Automated processes, computing systems, computing devices and other aspects of a data processing system provide improved reliability in delivering digital media content over the Internet or a similar wide area network without sacrificing data security. Content is initially placed into a secure format (e.g., secure hypertext transport protocol (HTTPS) via transport control protocol (TCP) or the like). Prior to transmission on the network, the secure data packets are encapsulated within connectionless frames, such as user datagram protocol (UDP) frames. The client device that receives the encapsulated packets extracts the underlying secure content from the connectionless frames for further processing. The encapsulation into connectionless data frames permits client and server devices to establish effective streaming sessions while preserving the security of the underlying data.

Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

A processor is configured to receive, from a first device, a plurality of first-direction packets belonging to a flow of communication, pass the first-direction packets to a second device, receive, from the second device, a plurality of second-direction packets belonging to the flow, pass the second-direction packets to the first device, calculate, after receiving each of at least some of the second-direction packets, an estimated in-flight number, by assuming that the second-direction packet acknowledges receipt of a number of the first-direction packets that is based on an estimated average number of received first-direction packets acknowledged by the second-direction packets, the estimated in-flight number being an estimated volume of payload data, contained at least partly in the first-direction packets, that has been passed by the processor to the second device but has not yet been received by the second device, and to regulate the flow, based on the estimated in-flight number.

A processor is configured to receive, from a first device, a plurality of first-direction packets belonging to a flow of communication, pass the first-direction packets to a second device, receive, from the second device, a plurality of second-direction packets belonging to the flow, pass the second-direction packets to the first device, calculate, after receiving each of at least some of the second-direction packets, an estimated in-flight number, by assuming that the second-direction packet acknowledges receipt of a number of the first-direction packets that is based on an estimated average number of received first-direction packets acknowledged by the second-direction packets, the estimated in-flight number being an estimated volume of payload data, contained at least partly in the first-direction packets, that has been passed by the processor to the second device but has not yet been received by the second device, and to regulate the flow, based on the estimated in-flight number.

A broadcast signal transmission method comprises outputting an RoHC channel that includes one or more RoHC streams and a signaling table that includes information related to header compression by performing header compression for Internet Protocol (IP) packets, which include broadcast data, in accordance with an adaptation mode, a header of each IP packet including an IP header and a User Datagram Protocol (UDP) header, generating at least one first link layer packet that includes the RoHC channel and generating at least one second link layer packet that includes the signaling table, and physical layer processing the at least one first link layer packet and the at least one second link layer packet and transmitting through one or more Physical Layer Pipes (PLPs), wherein the signaling table includes adaptation mode information indicating the adaptation mode, and each RoHC stream in the RoHC channel includes RoHC packets.

A broadcast signal transmission method comprises outputting an RoHC channel that includes one or more RoHC streams and a signaling table that includes information related to header compression by performing header compression for Internet Protocol (IP) packets, which include broadcast data, in accordance with an adaptation mode, a header of each IP packet including an IP header and a User Datagram Protocol (UDP) header, generating at least one first link layer packet that includes the RoHC channel and generating at least one second link layer packet that includes the signaling table, and physical layer processing the at least one first link layer packet and the at least one second link layer packet and transmitting through one or more Physical Layer Pipes (PLPs), wherein the signaling table includes adaptation mode information indicating the adaptation mode, and each RoHC stream in the RoHC channel includes RoHC packets.

The present specification discloses a data processing method, apparatus, medium and device. The method includes: receiving a QUIC data packet that is sent by a first device and that includes a CID; parsing the CID and determining a routing address based on a parsing result; and routing the received QUIC data packet to a second device based on the routing address, so the second device processes the QUIC data packet. When a data packet sent by a transmitting end device is received, a routing address of data transmission is determined by processing the received data packet, to quickly establish a data transmission channel between the transmitting end device and a receiving end device. As such, stored context information is not required, and connection errors caused by exceptions such as restarting and scaling in/out on a load balancer will not occur, thereby effectively improving processing efficiency of data transmission by using the QUIC protocol.

The present specification discloses a data processing method, apparatus, medium and device. The method includes: receiving a QUIC data packet that is sent by a first device and that includes a CID; parsing the CID and determining a routing address based on a parsing result; and routing the received QUIC data packet to a second device based on the routing address, so the second device processes the QUIC data packet. When a data packet sent by a transmitting end device is received, a routing address of data transmission is determined by processing the received data packet, to quickly establish a data transmission channel between the transmitting end device and a receiving end device. As such, stored context information is not required, and connection errors caused by exceptions such as restarting and scaling in/out on a load balancer will not occur, thereby effectively improving processing efficiency of data transmission by using the QUIC protocol.

Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.