Abstract: This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

Abstract: Disclosed herein is an authenticating system (150) for auctioning and delivering perishable goods. The system comprises a client tier (152) and a Service Provider (153); each having an electronic device (100) which is operably connected to a secure central cloud resident server (151) through Communication Network for performing auction and delivery activities of perishable goods. The system attaches an encrypted label containing quality attributes, food classification and preparation process to each auctioned item. The system performs batch scheduling of delivery with optimization of time and resource and identifies the closest delivery person (103). The consumer (101) accepts the delivery by decoding and verifying the encrypted label. The system ensures safe and authentic delivery of auctioned item.

Abstract: Systems, methods, and computer readable storage mediums are disclosed for scalable data collection and aggregation of statistics for logical objects of an application centric network. An analytics agent running on a logical object of an application centric network is elected as one of a Designated Stats device (DSD) or a Member Stats device (MSD). If the analytics agent is defined as a DSD, the analytics agent receives data reported from a downstream MSD communicated over the analytics plane and aggregates data from the MSD belonging to the same access control list rule. If the analytics agent is defined as an MSD, the analytics agent selects a DSD and reports the statistics to that DSD over the analytics plane.

Abstract: Presented herein are methodologies for implementing multi-domain cloud security and ways to partition end-points in data center/cloud network topologies into hierarchical domains to increase security and key negotiation efficiency. The methodology includes receiving, from a first endpoint, at a cloud security protocol stack, a packet encrypted in accordance with a cloud security key negotiated between the first endpoint and a second endpoint; extracting a cloud security globally unique domain-id from the packet; querying a cloud security domain repository using the cloud security globally unique domain-id as an index to identify a first cloud security domain, among a plurality of cloud security domains, to which the first endpoint and the second endpoint belong; and selecting the first cloud security domain to process the packet.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

Abstract: Presented herein are methodologies for implementing multi-domain cloud security and ways to partition end-points in data center/cloud network topologies into hierarchical domains to increase security and key negotiation efficiency. The methodology includes receiving, from a first endpoint, at a cloud security protocol stack, a packet encrypted in accordance with a cloud security key negotiated between the first endpoint and a second endpoint; extracting a cloud security globally unique domain-id from the packet; querying a cloud security domain repository using the cloud security globally unique domain-id as an index to identify a first cloud security domain, among a plurality of cloud security domains, to which the first endpoint and the second endpoint belong; and selecting the first cloud security domain to process the packet.

Abstract: Systems, methods, and computer readable storage mediums are disclosed for scalable data collection and aggregation of statistics for logical objects of an application centric network. An analytics agent running on a logical object of an application centric network is elected as one of a Designated Stats device (DSD) or a Member Stats device (MSD). If the analytics agent is defined as a DSD, the analytics agent receives data reported from a downstream MSD communicated over the analytics plane and aggregates data from the MSD belonging to the same access control list rule. If the analytics agent is defined as an MSD, the analytics agent selects a DSD and reports the statistics to that DSD over the analytics plane.

Abstract: Systems, methods, and computer readable storage mediums are disclosed for scalable data collection and aggregation of statistics for logical objects of an application centric network. An analytics agent running on a logical object of an application centric network is elected as one of a Designated Stats device (DSD) or a Member Stats device (MSD). If the analytics agent is defined as a DSD, the analytics agent receives data reported from a downstream MSD communicated over the analytics plane and aggregates data from the MSD belonging to the same access control list rule. If the analytics agent is defined as an MSD, the analytics agent selects a DSD and reports the statistics to that DSD over the analytics plane.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: Heterogeneous capabilities in an overlay fabric may be provided. First, it may be determined that a first link and a second link support a feature. Then the first link and the second link may be traversed with traffic between a host in a first Endpoint Group (EPG) connected to a first leaf switch and a second host in a second EPG connected to a second leaf switch when a topology preference for the feature is indicated for the traffic.

Abstract: Heterogeneous capabilities in an overlay fabric may be provided. First, it may be determined that a first link and a second link support a feature. Then the first link and the second link may be traversed with traffic between a host in a first Endpoint Group (EPG) connected to a first leaf switch and a second host in a second EPG connected to a second leaf switch when a topology preference for the feature is indicated for the traffic.

Abstract: Systems, methods, and computer readable storage mediums are disclosed for scalable data collection and aggregation of statistics for logical objects of an application centric network. An analytics agent running on a logical object of an application centric network is elected as one of a Designated Stats device (DSD) or a Member Stats device (MSD). If the analytics agent is defined as a DSD, the analytics agent receives data reported from a downstream MSD communicated over the analytics plane and aggregates data from the MSD belonging to the same access control list rule. If the analytics agent is defined as an MSD, the analytics agent selects a DSD and reports the statistics to that DSD over the analytics plane.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: Techniques are provided for optimizing bandwidth in a network. Information describing a network bandwidth capacity of a port extender device is received at a switch. The port extender device is connected to the switch. The port extender device is configured to provide ports for the switch. The network bandwidth capacity of the port extender device is compared to a minimum network bandwidth guarantee threshold. If the switch determines that the network bandwidth capacity of the port extender device is below the minimum network guarantee threshold, the switch sends to the port extender device a message configured to cause the port extender to deactivate one or more links between the port extender device and one or more servers in communication with the port extender device.

Abstract: A technique is provided for facilitating fabric membership login for an N_Port of a storage area network. A communication from a network node is received. The communication may include a portion of criteria associated with the N_Port. Using at least a portion of the portion of criteria, a virtual fabric identifier corresponding to a virtual fabric which is associated with the N_Port may be automatically identified. Fabric configuration information, which includes the virtual fabric identifier, may be automatically provided to the network node. A fabric login request from the N_Port to login to the virtual fabric may then be received. According to a specific embodiment, the communication may be transmitted from a network node to an F_Port on a Fibre Channel switch.

Abstract: Techniques are provided for optimizing bandwidth in a network. Information describing a network bandwidth capacity of a port extender device is received at a switch. The port extender device is connected to the switch. The port extender device is configured to provide ports for the switch. The network bandwidth capacity of the port extender device is compared to a minimum network bandwidth guarantee threshold. If the switch determines that the network bandwidth capacity of the port extender device is below the minimum network guarantee threshold, the switch sends to the port extender device a message configured to cause the port extender to deactivate one or more links between the port extender device and one or more servers in communication with the port extender device.