Abstract: Automated, intelligent selection of regions for cloud-based firewall deployment and scaling of firewalls down to as few as zero in a cloud region is described herein. The service collects and evaluates Usage metrics pertaining to firewalls deployed in each region are collected and evaluated to determine whether to scale firewalls in a region up or down. Scaling down of firewalls to zero is conditioned on at least one other region having a firewall(s) available for traffic inspection such that the number of total firewalls available for inspection of network traffic is at least one at any given time. When scaling up through deployment of additional firewalls, if endpoint devices located near a region in which a firewall is not available contribute substantially to firewall usage in another region, the region nearest to those endpoint devices is determined and selected for deployment of the additional firewalls.

Abstract: An auto scale monitoring service performs load balancing on a cloud firewall with minimized traffic disruption using eager and lazy load balancing protocols. The auto scale monitoring service operates through an orchestrator that initializes a new firewall and sends forwarding instructions to the new firewall for rerouting excess traffic. The auto scale monitoring service additionally operates through a software-defined wide area network controller that sends routing instructions to a local branch of network devices to reroute to the new firewall from an overloaded current firewall. The eager protocol immediately tears down a tunneling session from the local branch to the current firewall and the lazy protocol gradually tears down this tunneling session. Both protocols properly inform firewalls how to forward ongoing traffic in each case and establish updated traffic flow through a tunneling session from the local branch to the new firewall.

Abstract: Automated, intelligent selection of regions for cloud-based firewall deployment and scaling of firewalls down to as few as zero in a cloud region is described herein. The service collects and evaluates Usage metrics pertaining to firewalls deployed in each region are collected and evaluated to determine whether to scale firewalls in a region up or down. Scaling down of firewalls to zero is conditioned on at least one other region having a firewall(s) available for traffic inspection such that the number of total firewalls available for inspection of network traffic is at least one at any given time. When scaling up through deployment of additional firewalls, if endpoint devices located near a region in which a firewall is not available contribute substantially to firewall usage in another region, the region nearest to those endpoint devices is determined and selected for deployment of the additional firewalls.

Abstract: An auto scale monitoring service performs load balancing on a cloud firewall with minimized traffic disruption using eager and lazy load balancing protocols. The auto scale monitoring service operates through an orchestrator that initializes a new firewall and sends forwarding instructions to the new firewall for rerouting excess traffic. The auto scale monitoring service additionally operates through a software-defined wide area network controller that sends routing instructions to a local branch of network devices to reroute to the new firewall from an overloaded current firewall. The eager protocol immediately tears down a tunneling session from the local branch to the current firewall and the lazy protocols gradually tears down this tunneling session. Both protocols properly inform firewalls how to forward ongoing traffic in each case and establish updated traffic flow through a tunneling session from the local branch to the new firewall.

Abstract: An auto scale monitoring service performs load balancing on a cloud firewall with minimized traffic disruption using eager and lazy load balancing protocols. The auto scale monitoring service operates through an orchestrator that initializes a new firewall and sends forwarding instructions to the new firewall for rerouting excess traffic. The auto scale monitoring service additionally operates through a software defined wide area network controller that sends routing instructions to a local branch of network devices to reroute to the new firewall from an overloaded current firewall. The eager protocol immediately tears down a tunneling session from the local branch to the current firewall and the lazy protocols gradually tears down this tunneling session. Both protocols properly inform firewalls how to forward ongoing traffic in each case and establish updated traffic flow through a tunneling session from the local branch to the new firewall.

Abstract: Techniques for providing flow meta data exchanges between network and security functions for a security service are disclosed. In some embodiments, a system/process/computer program product for providing flow meta data exchanges between network and security functions for a security service includes receiving a flow at a network gateway of a security service from a software-defined wide area network (SD-WAN) device; inspecting the flow to determine meta information associated with the flow; and communicating the meta information associated with the flow to the SD-WAN device.

Abstract: Automated, intelligent selection of regions for cloud-based firewall deployment and scaling of firewalls down to as few as zero in a cloud region is described herein. The service collects and evaluates Usage metrics pertaining to firewalls deployed in each region are collected and evaluated to determine whether to scale firewalls in a region up or down. Scaling down of firewalls to zero is conditioned on at least one other region having a firewall(s) available for traffic inspection such that the number of total firewalls available for inspection of network traffic is at least one at any given time. When scaling up through deployment of additional firewalls, if endpoint devices located near a region in which a firewall is not available contribute substantially to firewall usage in another region, the region nearest to those endpoint devices is determined and selected for deployment of the additional firewalls.

Abstract: Techniques for providing flow meta data exchanges between network and security functions for a security service are disclosed. In some embodiments, a system/process/computer program product for providing flow meta data exchanges between network and security functions for a security service includes receiving a flow at a network gateway of a security service from a software-defined wide area network (SD-WAN) device; inspecting the flow to determine meta information associated with the flow; and communicating the meta information associated with the flow to the SD-WAN device.

Abstract: Techniques for providing flow meta data exchanges between network and security functions for a security service are disclosed. In some embodiments, a system/process/computer program product for providing flow meta data exchanges between network and security functions for a security service includes receiving a flow at a network gateway of a security service from a software-defined wide area network (SD-WAN) device; inspecting the flow to determine meta information associated with the flow; and communicating the meta information associated with the flow to the SD-WAN device.

Abstract: A system includes a content management database configured to access a plurality of media signatures corresponding to a respective plurality of media assets and a signature component configured to process a media request from a requestor to access a given media asset from a content provider via a network and to generate a signature to substantially uniquely identify the given media asset, the signature being derived from media content data corresponding to the given media asset in response to accessing the media content data via the network. The signature component can also be configured to provide to the requestor the given media asset retrieved via the network if the generated media signature does not match any of a plurality of media signatures and provide the given media asset from a content storage system if the generated media signature matches a respective one of the plurality of media signatures.

Abstract: Systems and methods are used for receiving a video request from a user equipment for video to be downloaded; determining a link bandwidth status associated with the user equipment; in response to the link bandwidth status associated with the user equipment, determining whether to implement one or more additional processing functions associated with the video delivery; during the video delivery, repeating the determining such that the one or more additional processing functions associated with the video delivery can be implemented or not implemented at different times during the video delivery. These processing functions can include transrating, HTTP optimization, TCP optimization, and video pacing.

Abstract: User equipments can download a video file by instantiating multiple video requests, each request specifying different parts of the video file. If each video request initiates a separate transmission control protocol (TCP) session, which is the case with an hypertext transfer protocol (HTTP) partial get request, then a network device in a communications network would be oblivious of contextual information, which indicates that the TCP sessions download different portions of the same video file. This disclosure provides systems and methods for correlating multiple TCP sessions so that a network device in a communications network can be aware of the contextual information.

Abstract: A system includes a media optimizer that adaptively generates and transmits a modified manifest file based on an original manifest file corresponding to an associated media asset from a content provider in response to a media content request from a client for the associated media asset. The original manifest file specifies bitrates. The media optimizer extracts parameters associated with the media content request and applies bitrate policies based on the extracted parameters to adaptively modify the original manifest file to generate the modified manifest file. The media optimizer is further configured to transmit the modified manifest file to the client for selection by the client of a bitrate associated with delivery of the associated media asset.

Abstract: Semantic data corresponding to video data may be received. Next, the received semantic data corresponding to the video data may be analyzed. Caching decisions may then be made based upon the analysis of the received semantic data corresponding to the video data.

Abstract: User equipments can download a video file by instantiating multiple video requests, each request specifying different parts of the video file. If each video request initiates a separate transmission control protocol (TCP) session, which is the case with an hypertext transfer protocol (HTTP) partial get request, then a network device in a communications network would be oblivious of contextual information, which indicates that the TCP sessions download different portions of the same video file. This disclosure provides systems and methods for correlating multiple TCP sessions so that a network device in a communications network can be aware of the contextual information.

Abstract: User equipments can download a video file by instantiating multiple video requests, each request specifying different parts of the video file. If each video request initiates a separate transmission control protocol (TCP) session, which is the case with an hypertext transfer protocol (HTTP) partial get request, then a network device in a communications network would be oblivious of contextual information, which indicates that the TCP sessions download different portions of the same video file. This disclosure provides systems and methods for correlating multiple TCP sessions so that a network device in a communications network can be aware of the contextual information.

Abstract: Systems and methods are used for receiving a video request from a user equipment for video to be downloaded; determining a link bandwidth status associated with the user equipment; in response to the link bandwidth status associated with the user equipment, determining whether to implement one or more additional processing functions associated with the video delivery; during the video delivery, repeating the determining such that the one or more additional processing functions associated with the video delivery can be implemented or not implemented at different times during the video delivery. These processing functions can include transrating, HTTP optimization, TCP optimization, and video pacing.

Abstract: Systems and methods are used for receiving a video request from a user equipment for video to be downloaded; determining a link bandwidth status associated with the user equipment; in response to the link bandwidth status associated with the user equipment, determining whether to implement one or more additional processing functions associated with the video delivery; during the video delivery, repeating the determining such that the one or more additional processing functions associated with the video delivery can be implemented or not implemented at different times during the video delivery. These processing functions can include transrating, HTTP optimization, TCP optimization, and video pacing.

Abstract: A method of deployment of virtual machines (VMs) including receiving traffic having characteristics from clients and based on the traffic, dynamically bringing up son VMs and when the traffic goes down, removing the son VMs. Sharing a cache between the son VMs by the VMs directly accessing the cache when receiving traffic from existing clients and performing encryption/decryption for new clients.

Abstract: A fabric system is disclosed. The fabric system may be for a single cloud or multi-cloud environment and includes a services controller. The services controller communicates with at least one of a number of services, which are in turn in communication with an endpoint device. The services controller receives data packets from an open flow switch that is in communication with a client device. The data packets are destined to take a predetermined sub-optimal path through services that are not identical to the services. Based on certain policies, the services controller therefore alters the destined path by re-directing the data packets to an altered path so as to minimize the number of services performed on the data packets and accordingly informs an underlying network of the altered path.