A transmitter device of a bus-based communication system may add one or more padding bits, associated with providing traffic flow confidentiality for communication of a payload on a communication bus, either to the payload on a transport layer, or to one or more first frames on a data link layer. The one or more first frames may include a transport layer payload associated with the payload. The transmitter device may transmit one or more second frames, including a data link layer payload associated with the one or more first frames, on the communication bus. A receiver device of the bus-based communication system may receive the one or more second frames on the communication bus. The receiver device may process the one or more padding bits from either the one or more first frames on the data link layer, or from the payload on the transport layer.

A transmitter device of a bus-based communication system may add one or more padding bits, associated with providing traffic flow confidentiality for communication of a payload on a communication bus, either to the payload on a transport layer, or to one or more first frames on a data link layer. The one or more first frames may include a transport layer payload associated with the payload. The transmitter device may transmit one or more second frames, including a data link layer payload associated with the one or more first frames, on the communication bus. A receiver device of the bus-based communication system may receive the one or more second frames on the communication bus. The receiver device may process the one or more padding bits from either the one or more first frames on the data link layer, or from the payload on the transport layer.

Methods and apparatus for traffic enhancement to apply to an application, to be delivered using a QUIC session, between a wireless device and a server. A request to activate a policy for the application between the wireless device and the server is received from the wireless device, the request including an application identifier and an indication to request an enhancement function. In response to the request to activate the policy, an authorization of traffic enhancement with information of a proxy node is transmitted to the wireless device to provide the enhancement function upon the network node identifying the proxy node.

A method, an operator network (101) and nodes (120, 140, 160) for managing trafficare disclosed. The network exposure node (160) receives (A010) a Packet Flow Description (PFD) rule for a server application (190). The PFD rule comprises one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters. The one or more protocol parameters comprise for example an indication relating to common names (CNS), an indication relating to a domain name system (DNS) domain name, a server name indication (SNI), an indication relating to fraud prevention, an indication relating to a server IP address. The network exposure node (160)transmits (A020) the PFD rule to the session node (140), which transmits (A040), towards the user data node (120), a management request comprising the PFD rule. The user data node (120) receives (A080), from the client application (115), traffic destined to the server application (190). The user data node (120) classifies (A090) the traffic in accordance with the PFD rule. The user data node (120) enforces (A100) actions for the classified traffic. Corresponding computer programs (603, 803, 003) and computer program carriers (605, 805, 1005) are also disclosed.

A method, an operator network (101) and nodes (120, 140, 160) for managing trafficare disclosed. The network exposure node (160) receives (A010) a Packet Flow Description (PFD) rule for a server application (190). The PFD rule comprises one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters. The one or more protocol parameters comprise for example an indication relating to common names (CNS), an indication relating to a domain name system (DNS) domain name, a server name indication (SNI), an indication relating to fraud prevention, an indication relating to a server IP address. The network exposure node (160)transmits (A020) the PFD rule to the session node (140), which transmits (A040), towards the user data node (120), a management request comprising the PFD rule. The user data node (120) receives (A080), from the client application (115), traffic destined to the server application (190). The user data node (120) classifies (A090) the traffic in accordance with the PFD rule. The user data node (120) enforces (A100) actions for the classified traffic. Corresponding computer programs (603, 803, 003) and computer program carriers (605, 805, 1005) are also disclosed.

A method of UE includes receiving a radio resource control (RRC) message for configuring bandwidth parts (BWPs) of a serving cell, receiving a physical downlink control channel (PDCCH) indicating activation of a first BWP, performing a BWP switching to the first BWP indicated by the PDCCH, and starting a first downlink BWP timer associated with the first BWP. A UE includes a transceiver, and at least one controller coupled with the transceiver, the at least one controller configured to receive an RRC message for configuring BWPs of a serving cell, receive a PDCCH indicating activation of a first BWP, perform a BWP switching to the first BWP indicated by the PDCCH, and start a first downlink BWP timer associated with the first BWP.

Devices and methods are provided for using an identity-aware proxy to filter transmissions for virtual networks. The device may receive an encrypted application programming interface (API) call from a second device, wherein the encrypted API call is associated with a remote network resource, and wherein the device is included in a remote network which includes the remote network resource. The device may determine, based on the encrypted API call, an account associated with the remote network resource. The device may determine that the account is not authorized to access the remote network resource using the remote network. The device may send an error notification to the second device.

Devices and methods are provided for using an identity-aware proxy to filter transmissions for virtual networks. The device may receive an encrypted application programming interface (API) call from a second device, wherein the encrypted API call is associated with a remote network resource, and wherein the device is included in a remote network which includes the remote network resource. The device may determine, based on the encrypted API call, an account associated with the remote network resource. The device may determine that the account is not authorized to access the remote network resource using the remote network. The device may send an error notification to the second device.

In one embodiment, a supervisory service for a network obtains quality of experience metrics for application sessions of an online application. The supervisory service maps the application sessions to paths that traverse a plurality of autonomous systems. The supervisory service identifies, based in part on the quality of experience metrics, a particular autonomous system from the plurality of autonomous systems associated with a decreased quality of experience for the online application. The supervisory service causes application traffic for the online application to avoid the particular autonomous system.

Traffic is received at an interface of a compute server. Identity information associated with the traffic is determined including an identifier of a customer to which the traffic is attributable. An egress policy configured for the first customer is used to determine whether the traffic is allowed to be transmitted to a destination where that destination is a resource of a second customer. If the traffic is allowed to be transmitted, the traffic and identity information is transmitted over a cross-customer GRE tunnel to a namespace of the second costumer on the compute server. An ingress policy configured for the second customer is used to determine whether the traffic is allowed to be transmitted to the destination, and if it is, then the traffic is transmitted.