A node includes: a communication circuit; a processor operatively connected to the communication circuit; and a memory operatively connected to the processor and storing a target application and an access control application, wherein the memory stores instructions that when executed by the processor, cause the node to: detect a network access event of the target application to a destination network through the access control application, identify whether a tunnel corresponding to identification information of the target application and the destination network and authorized by an external server exists, transmit a data packet of the target application through the authorized tunnel using the communication circuit, when the authorized tunnel exists, and drop the data packet of the target application, when the authorized tunnel does not exist.

Aspects of the subject disclosure may include, for example, identifying a packet data protocol session that supports a first data exchange between a mobile application of a first mobile device and a first recipient device, wherein the first exchange of data comprises a directing of the first exchange of data through a network device. A second recipient device is determined, and a second data exchange is facilitated between the mobile application and the second recipient device by way of the packet data protocol session, wherein the second exchange of data also comprises a directing of the second exchange of data through the network device without modifying the first data exchange. Other embodiments are disclosed.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.

A node includes: a communication circuit; a processor operatively connected to the communication circuit; and a memory operatively connected to the processor and storing a target application and an access control application, wherein the memory stores instructions that when executed by the processor, cause the node to: detect a network access event of the target application to a destination network through the access control application, identify whether a tunnel corresponding to identification information of the target application and the destination network and authorized by an external server exists, transmit a data packet of the target application through the authorized tunnel using the communication circuit, when the authorized tunnel exists, and drop the data packet of the target application, when the authorized tunnel does not exist.

An apparatus including a storage medium and a controller is provided. The storage medium stores a mapping of stream Identifiers (IDs) to Virtual Local Area Network (VLAN) tags. The controller is coupled to the storage medium and configured to route a packet for a Time-Sensitive Networking (TSN) network according to the mapping. The routing of the packet includes replacing a VLAN tag in the packet according to the stream ID of the packet and the mapping, so as to maintain the real-time deterministic behavior of delivering data streams in the TSN network.

For communicably connecting with an opposing apparatus using VLANs on multiple communication pathways, communication addresses of the opposing apparatus and relay apparatuses located on the communication pathways are acquired. Used VLAN-IDs already being utilized for configuring other VLANs by the opposing apparatus and the relay apparatuses located on the communication pathways are acquired. A VLAN-ID that is not being utilized is identified based on the used VLAN-IDs that are already being utilized for configuring other VLANs by a local apparatus, the relay apparatuses, and the opposing apparatus. The identified VLAN-ID is used to set settings for communicably connecting the opposing apparatus and the relay apparatuses on a single communication pathway using a new VLAN.

A network sanitization technology for enforcing a network edge and enforcing particular communication functions for untrusted dedicated-function devices such as IP cameras. An untrusted network device is isolated from a network by a network sanitization system such that it cannot communicate with the network. Communications from the untrusted device are intercepted by the system and only allowed communications are used. Allowed communications are used to create new communications according to an allowed framework. Sanitization device may be in small two-port package with visual indicia indicating the untrusted device and the network side. The device may use and provide PoE to device. Abstract is not to be considered limiting.

The present disclosure intends to provide an optical signal from an ONU according to a desired service usage state without using the ONU and an OLT. A simulated signal light generation apparatus 10 according to the present disclosure is a simulated signal light generation apparatus 10 for simulating an uplink signal light generated in an optical network unit (ONU) in a passive optical network (PON), and the apparatus includes a usage state control unit 11 that sets a service usage state of the ONU, a signal generation unit 12 that generates an uplink signal frame according to the usage state set by the usage state control unit 11, and an electrical/optical conversion unit 13 that converts an electrical signal from the signal generation unit 12 into an optical signal, and the optical signal from the electrical/optical conversion unit 13 is repeatedly transmitted to an optical fiber core 22.

An apparatus including a storage medium and a controller is provided. The storage medium stores a first mapping of stream Identifiers (IDs) to VLAN tags, and a second mapping of the stream IDs to VLAN tag indications. The controller is coupled to the storage medium and configured to route a packet between a Time-Sensitive Networking (TSN) network and a non-TSN network according to the first and second mappings. The routing of the packet includes inserting or removing a VLAN tag in or from the packet according to the stream ID of the packet and the first and second mappings, so as to enable interoperability between the TSN network and the non-TSN network.

A server, includes a virtual machine identifier assigning section to assign an identifier of a virtual machine operating on the server; and a network interface to transmit a packet including a Layer 2 header information which includes the identifier of the virtual machine and a first packet field for a VLAN-Tag, wherein the network, interface transmits the packet to a packet encapsulate section which encapsulates a second packet field including the Layer 2 header information with a virtual network identifier representing a virtual network to which the virtual machine belongs.