Exchanging encrypted packet payloads between a cable headend and a Remote MACPHY device. A single device executes a cable modem termination system (CTMS) implemented in software and not hardware. The software-implemented CMTS (i.e., a virtual CMTS) instantiates a tunnel to the Remote MACPHY device. The virtual CMTS encrypts the payloads of one or more packets and transmits those packets over the tunnel to the Remote MACPHY device. In similar fashion, the Remote MACPHY device may send packets with encrypted payloads to the virtual CMTS over the tunnel. In this way, encryption is not performed on a hop by hop basis, thereby allowing the payloads of packets to remain encrypted at all times during transmit through the tunnel.

A method of operating a data network may include establishing a data path through the data network between a routing gateway and service provider equipment providing a data service. Moreover, the data service may be provided for use at the routing gateway over the data path during a data session. A request may be received from the service provider equipment where the request defines a data flow characteristic for the data path between the routing gateway and the service provider equipment providing the data service. The data flow characteristic may then be transmitted to a network element along the data path between the routing gateway and the service provider equipment. A request from service provider equipment can include an allowed bandwidth or prioritization. Related methods, data networks, data service providers, routing gateways, and computer program products are also discussed.

A machine implemented method of server initiated registration of a remote device with a second server when the remote device is provisioned or pre-provisioned for registration with a first server, the method comprising: transmitting a bootstrap message from a bootstrap server to the first server, the bootstrap message comprising instruction for registration of the remote device with the second server; receiving the bootstrap message at the first server; sending, from the first server, the bootstrap message to the remote device; and registering the remote device with the second server.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

A system for transmitting data over a communication network operating in an Ethernet or serial communication mode, where an Ethernet or serial cable is replaced by radios transmitting over an over-the-air radio link. The system includes computer processors that receive the data and assemble that data into smaller OTA data packets for delivery across the link and operating protocols that provide collision avoidance of OTA packets transmitted in an overlapping manner by radios on opposite sides of the over-the-air link. In a preferred mode the system operates in the 902-928 MHz ISM band, and the data being transmitted over distances much greater than for 2.4 GHz transmission.

An example branch gateway includes processing circuitry, memory including instructions, and a plurality of ports. The branch gateway transmits, from a plurality of ports, a first broadcast message. The branch gateway receives, in response to the first broadcast message, response messages on respective ports. The branch gateway determines, based on a receipt order of the response messages, an identifying address from a first response message. The branch gateway assigns the respective port for each response message to a unique VLAN. The branch gateway determines, for each port assigned to a unique VLAN, a link health parameter. The branch gateway selects a primary port to connect to an activation server of a WAN. The branch gateway selects a secondary port to connect to the activation server.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

An example branch gateway includes processing circuitry, memory including instructions, and a plurality of ports. The branch gateway transmits, from a plurality of ports, a first broadcast message. The branch gateway receives, in response to the first broadcast message, response messages on respective ports. The branch gateway determines, based on a receipt order of the response messages, an identifying address from a first response message. The branch gateway assigns the respective port for each response message to a unique VLAN. The branch gateway determines, for each port assigned to a unique VLAN, a link health parameter. The branch gateway selects a primary port to connect to an activation server of a WAN. The branch gateway selects a secondary port to connect to the activation server.

Systems, methods, and devices for providing a user equipment (UE) device that is associated with a private network service (PrNS) and communicatively attached a public WiFi network in a remote market being serviced by a different headend than the UE device's home network with public or private network services.

A system and method for controlling simultaneous communications over a plurality of communication networks that employs Point-to-Point Protocol over Ethernet (PPPoE) connections between a plurality of Ethernet connected clients and a plurality of wireless radio modems for wireless network access control. The method comprises transmitting data between the one or more clients and one or more wireless modems for communication over the one or more wireless networks based on the assigned IP address of the one or more clients based upon during a PPPoE or DHCP session. The system comprises one or more multi-radio modems for transmitting data over one or more wireless networks, an Ethernet LAN for connecting the one or more PPPoE and DHCP enabled clients to the one or more multi-radio modems, one or more Access Concentrators for controlling access to the one or more radio modems and for assigning an Internet Protocol address to the one or more PPPoE enabled clients, and a DHCP server for controlling access to the one or more radio modems and for assigning an Internet Protocol address to the one or more DHCP enabled clients. A controller coordinates communications between the PPPoE client and the one or more radio modems based on the assigned Internet Protocol address of the PPPoE client or DHCP client.