Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.

Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.

Abstract: Various implementations include conversation assistance audio devices with settings that are adjustable based upon user feedback. In some cases, the conversation assistance audio device is configured to use a set of simulated audio environments to personalize audio settings for a user. In other cases, the conversation assistance audio device is configured to iteratively adjust audio settings from a baseline set of audio settings in response to user commands.

Abstract: A method of transferring data between local and remote computing systems includes the step of transferring data between the local and remote computing systems via a local buffer in the local computing system and a series of steps carried out during transferring of data from the local to the remote computing system. The steps include receiving a statistic from the remote computing system, computing an average transfer rate of the data transfer between the local and remote computing systems based on the statistic, determining whether or not a throttle condition is in effect based on the computed average transfer rate, and upon determining that the throttle condition is in effect, throttling the transferring of data into the local buffer.

Abstract: Various implementations include approaches for demonstrating wearable audio device capabilities. In particular aspects, a computer-implemented method of demonstrating a feature of a wearable audio device includes: receiving a command to initiate an audio demonstration mode at a demonstration device; initiating binaural playback of a demonstration audio file at wearable playback device being worn by a user and initiating playback of a corresponding demonstration video file at a video interface coupled with the demonstration device; receiving a user command to adjust a demonstration setting at the demonstration device to emulate adjustment of a corresponding setting on the wearable audio device; and adjusting the binaural playback at the wearable playback device based upon the user command.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.

Abstract: An approach is disclosed for steering network traffic away from congestion hot-spots to achieve better throughput and latency. In one embodiment, multiple Foo-over-UDP (FOU) tunnels, each having a distinct source port, are created between two endpoints. As a result of the distinct source ports, routers that compute hashes of packet fields in order to distribute traffic flows across network paths will compute distinct hash values for the FOU tunnels that may be associated with different paths. Probes are scheduled to measure network metrics, such as latency and liveliness, of each of the FOU tunnels. In turn, the network metrics are used to select particular FOU tunnel(s) to send traffic over so as to avoid congestion and high-latency hotspots in the network.

Abstract: The disclosure provides an approach for diagnosing a data plane of a network, wherein the network spans a first data center and a second data center, and wherein the second data center is remote to the first, the method comprising: accessing a secure connection between the first data center and the second data center; modifying, by the first performance controller, firewall settings of the first data center from a first setting to a second setting; opening on the second data center an instance of a performance tool; opening on the first data center a client of the instance of the performance tool; sending data packets over the data plane of the network; receiving the data packets; generating metrics associated with the data packets; and modifying firewall settings of the first data center from the second setting to the first setting.

Abstract: Various implementations include conversation assistance audio devices with settings that are adjustable based upon user feedback. In some cases, the conversation assistance audio device is configured to use a set of simulated audio environments to personalize audio settings for a user. In other cases, the conversation assistance audio device is configured to iteratively adjust audio settings from a baseline set of audio settings in response to user commands.

Abstract: Various implementations include control mechanisms for conversation assistance audio devices. In some cases, an interface with a representation of the conversation assistance audio device in space is used to control audio functions in the device. In other cases, directionality of the device is controlled based upon the user's visual focus direction. In additional cases, the operating mode of the device is adjustable based upon the signature of a nearby acoustic signal.

Abstract: The disclosure provides an approach for managing and diagnosing middleboxes in a cloud computing system. In one embodiment, a network operations center, that is located remote to a virtualized cloud computing system and communicates with the cloud computing system via a wide area network, controls network middleboxes in the cloud computing system through a secure routing module inside a gateway of the cloud computing system. The secure routing module is configured to receive, from an authenticated management application and via a secure communication channel, packets intended for managing network middleboxes. In turn, the secure routing module establishes secure communication channels with the target middleboxes, translates the identified packets to protocols and/or application programming interfaces (APIs) of the target middleboxes, and transmits the translated packets to the target middleboxes.

Abstract: Techniques for stateful connection optimization over stretched networks are disclosed. In one embodiment, hypervisor filtering modules in a cloud computing system are configured to modify packets sent by virtual computing instances (e.g., virtual machines (VMs)) in the cloud to local destinations in the cloud such that those packets have the destination Media Access Control (MAC) address of a local router that is also in the cloud. Doing so prevents tromboning traffic flows in which packets sent by virtual computing instances in the cloud to location destinations are routed to a stretched network's default gateway that is not in the cloud.

Abstract: The disclosure provides an approach for preventing the failure of virtual computing instance transfers across data centers. In one embodiment, a flow control module collects performance information primarily from components in a local site, as opposed to components in a remote site, during the transfer of a virtual machine (VM) from the local site to the remote site. The performance information that is collected may include various performance metrics, each of which is considered a feature. The flow control module performs feature preparation by normalizing feature data and imputing missing feature data, if any. The flow control module then inputs the prepared feature data into machine learning model(s) which have been trained to predict whether a VM transfer will succeed or fail, given the input feature data. If the prediction is that the VM transfer will fail, then remediation actions may be taken, such as slowing down the VM transfer.

Abstract: A method of migrating a virtualized computing instance between source and destination virtualized computing systems includes executing a first migration workflow in the source virtualized computing system between a source host computer and a first mobility agent simulating a destination host, executing a second migration workflow in the destination virtualized computing system between a second mobility agent simulating a source host and a destination host computer, sending, as part of the first migration workflow, a configuration of the migrated virtualized computing instance to the destination virtualized computing system, translating, as part of the second migration workflow, infrastructure-dependent information in the configuration of the migrated virtualized computing instance, and transferring, during execution of the first and second migration workflows, migration data including the virtualized computing instance between the source host and the destination host over a network.

Abstract: Techniques for stateful connection optimization over stretched networks are disclosed. Such stretched networks may extend across both a data center and a cloud. In one embodiment, configuration changes are made to cloud layer 2 (L2) concentrators used by extended networks and a cloud router such that the L2 concentrators block packets with the cloud router's source MAC address and block address resolution protocol (ARP) requests for a gateway IP address from/to cloud networks that are part of the extended networks. Further, the cloud router is configured with the same gateway IP address as that of a default gateway router in the data center and responds to ARP requests for the gateway IP address with its own MAC address. In addition, specific prefix routes (e.g., /32 routes) for virtual computing instances on route optimized networks in the cloud are injected into the cloud router and propagating to a data center router.

Abstract: The technology described in this document can be embodied in a computer-implemented method that includes receiving identification information associated with a geographic location. The identification information includes one or more features that affect an acoustic environment of the geographic location at a particular time. The method also includes determining one or more parameters representing at least a subset of the one or more features, and estimating at least one acoustic parameter that represents the acoustic environment of the geographic location at the particular time. The at least one parameter can be estimated using a mapping function that generates the estimate of the at least one acoustic parameter as a weighted combination of the one or more parameters. The method further includes presenting, using a user-interface displayed on a computing device, information representing the at least one acoustic parameter estimated for the geographic location for the particular time.

Abstract: The technology described in this document can be embodied in a computer-implemented method that includes receiving identification information associated with a geographic location. The identification information includes one or more features that affect an acoustic environment of the geographic location at a particular time. The method also includes determining one or more parameters representing at least a subset of the one or more features, and estimating at least one acoustic parameter that represents the acoustic environment of the geographic location at the particular time. The at least one parameter can be estimated using a mapping function that generates the estimate of the at least one acoustic parameter as a weighted combination of the one or more parameters. The method further includes presenting, using a user-interface displayed on a computing device, information representing the at least one acoustic parameter estimated for the geographic location for the particular time.

Abstract: A method of transferring data between local and remote computing systems includes the step of transferring data between the local and remote computing systems via a local buffer in the local computing system and a series of steps carried out during transferring of data from the local to the remote computing system. The steps include receiving a statistic from the remote computing system, computing an average transfer rate of the data transfer between the local and remote computing systems based on the statistic, determining whether or not a throttle condition is in effect based on the computed average transfer rate, and upon determining that the throttle condition is in effect, throttling the transferring of data into the local buffer.

Abstract: The disclosure provides an approach for managing and diagnosing middleboxes in a cloud computing system. In one embodiment, a network operations center, that is located remote to a virtualized cloud computing system and communicates with the cloud computing system via a wide area network, controls network middleboxes in the cloud computing system through a secure routing module inside a gateway of the cloud computing system. The secure routing module is configured to receive, from an authenticated management application and via a secure communication channel, packets intended for managing network middleboxes. In turn, the secure routing module establishes secure communication channels with the target middleboxes, translates the identified packets to protocols and/or application programming interfaces (APIs) of the target middleboxes, and transmits the translated packets to the target middleboxes.

Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.