Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, a service node generates a discover message including a discovery field. The discovery field indicates an identifier of the service node. The service node further transmits the discovery message to an intermediary node.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, a service node generates a discover message including a discovery field. The discovery field indicates an identifier of the service node. The service node further transmits the discovery message to an intermediary node.

Abstract: This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, an intermediary node receives a Link Layer Discovery Protocol (LLDP) message from a first node. The LLDP message includes a discovery Type-Length-Value (TLV) that indicates a location of a service node in the network. The method further includes forwarding the LLDP message to a second node.

Abstract: This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, an intermediary node receives a Link Layer Discovery Protocol (LLDP) message from a first node. The LLDP message includes a discovery Type-Length-Value (TLV) that indicates a location of a service node in the network. The method further includes forwarding the LLDP message to a second node.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: An example method for network-assisted configuration and programming of gateways in a network environment is provided and includes registering a non-Virtual eXtensible Local Area Network (VXLAN) device with a central controller, for example, by generating registration information associating the non-VXLAN device with a virtual local area network (VLAN) in a network environment, receiving a communication request from a VXLAN enabled device to communicate with the non-VXLAN device, mapping, based on the registration information, a VXLAN segment corresponding to the VXLAN enabled device with the VLAN associated with the non-VXLAN device, and configuring a gateway with the mapping through a suitable application programming interface exposed at the gateway.

Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.

Abstract: An example method for performance enhancement in a heterogeneous network environment with multipath transport protocols is provided and includes receiving packets according to Transmission Control Protocol (TCP packets) and packets according to multipath TCP (MPTCP packets) in a network environment, determining that TCP packets are experiencing congestion in comparison to the MPTCP packets, and delaying acknowledgement packets (MPTCP ACK packets) corresponding to the MPTCP packets for a pre-determined time interval. In a specific embodiment, a local MPTCP proxy intercepts the TCP packets and forwards underlying data of the TCP packets according to MPTCP.

Abstract: An example method for performance enhancement in a heterogeneous network environment with multipath transport protocols is provided and includes receiving packets according to Transmission Control Protocol (TCP packets) and packets according to multipath TCP (MPTCP packets) in a network environment, determining that TCP packets are experiencing congestion in comparison to the MPTCP packets, and delaying acknowledgement packets (MPTCP ACK packets) corresponding to the MPTCP packets for a pre-determined time interval. In a specific embodiment, a local MPTCP proxy intercepts the TCP packets and forwards underlying data of the TCP packets according to MPTCP.

Abstract: An example method for assigning location identifiers (IDs) to nodes in a distributed computer cluster network environment is provided and includes receiving notification of attachment of a compute node to a Top-of-Rack (ToR) switch in the distributed computer cluster network environment, retrieving compute node information from an inventory database in the ToR switch, calculating a location ID of the compute node as a function of at least a portion of the compute node information, and communicating the location ID from the ToR switch to the compute node. The location ID indicates an Open Systems Interconnection (OSI) model Layer 7 logical group associated with an OSI model Layer 1 physical location of the compute node in the distributed computer cluster network environment.

Abstract: An example method for co-operative load sharing and redundancy in distributed service chains is provided and includes deriving a service chain comprising a plurality of services in a distributed virtual switch (DVS) network environment, where a first service node provides a first portion of a specific service in the plurality of services to a packet traversing the network, and a second service node provides a second portion of the specific service to the packet, and configuring service forwarding tables at virtual Ethernet Modules associated with respective service nodes in the service chain. In a specific embodiment, the first service node and the second service node provide substantially identical service functions to the packet, wherein the specific service comprises the service functions. In various embodiments, each service node tags each packet to indicate a service completion history of service functions performed on the packet at the service node.

Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.

Abstract: An example method for network-assisted configuration and programming of gateways in a network environment is provided and includes registering a non-Virtual eXtensible Local Area Network (VXLAN) device with a central controller, for example, by generating registration information associating the non-VXLAN device with a virtual local area network (VLAN) in a network environment, receiving a communication request from a VXLAN enabled device to communicate with the non-VXLAN device, mapping, based on the registration information, a VXLAN segment corresponding to the VXLAN enabled device with the VLAN associated with the non-VXLAN device, and configuring a gateway with the mapping through a suitable application programming interface exposed at the gateway.

Abstract: An example method for assigning location identifiers (IDs) to nodes in a distributed computer cluster network environment is provided and includes receiving notification of attachment of a compute node to a Top-of-Rack (ToR) switch in the distributed computer cluster network environment, retrieving compute node information from an inventory database in the ToR switch, calculating a location ID of the compute node as a function of at least a portion of the compute node information, and communicating the location ID from the ToR switch to the compute node. The location ID indicates an Open Systems Interconnection (OSI) model Layer 7 logical group associated with an OSI model Layer 1 physical location of the compute node in the distributed computer cluster network environment.