Abstract: Embodiments for providing enhanced endpoint multicast emulation in a computing environment. One or more multicast operations may be executed on an overlay network using endpoint multicast emulation by using an overlay layer or a virtual extensible LAN (“VXLAN”) layer to maintain control over one or more multicast groups.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A system, method, and computer program product for implementing network state processing is provided. The method includes detecting operational states for ports of a server Internet protocol (IP) data plane component of an integrated switching device. Each operational state is analyzed and matching and action rules associated with the operational states are generated with respect to data packets arriving at the ports. Data describing each operational state is stored within a port cache structure of a port. An incoming data packet is detected at a first port and the matching and action rules are distributed between port engines of the ports. The matching and action rules are executed with respect to the incoming data packet and the incoming data packet is transmitted to a destination port. Operational functionality of the integrated switching device is enabled with respect to execution of the incoming data packet at the destination port.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A protocol stack can be offloaded to a network communication device. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to process headers in the outbound session packets, generate encrypted outbound session packets by encrypting the outbound session packets using the private session key, and communicate to a client device via the secured communication tunnel, the encrypted outbound session packets.

Abstract: A network communication device can receive a private session key from a data processing system. A first work queue element can be received in a send queue of the network communication device. The first work queue element can indicate outbound session data to be communicated to a client device. Responsive to receiving the first work queue element, the network communication device can generate encrypted outbound session data by encrypting the outbound session data using the private session key. The network communication device can communicate, via remote directory memory access (RDMA) over a secured communication tunnel, the encrypted outbound session data to the client device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: Embodiments for providing enhanced endpoint multicast emulation in a computing environment. One or more multicast operations may be executed on an overlay network using endpoint multicast emulation by using an overlay layer or a virtual extensible LAN (“VXLAN”) layer to maintain control over one or more multicast groups.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A network interface card (NIC) and a method for stablishing a connection between virtual machines of a network. The NIC includes: a programmable switching ASIC (application-specific integrated circuit), a central processing unit (CPU), multiple Ethernet controllers, and multiple on-board transceivers functioning as external ports. The switching ASIC functions as a switch that manipulates data traffic within the NIC including by switching the data traffic between and among the CPU, the Ethernet controllers, and the on-board transceivers. The method includes: installing rules that route a Synchronize (SYN) packet from a source virtual machine (VM) through a software engine, appending a signed cookie to the SYN packet; verifying that a policy represented by the signed cookie appended to the SYN packet matches a policy of a destination VM; and returning the SYN packet to the source VM which establishes a connection between the source VM and the destination VM.

Abstract: A system, method, and computer program product for implementing network state processing is provided. The method includes detecting operational states for ports of a server Internet protocol (IP) data plane component of an integrated switching device. Each operational state is analyzed and matching and action rules associated with the operational states are generated with respect to data packets arriving at the ports. Data describing each operational state is stored within a port cache structure of a port. An incoming data packet is detected at a first port and the matching and action rules are distributed between port engines of the ports. The matching and action rules are executed with respect to the incoming data packet and the incoming data packet is transmitted to a destination port. Operational functionality of the integrated switching device is enabled with respect to execution of the incoming data packet at the destination port.

Abstract: A network interface card (NIC) and a method for stablishing a connection between virtual machines of a network. The NIC includes: a programmable switching ASIC (application-specific integrated circuit), a central processing unit (CPU), multiple Ethernet controllers, and multiple on-board transceivers functioning as external ports. The switching ASIC functions as a switch that manipulates data traffic within the NIC including by switching the data traffic between and among the CPU, the Ethernet controllers, and the on-board transceivers. The method includes: installing rules that route a Synchronize (SYN) packet from a source virtual machine (VM) through a software engine, appending a signed cookie to the SYN packet; verifying that a policy represented by the signed cookie appended to the SYN packet matches a policy of a destination VM; and returning the SYN packet to the source VM which establishes a connection between the source VM and the destination VM.

Abstract: A virtual address of a destination of a packet is parsed into a set of virtual address components. A subset of the set of virtual address components is tokenized into a token. The token is converted into at least a portion of a hostname. A look-up of a real network address corresponding to the hostname is performed. The packet is caused to be transmitted to the real network address, wherein the real network address corresponds to a host machine on a physical network, the receiving virtual entity operating on the host machine.

Abstract: A virtual address of a destination of a packet is parsed into a set of virtual address components. A subset of the set of virtual address components is tokenized into a token. The token is converted into at least a portion of a hostname. A look-up of a real network address corresponding to the hostname is performed. The packet is caused to be transmitted to the real network address, wherein the real network address corresponds to a host machine on a physical network, the receiving virtual entity operating on the host machine.