Abstract: Systems, methods, network devices, and machine-readable media disclosed herein include executing a secure algorithm for computing on a plurality of machines in a cluster by receiving a large input message and dividing the large input message into a plurality of initial input messages, computing an encryption of initial input messages, and evaluating a cluster computing circuit using a homomorphic encryption scheme.

Abstract: In one embodiment, a method by an edge router configured to operate at a first site of a software-defined wide-area network includes receiving a data packet from a first host located in the first site, where the data packet is destined to a second host located in a second site, determining that an identifier of a second group to which the second host belongs is not available at the edge router, sending a request for an identifier of the second group to a network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

Abstract: In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identifier of a second group to which the second host belongs is not available at the first network apparatus, sending a request for an identifier of the second group to a second network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

Abstract: In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identifier of a second group to which the second host belongs is not available at the first network apparatus, sending a request for an identifier of the second group to a second network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

Abstract: In one embodiment, a network controller identifies a first sign of life for an edge device in a communication network (e.g., when the network controller receives an encapsulated workflow request for the edge device over a control plane of the communication network). The network controller further imports the encapsulated workflow request from the edge device over the control plane, determines configuration parameters for a tenant and a tenant network from the encapsulated workflow request, and transmits the configuration parameters to the edge device to provision the edge device for the tenant according to the configuration parameters.

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract: In one embodiment, a network controller identifies a first sign of life for an edge device in a communication network (e.g., when the network controller receives an encapsulated workflow request for the edge device over a control plane of the communication network). The network controller further imports the encapsulated workflow request from the edge device over the control plane, determines configuration parameters for a tenant and a tenant network from the encapsulated workflow request, and transmits the configuration parameters to the edge device to provision the edge device for the tenant according to the configuration parameters.

Abstract: In one embodiment, a network controller identifies a first sign of life for an edge device in a communication network (e.g., when the network controller receives an encapsulated workflow request for the edge device over a control plane of the communication network). The network controller further imports the encapsulated workflow request from the edge device over the control plane, determines configuration parameters for a tenant and a tenant network from the encapsulated workflow request, and transmits the configuration parameters to the edge device to provision the edge device for the tenant according to the configuration parameters.

Abstract: In one embodiment, a network controller identifies a first sign of life for an edge device in a communication network (e.g., when the network controller receives an encapsulated workflow request for the edge device over a control plane of the communication network). The network controller further imports the encapsulated workflow request from the edge device over the control plane, determines configuration parameters for a tenant and a tenant network from the encapsulated workflow request, and transmits the configuration parameters to the edge device to provision the edge device for the tenant according to the configuration parameters.

Abstract: Systems, methods, and computer-readable media for an intelligent load balancer. In some embodiments, a system can analyze activity data for egress links associated with a network. The system can also receive a service request originating from a remote device. Next, the system can select a server in the network for receiving the service request. Based on the activity data, the system can also select an egress link from the egress links for communicating data associated with the service request from the network to a remote destination location, such as the remote device. The system can then send a signal to the selected server which can include the service request and an indication of the egress link to be used for the data associated with the service request. The system can also later change the selected egress link for the service request if the system subsequently identifies a better egress link.

Abstract: In one embodiment, a method includes storing a service topology route at a network device interconnecting at least two zones comprising a plurality of hosts, and propagating the service topology route to create a service chain comprising a service node in communication with the network device. The service topology route creates a forwarding state at network devices in the service chain for use in inter-zone routing in a virtual private network. An apparatus and logic are also disclosed herein.

Abstract: A plurality of network nodes are deployed in a network, each network node configured to apply a service function to traffic that passes through the respective network nodes. A controller generates information for a service chain that involves application to traffic of one or more service functions at corresponding ones of the plurality of network nodes along a forward path through the one or more network nodes. The controller identifies one or more of the service functions within the service chain that is stateful. When one or more of the service functions of the service chain is stateful, the controller generates information for a reverse path through the one or more service nodes for the one or more stateful service functions. The controller binds a forward chain identifier for the forward path with a reverse chain identifier for the reverse path for the service chain.

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract: A plurality of network nodes are deployed in a network, each network node configured to apply a service function to traffic that passes through the respective network nodes. A controller generates information for a service chain that involves application to traffic of one or more service functions at corresponding ones of the plurality of network nodes along a forward path through the one or more network nodes. The controller identifies one or more of the service functions within the service chain that is stateful. When one or more of the service functions of the service chain is stateful, the controller generates information for a reverse path through the one or more service nodes for the one or more stateful service functions. The controller binds a forward chain identifier for the forward path with a reverse chain identifier for the reverse path for the service chain.

Abstract: In one embodiment, a method includes storing a service topology route at a network device interconnecting at least two zones comprising a plurality of hosts, and propagating the service topology route to create a service chain comprising a service node in communication with the network device. The service topology route creates a forwarding state at network devices in the service chain for use in inter-zone routing in a virtual private network. An apparatus and logic are also disclosed herein.

Abstract: In an embodiment, a method comprises receiving, at an analytics engine, from a separate analytics application, an analytics query for data that is potentially available in data streams of networked computing devices; sending, to a distributed network analytics controller, sub-queries based on the analytics query; determining distributed network analytics agents capable of executing each of the sub-queries; sending instructions to the agents to initiate the sub-queries for the data at specified locations; initiating execution of the sub-queries on data streams that are locally available at one of the networked computing devices at which the agents are running; forming summarized data streams and zero or more raw data streams at the networked computing devices having the analytics agents; sending the summarized data streams and the zero or more raw data streams to the analytics engine; wherein the method is performed by computing device(s).

Abstract: In an embodiment, a method comprises: determining that a session restart on a restarting node has been initiated; in response to determining that the restarting node has preserved a last acknowledged version of routing information received from a peer node, and determining that the restarting node has preserved a routing state corresponding to the last acknowledged version of routing information, transmitting to the peer node a message indicating that the last acknowledged version of routing information and the routing state have been preserved at the restarting node; wherein the method is performed by one or more computing devices.

Abstract: A crib mattress caddy includes at least two top mounting straps and at least two bottom mounting straps. The caddy also includes front and back brackets each including an inner surface for interfacing with a mattress. A primary tilting strap and a primary lifting strap are also included. The inner surfaces of the front and back brackets interface with a mattress. The top and bottom mounting straps are both attached to the front and back brackets. The primary tilting strap is attached to the front bracket. The primary lifting strap is attached to the back bracket.