Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.

Abstract: Establishing proxy-less connectivity from logically isolated virtual private clouds (VPC)within a cloud environment without the use of VPN or VPC peering is provided. Establishing a service attachment in one VPC, related to a service which is to be accessed, and a service endpoint in another VPC allows for private communication between the two networks without exposing the service to other VPCs in the cloud environment.

Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.

Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. An example apparatus includes memory, instructions, and processor circuitry to execute the instructions. The processor circuitry is to convert first network state data in a first format to a first data tuple in a unified format, the first network state data from a first cloud management application that manages a first aspect of a network and convert second network state data in a second format to a second data tuple in the unified format, the second network state data from a second cloud management application that manages a second aspect of the network, the first format different than the second format.

Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. An example computer readable storage device includes instructions that, when executed, cause processor circuitry to at least identify a proposed change to a state of a network. The example instructions, when executed, also cause the processor circuitry to, in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change. In some examples, the instructions, when executed, cause the processor circuitry to, when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. A computer readable storage device comprising instructions that, when executed, cause a processor to at least: identify a proposed change to a state of a network; in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change.

Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of declared policies. The method stores network state data received from a plurality of data sources as a set of tables. The method receives a declaration of a policy that specifies a set of conditions for a particular set of network state entities received from at least two of the data sources. The set of conditions is specified as an existence of a set of data tuples involving the set of network state entities in the stored set of tables. The method monitors the network state data according to the declared policy.

Abstract: Some embodiments provide a method for a system that enforces policy for a network. The method receives (i) a first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format and (ii) a second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format. The method stores the first and second sets of network state data in a single, unified data format. The method monitors the stored sets of network state data to determine whether the network state violates one or more network policies that constrain the network state received from the first and second cloud management applications.

Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of network policies. The method stores network state data that describes the network. The method identifies that a first set of stored network state data violates a particular policy declared for the network. The method issues a command to a first cloud management application to modify the network state data such that the modified network state data does not violate the particular policy. The method determines whether a requested action that modifies a second set of network state data, received from a second cloud management application, violates any policies. The method responds to the second cloud management application to permit the requested change when the modified second set of network state data does not violate any policies and deny the requested change when the modified second set of network state data violates the particular policy.

Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of network policies. The method stores network state data that describes the network. The method identifies that a first set of stored network state data violates a particular policy declared for the network. The method issues a command to a first cloud management application to modify the network state data such that the modified network state data does not violate the particular policy. The method determines whether a requested action that modifies a second set of network state data, received from a second cloud management application, violates any policies. The method responds to the second cloud management application to permit the requested change when the modified second set of network state data does not violate any policies and deny the requested change when the modified second set of network state data violates the particular policy.

Abstract: Some embodiments provide a method for a system that enforces policy for a network. The method receives (i) a first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format and (ii) a second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format. The method stores the first and second sets of network state data in a single, unified data format. The method monitors the stored sets of network state data to determine whether the network state violates one or more network policies that constrain the network state received from the first and second cloud management applications.

Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of declared policies. The method stores network state data received from a plurality of data sources as a set of tables. The method receives a declaration of a policy that specifies a set of conditions for a particular set of network state entities received from at least two of the data sources. The set of conditions is specified as an existence of a set of data tuples involving the set of network state entities in the stored set of tables. The method monitors the network state data according to the declared policy.

Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.

Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.