Abstract: Techniques for service level performance updates based on network level factors are described. by establishing a co-operative model between a network fabric and service proxies to enhance the service mesh failure management primitives as well as bring in network level intelligence in service (service instance) placement decisions in the fabric. A virtual network edge (VNE) instance interacts with the network fabric including the next level switches (such as a top of rack switch) and a network controller in order to determine a network level health-score and a modulated health-score for a service instance executing on the node. The modulated health score causes actions such as an influence on load balancing, request routing, rolling upgrades, canary deployments, change in the utilization of network resources, a downgrade of service, etc., based on the network level health-score.

Abstract: This disclosure describes a method of utilizing network controllers to store mappings between policies, dynamic operating attributes (DOA), and trigger values in a manifest and utilizing software agents in communication to monitor DOAs of respective workloads or workload groupings for trigger values associated with the DOAs to apply a corresponding policy at run-time. The method provides for flexible policy semantics and on-demand policy provisioning. The method includes receiving at a network controller, a definition of a policy, a DOA associated with a workload, and a trigger value associated with the DOA, storing a mapping between the policy, DOA and trigger value, sending the DOA and the trigger value to a datapath agent monitoring respective workloads, receiving an indication that a current value of the DOA of the workload corresponds to the trigger value from the software agent, and sending the policy to the software agent for distribution to the workload.

Abstract: This disclosure describes a method of utilizing network controllers to store mappings between policies, dynamic operating attributes (DOA), and trigger values in a manifest and utilizing software agents in communication to monitor DOAs of respective workloads or workload groupings for trigger values associated with the DOAs to apply a corresponding policy at run-time. The method provides for flexible policy semantics and on-demand policy provisioning. The method includes receiving at a network controller, a definition of a policy, a DOA associated with a workload, and a trigger value associated with the DOA, storing a mapping between the policy, DOA and trigger value, sending the DOA and the trigger value to a datapath agent monitoring respective workloads, receiving an indication that a current value of the DOA of the workload corresponds to the trigger value from the software agent, and sending the policy to the software agent for distribution to the workload.

Abstract: Techniques for service level performance updates based on network level factors are described. by establishing a co-operative model between a network fabric and service proxies to enhance the service mesh failure management primitives as well as bring in network level intelligence in service (service instance) placement decisions in the fabric. A virtual network edge (VNE) instance interacts with the network fabric including the next level switches (such as a top of rack switch) and a network controller in order to determine a network level health-score and a modulated health-score for a service instance executing on the node. The modulated health score causes actions such as an influence on load balancing, request routing, rolling upgrades, canary deployments, change in the utilization of network resources, a downgrade of service, etc., based on the network level health-score.

Abstract: Systems, methods, and computer-readable media for distributing policies in a SDN environment through chunking. A policy can be chunked into a plurality of policy chunks having corresponding chunk identifications at a controller of a SDN environment. Each of the plurality of policy chunks can be hashed to create corresponding chunk hashes for each of the plurality of policy chunks. Further, the plurality of policy chunks, the chunk identifications of the plurality of policy chunks, and the chunk hashes of the plurality of policy chunks can be distributed from the controller of the SDN environment to an intermediate policy node in a fabric of the SDN environment. The chunk hashes and the chunk identifications of the plurality of policy chunks can be used to control distribution of the plurality of policy chunks to one or more edge nodes in the SDN environment.

Abstract: Systems, methods, and computer-readable media for distributing policies in a SDN environment through chunking. A policy can be chunked into a plurality of policy chunks having corresponding chunk identifications at a controller of a SDN environment. Each of the plurality of policy chunks can be hashed to create corresponding chunk hashes for each of the plurality of policy chunks. Further, the plurality of policy chunks, the chunk identifications of the plurality of policy chunks, and the chunk hashes of the plurality of policy chunks can be distributed from the controller of the SDN environment to an intermediate policy node in a fabric of the SDN environment. The chunk hashes and the chunk identifications of the plurality of policy chunks can be used to control distribution of the plurality of policy chunks to one or more edge nodes in the SDN environment.

Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.

Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.

Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.

Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.

Abstract: An example method for network-assisted configuration and programming of gateways in a network environment is provided and includes registering a non-Virtual eXtensible Local Area Network (VXLAN) device with a central controller, for example, by generating registration information associating the non-VXLAN device with a virtual local area network (VLAN) in a network environment, receiving a communication request from a VXLAN enabled device to communicate with the non-VXLAN device, mapping, based on the registration information, a VXLAN segment corresponding to the VXLAN enabled device with the VLAN associated with the non-VXLAN device, and configuring a gateway with the mapping through a suitable application programming interface exposed at the gateway.

Abstract: A method is provided in one example embodiment and includes determining an action to be performed with respect to a packet corresponding to a new flow received at a network device and determining whether a new entry comprising an indication of the determined action can be added to a flow table of the network device. The determination of whether a new entry can be added to the flow table is made with reference to reservation information specified in a port profile associated with the new flow. Responsive to a determination that the new entry can be added, the new entry is added to the flow table. In one embodiment, determining whether the new entry can be added comprises determining whether an existing entry can be aged out based on the reservation information specified in the associated port profile.

Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.

Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.

Abstract: In one embodiment, a method includes identifying at a network device, characteristics of a distributed virtual switch comprising a control plane component and a plurality of data plane components, grouping the data plane components, and adapting operation of the distributed virtual switch for one or more groups of the data plane components based on the characteristics. An apparatus and logic are also disclosed herein.

Abstract: An example method for co-operative load sharing and redundancy in distributed service chains is provided and includes deriving a service chain comprising a plurality of services in a distributed virtual switch (DVS) network environment, where a first service node provides a first portion of a specific service in the plurality of services to a packet traversing the network, and a second service node provides a second portion of the specific service to the packet, and configuring service forwarding tables at virtual Ethernet Modules associated with respective service nodes in the service chain. In a specific embodiment, the first service node and the second service node provide substantially identical service functions to the packet, wherein the specific service comprises the service functions. In various embodiments, each service node tags each packet to indicate a service completion history of service functions performed on the packet at the service node.

Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.

Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.

Abstract: An example method for network-assisted configuration and programming of gateways in a network environment is provided and includes registering a non-Virtual eXtensible Local Area Network (VXLAN) device with a central controller, for example, by generating registration information associating the non-VXLAN device with a virtual local area network (VLAN) in a network environment, receiving a communication request from a VXLAN enabled device to communicate with the non-VXLAN device, mapping, based on the registration information, a VXLAN segment corresponding to the VXLAN enabled device with the VLAN associated with the non-VXLAN device, and configuring a gateway with the mapping through a suitable application programming interface exposed at the gateway.

Abstract: In one embodiment, a method includes identifying common access control list (ACL) parameters and variable ACL parameters among a plurality of tenants in a network, mapping parameter values for the variable ACL parameters to the tenants, generating a multi-tenant access control list for the tenants, storing the multi-tenant access control list and mapping at a network device, and applying the multi-tenant access control list to ports at the network device. The multi-tenant access control list includes the common ACL parameters and variable ACL parameters.