Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.

Abstract: Anonymous containers are discussed herein. An operating system running on a computing device, also referred to herein as a host operating system running on a host device, prevents an application from accessing personal information (e.g., user information or corporate information) by activating an anonymous container that is isolated from the host operating system. In order to create and activate the anonymous container, a container manager anonymizes the configuration and settings data of the host operating system, and injects the anonymous configuration and settings data into the anonymous container. Such anonymous configuration and settings data may include, by way of example and not limitation, application data, machine configuration data, and user settings data. The host operating system then allows the application to run in the anonymous container.

Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: Anonymous containers are discussed herein. An operating system running on a computing device, also referred to herein as a host operating system running on a host device, prevents an application from accessing personal information (e.g., user information or corporate information) by activating an anonymous container that is isolated from the host operating system. In order to create and activate the anonymous container, a container manager anonymizes the configuration and settings data of the host operating system, and injects the anonymous configuration and settings data into the anonymous container. Such anonymous configuration and settings data may include, by way of example and not limitation, application data, machine configuration data, and user settings data. The host operating system then allows the application to run in the anonymous container.

Abstract: Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.

Abstract: Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.

Abstract: In a network virtualization system, metadata is passed in an encapsulation header from one network virtualization edge to another network virtualization edge or to a service connected to a network virtualization edge. The metadata may carry packet processing instructions, diagnostic information, hop-specific information, or a packet identifier. Using the metadata information in the packet header, the datacenter network may provide services such as remote segmentation offload, small packet coalescing, transparent packet compression, and end-to-end packet tracing.

Abstract: Reliable address discovery cache techniques are described. In an implementation, a reliable communication channel is established for control messages related to address resolution in a network. The communication channel is employed for communication of messages for internet protocol (IP) address acquisition, release, and mapping staleness between clients (e.g., nodes or endpoints) in the network and a cache manager component configured to maintain and update an address map for the clients. The cache manager component may also be configured to send directed messages via the communication channel to propagate changes in the mapping to the clients. Further, clients may provide explicit notifications regarding address release and staleness to the cache manager component to facilitate updating of the address map. In this way, a reliable and up-to-date address map is maintained and the amount of broadcast discovery messages and bandwidth consumed overall for address discovery operations may be reduced.

Abstract: A policy server program evaluates one or more policy statements based on the group or groups to which a user belongs as well as other conditions. Each policy statement expresses an implementation of the access policy of the network, and is associated with a profile. The profile contains one or more actions that are to be applied to the user. The policy server program determines the identity of the group or groups to which the user belongs by referencing one or more group attributes contained in a user object which is located in a directory on the network. The user object and its group parameters are established when the user is added to the directory, while a policy statement for a group can be created at any time.

Abstract: A policy server program evaluates one or more policy statements based on the group or groups to which a user belongs as well as other conditions. Each policy statement expresses an implementation of the access policy of the network, and is associated with a profile. The profile contains one or more actions that are to be applied to the user. The policy server program determines the identity of the group or groups to which the user belongs by referencing one or more group attributes contained in a user object which is located in a directory on the network. The user object and its group parameters are established when the user is added to the directory, while a policy statement for a group can be created at any time.