Abstract: In one embodiment, a system includes a switch controller in communication with a plurality of switches in a switch cluster via a communication protocol. The switch controller includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to receive an address resolution protocol (ARP) request packet as a unicast packet from an entry switch in the switch cluster, the entry switch being connected to a first host. The logic is also configured to cause the processor to send an ARP response packet as a unicast packet to the entry switch. The ARP response packet indicates a media access control (MAC) address of the switch controller as a source MAC (SMAC) for the ARP response packet, and an internet protocol (IP) address of a virtual router of the switch controller as being a source of the ARP response packet.

Abstract: Mechanisms are provided for determining an event rate. The mechanisms sample a sequence of events to generate a set of sampled events. At least a subset of the sampled events have associated event sequence values indicating a position of the sampled event within the sequence of events. The mechanisms group the sampled events into a plurality of event groups based on a common characteristic of the events. The mechanisms determine, for each event group, sequence values of sampled events associated with the event group. The mechanisms calculate, for each event group, an estimated event rate based on the sequence values of the sampled events associated with the event group and the total number of events in the sequence of events.

Abstract: Mechanisms are provided for analyzing data traffic through a network. The mechanisms sample data packets of a data flow through a normal port of a network forwarding device of the network. The sampling is performed at least by configuring the network forwarding device to implement port mirroring of the normal port to a designated mirror port of the network forwarding device. The mechanisms forward sampled data packets, copied to the mirror port by virtue of the port mirroring, to a collector computing device. The mechanisms process, by the collector computing device, the sampled data packets to analyze the data flow through the normal port of the network forwarding device. The mechanisms perform, by the collector computing device, an operation based on results of the analysis.

Abstract: An approach is provided in which a first virtual machine, executing on a host computer system, generates a data packet with a target destination at a second virtual machine over a computer network. The host computer system identifies a data flow corresponding to the data packet based the data packet's header information, and analyzes path weightings of available paths that are made available to the identified data flow. In turn, the host computer system assigns one of the available paths to the identified data flow corresponding to a pre-defined physical layer path from the first virtual machine to the second virtual machine.

Abstract: In one embodiment, a system includes a switch controller in communication with a plurality of switches in a switch cluster via a communication protocol. The switch controller includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to receive an address resolution protocol (ARP) request packet as a unicast packet from an entry switch in the switch cluster, the entry switch being connected to a first host. The logic is also configured to cause the processor to send an ARP response packet as a unicast packet to the entry switch. The ARP response packet indicates a media access control (MAC) address of the switch controller as a source MAC (SMAC) for the ARP response packet, and an internet protocol (IP) address of a virtual router of the switch controller as being a source of the ARP response packet.

Abstract: Mechanisms are provided for determining an event rate. The mechanisms sample a sequence of events to generate a set of sampled events. At least a subset of the sampled events have associated event sequence values indicating a position of the sampled event within the sequence of events. The mechanisms group the sampled events into a plurality of event groups based on a common characteristic of the events. The mechanisms determine, for each event group, sequence values of sampled events associated with the event group. The mechanisms calculate, for each event group, an estimated event rate based on the sequence values of the sampled events associated with the event group and the total number of events in the sequence of events.

Abstract: According to one embodiment, Layer-3 (L3) distributed router functionality is provided to a switch cluster by receiving an address resolution protocol (ARP) request packet from a first host at an entry switch in a switch cluster, a switch controller being in communication with the entry switch, and the ARP request packet including a virtual router IP address of the switch controller as a target, forwarding the ARP request packet to the switch controller after adding a header that adheres to a communication protocol used by the switch controller, receiving an ARP response packet from the switch controller indicating: a source IP address corresponding to a virtual router of the switch controller and a SMAC corresponding to the switch controller, forwarding the ARP response packet to the first host after stripping the communication protocol header, and setting the virtual router as a default gateway for traffic received from the first host.

Abstract: Mechanisms are provided for determining an event rate. The mechanisms sample a sequence of events to generate a set of sampled events. At least a subset of the sampled events have associated event sequence values indicating a position of the sampled event within the sequence of events. The mechanisms group the sampled events into a plurality of event groups based on a common characteristic of the events. The mechanisms determine, for each event group, sequence values of sampled events associated with the event group. The mechanisms calculate, for each event group, an estimated event rate based on the sequence values of the sampled events associated with the event group and the total number of events in the sequence of events.

Abstract: Mechanisms are provided for configuring a data flow between a source device and a destination device in a network. The mechanisms receive, from a network control application, a request to establish a network configuration corresponding to a data flow between the source device and the destination device. The request comprises a fine grained header field tuple for defining the data flow. The mechanisms allocate, from a shadow address pool, a shadow address to be mapped to the fine grained header field tuple. The shadow address pool comprises addresses not being used by devices coupled to the network. The mechanisms configure a network infrastructure of the network to route data packets of the data flow from the source device to the destination device based on the shadow address.

Abstract: Mechanisms are provided for analyzing data traffic through a network. The mechanisms sample data packets of a data flow through a normal port of a network forwarding device of the network. The sampling is performed at least by configuring the network forwarding device to implement port mirroring of the normal port to a designated mirror port of the network forwarding device. The mechanisms forward sampled data packets, copied to the mirror port by virtue of the port mirroring, to a collector computing device. The mechanisms process, by the collector computing device, the sampled data packets to analyze the data flow through the normal port of the network forwarding device. The mechanisms perform, by the collector computing device, an operation based on results of the analysis.

Abstract: A mechanism is provided for securely associating an application with a well-known entity. A determination is made as to whether an identified application has an associated certificate. Responsive to the identified application having the associated certificate, a determination is made as to whether the associated certificate is issued from a certificate authority associated with the well-known entity trusted by a user of the identified application, where the certificate authority is in a separate domain from an application marketplace where the application was obtained. Responsive to the associated certificate being issued by the certificate authority associated with the well-known entity trusted by the user of the identified application, an indication is provided to the user that the application is trusted in context to interactions with the certificate authority.

Abstract: Mechanisms are provided for analyzing data traffic through a network. The mechanisms sample data packets of a data flow through a normal port of a network forwarding device of the network. The sampling is performed at least by configuring the network forwarding device to implement port mirroring of the normal port to a designated mirror port of the network forwarding device. The mechanisms forward sampled data packets, copied to the mirror port by virtue of the port mirroring, to a collector computing device. The mechanisms process, by the collector computing device, the sampled data packets to analyze the data flow through the normal port of the network forwarding device. The mechanisms perform, by the collector computing device, an operation based on results of the analysis.

Abstract: A mechanism is provided in a logically centralized controller for dynamic multipath forwarding in a software defined network. The mechanism identifies a set of multiple forwarding paths for a flow. The mechanism assigns a virtual destination address for each multiple forwarding path in the set of multiple forwarding paths. The mechanism installs virtual destination address based forwarding rules in switches for each multiple forwarding path and installs rewriting rules in an egress switch for all paths in the set of multiple forwarding paths. Each rewriting rule rewrites one of the virtual destination address to the real destination address. The mechanism configures an ingress switch to dynamically select a path from the set of multiple forwarding paths based on a multipath policy and rewrite the destination address from the real destination address to a virtual destination address corresponding to the selected path.

Abstract: A mechanism is provided for securely associating an application with a well-known entity. A determination is made as to whether an identified application has an associated certificate. Responsive to the identified application having the associated certificate, a determination is made as to whether the associated certificate is issued from a certificate authority associated with the well-known entity trusted by a user of the identified application, where the certificate authority is in a separate domain from an application marketplace where the application was obtained. Responsive to the associated certificate being issued by the certificate authority associated with the well-known entity trusted by the user of the identified application, an indication is provided to the user that the application is trusted in context to interactions with the certificate authority.

Abstract: An approach is provided in which a first virtual machine, executing on a host computer system, generates a data packet with a target destination at a second virtual machine over a computer network. The host computer system identifies a data flow corresponding to the data packet based the data packet's header information, and analyzes path weightings of available paths that are made available to the identified data flow. In turn, the host computer system assigns one of the available paths to the identified data flow corresponding to a pre-defined physical layer path from the first virtual machine to the second virtual machine.

Abstract: A mechanism is provided in a logically centralized controller for dynamic multipath forwarding in a software defined network. The mechanism identifies a set of multiple forwarding paths for a flow. The mechanism assigns a virtual destination address for each multiple forwarding path in the set of multiple forwarding paths. The mechanism installs virtual destination address based forwarding rules in switches for each multiple forwarding path and installs rewriting rules in an egress switch for all paths in the set of multiple forwarding paths. Each rewriting rule rewrites one of the virtual destination address to the real destination address. The mechanism configures an ingress switch to dynamically select a path from the set of multiple forwarding paths based on a multipath policy and rewrite the destination address from the real destination address to a virtual destination address corresponding to the selected path.

Abstract: An aspect includes deadlock-free routing on arbitrary network topologies using edge-disjoint sub-networks. A network topology of a network is identified. The network includes a plurality of links between a plurality of switches. Each of the links is identified as an edge. A plurality of edge-disjoint sub-networks is constructed from the network topology of the network by routing configuration logic. The plurality of edge-disjoint sub-networks is formed by edges between the switches such that the edges are disjoint relative to each of the edge-disjoint sub-networks. The switches are configured to route traffic on the network with each route staying entirely within one of the plurality of edge-disjoint sub-networks within the network.

Abstract: Mechanisms are provided for analyzing data traffic through a network. The mechanisms sample data packets of a data flow through a normal port of a network forwarding device of the network. The sampling is performed at least by configuring the network forwarding device to implement port mirroring of the normal port to a designated mirror port of the network forwarding device. The mechanisms forward sampled data packets, copied to the mirror port by virtue of the port mirroring, to a collector computing device. The mechanisms process, by the collector computing device, the sampled data packets to analyze the data flow through the normal port of the network forwarding device. The mechanisms perform, by the collector computing device, an operation based on results of the analysis.

Abstract: Mechanisms are provided for determining an event rate. The mechanisms sample a sequence of events to generate a set of sampled events. At least a subset of the sampled events have associated event sequence values indicating a position of the sampled event within the sequence of events. The mechanisms group the sampled events into a plurality of event groups based on a common characteristic of the events. The mechanisms determine, for each event group, sequence values of sampled events associated with the event group. The mechanisms calculate, for each event group, an estimated event rate based on the sequence values of the sampled events associated with the event group and the total number of events in the sequence of events.

Abstract: Mechanisms are provided for configuring a data flow between a source device and a destination device in a network. The mechanisms receive, from a network control application, a request to establish a network configuration corresponding to a data flow between the source device and the destination device. The request comprises a fine grained header field tuple for defining the data flow. The mechanisms allocate, from a shadow address pool, a shadow address to be mapped to the fine grained header field tuple. The shadow address pool comprises addresses not being used by devices coupled to the network. The mechanisms configure a network infrastructure of the network to route data packets of the data flow from the source device to the destination device based on the shadow address.