Abstract: Techniques are described herein that are capable of monitoring connectivity and latency of network links in virtual networks. For instance, a ping agent injects first ping packets into network traffic on behalf of hosts in the virtual network. The ping agent monitors incoming packets to identify first ping response packets, which are in response to the first ping packets, among the incoming packets. A ping responder rule that is included in inbound packet filter rules for a port in a virtual switch intercepts second ping packets in the network traffic. The ping responder rule converts the second ping packets into second ping response packets and injects the second ping response packets into outbound packet filter rules to be transferred to sources from which the second ping packets are received.

Abstract: Techniques are described herein that are capable of monitoring connectivity and latency of network links in virtual networks. For instance, a ping agent injects first ping packets into network traffic on behalf of hosts in the virtual network. The ping agent monitors incoming packets to identify first ping response packets, which are in response to the first ping packets, among the incoming packets. A ping responder rule that is included in inbound packet filter rules for a port in a virtual switch intercepts second ping packets in the network traffic. The ping responder rule converts the second ping packets into second ping response packets and injects the second ping response packets into outbound packet filter rules to be transferred to sources from which the second ping packets are received.

Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.

Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.

Abstract: The present invention extends to methods, systems, and computer program products for offloading packet processing for networking device virtualization. A host maintains rule set(s) for a virtual machine, and a physical network interface card (NIC) maintains flow table(s) for the virtual machine. The physical NIC receives and processes a network packet associated with the virtual machine. Processing the network packet includes the physical NIC comparing the network packet with the flow table(s) at the physical NIC. When the network packet matches with a flow in the flow table(s) at the physical NIC, the physical NIC performs an action on the network packet based on the matching flow. Alternatively, when the network packet does not match with a flow in the flow table(s) at the physical NIC, the physical NIC passes the network packet to the host partition for processing against the rule set(s).

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a controller to determine a behavioral profile of an end user from packet traffic generated by activities of the end user, and share the behavioral profile with a network element for distributing targeted advertisements to the end user according to the behavioral profile. Additional embodiments are disclosed.

Abstract: A cloud computing environment providing a network service for a client computing entity. The network service is not an application level service, but rather a service that operates at or below the network layer in the protocol stack. For instance, the network service might be a network endpoint service such as a network address service (such as DNS) or a dynamic network service (such as DHCP), or a network traffic service such as a firewall service or a secure tunneling service (such as VPN). The service might also provide a pipeline of network services for network level traffic to and from the client computing entity. The cloud environment uses policy to determine which of a plurality of communication channels to use when exchanging cloud service data for the network service.

Abstract: An intelligent lookup service for a network is provided for clients of a network requesting services of the network that intelligently determines, based on a service requirement of the requested service, optimal service endpoint(s) for providing the requested service. The intelligent lookup service can incorporate predetermined mapping policy and traffic measurements into the determination. In addition, a feedback loop is provided from clients and/or service endpoints to the lookup service concerning measurements about prior connections in the network. The lookup service can include a set of beacons distributed in the network and against which measurements about the network are recorded. A client receives, from the lookup service in response to a request for a network address, a set of candidate service endpoints that pertain to the requested network address and the client connects to one of the candidate service endpoints based on policy or context.

Abstract: The present invention extends to methods, systems, and computer program products for offloading packet processing for networking device virtualization. A host maintains rule set(s) for a virtual machine, and a physical network interface card (NIC) maintains flow table(s) for the virtual machine. The physical NIC receives and processes a network packet associated with the virtual machine. Processing the network packet includes the physical NIC comparing the network packet with the flow table(s) at the physical NIC. When the network packet matches with a flow in the flow table(s) at the physical NIC, the physical NIC performs an action on the network packet based on the matching flow. Alternatively, when the network packet does not match with a flow in the flow table(s) at the physical NIC, the physical NIC passes the network packet to the host partition for processing against the rule set(s).

Abstract: Various technologies related to multi-path communications in a data center environment are described herein. Network infrastructure devices communicate traffic flows amongst one another, wherein a traffic flow includes a plurality of data packets intended for a particular recipient computing device that are desirably transmitted and received in a certain sequence. Indications that data packets in the traffic flow have been received outside of the certain sequence are processed in a manner to prevent a network infrastructure device from retransmitting a particular data packet.

Abstract: Method and apparatus for network-level anomaly inference in a network is described. In one example, link load measurements are obtained for multiple time intervals. Routing data for the network is obtained. Link level anomalies are extracted using temporal analysis on the link load measurements over the multiple time intervals. Network-level anomalies are inferred from the link-level anomalies.

Abstract: A system and method of routing communication signals is provided. A first technique uses a packet switched device that operates using Internet Protocol, the packet switched device determines one or more commands based on a routing request to establish, maintain, restore or breakdown one or more communication paths and a circuit switched device that provides physical switching between a plurality of ports based on the one or more commands from the packet switched device. A second technique for expediting error condition information is also provided. As various error conditions are recognized, information relating to the error conditions is provided directly to the packet switched device to enable the packet switched device to restore communications with minimal delay.

Abstract: Disclosed is a method and system for optimizing a first set of rules enforced by a firewall on network traffic. Characteristics of the network traffic are examined and these characteristics are used to generate a second set of rules. The first set of rules may have a different order than the second set of rules.

Abstract: Signaling messages are exchanged for a call between a calling party to a called party. A setup message for the call is exchanged through at least one gate controller. Network resources are reserved for the call based on the exchanged setup messages. An end-to-end message for the call is exchanged without the end-to-end message being routed through the at least one gate controller.

Abstract: Routing network traffic on a computer network is described. In one embodiment, a method is presented which includes transmitting instructions to a client, the instructions executable by the client to request content from two or more content servers, measure two or more network performance characteristics associated with the two or more different content servers, and issue a report to an administrative server. The report may include a first network performance characteristic and a second network performance characteristic. The method may further include selecting a target content server from one of two or more content servers based on comparison of the two or more network performance characteristics; and transmitting routing instructions to an intermediate routing system, the routing instructions executable by the intermediate routing system to direct subsequent content requests transmitted by the client to the target content server.

Abstract: The present invention permits a network operator to maintain a timely view of changes to an operational packet-switched network. In an exemplary embodiment, the method includes subscribing to routing protocol messages received from a plurality of network elements participating in a routing protocol in the packet-switched network. Then, the routing protocol messages from the network elements are received without participating in the routing protocol. Subsequently, the method detects deviations from normal operation of the packet-switched network using the routing protocol messages received from the network elements.

Abstract: An embodiment of the invention is directed to reducing search-response latency. The closest intermediate server can be located between a client computing device and a search engine. A search query is sent to the intermediate server in a first packet of a transport protocol handshake. A plurality of packets are received from the intermediate server. The plurality of packets are used to open a window associated with a transport protocol. A response related to the search query is received by the client.

Abstract: The present invention permits a network operator to maintain a timely view of changes to an operational packet-switched network.

Abstract: A system and method of routing communication signals is provided. A first technique uses a packet switched device that operates using Internet Protocol, the packet switched device determines one or more commands based on a routing request to establish, maintain, restore or breakdown one or more communication paths and a circuit switched device that provides physical switching between a plurality of ports based on the one or more commands from the packet switched device. A second technique for expediting error condition information is also provided. As various error conditions are recognized, information relating to the error conditions is provided directly to the packet switched device to enable the packet switched device to restore communications with minimal delay.

Abstract: The present invention is directed to a method and system for deriving traffic demands for a packet-switched network. A novel model of defining traffic demands as a volume of load originating from an ingress link and destined to a set of egress links enables support for traffic engineering and performance debugging of large operational packet-switched networks.