Techniques are described herein that are capable of load-balancing establishment of connections among groups of connector servers in a public computer network by performing operations that include receiving a connection request from a connector client in a private computer network, requesting establishment of a connection between the connector client and one of the connector servers in the public computer network. A number of connections between the private computer network and each group is determined. An identified group is selected from the groups based at least in part on a number of connections between the private computer network and the identified group being less than or equal to a number of connections between the private computer network and each other group. The connection request is provided toward the identified group, which enables establishment of the connection between the connector client and a connector server in the identified group.

A method and system for a first node to transmit packets to a second none, comprising receiving a packet from a local area network (LAN) interface, inspecting the packet; determining whether the packet satisfies at least one packet condition; transmitting the packet through a predefined tunnel if the packet satisfies the at least one packet condition; transmitting the packet through a second tunnel if the packet does not satisfy the at least one packet condition. The predefined tunnel is a first tunnel and is established before the packet is received by the first node. The second tunnel belongs to a first tunnel group or a second tunnel group. The first tunnel, the second tunnel and other tunnels may together form an aggregated connection. Further, the use of predefined tunnel may be based on whether the packets satisfy a session condition.

A method for managing network connections includes steps of: in response to receipt of a request for establishing a new network connection, storing in a connection-tracking (Conntrack) table an entry of tracked connection data that is related to the new network connection to be established, and updating a current tracked-connection count by adding one thereto; determining a priority level of the new network connection according to a data packet transmitted through the new network connection; and determining whether to output data packets that are received through the new network connection based at least on the current tracked-connection count and the priority level of the new network connection.

Provided is a virtual circuit-based data packet processing method, which includes that: identification information of a next-hop Provider Edge (PE) node of a routing packet and identification information of an Original PE (OPE) node of the routing packet are determined according to the routing packet corresponding to a Virtual Private Network (VPN) service instance; a context virtual circuit is determined, wherein nodes at both ends of the context virtual circuit are respectively the current PE node and the OPE node; a virtual circuit label of the context virtual circuit is determined; a final data packet to be forwarded is obtained by carrying a VPN label of the routing packet and the virtual circuit label with an initial data packet of the VPN service instance; and the final data packet to be forwarded is forwarded to the next-hop PE node.

Systems and techniques are described for a path maximum transmission unit (MTU) discovery method that allows the sender of IP packets to discover the MTU of packets that it is sending over a conduit to a given destination. The MTU is the largest packet that can be sent through the network along a path without requiring fragmentation. The path MTU discovery method actively probes each sending path of each conduit with fragmentation enabled to determine a current MTU and accordingly increase or decrease the conduit MTU. The path MTU discovery process is resilient to errors and supports retransmission if packets are lost in the discovery process. The path MTU discovery process is dynamically adjusted at a periodic rate to adjust to varying network conditions.

A computer system for communicating with an industrial system includes: a data collection server for receiving equipment data from the industrial system and providing a data stream by pre-processing the equipment data according to a plurality of pre-determined rules; a first uni-directional interface for transmitting the data stream to one or more further computer systems; and a second uni-directional interface for receiving a data packet from the one or more further computer systems, the data packet including a control instruction that allows a modification of at least a particular rule of the plurality of the pre-determined rules. The first uni-directional interface includes a data diode. The second unidirectional interface receives the control instruction in a first part of the data packet. The first uni-directional interface receives the first part of the data packet in a size limitation that corresponds to amounts of data required to identify the modification.

An OFS in-band communication method and an OFS are disclosed. The method includes: receiving an LLDP data packet; creating a controller list entry or updating a controller list entry when it is determined, by using a role sub-field, that a sender type of the received LLDP data packet is OFC; acquiring a first-time TCP handshake packet used for establishing a TCP connection, and checking, according to a destination MAC and a destination IP that are carried in the TCP handshake packet, whether a corresponding controller list entry exists in a controller list; and if yes, updating a flow entry according to the MAC, the IP, and the in_port in the corresponding controller list entry in the controller list, so that an OFS can forward, by using a flow table, a packet to be sent to an OFC to the OFC.

Systems and methods provide congruent bidirectional Segment Routing (SR) tunnels, namely congruent and fate-shared traffic forwarding for bidirectional SR tunnels. A bidirectional SR tunnel, as described herein, includes two unidirectional SR tunnels where the forward and reverse traffic directions follow the same path through the network when forwarded based on prefix and adjacency Segment Identifiers (SIDs). The term “congruent” is used herein to refer to the fact that the two unidirectional SR tunnels, i.e., the forward and reverse traffic directions, follow the same path through the network but in opposite directions. The guarantee of congruency is based on modification of the Segment Identifier (SID) configuration at the source nodes of each tunnel. Accordingly, the present disclosure maintains compatibility with existing Segment Routing configurations with the modifications solely at the source nodes.

A RAN based data processing system is configured for content caching with remote charging services. The system can include a base station that includes an antenna, a receiver, a transmitter, a processor, a local cache, and a network interface to a data communications network. The system also can include an RNC coupled to the base station over the data communications network. The system yet further can include a charging service executing in memory of a host computer recording charges for data services provided in the RAN. Finally, the system can include a caching with remote charging module executing by the processor of the base station. The module can include program code enabled to receive a data request from an end user device, to route the request to a content server in a computer communications network through a coupled CN, to receive a response to the request, to cache the response in the local cache, to forward the response to the end user device, and to transmit data characteristic of the response to the charging service external.

Systems and methods for automatically building a deadlock free inter-communication network in a multi-core system are described. The example implementations described herein involve automatically generating internal dependency specification of a system component based on dependencies between incoming/input and outgoing/output interface channels of the component. Dependencies between incoming and outgoing interface channels of the component can be determined by blocking one or more outgoing interface channels and evaluating impact of the blocked outgoing channels on the incoming interface channels. Another implementation described herein involves determining inter-component communication dependencies by measuring impact of a deadlock on the blocked incoming interface channels of one or more components to identify whether a dependency cycle is formed by blocked incoming interface channels.