A device translates between a first communication network, in particular a deterministic communication network, and a second communication network, in particular a mobile communication network, in particular a 5G communication network. The device is configured to execute an application function that is configured to translate between Quality-of-Service, QoS, parameters of the first communication network and QoS parameters of the second communication network. A QoS profile includes the QoS parameters of the first communication network translated by the application function and, optionally, additional QoS parameters originating from the second communication network. The device is further configured to execute a signaling procedure configured to exchange the translated QoS parameters within the second communication network.

Embodiments of this application provide a network congestion control method, a device, and a system, to dynamically control camping or handover of a user based on a user type, a service type, and a user location, thereby controlling congestion. A network device dynamically configures a grouped RFSP of a user based on information such as access network user plane congestion information without a need to modify subscription information of UE, selects, based on a user type and a service type, different networks/frequency bands/cells to control camping or handover, and instructs, by identifying a cell location, the user to select a frequency, to control congestion or the like.

Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.

Embodiments provide an aggregate rate control method, a device, and a system. A gateway switch receives a flow entry and a link table from a software-defined networking (SDN) controller. The flow entry includes at least a match field and a flow-entry instruction, and the link table includes at least a packet processing operation. The gateway switch parses to obtain header information of a received target data packet, and matches the header information with the match field in the flow entry. When the header information matches the match field in the flow entry, a link instruction is executed in the flow-entry instruction in the flow entry. The packet processing operation in the link table is performed, and the packet processing operation is used to discard or buffer the target data packet when a bit rate of an aggregate service flow is greater than a specified maximum aggregate rate.

Methods and apparatus for efficient data transfer within a user space network stack. Unlike prior art monolithic networking stacks, the exemplary networking stack architecture described hereinafter includes various components that span multiple domains (both in-kernel, and non-kernel). For example, unlike traditional “socket” based communication, disclosed embodiments can transfer data directly between the kernel and user space domains. Direct transfer reduces the per-byte and per-packet costs relative to socket based communication. A user space networking stack is disclosed that enables extensible, cross-platform-capable, user space control of the networking protocol stack functionality. The user space networking stack facilitates tighter integration between the protocol layers (including TLS) and the application or daemon. Exemplary systems can support multiple networking protocol stack instances (including an in-kernel traditional network stack).

A vehicle includes a telematics control unit; and one or more processors in communication with the telematics control unit via an in-vehicle network, programmed to generate a data packet for an application, containing a quality-of-service identifier indicative of priority and a type-of-service identifier indicative of sub-priority below the priority for the application; designate an access point name to the data packet based on the quality-of-service identifier; and communicate the data packet to the telematics control unit to communicate to a wireless network.

A method for providing guaranteed minimum intermediate proxy node bandwidth for services includes configuring, at an intermediate proxy node, a guaranteed minimum bandwidth of the intermediate proxy node reserved to process messages associated with a service. The method further includes receiving a first message at the intermediate proxy node. The method further includes determining, by the intermediate proxy node, that the intermediate proxy node is in an overloaded state. The method further includes identifying, by the intermediate proxy node, the first message as being associated with the service for which the guaranteed minimum bandwidth is configured. The method further includes determining, by the intermediate proxy node, that a portion of the guaranteed minimum bandwidth for the service is available to process the first message. The method further includes routing, by the intermediate proxy node and to a producer network function (NF) that provides the service, the first message and updating a message count for the service.

The described technology is generally directed towards a transport protocol for latency sensitive applications. The disclosed transport protocol is “semi-reliable” in that it allows for specification of an importance of data being transmitted, thereby allowing important data to be sent reliably, while other data can be dropped if necessary, e.g., under bad network conditions. A deadline can be specified for such other data, and if the other data cannot be sent prior to the deadline, it can be dropped. Furthermore, the disclosed transport protocol can allow for early discovery of network jitter. A client device can send regular acknowledgments which identify most recently received data packets as well as a number of “heartbeat transmissions” received at the client device. A server device can use the acknowledgments to discover and respond to jitter.

A system and method for decreasing latency in providing a data packet to a user device subsequent to receipt of an electronic signal from the user device are disclosed herein. The system can include memory including: a user profile database; and a content library database. The system can include a user device including: a network interface; and an I/O subsystem. The system can include a content management server. The content management server can: provide a data packet to the user device; request generation of a contingent recommendation; receive the contingent recommendation; receive an electronic signal including a user response; select a next action; and provide the next action to the user device.