Methods to strengthen the cyber-security and privacy in a proposed deterministic Internet of Things (IoT) network are described. The proposed deterministic IoT consists of a network of simple deterministic packet switches under the control of a low-complexity ‘Software Defined Networking’ (SDN) control-plane. The network can transport ‘Deterministic Traffic Flows’ (DTFs), where each DTF has a source node, a destination node, a fixed path through the network, and a deterministic or guaranteed rate of transmission. The SDN control-plane can configure millions of distinct interference-free ‘Deterministic Virtual Networks’ (DVNs) into the IoT, where each DVN is a collection of interference-free DTFs. The SDN control-plane can configure each deterministic packet switch to store several deterministic periodic schedules, defined for a scheduling-frame which comprises F time-slots. The schedules of a network determine which DTFs are authorized to transmit data over each fiber-optic link of the network. These schedules also ensure that each DTF will receive a deterministic rate of transmission through every switch it traverses, with full immunity to congestion, interference and Denial-of-Service (DoS) attacks. Any unauthorized transmissions by a cyber-attacker can also be detected quickly, since the schedules also identify unauthorized transmissions. Each source node and destination node of a DTF, and optionally each switch in the network, can have a low-complexity private-key encryption/decryption unit. The SDN control-plane can configure the source and destination nodes of a DTF, and optionally the switches in the network, to encrypt and decrypt the packets of a DTF using these low-complexity encryption/decryption units. To strengthen security and privacy and to lower the energy use, the private keys can be very large, for example several thousands of bits. The SDN control-plane can configure each DTF to achieve a desired level of security well beyond what is possible with existing schemes such as AES, by using very long keys. The encryption/decryption units also use a new serial permutation unit the very low hardware cost, which allows for exceptional security and very-high throughputs in FPGA hardware.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.

A method for data transmission may be implemented on an electronic device having one or more processors. The one or more processors may include a master queue including a master queue head and a plurality of primary ports that are connected to each other using a serial link. The method may include operating the master queue head to obtain a message. The method may also include operating the master queue head to segment the message into a plurality of segments. The method may also include operating the master queue head to transmit the plurality of segments to a first primary port of the plurality of primary ports in the master queue. The method may also include operating the first primary port to transmit the plurality of segments to a second primary port of the plurality of primary ports in the master queue.

Provided is a procedure for receiving response information in response to a request message in an M2M system. Such a procedure may include transmitting a request message; determining a response type parameter corresponding to the request message; and receiving response information according to the response type parameter, wherein one of blocking, synchronous non-blocking (nonBlockingRequestSynch) and asynchronous non-blocking (nonBlockingRequestAsynch) is set as the response type parameter.

A reduced-complexity optical packet switch which can provide a deterministic guaranteed rate of service to individual traffic flows is described. The switch contains N input ports, M output ports and N*M Virtual Output Queues (VOQs). Packets are associated with a flow f, which arrive an input port and depart on an output port, according to a predetermined routing for the flow. These packets are buffered in a VOQ. The switch can be configured to store several deterministic periodic schedules, which can be managed by an SDN control-plane. A scheduling frame is defined as a set of F consecutive time-slots, where data can be transmitted over connections between input ports and output ports in each time-slot. Each input port can be assigned a first deterministic periodic transmission schedule, which determines which VOQ is selected to transmit, for every time-slot in the scheduling frame. Each input port can be assigned a second deterministic periodic schedule, which determines which traffic flow within a VOQ is selected to transmit. Each input port can be assigned a third deterministic periodic schedule, which specifies to which VOQ an arriving packet (if any) is destined, for each time-slot in a scheduling frame. Each input port can be assigned a fourth deterministic periodic schedule, which specifies to which Flow-VOQ within a VOQ an arriving packet (if any) is destined. In this manner, each traffic flow can receive a deterministic guaranteed-rate of transmission through the switch.

In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.

Ethernet link extension methods and devices provide, in one illustrative embodiment, an Ethernet link extender with physical medium attachment (PMA) circuits each having a transmitter and receiver that communicate with a respective node in a sequence of communication phases. The sequence includes at least an auto-negotiation phase and a subsequent training phase, the phases occurring simultaneously for both PMA circuits. In the auto-negotiation phase, the PMA circuits operate in a pass-through mode, rendering the extender transparent to the two nodes. In the training phase, the PMA circuits operate independently, sending training frames to their respective nodes based in part on received back-channel information and locally-determined training status information. The training phases may be prolonged if needed to provide a simultaneous transition to a frame-forwarding phase of the sequence.

Techniques in advanced deep learning provide improvements in one or more of accuracy, performance, and energy efficiency. An array of processing elements performs flow based computations on wavelets of data. Each processing element has a compute element and a routing element. Each compute element has memory. Each router enables communication via wavelets with nearest neighbors in a 2D mesh. A compute element receives a wavelet. If a control specifier of the wavelet is a first value, then instructions are read from the memory of the compute element in accordance with an index specifier of the wavelet. If the control specifier is a second value, then instructions are read from the memory of the compute element in accordance with a virtual channel specifier of the wavelet. Then the compute element initiates execution of the instructions.

In order to provide efficient processing of Dynamic Host Control Protocol (DHCP) data flows and dynamic Internet Protocol (IP) address management, an electronic device that implements a virtual dataplane in a network may separate the DHCP data flows from other data flows. Then, the virtual dataplane may perform IP address management using one or more applications that are executed by a processor in the electronic device. In order to accelerate processing of a sequence of packets in a DHCP data flow to a destination, the virtual dataplane may look up a stored result of a look-up operation for a first packet in the sequence, so that subsequent packets in the sequence use the stored result without performing the look-up operation. Furthermore, the IP address management may include dynamically freeing up IP addresses in the network based on network activity of client devices.

A method of generating packets in the data plane of a forwarding element is provided. The method selects a configuration set from a plurality of configuration sets of based on a triggering event. The method generates a set of packets using a packet template that corresponds to the selected configuration set. The method sets values of a plurality of the packet fields to identify different information such as the destination of packets. The method places the generated set of packets into an ingress pipeline of the forwarding element.