Abstract: Systems and methods are provided for enforcing symmetric flows of cross-region network traffic through firewalls in multi-region network environments. Enforcement may be configured automatically by analyzing network policy data to identify cross-region traffic that is to be firewalled, and configuring gateway nodes in the various regions to implement symmetric bidirectional flows through any firewalls in the communication path. Beneficially, by enforcing symmetric bi-directional flows of traffic through any firewalls in a communication path, the firewalls may maintain the state of a given communication session even when the communication session is between endpoints in different regions that have different architectures.

Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.

Abstract: A method includes monitoring data packets exchanged in a computer network over which documents having respective location identifiers are distributed, so as to detect a request to access a given document. A location identifier of the given document is extracted from the request. The location identifier is provided to a search engine that searches for data in a set of the documents, so as to cause the search engine to add the given document to the set.

Abstract: A method and apparatus is disclosed for preventing loops on a network topology which includes virtual switches and virtual machines. For example, a virtualization management application may prevent loops from being introduced into a network topology where a virtual machine forwards traffic between any two (or more) virtual network interface cards (vNICs). A method to prevent loops may include receiving a request to create a virtual network interface (vNIC) for a virtual machine (VM) instance on a computing system, and in response to determining that the requested vNIC is to be connected to the same network segment as an existing vNIC of the VM instance, failing the request to generate the requested vNIC.

Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.

Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.

Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.

Abstract: Techniques are disclosed for virtualized server kernel and virtual networks consolidation. The network consolidation allows a data center to migrate from an infrastructure that uses multiple dedicated gigabit Ethernet Network Adapters to manage system virtualization and migration to an infrastructure using consolidated, redundant, 10 gigabit Ethernet adapters. Different priority classes may be defined for different classes of network traffic such as hypervisor management traffic, inter-host virtual machine migration traffic, virtual machine production traffic, virtualized switching control plane traffic, etc. Further, an enhanced transmission standard may be used to specify a minimum bandwidth guarantee for certain traffic classes. Thus, the hypervisor management and inter-host virtual machine migration traffic may be transmitted, even the presence of congestion.

Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.

Abstract: A method and apparatus is disclosed for preventing loops on a network topology which includes virtual switches and virtual machines. For example, a virtualization management application may prevent loops from being introduced into a network topology where a virtual machine forwards traffic between any two (or more) virtual network interface cards (vNICs). A method to prevent loops may include receiving a request to create a virtual network interface (vNIC) for a virtual machine (VM) instance on a computing system, and in response to determining that the requested vNIC is to be connected to the same network segment as an existing vNIC of the VM instance, failing the request to generate the requested vNIC.

Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.

Abstract: A method includes monitoring data packets exchanged in a computer network over which documents having respective location identifiers are distributed, so as to detect a request to access a given document. A location identifier of the given document is extracted from the request. The location identifier is provided to a search engine that searches for data in a set of the documents, so as to cause the search engine to add the given document to the set.