Devices, system and methods build a mesh virtual private network (VPN) in a hybrid cloud cluster having a private and a public cloud with connected network nodes. Each node has an operating system (OS) to discover nodes of the VPN by determining IP addresses and port addresses of the nodes from data received from discovery agents. An internal discovery agent of each of the nodes determines IP addresses and port addresses of the nodes. A node discovery agent located within a node determines IP addresses and port addresses of other nodes. An external discovery agent located outside the cluster determines IP addresses and port addresses of nodes. A VPN configuration data generator of the OS generates VPN configuration data of the clouds using the IP addresses and port addresses. A VPN builder of the OS builds a configuration of the VPN of the hybrid cluster using the VPN configuration data.

Methods and systems for automated ad hoc customer premise equipment (CPE) bi-directional vulnerability scanning. A method includes an auto provisioning server receiving CPE information for a designated CPE to initiate a bi-directional vulnerability scan, obtaining telemetry data from a cable modem termination system (CMTS) based on the CPE information, configuring switches to form a virtual local area network channel between a LAN scanner and the designated CPE using the CPE information, provisioning the LAN scanner to obtain a LAN side Internet Protocol (IP) address from the designated CPE, initiating vulnerability scans at a wide area network (WAN) scanner and the LAN scanner using a stored WAN side IP address and a stored LAN side IP address, respectively, and generating a vulnerability scan report based on results from the WAN scanner and the LAN scanner. At least one network device can be configured based on the report.

The embodiments herein relate to a method and a network device for providing services to user devices in a wireless network. The method comprises authenticating a user device to an Access Point of a WLAN or WiFi network; determining, by a network device, a location of the user device; assigning a VLAN to the user device based on the location of the user device; and providing at least one service available via the assigned VLAN network.

The present application is directed to a method for enhancing security. The method includes a step of sending a request to a cloud provider to create a server on a cloud. The method also includes a step of receiving a notification from the cloud provider that the requested server is available on the cloud. The method also includes a step of embedding the server with a VPN service. The method further includes a step of sending a credential of the server to an entity on the network. Yet further, the method includes a step of reviewing a list of servers created by the cloud provider. Yet even further, the method includes a step of evaluating progress of server generation by the cloud provider and one or more additional cloud providers. The application is also directed to system for enhancing security on a cloud server.

Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Some embodiments provide a method, executable by a network device, that receives a first set of commands instructing the network device to allow network traffic to egress out of an authentication port of the network device. The authentication port is configured to belong to a first virtual local area network (VLAN). An unauthenticated device is connected to the authentication port. The method further receives a second set of commands instructing the network device to add ports belonging to the first VLAN to a broadcast domain of a second VLAN. The method also broadcasts an address request to the broadcast domain of the second VLAN. The method further receives, from the unauthenticated device, a response to the address request.

Methods and systems for automated ad hoc customer premise equipment (CPE) bi-directional vulnerability scanning. A method includes an auto provisioning server receiving CPE information for a designated CPE to initiate a bi-directional vulnerability scan, obtaining telemetry data from a cable modem termination system (CMTS) based on the CPE information, configuring switches to form a virtual local area network channel between a LAN scanner and the designated CPE using the CPE information, provisioning the LAN scanner to obtain a LAN side Internet Protocol (IP) address from the designated CPE, initiating vulnerability scans at a wide area network (WAN) scanner and the LAN scanner using a stored WAN side IP address and a stored LAN side IP address, respectively, and generating a vulnerability scan report based on results from the WAN scanner and the LAN scanner. At least one network device can be configured based on the report.

A method, computer system, and computer program product for provisioning member node group information on a virtual overlay network in a multi-controller cloud environment are provided. The embodiment may include one of the controllers receiving a group association call from user interface for a target node, wherein the group message is either an association-add the target node to or association-remove the target node from a node group. The embodiment may also include the controller performing consistent database manipulation by updating a database based on the received association-add or association-remove call, wherein the controller first updates a database by adding or removing the target node to or from, respectively, the node group in the database. The embodiment may further include the controller reading out the updated member node group from the database before issuing a provision-create or a provision-remove request to the target node.

When a subscriber terminal (100A) connects to the other party vCPE (310B), a communication system (1) determines whether a connection between the other party terminal (100B) and the other party vCPE (310B) and a connection between the subscriber terminal (100A) and the other party vCPE (310B) are to be established through the same network segment based on connection permission conditions of the other party vCPE (310B) and the subscriber terminal (100A), and the other party vCPE (310B) allocates a network segment, which is the same as or different from a network segment allocated to the other party terminal (100B), to the subscriber terminal (100A) according to the determination.

An object is to provide a means for causing wirings and device setting configurations to conform between communication devices and then establishing communication by generating a device setting configuration in accordance with wirings between the communication devices and reflecting the device setting configuration in interfaces of the communication devices. A device setting configuration for establishing communication between communication devices is generated based on information regarding an adjacent device acquired from each communication device, using a network setting information database configured to hold, in an associated manner, information regarding the communication device, information regarding the adjacent device connected directly to the communication device via a communication cable, and information regarding a device setting configuration to be set for an interface of the communication device used to connect to the adjacent device.