The invention relates to a method, by a policy controller 100, for generating policy rules for data packet flows in a communications network. The policy controller 100 has access to a policy database 130 and stores a service level agreement. The service level agreement contains a plurality of different service level identifiers, each service level identifier being associated with a set of conditions that govern the policy rules to be applied to the data packet flows in the communications network. The method comprises the following steps: An authorization request is received for a data packet flow, the authorization request comprising service information for a service and a service level identifier. The policy database 130 is accessed and the set of conditions associated with the received service level identifier is determined. Further, based on the determined set of conditions, a policy rule to be applied to the data packet flow is generated. Policy controller 100 is configured to generate policy rules based on a third party or company profile, with the third party company being able to influence which policy rule should be selected by the policy controller. The authorization request may be received directly from an application function, AF 200. An input unit 230 is provided via which the third party can define and agree upon the service level agreement with an operator of the communications network. A policy control enforcing function PCEF 51 can interact with the PCRF 100 in order to enforce the policy rules.

A device may identify a plurality of first values associated with network traffic of a label-switched path of a plurality of label-switched paths. The device may determine an adjustment policy based on the plurality of first values. The adjustment policy may include one or more factors associated with a plurality of second values. The plurality of second values may be determined based on the plurality of first values. The device may implement the adjustment policy in association with the label-switched path. A bandwidth reservation of the label-switched path may be adjusted based on the adjustment policy. The adjustment policy may be implemented for fewer than all of the plurality of label-switched paths.

A first device may receive information that assigns a function related to network traffic associated with a content delivery network. The first device may implement the function based on the information that assigns the function. The first device may receive the network traffic from the content delivery network and may provide the network traffic to a subscriber device. The first device may provide, to a second device, information associated with the network traffic based on implementing the function. The second device may manage a subscriber session associated with the subscriber device based on the information associated with the network traffic.

A method and system for distributive flow control and bandwidth management in networks is disclosed. The method includes: providing multiple Internet Protocol (IP) Gateways (IPGWs) that each have a maximum send rate and one or more sessions with associated throughput criteria, wherein each IPGW performs flow control by limiting information flows by the respective maximum send rate and throughput criteria; providing multiple Code Rate Organizers (CROs) that each have a bandwidth capacity, wherein each CRO performs bandwidth allocation of its respective bandwidth capacity to one or more IPGWs of the multiple IPGWs; interconnecting the multiple IPGWs with the multiple CROs; and performing bandwidth management across the multiple CROs and IPGWs. In the method, an IPGW of the multiple IPGWs provides flow control across a plurality of the CROs of the multiple CROs, and a CRO of the multiple CROs allocates bandwidth to a plurality of the IPGWs of the multiple IPGWs.

A communication method executed by a communication system, the communication method includes determining, by a first node that requests to execute an application, a policy for selecting a node to execute the application from the plurality of relay nodes based on an amount of an output data which is an execution result of the application and an amount of an input data for executing the application; transmitting a request message including identification information indicating the policy and requesting to execute the application via the path; receiving, by a third node, the request message; acquiring data for executing the application from a second node, when it is determined that the third node is able to execute the application based on the identification information; executing the application using at least the acquired data; and transmitting a response message including the execution result of the application to the first node.

Embodiments provide a traffic control system for WLAN access points. The traffic control system works in dependence on a first input-user priority (supplied by an authentication server). This allows different service levels to be provided to different classes of customer. In addition, the traffic control system polices and/or shapes traffic based on a second input—a modulation rate detector, which measures the modulation rate at which each connected client is sending its traffic, and uses it to indirectly cause fairer use of the available air interface capacity (e.g. by causing TCP streams to back off when they detect packet loss). Finally, for some embodiments where public Wi-Fi is being delivered through private Wi-Fi access points, the traffic control system is to manage the air interface utilization split between public and private WiFi users, to ensure that private users do not have their Wi-Fi air interface network capacity unduly impaired by public users.

Obtaining, in association with origination of outbound network traffic to be sent by a system, user account information of a user account on behalf of which the outbound network traffic is generated, and performing filtering of the outbound network traffic based on the obtained user account information of the user account on behalf of which the outbound network traffic is generated, where the filtering is further based on one or more rules, and the filtering includes determining whether to block or allow sending of the outbound network traffic from the system.

A method and apparatus are provided in which network traffic is separated based on application, query, or other criteria. A first application is stored in a first control group in a resource isolation environment, the first control group being associated with a first policy. A second application is stored in a second control group in the resource isolation environment, the second control group being associated with a second policy. Upon receiving a request for content through one of the first application and the second application, it is determined which control group is associated with the request. Traffic is managed in connection with the request according to the policy associated with the determined control group.

The disclosure is related to providing interconnectivity between a plurality of user devices. A wireless interconnectivity device connects to a first user device of the plurality of user devices over a first local wireless network, connects to a second user device of the plurality of user devices over a second local wireless network, receives a request from the first user device to transfer data from the first user device to the second user device, determines whether or not a third user device has granted permission to transfer the data from the first user device to the second user device, and transfers the data from the first user device to the second user device based on the third user device having granted permission to transfer the data from the first user device to the second user device.

A protocol element referred to as a secure handle is described which provides an efficient and reliable method for application-to-application signaling in multi-process and multi-computer environments. The secure handle includes an absolute memory reference which allows the kernel to more quickly and efficiently associate a network data packet with an application's communication context in the kernel.