Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

An apparatus includes an input interface to receive incoming packets from a first network device and an output interface to send outgoing packets to a second network device. Media access control security (MACsec) circuitry is coupled between the input interface and the output interface. Bypass flow-control (FC) circuitry is coupled between the input interface and the MACsec circuitry. The bypass FC circuitry is to detect an FC packet in the incoming packets and pass the FC packet passively to the output interface to enable end-to-end flow control directly between the first network device and the second network device.

Systems and methods for providing Network Address Translation (NAT) are provided. In some embodiments, a method of operating a function entity configured to support NAT includes enabling a Control Plane (CP) function to instruct a User Plane (UP) function to apply a NAT function for at least one specific service data flow. In this way, one or more benefits result such as: introducing a mechanism allowing CP function to instruct UP function to perform NAT function for one or more service data flow(s); when CP and UP function are separated, using NAT function can protect a private network from potential unlawful incursion, and delaying NAT IP address and port allocation and withdrawal at the service initiation and termination can save the public IP address space. Also, one or more improvements such as allowing the network operator to support NAT policies in the context of 4G/5G networks supporting CUPS are disclosed.

Systems and methods for providing Network Address Translation (NAT) are provided. In some embodiments, a method of operating a function entity configured to support NAT includes enabling a Control Plane (CP) function to instruct a User Plane (UP) function to apply a NAT function for at least one specific service data flow. In this way, one or more benefits result such as: introducing a mechanism allowing CP function to instruct UP function to perform NAT function for one or more service data flow(s); when CP and UP function are separated, using NAT function can protect a private network from potential unlawful incursion, and delaying NAT IP address and port allocation and withdrawal at the service initiation and termination can save the public IP address space. Also, one or more improvements such as allowing the network operator to support NAT policies in the context of 4G/5G networks supporting CUPS are disclosed.

This application describes a congestion control method and apparatus. In this application, a network device obtains time information of one or more congestion packets in a sent first data stream, where the one or more congestion packet carries a flag indicating a congestion notification. When the first data stream is congested, the network device obtains a first congestion notification packet based on the time information of the one or more congestion packets in the first data stream, where the first congestion notification packet notifies that a packet is congested beyond a first specified interval. The network device then sends the first congestion notification packet. According to the solutions in this application, a rate of a data stream can be prevented from being increased when the data stream is congested, and packet transmission efficiency is improved.

Provided is a relay device including: a relay unit configured to perform a relay process for a frame transmitted and received between a plurality of function units; and a relay management unit. The relay unit receives, from a function unit, a target frame which is transmitted and received according to a predetermined communication protocol and includes information with which a request source of a service is identifiable and information with which a content of the requested service is identifiable, and the relay unit outputs the received target frame to the relay management unit. The relay management unit performs determination regarding setting change in the relay process of the relay unit, on the basis of the information included in the target frame received from the relay unit, and outputs the target frame to the relay unit or discards the target frame, according to a result of the determination.

Techniques are disclosed for utilizing control packets to manage flows by a smart network interface card (smartNIC). In one example, an accelerator of the smartNIC determines that a cache entry of a cache that is managed by the accelerator is a candidate for removal. The cache entry stores flow state of a particular flow. The accelerator generates a control packet that includes flow information of the particular flow that is formatted utilizing a particular header format, the flow information operable for generating a hash that indexes to the cache entry. The accelerator includes an instruction within the control packet that requests a programming data plane of the smartNIC to provide instructions for removing the cache entry from the cache. Upon receiving the control packet, the programming data plane generates and transmits a second instruction to the accelerator for removing the cache entry from the cache.

A method for controlling network congestion, including overlaying an overlay network packet header on an encapsulation outer layer of a transmit packet, where the overlay network packet header includes an outer Internet Protocol (IP) header, and an explicit congestion notification (ECN) identifier of an ECN is set in the outer IP header, decapsulating the overlay network packet header for an encapsulated reply packet, where an inner congestion identifier that is based on the ECN identifier is obtained from an IP header of the decapsulated reply packet through matching, and if the decapsulated reply packet is a User Datagram Protocol (UDP) packet, forwarding the UDP packet to a preset slow channel.

A system controls a transmission of data. A sensor datum measured by a sensor is received. Whether to send the received sensor datum to a multiplexer is determined based on a predefined real time download rate. When the determination indicates to send the received sensor datum to the multiplexer, the received sensor datum is sent to the multiplexer. When the determination does not indicate to send the received sensor datum to the multiplexer, the received sensor datum is written to a data file. The written sensor datum is sent from the data file to the multiplexer when there is an indicator of excess available bandwidth.

Method for radio communication with base station, by user equipment (UE), apparatus in UE for radio communication with base station, a method for radio communication with a UE by a base station, and an apparatus in a base station for radio communication with a UE are provided. The method for radio communication with a base station, by a UE, includes determining whether to start a first timer based on a predetermined condition, in response to a buffer status reporting triggered; starting the first timer in response to the predetermined condition being satisfied; in response to an uplink resource for a buffer status report transmission being available before the first timer expires, transmitting an uplink packet including a buffer status report using the available uplink resource; and in response to no uplink resource for the buffer status report transmission being available and the first timer expiring, transmitting a scheduling request to the base station.