Abstract: A system including at least one storage node and at least one computation node connected by a switch is described herein. Each storage node has one or more storage units and one or more network interface components, the collective bandwidths of the storage units and the network interface components being proportioned to one another to enable communication to and from other nodes at the collective bandwidth of the storage units. Each computation node has logic configured to make requests of storage nodes, an input/output bus, and one or more network interface components, the bandwidth of the bus and the collective bandwidths of the network interface components being proportioned to one another to enable communication to and from other nodes at the bandwidth of the input/output bus.

Abstract: Exemplary methods, systems, and computer program products describe selecting a gateway based on health and performance information of a plurality of gateways. The techniques describe gateways advertising health and performance information, computing devices creating a table of this health and performance information, and selecting a gateway using the table. In response to changes in the health and performance information, the computing device may select a different gateway. The process allows network traffic load to be distributed across a plurality of gateways. This process further provides resilience by allowing a plurality of active gateways to substitute for a non-functioning gateway.

Abstract: The present application relates to network configurations and specifically to scalable load balancing network configurations. One implementation includes an external client coupled to a scalable load balancing system. The scalable load balancing system includes a load balancing layer that is configured to encapsulate individual incoming packets of a packet flow from the external client. The load balancing layer is further configured to route the incoming packets to target devices on the system. The target devices can span multiple IP subnets. The incoming packets can pass through one or more load balancers of the load balancing layer before reaching individual target devices. Individual target devices can be configured to route at least some outgoing packets of the packet flow to the external client without passing through any of the one or more load balancers.

Abstract: A plurality of network addresses from a distributed client is obtained, at least a first portion of the obtained network addresses including resolved network address responses to distributed client requests for resolved network addresses corresponding to one or more network location indicators associated with a first web service. Test content is obtained, based on one or more of the network addresses included in the first portion. It is determined whether the obtained test content includes unauthorized content.

Abstract: Methods and apparatus are provided for controlling communication between a virtualized network and non-virtualized entities using a virtualization gateway. A packet is sent by a virtual machine in the virtualized network to a non-virtualized entity. The packet is routed by the host of the virtual machine to a provider address of the virtualization gateway. The gateway translates the provider address of the gateway to a destination address of the non-virtualized entity and sends the packet to the non-virtualized entity. The non-virtualized entity may be a physical resource, such as a physical server or a storage device. The physical resource may be dedicated to one customer or may be shared among customers.

Abstract: In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS.

Abstract: Various technologies related to multi-path communications in a data center environment are described herein. Network infrastructure devices communicate traffic flows amongst one another, wherein a traffic flow includes a plurality of data packets intended for a particular recipient computing device that are desirably transmitted and received in a certain sequence. Indications that data packets in the traffic flow have been received outside of the certain sequence are processed in a manner to prevent a network infrastructure device from retransmitting a particular data packet.

Abstract: Accountability among Autonomous Systems (ASs) in a network ensures reliable identification of various customers within the ASs and provides defensibility against malicious customers within the ASs. In one implementation, reliable identification is achieved by implementing ingress filtering on data packets originating within individual ASs and defensibility is provided by filtering data packets on request. To facilitate on-request filtering, individual ASs are equipped with a Filter Request Server (FRS) to filter data packets from certain customers identified in a filter request. Thus, when a requesting customer makes a filter request against an offending customer, the FRS within the AS to which the offending customer belongs conducts on-request filtering and installs an on-request filter on a first-hop network infrastructure device for the offending customer. Consequently, the first-hop network infrastructure device filters any data packet sent from the offending customer to the requesting customer.

Abstract: A source device obtains a data packet that includes both a destination address and a payload. The source device selects an exit point address of multiple exit point addresses corresponding to the destination address based on one or more policies. The source device encapsulates the data packet with a header that includes the selected exit point address, and the encapsulated data packet is provided to the backbone network. The encapsulated data packet is routed through the backbone network based on the exit point address, and an edge router of the backbone network identifies an interface of the edge router that corresponds to the exit point address. The header is removed from the encapsulated data packet, and the data packet is added to a buffer of the interface for routing to one or more other devices outside of the backbone network.

Abstract: A system for commoditizing data center networking is disclosed. The system includes an interconnection topology for a data center having a plurality of servers and a plurality of nodes of a network in the data center through which data packets may be routed. The system uses a routing scheme where the routing is oblivious to the traffic pattern between nodes in the network, and wherein the interconnection topology contains a plurality of paths between one or more servers. The multipath routing may be Valiant load balancing. It disaggregates the function of load balancing into a group of regular servers, with the result that load balancing server hardware can be distributed amongst racks in the data center leading to greater agility and less fragmentation. The architecture creates a huge, flexible switching domain, supporting any server/any service, full mesh agility, and unregimented server capacity at low cost.

Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.

Abstract: A method of enabling an electronic privately addressable source to be publicly addressable starts at a receiver where an electronic message is received. It is communicated from a sender with a private address outside a subnet of the receiver through a translator. The translator retrieves a lease to at least one of a public address or a port from a lease manager, translates the private address and the private port into a public address and a public port and communicates identifying data such as the public address and the public port to the receiver. If a response is communicated to the private sender, the response may be communicated to the private sender through the network. The public address and the public port on the message may be translated to the private address and the port of the private sender and the private address and the private port may be used to properly route the response to the private sender.

Abstract: A system including at least one storage node and at least one computation node connected by a switch is described herein. Each storage node has one or more storage units and one or more network interface components, the collective bandwidths of the storage units and the network interface components being proportioned to one another to enable communication to and from other nodes at the collective bandwidth of the storage units. Each computation node has logic configured to make requests of storage nodes, an input/output bus, and one or more network interface components, the bandwidth of the bus and the collective bandwidths of the network interface components being proportioned to one another to enable communication to and from other nodes at the bandwidth of the input/output bus.

Abstract: Candidates that are potentially responsible for user-perceptible network problems may be inferred. In an example embodiment, a system includes an inference engine to produce a list of candidates that are potentially responsible for user-perceptible network problems, with the candidates being network components that may include both services and network elements. A response to a service request may be a non response, an incorrect response, an untimely correct response, or a timely correct response. The user-perceptible network problems may include the untimely correct response as well as the non response and the incorrect response. In another example embodiment, a method includes monitoring a network and producing a list of candidates that are potentially responsible for user-perceptible network problems. The candidates of the list may include both services and network elements of the monitored network.

Abstract: Methods and apparatus for congestion control in computer networks achieve high burst tolerance, low latency and high throughput with shallow-buffered switches. A method for controlling congestion includes transmitting a set of data packets on a network connection from a first computing device to a second computing device, identifying each data packet in the set of data packets that experienced congestion on the network connection, sending, by the second computing device to the first computing device, a sequence of bits that represents the number of data packets in the set of data packets that were identified as having experienced congestion, and adjusting a rate of transmitting data packets on the network connection based on the sequence of bits sent to the first computing device.

Abstract: Routing network traffic on a computer network is described. In one embodiment, a method is presented which includes transmitting instructions to a client, the instructions executable by the client to request content from two or more content servers, measure two or more network performance characteristics associated with the two or more different content servers, and issue a report to an administrative server. The report may include a first network performance characteristic and a second network performance characteristic. The method may further include selecting a target content server from one of two or more content servers based on comparison of the two or more network performance characteristics; and transmitting routing instructions to an intermediate routing system, the routing instructions executable by the intermediate routing system to direct subsequent content requests transmitted by the client to the target content server.

Abstract: An enterprise namespace may be extended into a cloud of networked resources. A portion of the cloud may be dynamically partitioned, and the extension of the enterprise namespace established within the portion. Cloud resources thus remain as easily accessible to enterprise users as those which are physically located on the enterprise network. Thus, components such as applications, virtual machine instantiations, application states, server states, etc., may be easily migrated between the enterprise network and the cloud.

Abstract: This patent application relates to an agile network architecture that can be employed in data centers, among others. One implementation provides a virtual layer-2 network connecting machines of a layer-3 infrastructure.

Abstract: The present application relates to network configurations and specifically to scalable load balancing network configurations. One implementation includes an external client coupled to a scalable load balancing system. The scalable load balancing system includes a load balancing layer that is configured to encapsulate individual incoming packets of a packet flow from the external client. The load balancing layer is further configured to route the incoming packets to target devices on the system. The target devices can span multiple IP subnets. The incoming packets can pass through one or more load balancers of the load balancing layer before reaching individual target devices. Individual target devices can be configured to route at least some outgoing packets of the packet flow to the external client without passing through any of the one or more load balancers.

Abstract: An embodiment of the invention is directed to reducing search-response latency. The closest intermediate server can be located between a client computing device and a search engine. A search query is sent to the intermediate server in a first packet of a transport protocol handshake. A plurality of packets are received from the intermediate server. The plurality of packets are used to open a window associated with a transport protocol. A response related to the search query is received by the client.