Abstract: In an example, there is disclosed a network apparatus for providing native load balancing within a switch or router, including a first network interface operable to communicatively couple to a first network; a plurality of second network interfaces operable to communicatively couple to a second network; one or more logic elements comprising a switching engine operable for providing network switching or routing; and one or more logic elements forming a load balancing engine operable for receiving incoming network traffic via the first network, the incoming traffic having a destination internet protocol address (IP) corresponding to a virtual IP (VIP) designated for load balancing; assigning the incoming traffic to a traffic bucket associated with the second network; and logging the assigning; wherein the switching engine and load balancing engine are configured to be provided on the same hardware as each other and as the first network interface and plurality of second network interface.

Abstract: A method including: in a network element that includes one or more hardware memory resources of fixed storage capacity for storing data used to configure a plurality of networking features of the network element and a utilization management process running on the network element, the utilization management process performing operations including: obtaining a plurality of entries of the one or more hardware memory resources representing utilization of the one or more hardware memory resources by network traffic passing through the network element; sorting the plurality of entries of the one or more hardware memory resources by statistics associated with the network traffic passing through the network element to produce sorted entries; and sending the extracted to a network management application for display is disclosed. An apparatus and one or more non-transitory computer readable storage media to execute the method are also provided.

Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.

Abstract: A method including: in a network element that includes one or more hardware memory resources of fixed storage capacity for storing data used to configure a plurality of networking features of the network element and a utilization management process running on the network element, the utilization management process performing operations including: obtaining a plurality of entries of the one or more hardware memory resources representing utilization of the one or more hardware memory resources by network traffic passing through the network element; sorting the plurality of entries of the one or more hardware memory resources by statistics associated with the network traffic passing through the network element to produce sorted entries; and sending the extracted to a network management application for display is disclosed. An apparatus and one or more non-transitory computer readable storage media to execute the method are also provided.

Abstract: An example method is provided and includes configuring a service on a network element; associating a directly connected port with the service to create a port channel between the network element and a directly connected service appliance, the port channel comprising a plurality of member ports; performing an auto-discovery process for each of the member ports; and, upon successful completion of the performing, indicating on the network element that the service appliance is operational. In certain embodiments, the network element includes an intelligent service card manager module (“ISCM”) that forms part of a Remote Integrated Service Engine (“RISE”) element with a corresponding intelligent service card client module (“ISCC”) installed on the service appliance. The method may further include, upon unsuccessful completion of the auto-discovery process, repeating the auto-discovery process.

Abstract: Embodiments include receiving configuration information including a match criterion for packets received at a network device in a network and a pool of layer 3 addresses associated with a set of servers in the network, resolving layer 2 destination addresses based on the layer 3 addresses of the servers, and programming a hardware layer of the network device based, at least in part, on the match criterion, the pool of layer 3 addresses, and the layer 2 destination addresses. Specific embodiments include configuring a policy to indicate that packets from an external source are to be forwarded to a server of the set of servers. Further embodiments include receiving a packet at the network device, and matching the packet to the pool of layer 3 addresses and the resolved layer 2 addresses based, at least in part, on the match criterion programmed in the hardware layer.

Abstract: In an example, a network switch is configured to operate natively as a load balancer. The switch receives incoming traffic on a first interface communicatively coupled to a first network, and assigns the traffic to one of a plurality of traffic buckets. This may include looking up a destination IP of an incoming packet in a fast memory such as a ternary content-addressable memory (TCAM) to determine whether the packet is directed to a virtual IP (VIP) address that is to be load balanced. If so, part of the source destination IP address may be used as a search tag in the TCAM to assign the incoming packet to a traffic bucket or IP address of a service node.

Abstract: In an example, there is disclosed an example of a system and method for plug and play in a controller based network. Aspects of the embodiments are directed to a network switch of a fabric network, the network switch configured to detect a connection of a device to the network switch, the device compliant with a remote integrated services engine (RISE) protocol; receive, from the device, a programming instruction for switching compliant with the RISE protocol; and distribute the programming instruction to one or more other network switches of the fabric network.

Abstract: In an example, there is disclosed a network apparatus, comprising: one or more logic elements, including at least one hardware logic element, to provide a network manager engine to: provide a switched fabric management function; communicatively couple to at least one network switch, the network switch configured to provide optional native hardware-based load balancing; monitor one or more load balancing factors; and at least partly responsive to the one or more load balancing factors, configure native hardware-based load balancing on the at least one network switch.

Abstract: A network apparatus for providing native load balancing, having: a first network interface to communicatively couple to a first network; a plurality of second network interfaces to communicatively couple to a second network; one or more logic elements providing a switching engine to provide network switching or routing; and one or more logic elements, including at least one hardware logic element, providing a load balancing engine to: load balance network traffic among a plurality of service nodes; probe a first service node with a first probe; and probe a second service node with a second probe, the second probe different in kind from the first probe.

Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.

Abstract: In one embodiment, load balancing criteria and an indication of a plurality of network nodes is received. A plurality of forwarding entries are created based on the load balancing criteria and the indication of the plurality of nodes. A content addressable memory of a network element is programmed with the plurality of forwarding entries. The network element selectively load balances network traffic by applying the plurality of forwarding entries to the network traffic, wherein network traffic meeting the load balancing criteria is load balanced among the plurality of network nodes.

Abstract: In an example, a system and method for data plane integration is described. Aspects of the embodiments are directed to a service application connected to a switch of a network fabric and a method of data plane integration performed at a service appliance, the service appliance providing firewall functionality. The service appliance can receive a data packet from a network location; determine a flow owner of the data packet based on a hashing table; and transmit the data packet based on the determined flow owner of the data packet.

Abstract: In one embodiment, a network device is provided that comprises a plurality of ports at which network packets are received at the network device and sent from the network device. At least hardware module includes one or more memories that store entries for one or more networking features to be performed to direct network packets with respect to the plurality of ports. A processor is coupled to the at least one hardware module and configured to communicate with the at least one hardware module to store in the one or more memories attributes for one or more access control lists and associated actions that cause network packets which are received that match the attributes for the one or more access control lists, to be directed in a service chain that includes one or more network processing appliances connected to one or more of the plurality of ports.

Abstract: In an example, a network switch is configured to operate natively as a load balancer. The switch receives incoming traffic on a first interface communicatively coupled to a first network, and assigns the traffic to one of a plurality of traffic buckets. This may include looking up a destination IP of an incoming packet in a fast memory such as a ternary content-addressable memory (TCAM) to determine whether the packet is directed to a virtual IP (VIP) address that is to be load balanced. If so, part of the source destination IP address may be used as a search tag in the TCAM to assign the incoming packet to a traffic bucket or IP address of a service node.

Abstract: In an example, there is provided a network apparatus for providing native load balancing within a switch, including a first network interface operable to communicatively couple to a first network; a plurality of second network interfaces operable to communicatively couple to a second network, the second network comprising a service pool of service nodes; one or more logic elements providing a switching engine operable for providing network switching; and one or more logic elements comprising a load balancing engine operable for: load balancing incoming network traffic to the service pool via native hardware according to a load balancing configuration; detecting a new service node added to the service pool; and adjusting the load balancing configuration to account for the new service node; wherein the switching engine and load balancing engine are configured to be provided on the same hardware as each other and as the first network interface and plurality of second network interfaces.

Abstract: In an example, a network switch is configured to natively act as a high-speed load balancer. Numerous load-balancing techniques may be used, including one that bases the traffic “bucket” on a source IP address of an incoming packet. This particular technique provides a network administrator a powerful tool for shaping network traffic. For example, by assigning certain classes of computers on the network particular IP addresses, the network administrator can ensure that the traffic is load balanced in a desirable fashion. To further increase flexibility, the network administrator may apply a bit mask to the IP address, and expose only a portion, selected from a desired octet of the address.

Abstract: In one embodiment, load balancing criteria and an indication of a plurality of network nodes is received. A plurality of forwarding entries are created based on the load balancing criteria and the indication of the plurality of nodes. A content addressable memory of a network element is programmed with the plurality of forwarding entries. The network element selectively load balances network traffic by applying the plurality of forwarding entries to the network traffic, wherein network traffic meeting the load balancing criteria is load balanced among the plurality of network nodes.

Abstract: In an example, a network switch is configured to natively act as a high-speed load balancer. Numerous load-balancing techniques may be used, including one that bases the traffic “bucket” on a source IP address of an incoming packet. This particular technique provides a network administrator a powerful tool for shaping network traffic. For example, by assigning certain classes of computers on the network particular IP addresses, the network administrator can ensure that the traffic is load balanced in a desirable fashion. To further increase flexibility, the network administrator may apply a bit mask to the IP address, and expose only a portion, selected from a desired octet of the address.

Abstract: In accordance with one example embodiment, a system configured for providing multifunctional switching is disclosed. The system is configured for filtering at least some incoming traffic to select network packets originating from one or more predefined sources and destined to a predefined destination, load balancing at least some of the selected network packets among a plurality of server nodes to assign each network packet to one server node of the plurality of server nodes, for each network packet assigned to one server node of the plurality of server nodes replacing a destination address of the predefined destination with a destination address of the assigned server node, and forwarding the each network packet assigned to one server node in accordance with the replaced destination address in the network packet.