Abstract: A network system that implements quality of service (QoS) by rate limiting at a logical network entity is provided. The logical network entity includes multiple transport nodes for transporting network traffic in and out of the logical network entity. The system monitors traffic loads of the multiple transport nodes of the logical network entity. The system allocates a local CR and a local BS to each of the multiple transport nodes. The allocated local CR and the local BS are determined based on the CR and BS parameters of the logical network entity and based on the monitored traffic loads. Each transport node of the logical network entity in turn controls an amount of data being processed by the transport node based on a token bucket value that is computed based on the local CR and the local BS of the transport node.

Abstract: An example method of scheduling a workload in a virtualized computing system including a host cluster having a virtualization layer directly executing on hardware platforms of hosts is described. The virtualization layer supports execution of virtual machines (VMs) and is integrated with an orchestration control plane. The method includes: receiving, at the orchestration control plane, a workload specification for the workload; selecting, at the orchestration control plane, a plurality of nodes for the workload based on the workload specification, each of the plurality of nodes implemented by a host of the hosts; selecting, by the orchestration control plane in cooperation with a virtualization management server managing the host cluster, a node of the plurality of nodes; and deploying, by the orchestration control plane in cooperation with the virtualization management server, the workload on a host in the host cluster implementing the selected node.

Abstract: Examples provide for automatically provisioning hosts in a cloud environment. A cloud daemon generates a cloud host-state configuration, for a given cloud instance of a host, stored on a cloud metadata service prior to first boot of the given cloud instance of the host. A first boot of a plurality of cloud instances of hosts is performed using a stateless, master boot image lacking host-specific configuration data. On completion of the first boot of a given cloud instance of a host, the cloud host-state configuration is installed on the master boot image to generate a self-configured boot image including host-specific configuration data for the given cloud instance of the host. A second boot is performed on the given cloud instance of the host by executing the self-configured boot image to automatically provision the given cloud instance of the host in the cloud environment.

Abstract: Some embodiments of the invention provide a method for implementing an edge device that handles data traffic between a logical network and an external network. The method monitors resource usage of a node pool that includes multiple nodes that each executes a respective set of pods. Each of the pods is for performing a respective set of data message processing operations for at least one of multiple logical routers. The method determines that a particular node in the node pool has insufficient resources for the particular node's respective set of pods to adequately perform their respective sets of data message processing operations. Based on the determination, the method automatically provides additional resources to the node pool by instantiating at least one additional node in the node pool.

Abstract: Some embodiments of the invention provide a method for configuring a physical network card or physical network controller (pNIC) to provide flow processing offload (FPO) for a host computer connected to the pNIC. The host computers host a set of compute nodes in a virtual network. The set of compute nodes are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of interfaces that are assigned physical port identifiers (PPIDs) by the pNIC. The method includes providing the pNIC with a set of mappings between VPIDs and PPIDs. The method also includes sending updates to the mappings as compute nodes migrate, connect to different interfaces of the pNIC, are assigned different VPIDs, etc.

Abstract: The present invention is a highly available system comprising a system to send a plurality of bootstrap requests, at least one cloud proxy fit to receive the plurality of bootstrap requests, wherein each instance of the at least one cloud proxy is coupled with an adapter, and at least one host fit to communicate with one of the at least one cloud proxy.

Abstract: Example methods and systems for accessing data in a log-structured file system having a plurality of snapshots of storage objects backed by a first-level copy-on-write (COW) B+ tree data structure and a plurality of second-level B+ tree data structures have been disclosed. One example method includes obtaining a first first-level mapping associated with a first snapshot from the plurality of snapshots based on a first logical block address, wherein each of the plurality of snapshots corresponds to each of the plurality of second-level B+ tree data structures, identifying a first second-level B+ tree data structure corresponding to one of the plurality of snapshots based on the first first-level mapping, obtaining a first second-level mapping based on the first logical block address in the first second-level B+ tree data structure, obtaining a first physical block address based on the first second-level mapping, and accessing data at the first physical block address.

Abstract: The disclosure provides an approach for secure offloaded data transfer. Embodiments include receiving, by a security component on a client device, from a storage system connected to the client device, a token associated with a data read request corresponding to a source file on the storage system. Embodiments include determining, by the security component, that the source file is trusted. Embodiments include generating, by the security component, an entry in a trusted token cache based on determining that the source file is trusted, wherein the entry comprises the token. Embodiments include receiving, by the security component, a write request corresponding to a destination file on the storage system, wherein the write request comprises the token or a different token. Embodiments include determining, by the security component, based on the trusted token cache, whether to perform one or more operations related to the write request.

Abstract: Some embodiments of the invention provide a method for increasing system capacity of a RIC in a RAN, the RIC including a first datapath pod for forwarding communications between a first set of RAN applications connected to the RIC and a first set of base station components connected to the RIC. The method uses the first datapath pod to forward communications between the first set of RAN applications and the first set of base station components. The method determines that the first datapath pod has insufficient resources for forwarding traffic between the first set of base station components and the first set of RAN applications. Based on said determination, the method configures a second datapath pod on the RIC for forwarding traffic between the first set of base station components and the first set of RAN applications. The method assigns a first subset of the first set base station components to the first datapath pod and a second subset of the first set of base station components to the second datapath pod.

Abstract: A request to configure a platform service associated with a container orchestration system can be received. A plurality of ConfigMaps can be collected from a deployment chart of an application service managed by the container orchestration system. Each of the plurality of ConfigMaps can include platform service configuration data associated with a different version of the platform service. One of the plurality of ConfigMaps can be selected based on a current version of the platform service, and the platform service can be configured using the selected ConfigMap.

Abstract: The present disclosure is related to devices, systems, and methods for placement in a virtualized computing environment based on resource allocation. One embodiment includes instructions to receive a request made by a customer to create a virtual computing instance (VCI) of a project in cloud computing environment and place the VCI.

Abstract: Some embodiments provide a method of reducing network congestion in a virtual network. The method, at a first CFE of the virtual network, receives multiple encapsulated data packets of a data stream. The encapsulated data packets having been encapsulated by a second CFE, operating on a server of the virtual network. The second CFE identifies a load percentage of the server, sets explicit congestion notification (ECN) bits on a percentage of the data packets based on the load percentage of the server, and encapsulates each data packet. The first CFE determines whether to forward a new connection to the second CFE based at least on the percentage of data packets from the first CFE with the ECN bits set.

Abstract: A framework for facilitating communication between a multi-cluster management (MCM) system and the clusters managed by the system is provided. According to one set of embodiments, the framework comprises two independent, unidirectional communications channels: a first channel (i.e., “intent channel”) that flows from the MCM system to each cluster, and a second channel (i.e., “data sync channel”) that flows from each cluster to the MCM system. Through the intent channel, the MCM system can deliver control information to each cluster for actuating management changes/operations therein in a manner that is robust against network dropouts and packet loss. Through the data sync channel, the MCM system can collect and process status information from each cluster (such as, e.g., object state transitions triggered by the control information sent via the intent channel) in a manner that can efficiently scale to support large numbers of clusters.

Abstract: Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first machine in the multiple machines that executes a set of containers belonging to the routable subnet attaches, and (iii) a second identifier associated with a second logical switch designated for the routable subnet. The method generates an API call that maps the VLAN tag and the first identifier to the second identifier. The method provides the API call to a management and control cluster of the SDN.

Abstract: Some embodiments provide a method for a health monitoring service that monitors a system with a set of services executing across a set of one or more datacenters. For each of multiple services monitored by the health monitoring service, the method (1) contacts an API exposed by the service to provide health monitoring data for the service and (2) receives health monitoring data for the service that provides, for each of multiple aspects of the service, (i) a status and (ii) an explanation for the status in a uniform format used by the APIs of each of the services. At least two different services provide health monitoring data in the uniform format for different groups of aspects of the services.

Abstract: Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

Abstract: Disclosed are various approaches for the partitioning of virtualization on systems with multiple core processors. In one approach, hardware extensions for virtualizations are enabled on one or more first cores of a plurality of cores of the processor. The hardware extensions for virtualization are disabled on one or more second cores of the plurality of cores. A virtual machine instance is executed on the first cores having the hardware extensions for virtualization enabled. A real-time operating system is executed on the second cores having the hardware extensions for virtualization disabled.

Abstract: Credentials management and usage in application modernization can be implemented as computer-readable methods, media and systems. A notification identifying an application modernization operation is received. The operation is to be performed on an application deployed by multiple resources arranged in multiple hierarchical levels. A resource residing at a hierarchical level of the multiple hierarchical levels is identified. The application modernization operation is to be performed on the identified resource which has a resource type. A search for a credential is performed. The credential grants access to the resource to enable performing the application modernization operation. In response to the searching, a credential included in the multiple credentials is identified. The identified credential grants access either to the resource or to resources of the resource type. In response to receiving the notification, the identified credential is provided.

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system using a capsule. A management hypervisor installer executed on a host device receives a listing DPU device from a baseboard management controller (BMC). A preinstalled DPU management operating system image is identified for a DPU device from the listing, and is wrapped with a capsule that specifies the capsule as a DPU management operating system image capsule. A server component provides the DPU management operating system image capsule at a particular URI, and the URI is transmitted to the BMC.

Abstract: Some embodiments provide a method for performing deep packet inspection (DPI) for an SD-WAN (software defined, wide area network) established for an entity by a plurality of edge nodes and a set of one or more cloud gateways. At a particular edge node, the method uses local and remote deep packet inspectors to perform DPI for a packet flow. Specifically, the method initially uses the local deep packet inspector to perform a first DPI operation on a set of packets of a first packet flow to generate a set of DPI parameters for the first packet flow. The method then forwards a copy of the set of packets to the remote deep packet inspector to perform a second DPI operation to generate a second set of DPI parameters. In some embodiments, the remote deep packet inspector is accessible by a controller cluster that configures the edge nodes and the gateways.