Aspects of the subject disclosure may include, for example, a method comprising providing services over a network to a device, and constructing device capability and usage profiles. A level of service quality for the device is adjusted by adjusting a latency criterion regarding connection of the device to the network; adjusting a speed of transmissions to or from the device; and altering a routing of transmissions to or from the device. The network can be partitioned so that the adjusted service quality level is provided by a network portion having a predetermined level of resources. The adjusted service quality level can comprise a first level while the device is active and a second level while the device is inactive; the first level is higher than the second level. The first and second levels are lower than a service quality level provided by another network portion. Other embodiments are disclosed.

In an embodiment, a method monitors a plurality of data streams passing through a router in the connectivity service provider environment, and for each of the data streams, periodically samples packets at the router. The method further generates a stream signature based at least on the payload of the sampled packets. The method further includes, for each generated stream signature, attaching information to the stream signature. Such information may, for example, include time-stamp information for the stream signature, or an identification of the router. The method may further comprise storing the stream signatures corresponding to the data streams in a database. The stored stream signatures may be compared to determine matching stream signatures. Matching signatures may identify data streams that carry identical or similar content.

Systems and methods of site traffic control are disclosed. In some example embodiments, a request for an online service to perform an operation is received from a user on a client device, and at least one overload condition for the online service is detected, or otherwise determined, with the overload condition(s) corresponding to a request time of the request. A standard of restriction is selected from a plurality of standards of restriction based on the overload condition(s), and the selected standard of restriction is used as a basis for either denying or permitting the user access to the operation of the online service.

Systems and methods are disclosed for determining a topology of a network comprising a plurality of intermediary devices and intermediary paths. One method includes transmitting probes having a TTL value with a destination set to a destination device; receiving, for each probe transmitted, a response including an IP address of a responding device; determining whether more than one responding device has responded to the probes; determining whether more than one responding device has been found for two previous transmissions of probes when more than one responding device has responded to the probes; and transmitting, for each more than one responding device, probes having a decreased TTL value with a destination set to one of the IP addresses of the more than one responding devices, when more than one responding device has been found for two previous transmissions.

A method for managing traffic of a plurality of packets in a plurality of packet flows transmitted using a time-slotted interface. The packet flows traverse a plurality of switches of a transport network according to an assigned path from a source node to a destination node. The method comprises determining an end-to-end latency of a plurality of packets traversing a current switch in packet flows and assigning priority values to the packets traversing the current switch, wherein a priority value of a packet depends on the determined end-to-end latency of said packets. The method further comprises allocating a time slot in an output interface of the current switch to the packet having the highest priority value among the packets competing for said time slot.

A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

A device translates between a first communication network, in particular a deterministic communication network, and a second communication network, in particular a mobile communication network, in particular a 5G communication network. The device is configured to execute an application function that is configured to translate between Quality-of-Service, QoS, parameters of the first communication network and QoS parameters of the second communication network. A QoS profile includes the QoS parameters of the first communication network translated by the application function and, optionally, additional QoS parameters originating from the second communication network. The device is further configured to execute a signaling procedure configured to exchange the translated QoS parameters within the second communication network.

The invention relates to a method implemented by a communicating entity in a packet-switched network, comprising at least one port for transmitting communication signal frames comprising a first type of frames, intended to be transmitted in a plurality of streams for which a traffic shaping is defined, and a second type of frames, for which no traffic shaping is defined, each frame being able to be fragmented so as to transmit a fragment only of a frame of said second type. The communicating entity stores a plurality of first queues of frames of the first type, the first queues being associated respectively to said plurality of streams, and at least one second queue for frames of the second type. The entity further schedules transmissions of first type frames, and between at least two first type frames, transmission of at least a fragment of at least one second type frame.

A communication device for transmitting a Transmission Control Protocol (TCP) segment over a communication network using a Multipath Transmission Control Protocol (MPTCP) includes: a communication interface configured to establish an MPTCP data flow comprising a plurality of data sub-flows to a further communication device, and to receive a priority indicator from a network entity, wherein the priority indicator indicates a respective priority of a respective data sub-flow; and a scheduler configured to select, for the TCP segment, a data sub-flow from the plurality of data sub-flows based on the priority indicator. The communication interface is further configured to transmit the TCP segment via the selected data sub-flow to the further communication device.

A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.