Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Systems and techniques are described for a centralized management system operating within a virtual machine which configures, monitors, analyzes, and manages an adaptive private network (APN) to provide a discovery process that learns about changes to the APN through a network control node (NCN) that is a single point of control of the APN. The discovery process automatically learns a new topology of the network without relying on configuration information of nodes in the APN. Network statistics are based on a timeline of network operations that a user selected to review. Such discovery and timeline review is separate from stored configuration information. If there was a network change, the changes either show up or not show up in the discovery process based on the selected time line. Configuration changes can be made from the APN VM system by loading the latest configuration on the APN under control of the NCN.

Some embodiments of the invention provide a method for detecting and remediating anomalies in an SD-WAN that includes a controller, an enterprise datacenter, and multiple branch sites each having at least one edge node that includes a set of packet processing stages. At the controller, the method receives from a particular node of a particular branch site a flow notification indicating detection of an anomaly on the particular node. Based on the anomaly, the method dynamically generates trace monitoring rules that specify one or more flows to be traced and provides the trace monitoring rules to the particular node and at least one other node of another branch site. From the particular node and the at least one other node, the method receives trace monitoring results collected in response to the provided trace monitoring rules, and analyzes the results to identify any anomalies and dynamic actions to correct the anomalies.

The present invention provides systems and methods employing Voice over Internet Protocol (VoIP) technology to provide multi-channel, multi-access voice communication capabilities.

A system and method for providing an MAP for an unsolicited grant to a modem in a wireless backhaul environment based on centralized small cell (cSC) data received at a modem termination system (MTS) is described herein.

In one embodiment, a device receives application experience metrics for a software-as-a-service application. The device generates, based on the application experience metrics, a predictive model that predicts application experience scores for a plurality of network service providers that provide connectivity to the software-as-a-service application. The device selects a particular network service provider for use by a location, based on an application experience score predicted by the predictive model. The device sends an indication of the particular network service provider to the location.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Implementations of firearm regulation systems may include a firearm safety system (FSS) configured to physically couple to a firearm. The FSS may include a locking mechanism configured to prevent the firearm from firing and a sensor configured to detect an environmental parameter. The firearm regulation system may also include a management system communicatively coupled to the FSS and a site safety system (SSS) communicatively coupled to the management system. The SSS may include one or more lockdown mechanisms.

In one embodiment, a device predicts a failure of a first tunnel in a software-defined wide area network (SD-WAN). The device determines that no backup tunnel for the first tunnel exists in the SD-WAN that can satisfy one or more service level agreements (SLAs) of traffic on the first tunnel, were the traffic rerouted from the first tunnel onto that tunnel. The device predicts, using a machine learning model, that a backup tunnel for the first tunnel exists in the SD-WAN that can satisfy an SLA of a subset of the traffic on the first tunnel, in response to determining that no backup tunnel exists in the SD-WAN that can satisfy the one or more SLAs of the traffic on the first tunnel. The device proactively reroutes the subset of the traffic on the first tunnel onto the backup tunnel, in advance of the predicted failure of the first tunnel.

In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.