Abstract: Techniques are disclosed for utilizing control packets to manage flows by a smart network interface card (smartNIC). In one example, an accelerator determines that a cache entry is a candidate for removal, the cache entry being part of a cache that is managed by the accelerator, the cache entry storing flow state of a particular flow, the accelerator being responsible for forwarding packets associated with the particular flow based at least in part on the flow state, and the flow information formatted utilizing a particular header format. The accelerator generates an instruction to remove the cache entry of the particular flow from the cache based at least in part on receiving the determination that the cache entry is the candidate for removal. The accelerator removes the cache entry of the particular flow from the cache based at least in part on the instruction.

Abstract: Improved network traffic flow processing techniques are described. In a network device providing multiple processing planes, each processing plane comprising multiple processing units, techniques are described that take advantage of flow affinity/locality principles such that the same processing component of a processing plane, which previously performed processing for a network flow, is used for performing subsequent processing for the same network flow. This enables faster processing of network traffic flows by the network device. In certain implementations, the techniques described herein can be implemented in a network virtualization device (NVD) that is configured to perform network virtualization functions.

Abstract: Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service. The systems and methods can further include, prior to the causing, requiring the mobile device to install and launch an application, wherein registration with the security service requires the application; and performing the validation check via the application and a fake check service.

Abstract: Techniques are disclosed for utilizing control packets to manage flows by a smart network interface card (smartNIC). In one example, an accelerator of the smartNIC determines that a cache entry of a cache that is managed by the accelerator is a candidate for removal. The cache entry stores flow state of a particular flow. The accelerator generates a control packet that includes flow information of the particular flow that is formatted utilizing a particular header format, the flow information operable for generating a hash that indexes to the cache entry. The accelerator includes an instruction within the control packet that requests a programming data plane of the smartNIC to provide instructions for removing the cache entry from the cache. Upon receiving the control packet, the programming data plane generates and transmits a second instruction to the accelerator for removing the cache entry from the cache.

Abstract: Techniques are disclosed for utilizing control packets to manage flows by a smart network interface card (smartNIC). In one example, an accelerator of the smartNIC determines that a cache entry of a cache that is managed by the accelerator is a candidate for removal. The cache entry stores flow state of a particular flow. The accelerator generates a control packet that includes flow information of the particular flow that is formatted utilizing a particular header format, the flow information operable for generating a hash that indexes to the cache entry. The accelerator includes an instruction within the control packet that requests a programming data plane of the smartNIC to provide instructions for removing the cache entry from the cache. Upon receiving the control packet, the programming data plane generates and transmits a second instruction to the accelerator for removing the cache entry from the cache.

Abstract: Techniques are disclosed for processing flows by a smart network interface card (smartNIC) based on modifying a packet. In one example, a smartNIC accelerator receives a packet from a first port of the smartNIC, the first port being connected to a splitter device that splits a first data path into a second data path and a third data path, and the packet arriving at the first port via the second data path. The accelerator modifies the packet to indicate that the packet arrived at the first port via the second data path. The accelerator inserts the modified packet into a queue that is associated with both the second data path and the third data path. A programming data plane of the smartNIC receives and then processes the modified packet based on determining that the packet arrived at the first port via the second data path.

Abstract: Techniques are disclosed for migrating one or more services from an edge device to a cloud computing environment. In one example, a migration service receives a request to migrate a first set of services from the edge device to the cloud computing environment. The migration service identifies a hardware profile of a computing device (or devices) of the cloud computing environment that matches the edge device, and then configures the computing device to execute a second set of services that corresponds to the first set of services. The migration service establishes a communication channel between the edge device and the computing device, and then executes a set of migration operations such that the second set of services is configured to execute as the first set of services. The computing device may operate in a virtual bootstrap environment or dedicated region of the cloud computing environment.

Abstract: Systems, methods, and other embodiments associated with performing intrusion detection on load balanced network traffic are described. In one embodiment, a method includes receiving, at a load balancer host, an encrypted data packet from a remote computer. A certificate established between the remote computer and a destination service being accessed by the remote computer is used by the load balancer host to decrypt the encrypted data packet to create an unencrypted data packet. The unencrypted data packet is routed to an intrusion detection system at the load balancer host. The intrusion detection system is controlled to execute intrusion detection upon the unencrypted data packet. A secure connection is established with the destination computing node. The unencrypted data packet is re-encrypted and transmitted over the network using the secure connection to the destination computing node.

Abstract: Technologies are described herein for reducing network traffic when replicating memory data across hosts. The memory data stored in a main memory of the host computer is replicated to a main memory of a second host computer. Memory data from the local data storage of the second host computer and other hosts computers that is a duplicate of memory data from the main memory is identified. Instead of sending the memory data from the main memory that is duplicated, the duplicated memory is copied from the local storage of the second computer or from one or more of the other computers to the main memory of the second host computer.

Abstract: Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service. The systems and methods can further include, prior to the causing, requiring the mobile device to install and launch an application, wherein registration with the security service requires the application; and performing the validation check via the application and a fake check service.

Abstract: Systems, methods, and other embodiments that interrupt multiple processors to process packets of a single flow are described. In one embodiment, a method includes maintaining a plurality of queues to hold interrupt requests created for packets received by a network device. Each queue is associated with a processor that will be interrupted by interrupt requests to process packets. The network device is configured to control how to queue interrupt requests created for a flow of packets. The network device is configured such that when a threshold number of interrupt requests created for the flow of packets have been inserted within a queue, subsequent interrupt requests created for subsequently received packets of the flow are inserted in a different queue. In this way, the network device is controlled to interrupt multiple processors for the flow of packets by queuing interrupt requests for the flow into different queues.

Abstract: Systems, methods, and other embodiments associated with performing intrusion detection on load balanced network traffic are described. In one embodiment, a method includes receiving, at a load balancer host, an encrypted data packet from a remote computer. A certificate established between the remote computer and a destination service being accessed by the remote computer is used by the load balancer host to decrypt the encrypted data packet to create an unencrypted data packet. The unencrypted data packet is routed to an intrusion detection system at the load balancer host. The intrusion detection system is controlled to execute intrusion detection upon the unencrypted data packet. A secure connection is established with the destination computing node. The unencrypted data packet is re-encrypted and transmitted over the network using the secure connection to the destination computing node.

Abstract: Systems, methods, and other embodiments that interrupt multiple processors to process packets of a single flow are described. In one embodiment, a method includes maintaining a plurality of queues to hold interrupt requests created for packets received by a network device. Each queue is associated with a processor that will be interrupted by interrupt requests to process packets. The network device is configured to control how to queue interrupt requests created for a flow of packets. The network device is configured such that when a threshold number of interrupt requests created for the flow of packets have been inserted within a queue, subsequent interrupt requests created for subsequently received packets of the flow are inserted in a different queue. In this way, the network device is controlled to interrupt multiple processors for the flow of packets by queuing interrupt requests for the flow into different queues.

Abstract: In general, techniques are described by which to perform error concealment for audio data using reference pools. A device comprising a memory and a processor may perform the techniques. The memory may store a bitstream. The processor may obtain a reference pool of one or more reference audio frames, each of the one or more reference audio frames representative of a different portion of the audio data. The processor may determine that a current audio frame is unavailable, and obtain, responsive to determining that the current audio frame is unavailable and based on a successive audio frame to the current audio frame in a bitstream, a reference audio frame of the one or more reference audio frames. The processor may replace the current audio frame with the reference audio frame, and render the reference audio frame to one or more speaker feeds.

Abstract: Technologies are described herein for reducing network traffic when replicating memory data across hosts. The memory data stored in a main memory of the host computer is replicated to a main memory of a second host computer. Memory data from the local data storage of the second host computer that is a duplicate of memory data from the main memory is identified. Instead of sending the memory data from the main memory that is duplicated, the duplicated memory is copied from the local storage to the main memory of the second host computer.

Abstract: Technologies are described herein for examining memory data of execution environments to identify potential anomalies. An execution environment is identified as having a potential anomaly. The memory data associated with the execution environment is identified as having a potential anomaly. Checksums may be generated for the identified memory and for memory associated with other execution environments. Execution environments may be identified as having potential anomalies based, at least in part, on a commonality of the memory data of the execution environment that is identified as a having a potential anomaly with the memory data of another execution environment. Different actions may be performed on the execution environments that are identified as having a potential anomaly.

Abstract: A technology is described for identifying a destination physical host used to host a computing instance modeled on a source computing instance. An example method may include obtaining specifications for a source computing instance in preparation to migrate the source computing instance to a destination physical host. A destination physical host may then be identified for hosting a destination computing instance modeled on the source computing instance, where the destination physical host may have specifications determined to support the destination computing instance. A model of the source computing instance as hosted on the source physical host may be compared with a model of the source computing instance as hosted on the destination physical host to identify any conflicts that may prevent the destination physical host from hosting the destination computing instance.

Abstract: Technologies are described herein for reducing network traffic when replicating memory data across hosts. The memory data stored in a main memory of the host computer is replicated to a main memory of a second host computer. Memory data from the local data storage of the second host computer that is a duplicate of memory data from the main memory is identified. Instead of sending the memory data from the main memory that is duplicated, the duplicated memory is copied from the local storage to the main memory of the second host computer.