Abstract: A system, method, and computer program product for implementing network state processing is provided. The method includes detecting operational states for ports of a server Internet protocol (IP) data plane component of an integrated switching device. Each operational state is analyzed and matching and action rules associated with the operational states are generated with respect to data packets arriving at the ports. Data describing each operational state is stored within a port cache structure of a port. An incoming data packet is detected at a first port and the matching and action rules are distributed between port engines of the ports. The matching and action rules are executed with respect to the incoming data packet and the incoming data packet is transmitted to a destination port. Operational functionality of the integrated switching device is enabled with respect to execution of the incoming data packet at the destination port.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A network communication device can receive a private session key from a data processing system. A first work queue element can be received in a send queue of the network communication device. The first work queue element can indicate outbound session data to be communicated to a client device. Responsive to receiving the first work queue element, the network communication device can generate encrypted outbound session data by encrypting the outbound session data using the private session key. The network communication device can communicate, via remote directory memory access (RDMA) over a secured communication tunnel, the encrypted outbound session data to the client device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A protocol stack can be offloaded to a network communication device. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to process headers in the outbound session packets, generate encrypted outbound session packets by encrypting the outbound session packets using the private session key, and communicate to a client device via the secured communication tunnel, the encrypted outbound session packets.

Abstract: Embodiments for providing enhanced endpoint multicast emulation in a computing environment. One or more multicast operations may be executed on an overlay network using endpoint multicast emulation by using an overlay layer or a virtual extensible LAN (“VXLAN”) layer to maintain control over one or more multicast groups.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A system, method, and computer program product for implementing network state processing is provided. The method includes detecting operational states for ports of a server Internet protocol (IP) data plane component of an integrated switching device. Each operational state is analyzed and matching and action rules associated with the operational states are generated with respect to data packets arriving at the ports. Data describing each operational state is stored within a port cache structure of a port. An incoming data packet is detected at a first port and the matching and action rules are distributed between port engines of the ports. The matching and action rules are executed with respect to the incoming data packet and the incoming data packet is transmitted to a destination port. Operational functionality of the integrated switching device is enabled with respect to execution of the incoming data packet at the destination port.

Abstract: A method includes associating overlay network attributes (ONAs) with overlay virtual networks. The ONAs are managed as portable entities. A movement operation is performed on components of at least one overlay virtual network of the overlay virtual networks to servers based on management of the ONAs. An ONA is modified to identify attributes associated with the movement operation of the components of the at least one overlay virtual network.

Abstract: A method includes associating overlay network attributes (ONAs) with overlay virtual networks. The ONAs are managed as portable entities. A movement operation is performed on components of at least one overlay virtual network of the overlay virtual networks to servers based on management of the ONAs. An ONA is modified to identify attributes associated with the movement operation of the components of the at least one overlay virtual network.

Abstract: A method includes associating overlay network attributes (ONAs) with virtual networks. A movement operation is performed that includes re-assigning the virtual networks to servers of overlay networks based on management of the ONAs.

Abstract: In one embodiment, a method includes receiving first overlay network traffic via a first input overlay tunnel at a multi-protocol virtual tunnel end point (VTEP) implemented in an accelerated network interface card (NIC) of a server. The method also includes routing the first overlay network traffic to a second overlay network tunnel which adheres to a second overlay network protocol in response to a determination that a destination of the first overlay network traffic is specified as the second overlay network tunnel. Moreover, the method includes receiving second overlay network traffic via the first input overlay tunnel at the multi-protocol VTEP. The method also includes bridging the second overlay network traffic to a first destination overlay network tunnel terminated at the multi-protocol VTEP in response to a determination that a destination of the second overlay network traffic is specified as the first destination overlay network tunnel.

Abstract: There is a method and system for capability-based resource allocation in a software-defined environment that performs the following steps (not necessarily in the following order): (i) determining a set of capability characteristics for a plurality of workload resources within a software-defined environment; (ii) determining a set of workload components for a specified workload; and (iii) identifying a set of workload resources from the plurality of workload resources to allocate to the specified workload based, at least in part, on the set of capability characteristics corresponding to each workload within the set of workload resources. A workload component of the set of workload components has a unique set of workload characteristics.

Abstract: A method includes associating overlay network attributes (ONAs) with virtual networks. A movement operation is performed that includes re-assigning the virtual networks to servers of overlay networks based on management of the ONAs.

Abstract: Embodiments of the invention relate to providing virtual network domain movement operations for overlay networks. One embodiment includes a method that includes determining one or more overlay network attributes (ONAs) for a plurality of virtual networks. The one or more ONAs are associated with the virtual networks. The one or more ONAs are managed as one or more portable entities by one or more of creating ONAs, deleting ONAs, moving ONAs, combining ONAs and dividing ONAs. A movement operation is performed on the one or more virtual networks among one or more servers of one or more overlay networks based on the management of the one or more ONAs.

Abstract: In one embodiment, a system includes a switch controller configured to communicate with a plurality of network devices in a network. The switch controller includes a processor and logic integrated with and/or executable by the processor. The logic is configured to determine a throughput associated with a workload in the network and select an optimum location for the workload in the network based on the throughput associated with the workload. In another embodiment, a computer program product includes a computer readable storage medium having program code embodied therewith. The embodied program code is readable/executable by a processor to cause the processor to determine a throughput associated a workload in a network. The embodied program code is also readable/executable by the processor to cause the processor to select an optimum location for the workload in the network based on the throughput associated with the workload.

Abstract: In one embodiment, a computer program product includes a computer readable storage medium having program instructions embodied therewith. The embodied program instructions are readable/executable by a processor to receive, by the processor, a packet via a network fabric, the network fabric having a plurality of interconnected fabric switches. The embodied program instructions are also readable/executable by the processor to determine, by the processor, a path through the network fabric by consulting a source-routing table. Moreover, the embodied program instructions are readable/executable by the processor to store, by the processor, source-routing information to a packet header for the packet, the source-routing information including the path. In addition, the embodied program instructions are readable/executable by the processor to send, by the processor, the packet according to an indication in the source-routing information.