Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.

Abstract: Systems and techniques are described to facilitate using secure tokens for stateless software defined networking. An initial configuration may be created for deploying a network device at a deployment site. A cryptographically secure certificate may be created that includes the initial configuration for deploying the network device at the deployment site. The cryptographically secure certificate may be stored in a secure token that can be inserted into a secure token reader that is located at the deployment site and communicatively coupled to the device at the deployment site. The network device may then be configured at the deployment site by using the secure token.

Abstract: Systems and techniques are described for preventing data leaks from a network. A set of sensitive files or sensitive data that includes sensitive information can be received, and a first set of labels can be determined based on the set of sensitive files or sensitive data. An apparatus can then receive data that is to be checked for sensitive information, and determine a second set of labels based on the data. Next, the apparatus can match the second set of labels with the first set of labels. The apparatus can then determine whether or not the data includes sensitive information based on a result of said matching, and perform a data leak prevention action if it is determined that the data includes sensitive information.

Abstract: Systems and techniques are described for performing automatic problem diagnosis. Telemetry data of a system can be analyzed to identify a set of time ranges during which the telemetry data exhibits anomalous behavior. Next, a subset of log entries having a timestamp that is in one of the time ranges in set of time ranges can be extracted from a set of log entries generated by the system. The subset of log entries can then be analyzed, by using natural language processing, to identify a subset of the subset of log entries that has a high likelihood to be associated with one or problems in the system. Next, human-readable text can be extracted from the subset of the subset of log entries. A knowledge database can then be searched by using the human-readable text to identify one or more solutions to resolve the one or more problems in the system.

Abstract: Embodiments provide systems, methods, and computer program products to generate a network topology. Internet Protocol (IP) addresses may be collected that immediately precede a first IP address in a set of IP-address-sequences to obtain a first set of previous-hop IP addresses, where each IP-address-sequence in the set of IP-address-sequences comprises a sequence of IP addresses traversed by at least one packet. Next, each IP address in the first set of previous-hop IP addresses may be associated with a first logical node in the network topology.

Abstract: Systems and techniques are described for controlling injection of a library into a process. Specifically, some embodiments provide an Advanced Injection Rule Engine (AIRE), which uses a set of rules to selectively inject a library, e.g., a dynamic-link library (DLL), into a process. Some embodiments implement a Domain Specific Language (DSL), called AIRE Script, to define the injection rules that are used by the AIRE at runtime.

Abstract: Systems and techniques are described for configuring path selection in a network. The network can comprise a first router, a second router, a third router, a fourth router, and an intermediary device. The second router can be configured to use Differentiated Services Code Point (DSCP) while routing packets so that packets with a first DSCP value are routed through the third router, and packets with a second DSCP value are routed through the fourth router. The intermediary device can be configured to: (1) transparently intercept a packet forwarded by the first router to the second router, (2) determine whether the packet is to be routed through the third router or the fourth router, (3) modify a DSCP field in the packet based on said determining, and (4) forward the packet to the second router.

Abstract: Systems and techniques are described for ensuring that policies are consistently applied to traffic across an overlay network. An application identifier associated with a forward traffic flow and a corresponding reverse traffic flow can be determined by a device that routes packets of both the forward traffic flow and the corresponding reverse traffic flow. Next, an overlay header can be added to each packet in the forward traffic flow and to each packet in the corresponding reverse traffic flow, wherein the overlay header comprises the application identifier, a policy identifier, and a policy action. Each device in the overlay network can then apply the policy action specified in the overlay header of each packet that it routes.

Abstract: Systems and techniques are described for creating a software-defined wide-area-network (SD-WAN) enabled network fabric for containers. Embodiments can configure one or more virtual networks on a network node, wherein the one or more virtual networks are used for creating the SD-WAN enabled network fabric for containers. Next, the embodiments can deploy a virtual gateway on the network node by executing the virtual gateway image. The embodiments can then create a container network interface configuration based on network address information of the one or more virtual networks and the virtual gateway, and execute the container network interface configuration, thereby enabling containers on the network node to communicate via the SD-WAN enabled network fabric.

Abstract: Some embodiments described herein provide a combination of a layer 3 (L3) hop with layer 2 (L2) bypass/fail-to-wire in a network device. Specifically, some embodiments place the network device between two routers, thereby becoming a L3 hop between the two routers. The existing route between the two routers is preserved by using L2 bypass through the network device. If the network device fails, then the physical fail-to-wire will be engaged, removing its L3 hop, but preserving the L2 bypass.

Abstract: Systems and techniques are described for calculating performance improvement achieved and/or expected to be achieved by optimizing a network connection. Network characteristics can be measured for non-optimized network connections. Next, the network characteristics can be analyzed to obtain a set of non-optimized connection groups, wherein each non-optimized connection group corresponds to non-optimized network connections that have similar network characteristics. Network characteristics for an optimized network connection can be measured. Next, a non-optimized connection group can be identified based on the network characteristics that were measured for the optimized network connection. A performance improvement metric can then be calculated based on a throughput of the optimized network connection and corresponding throughputs of non-optimized network connections in the identified non-optimized connection group.

Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.

Abstract: Systems and techniques are described for compressing strings by using a tree data structure. Specifically, for each string in a sequence of strings, the embodiments can traverse the tree data structure by matching characters of the string with characters associated with nodes of the tree data structure until either (1) all characters in the string have been processed, or (2) a current character in the string does not match a corresponding character in a current node of the tree data structure. Next, a first node identifier associated with the current node can be returned if all characters have been processed. Otherwise, a new node can be created in the tree data structure to store the remaining characters in the string, and a second node identifier associated with the new node in the tree data structure can be returned.

Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.

Abstract: Systems and techniques are described for applying a set of policy rules to network traffic. During operation, conditions specified in the set of policy rules can be evaluated, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression. Next, a subset of policy rules can be selected whose conditions evaluated as true. A highest precedence policy rule from the subset of policy rules can then be identified by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities. Finally, an action that is specified in the highest precedence policy rule can be performed.

Abstract: Systems, methods, and computer program embodiments are disclosed for adaptively displaying application performance data. In an embodiment, a plurality of performance monitoring data sources may be identified based on an application model that defines the topological structure of a software application. A request may be received for performance data associated with the application. One or more content options may then be determined based on the received request, and each content option may include one or more target performance metrics. Each content option may also be associated with one or more data sources. For each content option, the associated data sources may be queried to identify available data sources containing relevant performance data. A content option may be selected from the determined content options based on a priority associated with the content option. The performance data corresponding to the selected content option may subsequently be retrieved and presented for display.

Abstract: An interactive virtualization management system provides an assessment of proposed or existing virtualization schemes. A Virtual Technology Overhead Profile (VTOP) is created for each of a variety of configurations of host computer systems and virtualization technologies by measuring the overhead experienced under a variety of conditions. The multi-variate overhead profile corresponding to each target configuration being evaluated is used by the virtualization management system to determine the overhead that is to be expected on the target system, based on the particular set of conditions at the target system. Based on these overhead estimates, and the parameters of the jobs assigned to each virtual machine on each target system, the resultant overall performance of the target system for meeting the performance criteria of each of the jobs in each virtual machine is determined, and over-committed virtual machines and computer systems are identified.

Abstract: A wireless access point array having a plurality of access point radios, a monitor radio and an array controller. The array controller includes processes, methods and functions for verifying the operation of the access point radios. The access point radios may be verified by attempting to establish a data connection between the monitor radio and each of the access point radios.

Abstract: A method includes transmitting, by a distribution server, to each of a plurality of worker computers, a request for an enumeration of Internet Protocol (IP) addresses ranked according to a criterion. The method includes receiving, by the distribution computer, from a first of the plurality of worker computers, a first partial enumeration of the requested IP addresses ranked according to the criterion, the first partial enumeration stored in a hash table. The method includes receiving, by the distribution computer, from a second of the plurality of worker computers, a second partial enumeration of the requested IP addresses ranked according to the criterion, the second partial enumeration stored in a hash table. The method includes generating, by the distribution computer, a combined enumeration including the first partial enumeration and the second partial enumeration, the combined enumeration ranked according to the criterion. The distribution computer deduplicates the combined enumeration.

Abstract: Systems and techniques are described for configuring path selection in a network. The network can comprise a first router, a second router, a third router, a fourth router, and an intermediary device. The second router can be configured to use Differentiated Services Code Point (DSCP) while routing packets so that packets with a first DSCP value are routed through the third router, and packets with a second DSCP value are routed through the fourth router. The intermediary device can be configured to: (1) transparently intercept a packet forwarded by the first router to the second router, (2) determine whether the packet is to be routed through the third router or the fourth router, (3) modify a DSCP field in the packet based on said determining, and (4) forward the packet to the second router.