Abstract: Stateful inspection and classification of packets is disclosed. A first differentiated services header value (DSHV) to associate with a first packet type and a corresponding first quality of service treatment is received from a configuration interface for a first packet type associated with a network traffic flow originating from a first application type. A second DSHV is received from the configuration interface to associate with a second packet type. A first packet having the first packet type is received and the first quality of service treatment is applied to the first packet. A second packet having the second packet type is received and the second quality of service treatment is applied to the second packet.

Abstract: An indication that a change associated with adjusting capacity to provide security services to network traffic in a network environment is received. In response to receiving the indication, a set of instructions for configuring at least one of: a network device and a security appliance is determined. As a result of applying the instructions, at least one of: an amount of network traffic provided by the network device to the security appliance will increase, or at least a portion of network traffic that would otherwise be provided by the network device to the security appliance will instead be provided to another security appliance. The set of instructions is transmitted.

Abstract: Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.

Abstract: Stateful inspection and classification of packets is disclosed. A first differentiated services header value (DSHV) to associate with a first packet type and a corresponding first quality of service treatment is received from a configuration interface for a first packet type associated with a network traffic flow originating from a first application type. A second DSHV is received from the configuration interface to associate with a second packet type. A first packet having the first packet type is received and the first quality of service treatment is applied to the first packet. A second packet having the second packet type is received and the second quality of service treatment is applied to the second packet.

Abstract: An indication that a change associated with adjusting capacity to provide security services to network traffic in a network environment is received. In response to receiving the indication, a set of instructions for configuring at least one of: a network device and a security appliance is determined. As a result of applying the instructions, at least one of: an amount of network traffic provided by the network device to the security appliance will increase, or at least a portion of network traffic that would otherwise be provided by the network device to the security appliance will instead be provided to another security appliance. The set of instructions is transmitted.

Abstract: Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.

Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value (DSHV) is determined to associate with the first packet. The DSHV is used to perform a lookup of a quality of service treatment associated with the DSHV. The treatment is applied to the first packet. A determination is made, for a second packet associated with the network traffic flow, to associate a second DSHV with the second, where the second DSHV is different from the first DSHV.

Abstract: An indication that a change implicating security in a network environment needs to be made is received. In response to receiving the indication, a first set of instructions for reconfiguring at least one network device is determined, and a second set of instructions for reconfiguring at least one security device is determined. At least one network device and at least one security device are, respectively, caused to be reconfigured in accordance with the respective first and second set of instructions.

Abstract: Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.

Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value (DSHV) is determined to associate with the first packet. The DSHV is used to perform a lookup of a quality of service treatment associated with the DSHV. The treatment is applied to the first packet. A determination is made, for a second packet associated with the network traffic flow, to associate a second DSHV with the second, where the second DSHV is different from the first DSHV.

Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value (DSHV) is determined to associate with the first packet. The DSHV is used to perform a lookup of a quality of service treatment associated with the DSHV. The treatment is applied to the first packet. A determination is made, for a second packet associated with the network traffic flow, to associate a second DSHV with the second, where the second DSHV is different from the first DSHV.

Abstract: Embodiments include systems and methods for transmitting data over high-speed data channels in context of serializer/deserializer circuits. Some embodiments include a novel full-rate source-series-terminated (SST) transmitter driver architecture with output charge sharing isolation. Certain implementations have a programmable floating tap (e.g., in addition to standard taps) with both positive and negative FIR values and cursor reduction, which can help achieve large FIR range and high channel equalization capability. Some embodiments operate with multi-phase clocking having phased clock error correction, which can facilitate operation with low-jitter and low-DCD clocks. Some implementations also include novel output inductor structures that are disposed to partially overlap output interface bumps.

Abstract: Embodiments include systems and methods for transmitting data over high-speed data channels in context of serializer/deserializer circuits. Some embodiments include a novel full-rate source-series-terminated (SST) transmitter driver architecture with output charge sharing isolation. Certain implementations have a programmable floating tap (e.g., in addition to standard taps) with both positive and negative FIR values and cursor reduction, which can help achieve large FIR range and high channel equalization capability. Some embodiments operate with multi-phase clocking having phased clock error correction, which can facilitate operation with low-jitter and low-DCD clocks. Some implementations also include novel output inductor structures that are disposed to partially overlap output interface bumps.

Abstract: Techniques for latency-based policy activation are disclosed. In some embodiments, a system for latency-based policy activation includes collecting a plurality of latency measures associated with monitored network communications; correlating the plurality of latency measures associated with the monitored network communications to detect anomalous network activity based on a profile; and performing a mitigation response to the anomalous network activity based on a policy.

Abstract: Embodiments include systems and methods for calibrating clocking circuits for improved jitter performance. Embodiments operate in context of a clocking circuit coupled with a transceiver system that has a receiver that tracks a recovered clock phase according to a tracking code. For example, candidate configurations can be identified, each corresponding to a different respective combination of parameter values for programmable clocking circuit parameters. For each candidate configuration, embodiments can configure the clocking system accordingly, and can sample the tracking code over a sample window to measure a tracking code spread for the candidate configuration. The clocking circuit can be programmed according to which of the candidate configurations manifested a minimum tracking code spread, thereby effectively configuring the clocking circuit for minimum jitter generation and optimizing jitter performance of the transceiver.

Abstract: Embodiments include systems and methods for calibrating clocking circuits for improved jitter performance. Embodiments operate in context of a clocking circuit coupled with a transceiver system that has a receiver that tracks a recovered clock phase according to a tracking code. For example, candidate configurations can be identified, each corresponding to a different respective combination of parameter values for programmable clocking circuit parameters. For each candidate configuration, embodiments can configure the clocking system accordingly, and can sample the tracking code over a sample window to measure a tracking code spread for the candidate configuration. The clocking circuit can be programmed according to which of the candidate configurations manifested a minimum tracking code spread, thereby effectively configuring the clocking circuit for minimum jitter generation and optimizing jitter performance of the transceiver.

Abstract: Techniques for latency-based policy activation are disclosed. In some embodiments, a system for latency-based policy activation includes collecting a plurality of latency measures associated with monitored network communications; correlating the plurality of latency measures associated with the monitored network communications to detect anomalous network activity based on a profile; and performing a mitigation response to the anomalous network activity based on a policy.

Abstract: Embodiments include systems and methods for on-chip random jitter (RJ) measurement in a clocking circuit (e.g., in a phase-locked loop of a serializer/deserializer circuit). Some embodiments determine a reference delay code sweep window to capture at least a candidate RJ range of a feedback clock signal, the reference delay code sweep window comprising a sequence of reference delay codes. A distribution of one-scores can be computed over the reference delay code sweep window, so that the distribution indicates a relatively likelihood, for each reference delay code, of obtaining a ‘1’ sample when sampling the feedback clock signal according to the delayed clock signal (delayed by an amount according to the reference delay code). The distribution can be transformed into a time domain by computing code offset times for the reference delay codes. A RJ output can be computed as a function of the distribution in the time domain.

Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value is determined. The differentiated services header value is used to perform a lookup of a quality of service treatment associated with the differentiated services header value. The treatment is applied to the first packet. A return traffic packet is received. A differentiated services header value is written in the header of the return traffic packet.

Abstract: Techniques for latency-based policy activation are disclosed. In some embodiments, a system for latency-based policy activation includes collecting a plurality of latency measures associated with monitored network communications; correlating the plurality of latency measures associated with the monitored network communications to detect anomalous network activity based on a profile; and performing a mitigation response to the anomalous network activity based on a policy.