Abstract: Methods, apparatuses, and computer programs products for connection parameter awareness in an authenticated link-layer network session are disclosed. A client sends, to a network access server (NAS), an initiation packet announcing the initiation of an authentication session. The client establishes an authenticated link-layer session with the NAS. The client receives, from the NAS, a network policy packet including a network policy defined by one or more connection parameters for the link-layer session. The client then enforces the network policy.

Abstract: A processor may perform hypervisor operations including managing a virtual machine (VM), wherein the VM supports operation of a guest operating system and an application, managing a virtual trusted platform module (TPM), attaching the virtual TPM to the VM, and causing the virtual TPM to provide a session key to the application and a cloud storage application that controls data storage on one or more physical data storage device. A separate processor may perform cloud storage operations including receiving a session key from a virtual TPM and receiving first encrypted data from an application running in a VM. The operations may further include decrypting the first encrypted data using the session key, performing data reduction operations on the decrypted data to obtain compressed data, encrypting the compressed data using a storage encryption key to obtain second encrypted data, and causing the second encrypted data to be stored in data storage.

Abstract: Methods, apparatuses, and computer program products for telemetry-based network switch configuration validation are disclosed. An analytics engine captures a first network snapshot including telemetry data received from one or more network switches in a first state. Upon receiving a notice indicating that a network configuration change has been applied, the analytics engine initiates a timer in response to receiving the notice. The analytics engine captures, in response to expiration of the timer, a second network snapshot including telemetry data received from the one or more network switches in a second state and compares the first network snapshot and the second network snapshot. In dependence upon the comparison of the first network snapshot to the second network snapshot, the analytics engine validates the network configuration change.

Abstract: Methods, apparatuses, and computer program products for edge device assisted mitigation of publish-subscribe denial of service (DoS) attacks are disclosed. An edge device hosts a virtualized copy of an Internet-of-Things (IoT) device subscribed to one or more publish-subscribe topics. When the edge device receives an indication to activate the virtualized copy of the IoT device, for example, during a DoS attack on the IoT device, the edge device activates the virtualized copy of the IoT device, which receives traffic from the publish-subscribe topic. The virtualized copy of the IoT device applies security policies to incoming traffic received from the subscription topics and transmits to the IoT device sanitized traffic obtained from the received incoming subscription content traffic.

Abstract: Methods, apparatuses, and computer programs products for connection parameter awareness in an authenticated link-layer network session are disclosed. A client sends, to a network access server (NAS), an initiation packet announcing the initiation of an authentication session. The client establishes an authenticated link-layer session with the NAS. The client receives, from the NAS, a network policy packet including a network policy defined by one or more connection parameters for the link-layer session. The client then enforces the network policy.

Abstract: Methods, apparatuses, and computer program products for fast resumption of dormant sessions on a client device are disclosed. A client device receives a push notification from a push notification server, the push notification having a payload that includes a datagram packet from an application server that initiated the push notification. A push notification process on the client device extracts the datagram packet from the push notification and injects the datagram packet into a communications protocol stack for at least one application on the client device. The application is awakened from a dormant state and reads the datagram packet. The application may then send a response to the datagram packet to the application server.

Abstract: An apparatus for load balancing based on available bandwidth estimation includes a bandwidth module configured to determine for a networking device a first available bandwidth estimate for a first egress port and a second available bandwidth estimate for a second egress port, a load balancing module configured to select the first egress port as a selected port in response to determining that the first available bandwidth estimate of the first egress port exceeds a predetermined level and to select the second egress port as the selected port in response to determining that the available bandwidth estimate of the first egress port does not exceed the predetermined level and that the second available bandwidth estimate of the second egress port exceeds the predetermined level, and a transmission module configured to transmit a packet from the selected port. A method and network switching device work similarly to the apparatus.

Abstract: An apparatus for load balancing based on available bandwidth estimation includes a bandwidth module configured to determine for a networking device a first available bandwidth estimate for a first egress port and a second available bandwidth estimate for a second egress port, a load balancing module configured to select the first egress port as a selected port in response to determining that the first available bandwidth estimate of the first egress port exceeds a predetermined level and to select the second egress port as the selected port in response to determining that the available bandwidth estimate of the first egress port does not exceed the predetermined level and that the second available bandwidth estimate of the second egress port exceeds the predetermined level, and a transmission module configured to transmit a packet from the selected port. A method and network switching device work similarly to the apparatus.

Abstract: Hardware of a network switching device supports quantized congestion notification (QCN) to notify senders of network packets received at the network switching device that the network switching device is experiencing congestion. The hardware is instead programmed to notify a processor of the network switching device of the congestion at an egress queue of the network switching device. The processor receives a congestion notification message (CNM) from the hardware that the hardware has detected the congestion at the egress queue. Responsive to receiving the CNM from the hardware, the processor detects a microburst of the network packets at the egress queue of the network switching device.

Abstract: Each switch in a network maintains a forwarding database table in which each record identifies a media access control (MAC) address, a port identifier, and a source identifier. A frame is received from a first network device at a first port of a first switch, wherein the frame includes a MAC address of the first network device. The first switch prepares a synchronization packet including the MAC address, a port identifier identifying the first port, a source identifier identifying the first switch and an instruction, in response to determining that the MAC address is not associated with the first switch in the first forwarding database table. The synchronization packet is sent to each other switch, and the forwarding database tables of the other switches are modified to implement the instruction.

Abstract: Hardware of a network switching device supports quantized congestion notification (QCN) to notify senders of network packets received at the network switching device that the network switching device is experiencing congestion. The hardware is instead programmed to notify a processor of the network switching device of the congestion at an egress queue of the network switching device. The processor receives a congestion notification message (CNM) from the hardware that the hardware has detected the congestion at the egress queue. Responsive to receiving the CNM from the hardware, the processor detects a microburst of the network packets at the egress queue of the network switching device.

Abstract: Each switch in a network maintains a forwarding database table in which each record identifies a media access control (MAC) address, a port identifier, and a source identifier. A frame is received from a first network device at a first port of a first switch, wherein the frame includes a MAC address of the first network device. The first switch prepares a synchronization packet including the MAC address, a port identifier identifying the first port, a source identifier identifying the first switch and an instruction, in response to determining that the MAC address is not associated with the first switch in the first forwarding database table. The synchronization packet is sent to each other switch, and the forwarding database tables of the other switches are modified to implement the instruction.

Abstract: A method includes each switch in a network maintaining a forwarding database table in which each record identifies a media access control (MAC) address, a port identifier, and a source identifier. A frame is received from a first network device at a first port of a first switch, wherein the frame includes a MAC address of the first network device. The first switch prepares a synchronization packet including the MAC address, a port identifier identifying the first port, a source identifier identifying the first switch and an instruction, in response to determining that the MAC address is not associated with the first switch in the first forwarding database table. The synchronization packet is sent to each other switch, and the forwarding database tables of the other switches are modified to implement the instruction.

Abstract: A method allows each individual node in the multi-node computing system to detect the topology of the computing system. Each individual node detects its own connections with neighboring nodes directly connected to the individual node, and sends out a topology packet on all of its interfaces with a local topology change indicator that increments with each topology packet sent out. Each individual node stores their own topology table with an entry for each node from which it has received a topology packet, including the local topology change number which enables the node to determine whether a received topology packet is more recent than data already stored in the topology table. Each node updates its topology table with new topology data, forwards new topology data, and sends back acknowledgements to a source node only upon receiving acknowledgements from all other nodes.

Abstract: An apparatus, method, program product, and system are disclosed for seamless connection handshake for a reliable multicast session. A node module detects a new node attempting to join a multicast networking session. A handshake module generates a control packet comprising session initiation data for the new node. A packet module creates a combined data packet comprising the control packet and the multicast data packet and sends the combined data packet to the new node. The node module joins the new node to the ongoing multicast networking session without disturbing ongoing data transmissions during the multicast networking session.

Abstract: A method includes a local electronic device submitting a request to a service provider server for delivery of specific content to the local electronic device, the local electronic device receiving a reply from the service provider server identifying a plurality of content servers that can each deliver the requested content over a network, and the local electronic device determining local context parameters about its network connection with each of the identified content servers. The local electronic device may then select one of the content servers from which to receive the requested content, wherein the selected content server is associated with a local context parameter indicating that the local electronic device has a better network connection with the selected content server than with any of the other identified content servers. The local electronic device may then download the requested content from the selected content server.

Abstract: Networking systems and, more particularly, processes of limiting MAC address information in a forwarding table in data center networking systems are provided. The method includes limiting MAC address information in a forwarding table in leaf switches of a local area networking system by learning, for each of the leaf switches, only MAC addresses from directly connected hosts.

Abstract: A method allows each individual node in the multi-node computing system to detect the topology of the computing system. Each individual node detects its own connections with neighboring nodes directly connected to the individual node, and sends out a topology packet on all of its interfaces with a local topology change indicator that increments with each topology packet sent out. Each individual node stores their own topology table with an entry for each node from which it has received a topology packet, including the local topology change number which enables the node to determine whether a received topology packet is more recent than data already stored in the topology table. Each node updates its topology table with new topology data, forwards new topology data, and sends back acknowledgements to a source node only upon receiving acknowledgements from all other nodes.

Abstract: A system includes a multi-server chassis, a midplane within the chassis, and a switching device connected to the midplane. The switching device has serial communication lanes including a lane for each of multiple server bays within the chassis, and has a network communication port for connecting to an external network. The system further comprises servers, wherein each server is received in a server bay and has a serial communication interface connected to the midplane. The midplane includes serial communication pathways, wherein each serial communication pathway provides serial communication between the serial communication interface of one of the servers and one of the serial communication lanes of the switching device. The switching device converts messages to and from an external network so that a serial expansion bus standard is used over serial communication pathways in the midplane and a network communication standard is used over the external network.

Abstract: A method includes each switch in a network maintaining a forwarding database table in which each record identifies a media access control (MAC) address, a port identifier, and a source identifier. A frame is received from a first network device at a first port of a first switch, wherein the frame includes a MAC address of the first network device. The first switch prepares a synchronization packet including the MAC address, a port identifier identifying the first port, a source identifier identifying the first switch and an instruction, in response to determining that the MAC address is not associated with the first switch in the first forwarding database table. The synchronization packet is sent to each other switch, and the forwarding database tables of the other switches are modified to implement the instruction.