Abstract: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.

Abstract: A method and a computer-readable storage medium are disclosed for flexible network measurement. Embodiments disclose receiving a network measurement request, transmitting portions of the request to network devices, configuring the network devices to collect metrics from packet data based on the portions of the request, and performing operations to generate metrics as a response to the network measurement request. Embodiments also disclose a flexible, dynamically configurable packet parser. Other embodiments are also disclosed.

Abstract: In accordance with one embodiment of the present invention, a method includes receiving a packet at a physical interface of a network security gateway. The packet is tagged with a first VLAN identifier associated with an external network. The method also includes communicating a copy of the packet to a first processor, analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition, and communicating a reply message from the first processor to the interface. The reply message indicates whether the packet violates a security condition. If the packet does not violate a security condition, the method includes re-tagging the packet with a second VLAN identifier associated with a protected network by using a second processor at the physical interface. The method further includes communicating the re-tagged packet to the protected network if the packet does not violate a security condition.

Abstract: A data center topology routes traffic between internal sub-nets and between a sub-net and an outside network through a common chain of services. The data center topology employs transparent layer 7 and layer 4 services on a common chassis or platform to provide routing, load balancing and firewall services while reducing the number of devices necessary to implement the data center and simplifying configuration.

Abstract: An architecture, arrangement, system, and method for or controlling traffic flow into and out of a server farm having active-active stateful devices. A symmetric Gateway Load Balancing Protocol (sGLBP) eliminates asymmetric traffic flow for out-bound traffic. Load distribution for in-bound traffic is balanced between a redundant pair of aggregation switches using either static host routes, Route Health Injection or in a more general manner, with external routes with a mask longer than the connected subnet advertised by the routing protocol. The return traffic is symmetric because it returns through the same aggregation switch that it came from. Similarly, traffic originating from a server farm exits from one of the redundant aggregation switches and returns from the same aggregation switch.