Abstract: Network session identification information is received. The network session identification information is associated with a destination IP address and a destination network port. An available source network port for a new session to be established for a source IP address is determined based on the destination IP address and the destination network port.

Abstract: A method for evaluating health of a distributed network service environment (DNSE) includes determining an application performance measurement (APM) based at least in part on performance metrics (PM) associated with sources, where the sources are associated with the DNSE. The sources include service engine(s) and servers. At least some of the servers are configured to provide a distributed application, and the service engine(s) are configured to provide the servers with a network service and collect at least a part of the PM. The method includes determining a health risk of the DNSE based at least in part on risk parameters obtained by the service engine(s). The method includes combining the APM and the health risk of the DNSE to determine a health indicator. If the indicator indicates a change of the DNSE, a notification of the change is generated. The method includes outputting the notification of the change.

Abstract: In a network with at least a first device already configured to provide a network service to a network application, scaling service capacity includes: configuring one or more second devices to provide the network service to the network application. In embodiments where an upstream network device supports Equal-Cost Multi-Path (ECMP) routing, the upstream network device is configured, including storing a plurality of paths to reach an address associated with a network application, wherein the plurality of paths are equal in cost. In embodiments where the upstream network device does not support ECMP routing, the second device is configured not to respond to an Address Resolution Protocol (ARP) request associated with an Internet Protocol (IP) address of the network application, and the first device is instructed to perform load balancing on network traffic destined for the network application among the first device and the one or more second devices.

Abstract: Determining and presenting traffic patterns includes: obtaining a first set of traffic metrics pertaining to network traffic associated with a plurality of containers of a container-based cloud computing platform, wherein: the plurality of containers supports a plurality of microservices; and a microservice has one or more corresponding microservice instances that execute on one or more of the plurality of containers; transforming the first set of traffic metrics into a second set of traffic metrics, the second set of traffic metrics comprising network traffic information pertaining to at least some of the plurality of microservices, the transformation being based at least in part on information pertaining to the plurality of containers and the plurality of microservices supported by the plurality of containers; constructing a microservice map based on the second set of traffic metrics; and outputting the microservice map.

Abstract: A network request is received. A server is selected among a plurality of servers eligible to handle the network request, wherein selecting the server includes selecting a server in an ordering of the plurality of servers based its load level. The selected server is enabled to handle the network request.

Abstract: Techniques of the present disclosure provide an embodiment of a multistage filter (MSF) that takes a rate limiting parameter. The entries of the MSF are updated upon each access. Each update may cause a different breakdown of entries in the MSF and the entries can be dynamically set to reduce collisions and their impact. In some embodiments, the MSF is: configured based on the rate limiting parameter, used to dynamically monitor network traffic and changing assignments, and adjustable in size. In some embodiments, hashing is performed on a per-row basis and seeding initializes entries of the buckets to entries that are the same within a given row and different within a given column.

Abstract: Managing network ports is disclosed. Network session identification information is received. The network session identification information is associated with a destination IP address and a destination network port. An available source network port is determined using a data structure that is based on the destination IP address and the destination network port.

Abstract: Migrating a network service that is currently being performed by a first device to be performed by a second device includes: instructing the second device to notify an upstream network device to forward traffic that is to be serviced by the network service to the second device instead of to the first device, the network service being associated with an Internet Protocol (IP) address; and instructing the first device to migrate the network service to the second device, wherein the migration includes moving or copying state information associated with an existing flow currently serviced by the first device to the second device; the existing flow being an existing flow between a client application and a network application.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the load balancing state information across a plurality of service engines using a distributed data store service, the distributed data store service being configured to: determine whether in a distributed data store there is an existing entry that corresponds to the load balancing state information; in the event that it is determined that in the distributed data store there is no existing entry that corresponds to the load balancing state information, atomically create a new entry based on the load balancing state information; and distributing the connection to a selected server among a plurality of servers, the selected server being selected based at least in part on the load balancing state information.

Abstract: A network request is received. A server is selected among a plurality of servers eligible to handle the network request, wherein selecting the server includes selecting a first server in an ordering of the plurality of servers that has not reached its load threshold. The selected server is enabled to handle the network request.

Abstract: In a network with at least a first device already configured to provide a network service to a network application, scaling service capacity includes: configuring one or more second devices to provide the network service to the network application. In embodiments where an upstream network device supports Equal-Cost Multi-Path (ECMP) routing, the upstream network device is configured, including storing a plurality of paths to reach an address associated with a network application, wherein the plurality of paths are equal in cost. In embodiments where the upstream network device does not support ECMP routing, the second device is configured not to respond to an Address Resolution Protocol (ARP) request associated with an Internet Protocol (IP) address of the network application, and the first device is instructed to perform load balancing on network traffic destined for the network application among the first device and the one or more second devices.

Abstract: Processing a connection request is disclosed. The connection request is received. It is determined whether the connection request identifies a Transport Layer Security (TLS) ticket that identifies a previously load balanced session. In the event it is determined that the TLS ticket identifies the previously load balanced session, (1) the previously load balanced session that corresponds to the connection request is identified, wherein the previously load balanced session is load balanced to a selected server among a plurality of servers, and (2) the connection request is associated with the identified previously load balanced session.

Abstract: Managing network ports is disclosed. Network session identification information is received. The network session identification information is associated with a destination IP address and a destination network port. An available source network port is determined using a data structure that is based on the destination IP address and the destination network port.

Abstract: Processing a connection request is disclosed. The connection request is received. It is determined whether the connection request identifies a Transport Layer Security (TLS) ticket that identifies a previously load balanced session. In the event it is determined that the TLS ticket identifies the previously load balanced session, (1) the previously load balanced session that corresponds to the connection request is identified, wherein the previously load balanced session is load balanced to a selected server among a plurality of servers, and (2) the connection request is associated with the identified previously load balanced session.

Abstract: Providing a distributed network service includes: receiving network traffic at a first physical device; and executing a service engine to participate in the distributed network service. The distributed network service is provided to at least the first target application instance executing in a first VM on the first physical device, and a second target application instance executing in a second VM on a second physical device; and a shared state of the distributed network service is maintained with respect to the first physical device and the second physical device.

Abstract: A distributed network service platform comprises: a logical data plane configured to process packets that are received by a plurality of physical devices, transmitted by the plurality of physical devices, or both, the logical data plane being physically distributed on the plurality of physical devices; and a logical control plane configured to manage and control the logical data plane, the logical control plane comprising one or more physical control planes operating on one or more physical devices.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the determined load balancing state information across a plurality of service engines, including to invoke an atomic read-miss-create (RMC) function on a distributed data store service; and distributing the connection to a selected server among a plurality of servers according to a result of the RMC function.