An electronic apparatus for establishing a Dual-Stack Lite (DS-lite) tunnel is provided. The apparatus sends a request for an Internet Protocol (IP) address of a Domain Name System (DNS) server and a domain name of an Address Family Transition Router (AFTR) server to a Dynamic Host Configuration Protocol (DHCP) server using an IP address of the DHCP server, receives the IP address of the DNS server and the domain name of the AFTR server from the DHCP server in response to the request, sends a DNS query including the domain name of the AFTR server to the DNS server using the IP address of the DNS server. In response to the DNS query being successful, the apparatus receives an IP address of the AFTR server from the DNS server, and establishes the DS-lite tunnel between the apparatus and the AFTR server using the IP address of the AFTR server.

An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications involving computing nodes of the managed virtual computer network that use an alternative addressing scheme to direct network packets and other network communications to intended destination locations by using textual network node monikers instead of numeric IP addresses to represent computing nodes at a layer 3 or “network layer” of a corresponding computer networking stack in use by the computing nodes. The techniques are provided without modifying or configuring the network devices of the substrate computer network, by using configured modules to manage and modify communications from the logical edge of the substrate network.

The present disclosure proposes network elements, methods at the network elements for facilitating reuse of IP address, a telecommunications system comprising the network elements. The method at a first network element for facilitating reuse of an IP address at multiple UEs comprising a first UE comprises: transmitting, to a second network element, a first request message associated with the first UE, the first request message comprising the IP address and a first indicator which, in conjunction with the IP address, uniquely identifies the first UE.

Systems, methods, and computer-readable media herein provide for gateway based IP address translation in communication networks. Data associated with an IPv4 address is received by a network gateway device which maintains an IPv4 to IPv6 mapping table that may population with information queried from DNS servers. The mapping table may be accessed to determine a destination IPv6 address enabling received data to be modified to use the IPv6 address to natively access IPv6 Internet resources and domains.

This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for tracking network traffic for local area network (LAN) subnets in a wireless wide area network (WWAN). In some implementations, a UE of the WWAN may assign a unique public IP address to each router of the LAN. The UE may transmit network traffic received from the LAN to the WWAN. The network traffic originating from any router of the LAN may be associated with the unique public IP address that was assigned to that router. The WWAN may use the unique public IP addresses to generate network traffic information that may indicate amounts of network traffic flowing from each router of the LAN. The WWAN, for example, may use the network traffic information to determine billing information for any router in the LAN.

A method for performing Internet reachability management and associated apparatus are provided. The method may include: establishing, by a processor of the UE, a first connection to a first access device; receiving, by the processor, an indicator complying with a first protocol sent from the first access device; in response to receiving the indicator, performing, by the processor, a reachability detection complying with a second protocol to generate a detection result; and in response to the detection result representing that a network is not reachable, performing at least one of: displaying, by a display of the UE, a message or icon to represent the first connection or the network is unavailable; disconnecting, by the processor, the first connection; and establishing, by the processor, a second connection to a second access device.

An analysis system automates IP address structure discovery by deep analysis of sample IPv6 addresses using a set of computational methods, namely, information-theoretic analysis, machine learning, and statistical modeling. The system receives a sample set of IP addresses, computes entropies, discovers and mines address segments, builds a network model of address segment inter-dependencies, and provides a graphical display with various plots and tools to enable a network analyst to navigate and explore the exposed IPv6 address structure. The structural information is then applied as input to applications that include: (a) identifying homogeneous groups of client addresses, e.g., to assist in mapping clients to content in a CDN; (b) supporting network situational awareness efforts, e.g., in cyber defense; (c) selecting candidate targets for active measurements, e.g., traceroutes campaigns, vulnerability assessments, or reachability surveys; and (d) remotely assessing a network's addressing plan and address assignment policy.

The method for an automated IPv6/IPv4 fallback approach in proxy networks is presented. In some embodiments, the method comprises receiving, at a proxy server, a request from a client executing on a client computer for access to a target computer; determining identification-information of the client; determining an address pair including an IPv6 address and an IPv4 address of the proxy server; assigning the address pair to the identification-information of the client; establishing a first communications connection between the client computer and the proxy server using one of IP addresses included in the address pair, and a second communications connection between the proxy server and the target computer using one of IP addresses included in the address pair; and facilitating a network packet flow between the client computer and the target computer using the first communications connection and the second communications connection.

An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.