A method for controlling network congestion, including overlaying an overlay network packet header on an encapsulation outer layer of a transmit packet, where the overlay network packet header includes an outer Internet Protocol (IP) header, and an explicit congestion notification (ECN) identifier of an ECN is set in the outer IP header, decapsulating the overlay network packet header for an encapsulated reply packet, where an inner congestion identifier that is based on the ECN identifier is obtained from an IP header of the decapsulated reply packet through matching, and if the decapsulated reply packet is a User Datagram Protocol (UDP) packet, forwarding the UDP packet to a preset slow channel.

In some embodiments, a computer-implemented method for an automated proxying TCP fingerprints comprises: receiving, at a proxy server, a request from a source host, to establish a first communications connection between the source host and a destination host; establishing, by the proxy server, a second communications connection between the source host and the proxy server; determining a plurality of fingerprint values specific to the source host; establishing by the proxy server, using at least the plurality of fingerprint values specific to the source host, a third communications connection between the proxy server and the destination host; facilitating, by the proxy server, communications between the source host and proxy server via the second communications connection and between the proxy server and the destination host via the third communications connection.

A device may provide path data identifying a primary path and one or more alternate paths for segment routing traffic in the network, and may receive performance data indicating a performance degradation in the primary path. The device may determine that the performance data satisfies a first threshold, and may request, based on the performance data satisfying the first threshold, alternate path performance data. The device may receive the alternate path performance data based on the request, and may compare the alternate path performance data for the one or more alternate paths. The device may select a particular alternate path, of the one or more alternate paths, based on comparing the alternate path performance data for the one or more alternate paths, and may trigger, based on the performance data satisfying a second threshold, a failover of the traffic from the primary path and to the particular alternate path.

In some embodiments, a computer-implemented method for an automated proxying TCP fingerprints comprises: receiving, at a proxy server, a request from a source host, to establish a first communications connection between the source host and a destination host; establishing, by the proxy server, a second communications connection between the source host and the proxy server; determining a plurality of fingerprint values specific to the source host; establishing by the proxy server, using at least the plurality of fingerprint values specific to the source host, a third communications connection between the proxy server and the destination host; facilitating, by the proxy server, communications between the source host and proxy server via the second communications connection and between the proxy server and the destination host via the third communications connection.

Embodiments for providing enhanced endpoint multicast emulation in a computing environment. One or more multicast operations may be executed on an overlay network using endpoint multicast emulation by using an overlay layer or a virtual extensible LAN (“VXLAN”) layer to maintain control over one or more multicast groups.

This disclosure describes techniques for identifying an application (e.g., accessing application) that is attempting to access a resource. In some examples, access may be managed by an authentication service. When an access request is received at the authentication service from an application on a client device, the authentication service may ask the application to communicate with an identification agent on the client device. The identification agent may perform one or more tests to discover the identity of the application. In some cases, the identification agent may send the identity of the application to the authentication service. The authentication service may then allow or deny access by the accessing application to the resource based at least in part on the discovered identity.

Devices, methods, user equipment (UE), base stations, storage media, and other embodiments are provided for managing associations in a communication network. In one example embodiment, a Next Generation (NG) core network device is configured for an Access and Mobility Management Function (AMF) with an NG-Radio Access Network (NG-RAN) node. The network device may be configured to access a plurality of Transport Network Link (TNL) associations and generate an AMF configuration update using the TNL associations, the AMF configuration update comprising AMF transport layer address information for the plurality of TNL associations. The network device may then initiate transmission of the AMF configuration update comprising the AMF transport layer address information to the NG-RAN node. Additional embodiments may involve binding updates or setup response messaging for managing associations, along with additional operations.

An access and mobility management function (AMF) receives from a session management function (SMF) a first session configuration request message for a packet duplication of a first session between a user plane function (UPF) and a wireless device. The AMF receives from the SMF, based on traffic load information received at the SMF from the UPF, a first message for activation of a configuration of the packet duplication of the first session of the wireless device. The AMF sends to the SMF a second message indicating a result of the activation of the packet duplication of the first session.

Techniques are disclosed for maintaining processing unit core affinity for fragmented packets. In one example, a service physical interface card (PIC) implementing a service plane of a network device receives fragmented and/or non-fragmented packet data for a traffic flow. The service PIC comprises at least one processing unit comprising multiple cores. A routing engine operating in a control plane of the network device defines one or more core groups comprising a subset of the cores. The routing engine assigns the traffic flow to a core group and a forwarding engine operating in a forwarding plane of the network device forwards the packet data for the traffic flow to the assigned core group. A core of the assigned core group applies a network service to the fragmented and/or non-fragmented packet data for the traffic flow, and the forwarding engine forwards the packet data for the traffic flow toward a destination.

Network traffic flows can be processed by routers, switches, or service nodes. Service nodes may be ASICs that can provide the functionality of a switch or a router. Service nodes can be configured in a circular replication chain, thereby providing benefits such as high reliability. The service nodes can implement methods that include receiving a first packet that includes a source address in a source address field and that includes a destination address in a destination address field, routing the first packet to a selected service node that is in a circular replication chain that includes a plurality of service nodes that have local flow tables and are configured for chain replication of the local flow tables, producing a second packet by using a matching flow table entry of the first packet to process the first packet, and sending the second packet toward a destination indicated by the destination address.