Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: Example methods are provided a computer system to perform context-aware domain name system (DNS) query handling in a software-defined networking (SDN) environment. One example method may comprise detecting a DNS query to translate a domain name; identifying DNS record information that translates the domain name to a network address assigned to a virtualized computing instance; and identifying context information that is associated with the virtualized computing instance and mapped to the DNS record information. The method may also comprise: in response to detecting a potential security threat based on the context information, performing a remediation action to block access to the virtualized computing instance; but otherwise, generating and sending a DNS reply specifying the network address assigned to allow access to the virtualized computing instance.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: A network management system manages a virtual network includes an interface system communicatively coupled to one or more servers, a director engine, and a configuration engine. The one or more servers implement a virtual network including one or more virtual machines and one or more containers organized into one or more virtual domains. The interface system generates a graphical user interface displaying graphical representations of the one or more virtual machines and the one or more containers and of the one or more servers; and information associated with the virtual network. The director engine receives a user selection of at least one server, virtual machine, container, or virtual domain, accesses information associated with the user selection, and identifies one or more of servers, virtual machines, containers, and virtual domains associated with the user selection.

Abstract: Example methods and systems for managing interconnection of virtual network functions are disclosed. Example methods disclosed herein include, in response to a trigger event indicating detection of an interface, obtaining a virtual network domain template corresponding to a virtual network domain to be configured, the virtual network domain template identifying one or more virtual network functions and one or more interfaces, at least some of the virtual network functions being connected together through one or more links. Disclosed example methods further include configuring and provisioning the virtual network domain to contain the interface using the virtual network domain template and properties of the interface to enable the interface to send information in the virtual network domain.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.

Abstract: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.

Abstract: A method for monitoring network conditions by receiving a first condition definition describing a first network condition to be monitored in a network and an activation definition, determining a network topology of the network, and compiling the first condition definition to generate a first data plane component, a first control plane component, and an activation component. The method also includes deploying the first data plane component into a data plane of the network, where the data plane component captures and synthesizes a first stream of network events to generate a first modified stream of network events. The method also includes deploying the control plane component into a network operating system for the network. The control plane component receives and correlates the first modified stream of network events. The method also includes deploying an activation component that, upon receiving the correlated stream of events, initiates the activation definition.

Abstract: A method includes selecting a path for routing a data packet from a source node to a destination node in a vehicular ad hoc network, storing the data packet if the selected path is identified as a dead end, and establishing a communication link with a first node. The method also includes forwarding the data packet to the first node if a first distance between the first node and the destination node is less than a second distance between the source node and the destination node. More specific embodiments include sending a query for location information of the destination node, receiving the location information including two or more available paths from the source node to the destination node, and determining the path for routing the data packet is an optimal path of the two or more available paths.

Abstract: A network management system manages a virtual network includes an interface system communicatively coupled to one or more servers, a director engine, and a configuration engine. The one or more servers implement a virtual network including one or more virtual machines and one or more containers organized into one or more virtual domains. The interface system generates a graphical user interface displaying graphical representations of the one or more virtual machines and the one or more containers and of the one or more servers; and information associated with the virtual network. The director engine receives a user selection of at least one server, virtual machine, container, or virtual domain, accesses information associated with the user selection, and identifies one or more of servers, virtual machines, containers, and virtual domains associated with the user selection.

Abstract: In one embodiment, a service enabled network (SEN) controller receives, from a control plane of a network service device, service instructions for corresponding network services. The SEN controller may then distribute the service instructions for the network services to appropriate network access devices within the computer network, such that each of the network access devices may correspondingly implement the network services at their respective data planes, thus providing a distributed implementation of the network service within the computer network.

Abstract: A method for network storage by receiving, by a storage compiler, a first storage definition from a storage application developer, where the first storage definition describes a customized storage implementation for storing data in an abstraction of at least one physical storage device, compiling the first storage definition to generate a first customized storage implementation module, and loading the first customized storage implementation module into an IO engine. The first customized storage implementation module causes data to be stored in the at least one physical storage device differently than prior to loading the first customized storage implementation module in the IO engine.

Abstract: The method includes receiving, by a data plane definition language compiler, a first data plane definition describing customized functionality of a data plane of a first network application, and compiling the data plane definition to generate a first set of customized data processing modules and a program interface that allows a control plane of the network application to access the first set of customized data processing modules. The method also includes loading the first set of customized data processing modules into a data plane container, wherein the network application is executed via a network operating system, and wherein, upon execution of the network application the customized data processing module causes the data plane container of the network application to process packets differently than prior to loading the customized data processing module in the data plane container.

Abstract: A method includes joining a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBU) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP), which operates on a control channel in a radio access tree (RAT) comprising a plurality of cells, listening to a channel allocation information from the IAP that includes a request for a mobile cell gateway (MCG) at a nominal location in the RAT, and sending a candidacy message to the at least one IAP to become an MCG. Certain embodiments include establishing the VAN in a highway, and in urban areas, aggregating traffic in a cell and transmitting to the IAP via the MCG, and other features.