Abstract: A computing apparatus for providing a node within a distributed network function, including: a hardware platform; a network interface to communicatively couple to at least one other peer node of the distributed network function; a distributor function including logic to operate on the hardware platform, including a hashing module configured to receive an incoming network packet via the network interface and perform on the incoming network packet a first-level hash of a two-level hash, the first level hash being a lightweight hash with respect to a second-level hash, the first level hash to deterministically direct a packet to one of the nodes of the distributed network function as a directed packet; and a denial of service (DoS) mitigation engine to receive notification of a DoS attack, identify a DoS packet via the first-level hash, and prevent the DoS packet from reaching the second-level hash.

Abstract: Methods and apparatus for facilitating efficient Quality of Service (QoS) support for software-based packet processing by offloading QoS rate-limiting to NIC hardware. Software-based packet processing is performed on packet flows received at a compute platform, such as a general purpose server, and/or packet flows generated by local applications running on the compute platform. The packet processing includes packet classification that associates packets with packet flows using flow IDs, and identifying a QoS class for the packet and packet flow. NIC Tx queues are dynamically configured or pre-configured to effect rate limiting for forwarding packets enqueued in the NIC Tx queues. New packet flows are detected, and mapping data is created to map flow IDs associated with flows to the NIC Tx queues used to forward the packets associated with the flows.

Abstract: Methods and apparatus to support multiple-writer/multiple-reader concurrency for software flow/packet classification on general purpose multi-core systems. A flow table with rows mapped to respective hash buckets with multiple entry slots is implemented in memory of a host platform with multiple cores, with each bucket being associated with a version counter. Multiple writer and reader threads are run on the cores, with writers providing updates to the flow table data. In connection with inserting new key data, a determination is made to which buckets will be changed, and access rights to those buckets are acquired prior to making any changes. For example, under a flow table employing cuckoo hashing, access rights are acquired to buckets along a full cuckoo path.

Abstract: Particular embodiments described herein provide for a system that can be configured to initialize a gateway, assign a range of tunnel endpoint identifiers (TEID) to the gateway, where the range of TEIDs are associated with the gateway, and communicate the range of TEIDs to routers, where each TEID in the range of TEIDs is used to by the router to route packets to the gateway. In an example, the range of TEIDS associated with the gateway are assigned to the gateway when the gateway was initialized and the gateway assigns the TEID for the session.

Abstract: Devices and techniques for hardware accelerated packet processing are described herein. A device can communicate with one or more hardware switches. The device can detect characteristics of a plurality of packet streams. The device may distribute the plurality of packet streams between the one or more hardware switches and software data plane components based on the detected characteristics of the plurality of packet streams, such that at least one packet stream is designated to be processed by the one or more hardware switches. Other embodiments are also described.

Abstract: In the present disclosure, functions associated with the central office of an evolved packet core network are co-located onto a computer platform or sub-components through virtualized function instances. This reduces and/or eliminates the physical interfaces between equipment and permits functional operation of the evolved packet core to occur at a network edge.

Abstract: Technologies for managing lookup tables are described. The lookup tables may be used for a two-level lookup scheme for packet processing. When the tables need to be updated with a new key for packet processing, information about the new key may be added to a first-level lookup table and a second-level lookup table. The first-level lookup table may be used to identify a handling node for an obtained packet, and the handling node may perform a second-level table lookup to obtain information for further packet processing. The first lookup table may be replicated on all the nodes in a cluster, and the second-level lookup table may be unique to each node in the cluster. Other embodiments are described herein and claimed.

Abstract: Technologies for identifying a cache line of a network packet for eviction from an on-processor cache of a network device communicatively coupled to a network controller. The network device is configured to determine whether a cache line of the cache corresponding to the network packet is to be evicted from the cache based on a determination that the network packet is not needed subsequent to processing the network packet, and provide an indication that the cache line is to be evicted from the cache based on an eviction policy received from the network controller.

Abstract: Generally discussed herein are systems, devices, and methods for routing interests and/or content in an information centric network. A router can include a memory and routing circuitry coupled to the memory, the routing circuitry configured to receive a packet, receive one or more attributes including at least one of (1) a network attribute, (2) a platform attribute, and (3) a content attribute, determine which neighbor node is to receive the packet next based on the received one or more attributes, and forward the packet to the determined neighbor node.

Abstract: Generally discussed herein are systems, devices, and methods for interfacing between a host-oriented network (HON) and an information-centric network (ICN). A device can include a first interface to couple to a host-oriented network (HON), a second interface to couple to an information-centric network (ICN), a memory including data stored thereon mapping named data in the ICN to a respective host in the HON, and content processing circuitry to receive an interest packet or content packet from the ICN through the first interface, produce a corresponding HON packet based on the mapping in the memory, and provide the HON packet to the HON through the second interface.

Abstract: Generally discussed herein are systems, devices, and methods for managing content of an information centric network (ICN). A component of an ICN can include a memory including an extended content store that includes content from at least one other component of the ICN, and first attributes of the content, the first attributes including a content popularity value that indicates a number of requests for the content, and processing circuitry to increment the content popularity value in response to a transmission of a first content packet that includes the content, the first content packet transmitted in response to receiving an interest packet.

Abstract: Generally discussed herein are systems, devices, and methods for populating a cache in an information-centric network. A device of an ICN can include a content store including published content and attributes of the published content stored thereon, the attributes including at least two of a device from which the content originated attribute, a lineage attribute, and a service level agreement attribute, and content processing circuitry coupled to the content store, the content processing circuitry configured to manage the published content based on the attributes.

Abstract: The present disclosure describes a process and apparatus for improving insertions of entries into a hash table. A large number of smaller virtual buckets may be combined together and associated with buckets used for hash table entry lookups and/or entry insertion. On insertion of an entry, hash table entries associated with a hashed-to virtual bucket may be moved between groups of buckets associated with the virtual bucket, to better distribute entries across the available buckets to reduce the number of entries in the largest buckets and the standard deviation of the bucket sizes across the entire hash table.

Abstract: Methods and apparatus for facilitating efficient Quality of Service (QoS) support for software-based packet processing by offloading QoS rate-limiting to NIC hardware. Software-based packet processing is performed on packet flows received at a compute platform, such as a general purpose server, and/or packet flows generated by local applications running on the compute platform. The packet processing includes packet classification that associates packets with packet flows using flow IDs, and identifying a QoS class for the packet and packet flow. NIC Tx queues are dynamically configured or pre-configured to effect rate limiting for forwarding packets enqueued in the NIC Tx queues. New packet flows are detected, and mapping data is created to map flow IDs associated with flows to the NIC Tx queues used to forward the packets associated with the flows.

Abstract: Technologies for bridging between coarse-grained and fine-grained load balancing include a computing node of a cluster computing device and a network controller. The computing node may add a flow entry to a local flow table based on flow information received from the network controller. The computing node may transmit a multicast network packet including the flow information and next hop information to other computing nodes of the cluster device. The computing node may also add a different flow entry to the local flow table and a next hop entry to a local next hop table based on a multicast network packet received from another computing node of the cluster device. The computing node may locally process a network packet received from a remote computing device or forward the received network packet to another computing node of the cluster device based on the flow entries added to the local flow table.

Abstract: Technologies for distributed table lookup via a distributed router includes an ingress computing node, an intermediate computing node, and an egress computing node. Each computing node of the distributed router includes a forwarding table to store a different set of network routing entries obtained from a routing table of the distributed router. The ingress computing node generates a hash key based on the destination address included in a received network packet. The hash key identifies the intermediate computing node of the distributed router that stores the forwarding table that includes a network routing entry corresponding to the destination address. The ingress computing node forwards the received network packet to the intermediate computing node for routing. The intermediate computing node receives the forwarded network packet, determines a destination address of the network packet, and determines the egress computing node for transmission of the network packet from the distributed router.

Abstract: Technologies for identifying a cache line of a network packet for eviction from an on-processor cache of a network device communicatively coupled to a network controller. The network device is configured to determine whether a cache line of the cache corresponding to the network packet is to be evicted from the cache based on a determination that the network packet is not needed subsequent to processing the network packet, and provide an indication that the cache line is to be evicted from the cache based on an eviction policy received from the network controller.

Abstract: Technologies for supporting concurrency of a flow lookup table at a network device. The flow lookup table includes a plurality of candidate buckets that each includes one or more entries. The network device includes a flow lookup table write module configured to perform a displacement operation of a key/value pair to move the key/value pair from one bucket to another bucket via an atomic instruction and increment a version counter associated with the buckets affected by the displacement operation. The network device additionally includes a flow lookup table read module to check the version counters during a lookup operation on the flow lookup table to determine whether a displacement operation is affecting the presently read value of the buckets. Other embodiments are described herein and claimed.

Abstract: Technologies for distributed table lookup via a distributed router includes an ingress computing node, an intermediate computing node, and an egress computing node. Each computing node of the distributed router includes a forwarding table to store a different set of network routing entries obtained from a routing table of the distributed router. The ingress computing node generates a hash key based on the destination address included in a received network packet. The hash key identifies the intermediate computing node of the distributed router that stores the forwarding table that includes a network routing entry corresponding to the destination address. The ingress computing node forwards the received network packet to the intermediate computing node for routing. The intermediate computing node receives the forwarded network packet, determines a destination address of the network packet, and determines the egress computing node for transmission of the network packet from the distributed router.

Abstract: Devices and techniques for hardware accelerated packet processing are described herein. A device can communicate with one or more hardware switches. The device can detect characteristics of a plurality of packet streams. The device may distribute the plurality of packet streams between the one or more hardware switches and software data plane components based on the detected characteristics of the plurality of packet streams, such that at least one packet stream is designated to be processed by the one or more hardware switches. Other embodiments are also described.