Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic firewall configuration based on aggregated cloud managed information. A cloud management device can determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments. In response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, the cloud management device can identify a second set of client computing environments to protect from the security attack. For each client computing environment from the second set of client computing environments, the cloud management device can configure firewall settings to protect from the security attack.

Abstract: Disclosed are systems, methods, and computer-readable storage media for recommending configurations for a client networking environment based on aggregated cloud managed information. A cloud network management device can receive a first set of infrastructure specifications describing a first client networking environment. The cloud network management device can determine a set of recommended configurations for the first client networking environment based on the first set of infrastructure specifications and configurations for one or more client networking environments determined to be similar to the first client networking environment. The cloud network management device can provide the set of recommended configurations to a client device associated with the first client networking environment.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses that involve a first device selecting a data tunnel for sending packets of a determined network traffic type to another device. For example, in some implementations, a method includes a first device receiving a first group of packets for forwarding to a second device. The method includes the first device retrieving packet-forwarding rules for forwarding the first group of packets, and selecting a first private network data tunnel from a plurality of private network data tunnels between the first device and the second device, for forwarding a first packet of the first group of packets, based on satisfaction of the retrieved packet-forwarding rules. A respective private network data tunnel is associated with a respective uplink of a plurality of uplinks of the first network device. The first private network data tunnel is associated with a first uplink of the first device.

Abstract: Previous solutions to the problem of maintaining up-to-date network device addressing, fail to provide systems or processes that efficiently share and obtain addressing information of networking devices in a given network. By contrast, and to that end, various implementations disclosed herein include systems, methods and apparatuses that generate a registry request message, where the registry request message includes a first portion characterized by a first write privilege and a second portion characterized by a second write privilege different from the first write privilege. The systems, methods and apparatuses convey the registry request message to a shared contact point network entity, and obtain a response message addressed from the shared contact point network entity, where the response message includes peer addressing information corresponding to one or more peer network devices associated with the aforementioned systems, methods and apparatuses.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic security list offload with exponential timeout. A second layer of a firewall can determine that a first data, that previously passed through a first layer of the firewall, should be blocked. The second layer of the firewall can utilize more resources than the first layer of the firewall to determine whether to block a data packet. In response, a first rule can be applied at the first layer of the firewall to block data packets received from a source of the first data packet. Accordingly, a second data packet received from the source of the first data packet will be blocked at the first layer of the firewall based on the first rule.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.

Abstract: Disclosed are systems, methods, and computer-readable storage media for recommending configurations for a client networking environment based on aggregated cloud managed information. A cloud network management device can receive a first set of infrastructure specifications describing a first client networking environment. The cloud network management device can determine a set of recommended configurations for the first client networking environment based on the first set of infrastructure specifications and configurations for one or more client networking environments determined to be similar to the first client networking environment. The cloud network management device can provide the set of recommended configurations to a client device associated with the first client networking environment.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic firewall configuration based on aggregated cloud managed information. A cloud management device can determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments. In response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, the cloud management device can identify a second set of client computing environments to protect from the security attack. For each client computing environment from the second set of client computing environments, the cloud management device can configure firewall settings to protect from the security attack.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic security list offload with exponential timeout. A second layer of a firewall can determine that a first data, that previously passed through a first layer of the firewall, should be blocked. The second layer of the firewall can utilize more resources than the first layer of the firewall to determine whether to block a data packet. In response, a first rule can be applied at the first layer of the firewall to block data packets received from a source of the first data packet. Accordingly, a second data packet received from the source of the first data packet will be blocked at the first layer of the firewall based on the first rule.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses that involve a first device selecting a data tunnel for sending packets of a determined network traffic type to another device. For example, in some implementations, a method includes a first device receiving a first group of packets for forwarding to a second device. The method includes the first device retrieving packet-forwarding rules for forwarding the first group of packets, and selecting a first private network data tunnel from a plurality of private network data tunnels between the first device and the second device, for forwarding a first packet of the first group of packets, based on satisfaction of the retrieved packet-forwarding rules. A respective private network data tunnel is associated with a respective uplink of a plurality of uplinks of the first network device. The first private network data tunnel is associated with a first uplink of the first device.

Abstract: Various implementations disclosed herein include systems, methods and apparatuses of a first device, that obtain contact point information of a second device associated with the first device, as a peer device in a private network, where the contact point information of the second device includes one or more peer uplink identifiers and each respective peer uplink identifier corresponds to a respective peer device uplink of the second device. The systems, methods and apparatuses establish a first private network data tunnel from a first uplink of the first device to the second device, using the contact point information of the second device, and a first uplink identifier associated with the first uplink, and establish a second private network data tunnel from a second uplink of the first device to the second device, using the contact point information of the second device, and a second uplink identifier associated with the second uplink.