Abstract: A method for alleviating flow congestion at forwarding elements is provided. The method receives traffic related data from a plurality of forwarding elements of a network, and based on the traffic related data, determines congestion at a first forwarding element of the plurality of forwarding elements caused by at least one flow passing through the first forwarding element at a first rate. The method calculates, based on a burst size of the at least one flow, a second rate for the at least one flow such that when the at least one flow passes through the first forwarding element at the second rate the congestion at the first forwarding element is alleviated. The method rate limits the at least one flow by passing the at least one flow through a flow rate manager at the calculated second rate before transmitting the at least one flow to the first forwarding element.

Abstract: Disclosed herein is the integration into edge nodes of a telecommunications network system of client computer system and server computer system where the server computer system includes a pool of shareable accelerators and the client computer runs an application program that is assisted by the pool of accelerators. The edge nodes connect to user equipment, and some of the user equipment can themselves act as one of the client computer systems. In some embodiments, the accelerators are GPUs, and in other embodiments, the accelerators are artificial intelligence accelerators.

Abstract: An example method of creating a software image from software executing on a host in a virtualized computing system includes: obtaining, by an image generator executing in the virtualized computing system, an image metadata from the host, the image metadata describing a running image of a hypervisor executing on the host; identifying, from the image metadata, a plurality of software installation bundles (SIBs) used to install the running image on the host; obtaining, from the image metadata, SIB descriptors and SIB signatures for the plurality of SIBs; obtaining, from storage on the host, payloads referenced in the image metadata for the SIBs; and recreating the plurality of SIBs from the SIB descriptors, the SIB signatures, and the payloads.

Abstract: Exemplary methods, apparatuses, and systems include a client virtual machine processing a system call for a device driver to instruct a physical device to perform a function and transmitting the system call to an appliance virtual machine to execute the system call. The client virtual machine determines, in response to the system call, that an established connection with the appliance virtual machine has switched from a first protocol to a second protocol, the first and second protocols including a high-performance transmission protocol and Transmission Control Protocol and Internet Protocol (TCP/IP). The client virtual machine transmits the system call to the appliance virtual machine according to the second protocol. For example, the established connection may switch to the second protocol in response to the client virtual machine migrating to the first host device from a second host device.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for high availability (HA) application migration in a virtualized environment. An example apparatus includes at least one memory, instructions in the apparatus, and processor circuitry to at least one of execute or instantiate the instructions to identify an HA slot in a virtual server rack, the HA slot to facilitate a failover of an application executing on a first virtual machine (VM) in the virtual server rack, the first VM identified as a protected VM, deploy a second VM in the HA slot, transfer data from the first VM to the second VM, and, in response to not identifying a failure of at least one of the first or second VMs during the transfer, trigger a shutdown of the first VM, and synchronize migration data associated with the virtual server rack to identify the second VM as the protected VM.

Abstract: A feature capacity scaling methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature capacity analysis using a forecast performed thereon. Provided the feature capacity analysis determines that features of the components are well utilized, a vertical scaling of the features is performed.

Abstract: Some embodiments provide a method for deploying edge forwarding elements in a public or private software defined datacenter (SDDC). For an entity, the method deploys a default first edge forwarding element to process data message flows between machines of the entity in a first network of the SDDC and machines external to the first network of the SDDC. The method subsequently receives a request to allocate more bandwidth to a first set of the data message flows entering or exiting the first network of the SDDC. In response, the method deploys a second edge forwarding element to process the first set of data message flows of the entity in order to allocate more bandwidth to the first set of the data message flows, while continuing to process a second set of data message flows of the entity through the default first edge node.

Abstract: A disclosed example includes configuring a virtual network and a physical network for at least twenty-four hosts and a top-of-rack switch in less than one minute by: generating, by executing an instruction with one or more processors, network topologies of the hosts based on physical network connection information indicative of physical network connections between the hosts and the top-of-rack switch; determining, by executing an instruction with the one or more processors, whether implementing the network topologies of the hosts concurrently is valid based on an evaluation of the network topologies relative to a network topology validation rule; and configuring, by executing an instruction with the one or more processors, the top-of-rack switch based on one or more of the network topologies.

Abstract: Computer-implemented processes and systems described herein are directed to reducing volumes of data sent from edge devices to a data center. Each edge device runs an agent that collects event information generated by event sources of the edge device in a runtime interval. Each agent reduces the event information to relevant event information at the edge device in accordance with instructions received from a controller server of the data center. The relevant event information contains less information than the event information. Each agent forwards the relevant event information over the internet to external services executed at the data center, where the relevant event information is stored in a data storage device of the data center.

Abstract: The health of a distributed storage system provided by a virtualized computing environment may be evaluated. The evaluation techniques categorize health issues based on at least three categories (e.g., storage data availability and accessibility, storage data performance, and storage space utilization and efficiency), and provide priority levels for the health issues within each category. In this manner, a more user-oriented approach is provided wherein in addition to identifying health issues, the priority/urgency level of the health issue(s) can be provided so as to guide the user (such as a system administrator) in determining an appropriate remedial action to perform and when such remedial action should be performed to address health issues.

Abstract: Exemplary methods, apparatuses, and systems include a file system process obtaining locks on a first node and a second node in a tree structure, with the second node being a child node of the first node. The file system process determines a quantity of child nodes of the second. While holding the locks on the first and second nodes, the file system determines whether to proactively split or merge the second node. In response to determining that the quantity of child nodes is within a first range, the file system process splits the second node. If the file system process determines that the quantity of child nodes is within a second range, the file system process merges the second node.

Abstract: Some embodiments of the invention provide a system for implementing multiple logical routers. The system includes a Kubernetes cluster that includes multiple nodes, with each node executing a set of pods. The set of pods include a first pod for performing a first set of data message processing operations for the multiple logical routers and at least one respective separate pod for each respective logical router of the multiple logical routers. Each respective pod is for performing a respective second set of data message processing operations for the respective logical router.

Abstract: To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not delayed due to multiple requests causing one or more components to stall. In addition, each of these RIC components also has an internal architecture that is designed to operate in a non-blocking manner so that no one process of a component can block the operation of another process of the component. All of these low latency features allow the near RT RIC to serve as a high speed IO between the E2 nodes and the xApps.

Abstract: Some embodiments of the invention provide a method for providing automated admission control services for a RAN system. The method receives a trigger alert that includes an application identifier for an application, a dRIC identifier associated with a dRIC to which the application is to be deployed, and a set of configurations for the application that are in a first format. The method converts the set of configurations from the first format to a second format and sends the set configurations in the second format to an FCAPS management pod deployed to the dRIC. Upon receiving positive acknowledgment indicating successful implementation of the set of configurations from the FCAPS management pod, the method updates a configuration table stored in a database of the RAN with a set of admissions control information for the application. The method sends a notification to an API server for the RAN indicating the set of configurations have been successfully implemented for the application.

Abstract: Disclosed herein are examples of systems and methods for tailoring the posting of notifications based on device activity status. A client device can collect activity data associated with the client device. The client device can provide the activity data to a management service. The client device can receive from the management service a command to disable a capability of an application installed on the client device to post notifications. The client device can cause the capability of the application to post notifications to be disabled.

Abstract: A method enables a user to bypass a pass code, such as personal identification number (PIN), when performing an authentication process between a client device and a gateway/broker of a virtual desktop infrastructure (VDI) provided by a virtualized computing environment. A customized operating system (OS) of the client device includes pre-installed certificates and keys that are used in the authentication process and which are protected by the PIN. Through a public interface, a client device may perform the authentication process without requiring the user to manually enter the PIN.

Abstract: Example methods and systems for intrusion detection with adaptive pattern selection are described. In one example, a computer system may perform pattern selection by selecting a subset from a set of multiple patterns based on metric information. In response to receiving a packet belonging to a flow between a source endpoint and a destination endpoint, a first matching operation may be performed to determine whether the packet is matchable to a particular pattern from the set of multiple patterns or the subset. In response to determination that the packet is matchable to the particular pattern, a second matching operation may be performed to determine whether the packet is matchable to a particular signature. The metric information associated with the particular pattern may be updated based on the first matching operation and/or the second matching operation. This way, the subset may be updated based at least on the updated metric information.

Abstract: In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: determining, at an egress interface of a host that hosts a virtual machine (“VM”), whether a service plane MAC address (“spmac”) in a packet header of a packet, provided to the egress interface, is the same as an inner destination MAC address in the packet; in response to determining that the spmac in the packet header of the packet, provided to the egress interface, is the same as the inner destination MAC address in the packet: encapsulating the packet with a destination virtual tunnel endpoint (“VTEP”) address retrieved from a mapping of VTEP-labels onto VTEP addresses; and causing providing the packet from the egress interface of the host that hosts the VM to a source host that hosts a source guest virtual machine (“GVM”).

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.