffic is not dropped by the layer 3 DDoS protection service, further processing is performed. The server determines whether it is permitted to process the traffic at layers 5-7 including whether it is associated with a server/data center certification identity that meets a selected criteria for the destination of the internet traffic. If the server does not meet the criteria, it transmits the traffic to another one of the multiple servers for processing the traffic at layers 5-7.

A server receives internet traffic from a client device. The server is one of multiple servers of a distributed cloud computing network which are each associated with a set of server identity(ies) including a server/data center certification identity. The server processes, at layer 3, the internet traffic including participating in a layer 3 DDoS protection service. If the traffic is not dropped by the layer 3 DDoS protection service, further processing is performed. The server determines whether it is permitted to process the traffic at layers 5-7 including whether it is associated with a server/data center certification identity that meets a selected criteria for the destination of the internet traffic. If the server does not meet the criteria, it transmits the traffic to another one of the multiple servers for processing the traffic at layers 5-7.

A service management system communicates via wide area network with gateway devices located at respective user premises. The service management system remotely manages delivery of application services, which can be voice controlled, by a gateway, e.g. by selectively activating/deactivating service logic modules in the gateway. The service management system also may selectively provide secure communications and exchange of information among gateway devices and among associated endpoint devices. An exemplary service management system includes a router connected to the network and one or more computer platforms, for implementing management functions. Examples of the functions include a connection manager for controlling system communications with the gateway devices, an authentication manager for authenticating each gateway device and controlling the connection manager and a subscription manager for managing applications services and/or features offered by the gateway devices. A service manager, controlled by the subscription manager, distributes service specific configuration data to authenticated gateway devices.

A first network device associated with a network may establish an Internet protocol version 6 Multiprotocol BGP session with a second network device associated with the network. The first network device and second network device are both capable of forwarding both IPv4 and IPv6 packets with only an IPv6 address configured on the interface of both the first network device and second network device. The first network device may exchange Multiprotocol Reachability capability with second network device for corresponding 2-tuple Address Family Identifier/Subsequent Address Family Identifier. The first network device may advertise Internet protocol version 4 network layer reachability information and may advertise Internet protocol version 6 network layer reachability information with IPv6 extended next hop encoding using Internet Assigned Numbering Authority assigned capability code value 5 to second network device.

A transmitter device of a bus-based communication system may add one or more padding bits, associated with providing traffic flow confidentiality for communication of a payload on a communication bus, either to the payload on a transport layer, or to one or more first frames on a data link layer. The one or more first frames may include a transport layer payload associated with the payload. The transmitter device may transmit one or more second frames, including a data link layer payload associated with the one or more first frames, on the communication bus. A receiver device of the bus-based communication system may receive the one or more second frames on the communication bus. The receiver device may process the one or more padding bits from either the one or more first frames on the data link layer, or from the payload on the transport layer.

An IPsec tunnel request for establishing an IPsec tunnel from a customer router to an anycast IP address of a distributed cloud computing network is received. The same anycast IP address is shared among compute servers of the distributed cloud computing network. A handshake is performed with the customer router from a first compute server including generating security associations for encrypting and decrypting IPsec traffic. The security associations are propagated to each compute server and are used for encrypting and decrypting traffic.

A communication system includes multiple Point-of-Presence (POP) interfaces and one or more processors. The multiple POP interfaces are distributed in a Wide-Area Network (WAN) and are configured to communicate with at least a client and a server connected to the WAN. The one or more processors are coupled to the POP interfaces and are configured to (i) assign respective Internet Protocol (IP) addresses to the client and to the server, including embedding state information in the assigned IP addresses, and (ii) route traffic over the WAN between the client and the server, in a stateless manner, based on the state information embedded in the IP addresses.

A communication system includes multiple Point-of-Presence (POP) interfaces and one or more processors. The multiple POP interfaces are distributed in a Wide-Area Network (WAN) and are configured to communicate with at least a client and a server connected to the WAN. The one or more processors are coupled to the POP interfaces and are configured to (i) assign respective Internet Protocol (IP) addresses to the client and to the server, including embedding state information in the assigned IP addresses, and (ii) route traffic over the WAN between the client and the server, in a stateless manner, based on the state information embedded in the IP addresses.