Abstract: Described herein are systems and methods for supporting multicast for virtual networks. In some embodiments, a native multicast approach can utilized in which packet replication is performed on a host node of a virtual machine (VM) with a multicast data packet encapsulated in uniquely address unicast packets. In some embodiments, a network virtual appliance can be utilized. A multicast packet sent from the VM can be unicasted to the network virtual appliance. The multicast appliance can then replicate the packet into multiple copies and send the packets to the receivers in the virtual network as unicast data packets encapsulating the multicast packet.

Abstract: The present disclosure relates to devices, methods, and systems for subscriber identification module (SIM) management for a private mobile network. The methods and systems may include a private mobile network service on a cloud computing system. Users of the cloud computing system may use the private mobile network service to create a private mobile network. The private mobile network service may facilitate the creation of the private mobile network by providing interfaces for secure communications with the users of the cloud computing system, the SIM service partners, and the packet core partners. The mobile network service may also manage the SIM cards for the private mobile networks by coordinating the transmission of the SIM operation details for the SIM cards.

Abstract: A method for providing a managed networking service for a cloud computing system enables users to consume managed virtualized network functions (VNFs) at edge locations. The method includes registering a plurality of third-party vendors for the managed networking service. The plurality of third-party vendors provide a plurality of VNFs for the managed networking service. The method also includes receiving user input from a user of the cloud computing system. The user input includes a request to deploy the plurality of VNFs at an edge location. The plurality of VNFs can be provided by different third-party vendors through the managed networking service. The method also includes causing the plurality of VNFs to be deployed on an edge device that is located at the edge location. The plurality of VNFs can be represented as logical entities in a database that is utilized by the managed networking service.

Abstract: Described herein is a system and method for flow state save/restore of a virtual filtering platform. A first instance of a driver manages policy and flow state for ongoing flows between client device(s) and virtual machine(s). The virtual filtering platform is transitioned from the first instance of a driver to a second instance of the driver by serializing the policy and state for the ongoing flows on the first instance of the driver using a one pass algorithm. The serialized policy and state for the ongoing flows can be de-serialized with the ongoing flows re-established and/or reconciled on the second instance of the driver in accordance with the de-serialized policy and state for the plurality of ongoing flows. In some embodiments, a memory management technique can use a single operating system memory allocation call to allocate memory for the transition, with the technique managing utilization of the allocation memory.

Abstract: The present disclosure relates to devices, methods, and systems for subscriber identification module (SIM) management for a private mobile network. The methods and systems may include a private mobile network service on a cloud computing system. Users of the cloud computing system may use the private mobile network service to create a private mobile network. The private mobile network service may facilitate the creation of the private mobile network by providing interfaces for secure communications with the users of the cloud computing system, the SIM service partners, and the packet core partners. The mobile network service may also manage the SIM cards for the private mobile networks by coordinating the transmission of the SIM operation details for the SIM cards.

Abstract: Described herein are systems and methods for supporting multicast for virtual networks. In some embodiments, a native multicast approach can utilized in which packet replication is performed on a host node of a virtual machine (VM) with a multicast data packet encapsulated in uniquely address unicast packets. In some embodiments, a network virtual appliance can be utilized. A multicast packet sent from the VM can be unicasted to the network virtual appliance. The multicast appliance can then replicate the packet into multiple copies and send the packets to the receivers in the virtual network as unicast data packets encapsulating the multicast packet.

Abstract: The disclosed system implements techniques to enable a tenant of a cloud-based platform to effectively and efficiently apply a policy that copies data packets communicated to or from a virtual machine in the tenant's own virtual network. When applied, the policy mirrors data traffic associated with a workload executing on a virtual machine in the tenant's virtual network. To mirror the data traffic, a copy of a data packet is streamed to another virtual machine so that network analytics can be performed (e.g., performance analytics, security analytics, etc.). In various examples, the policy can be a role-based mirroring policy that defines a plurality of roles in association with a role-based access model that scales operations and that provides improved security for a tenant's virtual network.

Abstract: A method for providing a managed networking service for a cloud computing system enables users to consume managed virtualized network functions (VNFs) at edge locations. The method includes registering a plurality of third-party vendors for the managed networking service. The plurality of third-party vendors provide a plurality of VNFs for the managed networking service. The method also includes receiving user input from a user of the cloud computing system. The user input includes a request to deploy the plurality of VNFs at an edge location. The plurality of VNFs can be provided by different third-party vendors through the managed networking service. The method also includes causing the plurality of VNFs to be deployed on an edge device that is located at the edge location. The plurality of VNFs can be represented as logical entities in a database that is utilized by the managed networking service.

Abstract: Described herein is a system and method for managing network flow state for ongoing flows (connectionless protocol flows and connection-based protocol flows) between client device(s) and a virtual machine using a flow collection data structure (e.g. hash table) having a predefined maximum quantity of ongoing flows that can be managed. When it is determined that the flow collection data structure is managing greater than an acceptable threshold of connectionless protocol flows, at a dynamically adjustable frequency, flow state for more connectionless protocol flow(s) having an unexpired time-to-live are expired. The frequency can be adjusted based upon a rate at which new flows are being created and/or a rate at which flows are being deleted. Also described herein is a system and method in which, at a particular frequency, only a portion of the flows in the flow collection data structure are evaluated in order to minimize impact on packet processing.

Abstract: Described herein is a system and method for flow state save/restore of a virtual filtering platform. A first instance of a driver manages policy and flow state for ongoing flows between client device(s) and virtual machine(s). The virtual filtering platform is transitioned from the first instance of a driver to a second instance of the driver by serializing the policy and state for the ongoing flows on the first instance of the driver using a one pass algorithm. The serialized policy and state for the ongoing flows can be de-serialized with the ongoing flows re-established and/or reconciled on the second instance of the driver in accordance with the de-serialized policy and state for the plurality of ongoing flows. In some embodiments, a memory management technique can use a single operating system memory allocation call to allocate memory for the transition, with the technique managing utilization of the allocation memory.

Abstract: Described herein are systems and methods for supporting multicast for virtual networks. In some embodiments, a native multicast approach can utilized in which packet replication is performed on a host node of a virtual machine (VM) with a multicast data packet encapsulated in uniquely address unicast packets. In some embodiments, a network virtual appliance can be utilized. A multicast packet sent from the VM can be unicasted to the network virtual appliance. The multicast appliance can then replicate the packet into multiple copies and send the packets to the receivers in the virtual network as unicast data packets encapsulating the multicast packet.

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

Abstract: A method for providing a managed networking service for a cloud computing system enables users to consume managed virtualized network functions (VNFs) at edge locations. The method includes registering a plurality of third-party vendors for the managed networking service. The plurality of third-party vendors provide a plurality of VNFs for the managed networking service. The method also includes receiving user input from a user of the cloud computing system. The user input includes a request to deploy the plurality of VNFs at an edge location. The plurality of VNFs can be provided by different third-party vendors through the managed networking service. The method also includes causing the plurality of VNFs to be deployed on an edge device that is located at the edge location. The plurality of VNFs can be represented as logical entities in a database that is utilized by the managed networking service.

Abstract: Virtual networks located in different regions of cloud provider are peered using unique regional identifiers for the virtual networks. The regional identifiers and other information are pushed down a network management stack to implement the peering.

Abstract: Techniques are described herein that are capable of monitoring connectivity and latency of network links in virtual networks. For instance, a ping agent injects first ping packets into network traffic on behalf of hosts in the virtual network. The ping agent monitors incoming packets to identify first ping response packets, which are in response to the first ping packets, among the incoming packets. A ping responder rule that is included in inbound packet filter rules for a port in a virtual switch intercepts second ping packets in the network traffic. The ping responder rule converts the second ping packets into second ping response packets and injects the second ping response packets into outbound packet filter rules to be transferred to sources from which the second ping packets are received.

Abstract: Described herein is a system and method for flow state save/restore of a virtual filtering platform. A first instance of a driver manages policy and flow state for ongoing flows between client device(s) and virtual machine(s). The virtual filtering platform is transitioned from the first instance of a driver to a second instance of the driver by serializing the policy and state for the ongoing flows on the first instance of the driver using a one pass algorithm. The serialized policy and state for the ongoing flows can be de-serialized with the ongoing flows re-established and/or reconciled on the second instance of the driver in accordance with the de-serialized policy and state for the plurality of ongoing flows. In some embodiments, a memory management technique can use a single operating system memory allocation call to allocate memory for the transition, with the technique managing utilization of the allocation memory.

Abstract: A method for providing a managed networking service for a cloud computing system enables users to consume managed virtualized network functions (VNFs) at edge locations. The method includes registering a plurality of third-party vendors for the managed networking service. The plurality of third-party vendors provide a plurality of VNFs for the managed networking service. The method also includes receiving user input from a user of the cloud computing system. The user input includes a request to deploy the plurality of VNFs at an edge location. The plurality of VNFs can be provided by different third-party vendors through the managed networking service. The method also includes causing the plurality of VNFs to be deployed on an edge device that is located at the edge location. The plurality of VNFs can be represented as logical entities in a database that is utilized by the managed networking service.

Abstract: The techniques described herein enable a private connectivity solution between a virtual network of a service consumer and a virtual network of a service provider in a cloud-based platform. The techniques map a service (e.g., one or more workloads or containers) executing in the virtual network of the service provider into the virtual network of the service consumer. The mapping uses network address translation (NAT) that is performed by the cloud-based infrastructure. As a result of the techniques described herein, a public Internet Protocol (IP) address does not need to be used to establish a connection thereby alleviating privacy and/or security concerns for the virtual networks of the service provider and/or the service consumer that are hosted by the cloud-based platform.

Abstract: Techniques for allowing access to shared cloud resource using private network addresses are disclosed herein. In one embodiment, a connection packet representing a connection request to a shared cloud resource in the cloud computing system can be intercepted. In response, the connection packet can be encapsulated with data representing one or more of a VNET ID, a VNET source address, or a VNET destination address of a virtual network from which the connection packet is received. The encapsulated connection packet can then be forwarded to the shared cloud resource while retaining the data representing one or more of the VNET ID, the VNET source address, or the VNET destination address for access control at the shared cloud resource.

Abstract: Described herein is a system and method for managing network flow state for ongoing flows (connectionless protocol flows and connection-based protocol flows) between client device(s) and a virtual machine using a flow collection data structure (e.g. hash table) having a predefined maximum quantity of ongoing flows that can be managed. When it is determined that the flow collection data structure is managing greater than an acceptable threshold of connectionless protocol flows, at a dynamically adjustable frequency, flow state for more connectionless protocol flow(s) having an unexpired time-to-live are expired. The frequency can be adjusted based upon a rate at which new flows are being created and/or a rate at which flows are being deleted. Also described herein is a system and method in which, at a particular frequency, only a portion of the flows in the flow collection data structure are evaluated in order to minimize impact on packet processing.