Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.

Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.

An interconnection device for interconnecting two sub-networks, on which UPnP devices are connected: determines actual IP addresses and port numbers of servers of the UPnP device; allocates a port number to each server, establishes a connection with a UPnP device of the femtocell and a connection with a UPnP device of the local area network; replaces, in frames received via one of said connections, each actual server IP address and port number allocated by the interconnection device to said server; and replaces, in frames received via one of said connections, each actual IP address and port number with an IP address of the interconnection device to said server; and replaces, in said received frames, each IP address of the interconnection device and port number allocated by the interconnection device to a server with the IP address and port number of the corresponding server.

In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.

In a system and method for accessing messages in a data store in a gateway, a data frame request, which is a structured SQL query, is received at the gateway. The received data frame request is applied to the gateway data store, which stores messages. A data frame is generated that comprises messages from the data store that are responsive to the received data frame request, the data frame having a format that is readable by a character editor.

Embodiments of the present invention relate to a centralized table aging module that efficiently and flexibly utilizes an embedded memory resource, and that enables and facilitates separate network controllers. The centralized table aging module performs aging of tables in parallel using the embedded memory resource. The table aging module performs an age marking process and an age refreshing process. The memory resource includes age mark memory and age mask memory. Age marking is applied to the age mark memory. The age mask memory provides per-entry control granularity regarding the aging of table entries.

A method for creating a secure link between any two endpoints in a network comprises: assigning a unique identifier to each endpoint of a network; for each endpoint in the network, transmitting the unique identifiers associated with each of the remaining endpoints in the network to said endpoint; establishing a secure link between a source endpoint and a destination comprising: transmitting a data-session establishment packet from the source endpoint to the destination endpoint via a symmetric NAT device; wherein the data-session establishment packet comprises the unique identifier associated with the source endpoint; performing a matching operation at the destination endpoint to match the unique identifier associated with the source endpoint with a unique identifier known to the destination endpoint; and upon matching of unique identifiers then creating a forwarding table entry for the destination endpoint based on the source address and source port associated with the source endpoint.

Embodiments of the present disclosure relate to determining modification bounds that identify portions of a packet that are safe to modify so that modified portions of the packet may be flushed from a cache to a memory of a network interface card (NIC) of a host system when the entire packet is synchronized from the NIC. A modification bound of the filter may be determined, and a network packet may be received from the NIC. In response to determining that the network packet is to be modified, a portion of the network packet that is safe to modify may be identified based on the modification bound of the filter and modifications may be made thereto. The modified portion of the network packet may be synchronized to the NIC.

An example network orchestrator includes processing circuitry and a memory including instructions that, when executed by the processing circuitry, cause the network orchestrator to determine that a branch site of a WAN includes multiple branch gateways. The network orchestrator further determines that devices of a core site of the WAN and devices of the branch site are members of an extended VLAN. The network orchestrator further transmits a first command to a first branch gateway and a first headend gateway to establish a WAN uplink tunnel to forward data traffic of the extended VLAN. The network orchestrator further transmits a second command to a set of branch gateways of the branch gateway cluster to establish intracluster tunnels with the first branch gateway.

In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.