Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.

Abstract: One embodiment includes using a bridge device in support of a kernel bridge infrastructure. The kernel bridge infrastructure is modified using netfilter hooks to prevent forwarding of broadcast packets between bridge ports and to set a source media access control (MAC) address of an egress packet to a corresponding MAC address of a virtual network interface card (vNIC).

Abstract: In one embodiment, an apparatus includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to receive one or more packets to be switched to a next hop, the one or more packets indicating a destination address and a first virtual network identifier (VNID). The logic is also configured to cause the processor to send a query to a controller in order to determine a service chain for the one or more packets, the query including the first VNID and the destination address. Moreover, the logic is configured to cause the processor to receive a response that includes the next hop and a next routed hop for the one or more packets. Other systems, methods, and computer program products are described in accordance with more embodiments.

Abstract: Embodiments of the invention relate to providing acceleration for traffic migration for virtual machine (VM) migration in overlay networks. One embodiment includes a method that includes migrating of a VM from a first hypervisor to a second hypervisor. The first hypervisor detects incoming encapsulated traffic sent from a third hypervisor that is targeted for the VM. The first hypervisor indicates to a service of incorrect information in the incoming encapsulated traffic for the VM. The third hypervisor is notified with updated information for the VM.

Abstract: A system to deliver an application, hosted by a private application provider, over a network to a user device comprising: an application delivery system that includes, a frontend network interface that includes at least one first traffic director (FTD) instance; a network security interface that includes a plurality of traffic processing server (TPS) instances; a backend network interface that includes at least one backend traffic director (BTD) instance; and at least one agent that is associated with the application and that is disposed within the private application provider system; wherein a federated TLS ticket is used to filter TLS connection requests received by an FTD instance; and wherein a TLS extension is used to filter TLS connection requests received by a BTD instance

Abstract: A method includes receiving a first packet having a first virtual local area network (VLAN) identifier (ID) directly from a first virtual switch using a first physical overlay switch located at an edge of an internet protocol (IP) network, encapsulating the first packet with an overlay header and tunneling the first encapsulated packet via Layer-3 operations across the IP network to a second physical overlay switch in response to a determination that a source of the packet is physically separated from a destination of the packet by the IP network, receiving a second encapsulated packet having a second overlay header from the second physical overlay switch, de-encapsulating the second encapsulated packet to create a second packet having a second VLAN ID, and sending the second packet having the second VLAN ID directly to the first virtual switch operating in the first hypervisor domain.

Abstract: Embodiments of the invention relate to providing network independent network interfaces. One embodiment includes a networking system. The networking system includes a physical networking device connected to one or more underlying networks. A primary switch and a secondary switch are each connected to the physical networking device. A connectivity module creates a root interface for a first device. Virtual network interface cards (vNICs) are added to the root interface by the connectivity module. The root interface is a single access point for accessing the underlying networks. The first device is a virtual machine (VM) or a server with more than one network interface.

Abstract: Embodiments of the invention relate to providing network independent network interfaces. One embodiment includes creating a root interface in a first device in a network system. Virtual network interface cards (vNICs) are added to the root interface. The first device executes network services on the root interface. The root interface is a single access point for accessing a plurality of underlying networks.

Abstract: In one embodiment, an apparatus includes a processor and logic configured to designate one of a plurality of endpoint virtual network identifiers (EPVNIDs) for each endpoint device in a network, wherein each EPVNID is configured to be shared by one or more endpoint devices, designate a common waypoint virtual network identifier (WPVNID) for all transparent waypoint devices in the network which perform a same function, designate a unique WPVNID for each routed waypoint device in the network, designate a common virtual network identifier (VNID) for all virtual switches in a single virtual network, wherein a different VNID is designated for each virtual network, and create a service chain table comprising each VNID, WPVNID, and EPVNID designated in the network individually correlated with at least a pair of VNIDs: a source VNID and a destination VNID, based on one or more policies affecting application of services to packets in the network.

Abstract: A data handling network includes a management system and a plurality of devices in communication with the management system. Each device may operate under various configurations. The management system includes a configuration version table that includes a device identifier and an intended configuration version number. A configuration manager within a device queries the management system with a query that includes a device identifier and a current device operating configuration version number. The management system may interrogate the configuration version table to determine if the current device operating configuration version number is similar to the intended configuration version number.

Abstract: A system to deliver an application, hosted by a private application provider, over a network to a user device comprising: an application delivery system that includes, a frontend network interface that includes at least one first traffic director (FTD) instance; a network security interface that includes a plurality of traffic processing server (TPS) instances; a backend network interface that includes at least one backend traffic director (BTD) instance; and at least one agent that is associated with the application and that is disposed within the private application provider system; wherein a federated TLS ticket is used to filter TLS connection requests received by an FTD instance; and wherein a TLS extension is used to filter TLS connection requests received by a BTD instance

Abstract: A method includes encapsulating, by a first virtual switch, a packet from a first virtual machine (VM) into a tunneled packet by appending the packet with a tunnel header that is addressed for a second virtual switch, wherein the packet includes a first destination address for a virtual default gateway. The first virtual switch forwards an inner packet of the encapsulated packet to a second VM. The first virtual switch acts as a virtual default gateway based on replacement of a first destination address for the virtual default gateway with a second destination address for the second VM.

Abstract: Embodiments of the invention relate to providing default gateway virtualization in a distributed overlay virtual environment. One embodiment includes a method that includes creating a packet by a first virtual machine (VM) including a first destination address. The packet is received from the first VM by a first virtual switch. A second destination address for a second VM is obtained by the first virtual switch based on information in the packet. The first destination address in the packet is replaced with the second destination address. The packet is encapsulated using a header that is addressed for a second virtual switch.

Abstract: A method includes receiving a first packet having a first virtual local area network (VLAN) identifier (ID) directly from a first virtual switch using a first physical overlay switch located at an edge of an internet protocol (IP) network, encapsulating the first packet with an overlay header and tunneling the first encapsulated packet via Layer-3 operations across the IP network to a second physical overlay switch in response to a determination that a source of the packet is physically separated from a destination of the packet by the IP network, receiving a second encapsulated packet having a second overlay header from the second physical overlay switch, de-encapsulating the second encapsulated packet to create a second packet having a second VLAN ID, and sending the second packet having the second VLAN ID directly to the first virtual switch operating in the first hypervisor domain.

Abstract: A method includes receiving a packet having a VLAN ID at a first physical overlay switch located at an edge of an IP network, encapsulating the packet with an overlay header, and tunneling the encapsulated packet to a second physical overlay switch via IP network.

Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.

Abstract: In one embodiment, an apparatus includes a processor and logic configured to designate one of a plurality of endpoint virtual network identifiers (EPVNIDs) for each endpoint device in a network, wherein each EPVNID is configured to be shared by one or more endpoint devices, designate a common waypoint virtual network identifier (WPVNID) for all transparent waypoint devices in the network which perform a same function, designate a unique WPVNID for each routed waypoint device in the network, designate a common virtual network identifier (VNID) for all virtual switches in a single virtual network, wherein a different VNID is designated for each virtual network, and create a service chain table comprising each VNID, WPVNID, and EPVNID designated in the network individually correlated with at least a pair of VNIDs: a source VNID and a destination VNID, based on one or more policies affecting application of services to packets in the network.

Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.

Abstract: A network fabric includes interconnected network nodes, each having access to a database containing predetermined paths from each network node to each other network node in the network fabric. Each network node determines, in response to an incoming frame, whether the frame is a fabric protocol data unit (PDU) having a header containing path attributes including a destination node address. If the frame is a fabric PDU, the node selects a first path to the destination node from the database, and forwards the fabric PDU to a next hop in accordance with the selected path. If the frame is not a fabric PDU, the node selects a second path through the network fabric to the destination node from the database, adds the header with the path attributes to the frame to produce the fabric PDU, and forwards the fabric PDU to the next hop in accordance with the second path.

Abstract: In one embodiment, a system includes a server running a virtualization platform, the virtualization platform including logic adapted for creating one or more virtual machines (VMs) and logic adapted for managing a virtual switch (vSwitch), a controller in communication with the server, the controller including logic adapted for assigning a media access control (MAC) address and a virtual local area network (VLAN) identifier (ID) to each of the one or more VMs, wherein a specific tenant to which the one or more VMs belongs is indicated using a tenant ID derived from the VLAN ID, the MAC address, or a combination thereof. Other systems, methods, and computer program products are also described according to more embodiments.