Abstract: Aspects of the subject technology provide state-less load-balancing using sequence numbers to identify traffic flows. In some implementations, a process of the technology can include steps for receiving, by a load-balancer, a first packet from a source device including a request to access the service provided by a server coupled to the load-balancer, determining a load for each of the servers, wherein each server is associated with a unique set of sequence numbers, and forwarding the request to a target server selected based on its corresponding load, and wherein the request is configured to cause the target server to issue a reply to the source device. Systems and machine-readable media are also provided.

Abstract: Techniques for zero-loss workload mobility with segment routing for virtual machines are presented. The techniques include receiving, by a virtual router, an electronic message destined for a first virtual machine running on a first physical machine and checking a first virtual machine state for the first virtual machine. In response to determining that it is associated with a running state indicating the first physical machine, inserting a segment routing header including an indication of the source virtual machine, the first physical machine, and the first virtual machine. In response to determining that it is associated with a migration state, inserting, by the virtual router, a segment routing header indicating the source virtual machine, an END.S for the first physical machine, the first virtual machine; and an END.SBUF for a second physical machine. The message is then routed based at least in part on the inserted segment routing header.

Abstract: Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.

Abstract: A method of delivering content in one or more packets over a network is described. A content request packet comprising a request for content based on a first IPv6 address is received, the first IPv6 address identifying the content. The first IPv6 address is mapped to a second IPv6 address, the second IPv6 address being associated with the content at a physical location. The content requested in the content request packet is then received from the physical location associated with the second IPv6 address for delivery to a user. A further method includes routing a packet for requesting the content from a client to a content server storing an instant of the content, based on an IPv6 address of content being requested by the client. A communication session is then set up between the client and the content server; and the requested content is transmitted from the content server.

Abstract: Systems, methods, and computer-readable media are provided for load balancing requests and controlling object replication based on object popularity. A request for an object can be received at a dispatcher of a storage system from a client. Candidate storage nodes of the storage system for serving the object can be identified by the dispatcher by generating an ordered list of the candidate storage nodes using a two-dimensional consistent hashing function. Distribution of the request for the object through one or more candidate storage nodes for filling the request for the object can be facilitated according to the ordered list of candidate storage nodes. Specifically, the one or more candidate storage nodes can be configured to facilitate distribution of the request by selectively filling the request to the client using cache admission policies formed based on popularity characteristics of requested objects at the one or more candidate storage nodes.

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

Abstract: In one embodiment, a traffic analysis service obtains traffic characteristics of network traffic associated with a device in a network. The traffic analysis service uses a machine learning model to infer resource usage by the device based on the obtained traffic characteristics of the network traffic associated with the device. The traffic analysis service controls traffic flows in the network based on the inferred resource usage by the device.

Abstract: Systems, methods, and computer-readable media for reducing distributed storage operation latency using segment routing. In some examples, a method can involve receiving, from a client, a message identifying an intent to store or retrieve data on a distributed storage environment, and sending to the client a segment routing (SR) list identifying storage node candidates for storing or retrieving the data. The method can involve steering a data request from the client through a path defined by the SR list based on a segment routing header (SRH) associated with the request, the SRH being configured to steer the request through the path until a storage node from the storage node candidates accepts the request. The method can further involve sending, to the client device, a response indicating that the storage node has accepted the request and storing or retrieving the data at the storage node that accepted the request.

Abstract: Embodiments herein describe branch statements for a segment routing (SR) list that are inserted into a packet header for use when performing Service function chaining (SFC). For example, the branch statement may be embedded within a SR list and includes a serverless function ID and two different segment IDs (SIDs). When reaching a network node assigned to perform the serverless function, the node uses the function ID to determine the appropriate serverless function to use when evaluating the packet and then uses the results of that function to determine which segment to use when forwarding the packet. Thus, rather than forming a linear chain, the branch statement permits the SR list to form different routes (depending on the results of the serverless function) as part of SFC.

Abstract: Systems, methods, and computer-readable media for migrating an application container between nodes in a network are disclosed. An interest for an application container may be received by an origin node and, in response, the origin node may transfer a copy of the application container over the network and to a destination node. The origin node can then shut down the application container and transmit any remaining container state and received requests to the destination node. The destination node may then update a routing plane for the network to provide delivery of service requests to the migrated application.

Abstract: Systems, methods, and computer-readable storage media are provided for using service affinity for application placement. A method includes evaluating, using a netflow module within an orchestrator, flows coming in and out of deployed services within a multi-node network to yield an evaluation. Based on the evaluation, the method includes determining an affinity between respective services of the deployed services to yield a traffic matrix and, based on the traffic matrix, at a placement module, determining on which nodes within the multi-node network to place one or more applications. Determining the affinity can be performed at at least a first level and a second level. The first level can include an individual container or virtual machine level and the second level can include a service description level.

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers.

Abstract: Systems, methods, and computer-readable storage media are provided to populate databases with routing data for containers to eliminate the need for continuously accessing a global discovery service. An example method includes initiating, from a source container operating on a first machine in a first rack, a communication with a destination container operating on a second machine on a second rack, wherein a local database on the first machine does not know an address of the destination container. The method includes accessing a global discovery service to provide the address of the destination container, populating the local database on the first machine with the address of the destination container and routing a packet from the source container to the destination container according to the address of the destination container.

Abstract: Systems, methods, and computer program products relating to resilient transmission of a media stream over a communication network. A plurality of data packets are received over a communications network. The plurality of data packets relate to a first source video portion transformed using a geometric transform. The geometric transform is configured to modify a location of pixels in the first source video portion such that a plurality of adjacent pixels in the first source video portion are not adjacent after transformation. A received video portion is assembled based on the plurality of data packets. The received video portion is transformed, using an inverse of the geometric transform, to generate a second source video portion. The second source video portion and the first source video portion include a plurality of matching pixels.

Abstract: Systems, methods, and computer-readable media for load balancing using segment routing and application monitoring. A method can involve receiving a packet including a request from a source device to an application associated with a virtual address in a network, mapping the request to a set of candidate servers hosting the application associated with the virtual address, and encoding the set of candidate servers as a list of segments in a segment routing header associated with the packet. The method can further involve determining that a first candidate server from the set of candidate servers is a next segment in the list of segments, encoding the first candidate server in a destination address field on a header of the packet, and forwarding the packet to the first candidate server.

Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.

Abstract: Systems, methods, and computer-readable media for migrating an application container between nodes in a network are disclosed. An interest for an application container may be received by an origin node and, in response, the origin node may transfer a copy of the application container over the network and to a destination node. The origin node can then shut down the application container and transmit any remaining container state and received requests to the destination node. The destination node may then update a routing plane for the network to provide delivery of service requests to the migrated application.

Abstract: Systems, methods, and computer-readable media for reducing distributed storage operation latency using segment routing. In some examples, a method can involve receiving, from a client, a message identifying an intent to store or retrieve data on a distributed storage environment, and sending to the client a segment routing (SR) list identifying storage node candidates for storing or retrieving the data. The method can involve steering a data request from the client through a path defined by the SR list based on a segment routing header (SRH) associated with the request, the SRH being configured to steer the request through the path until a storage node from the storage node candidates accepts the request. The method can further involve sending, to the client device, a response indicating that the storage node has accepted the request and storing or retrieving the data at the storage node that accepted the request.

Abstract: Embodiments herein describe branch statements for a segment routing (SR) list that are inserted into a packet header for use when performing Service function chaining (SFC). For example, the branch statement may be embedded within a SR list and includes a serverless function ID and two different segment IDs (SIDs). When reaching a network node assigned to perform the serverless function, the node uses the function ID to determine the appropriate serverless function to use when evaluating the packet and then uses the results of that function to determine which segment to use when forwarding the packet. Thus, rather than forming a linear chain, the branch statement permits the SR list to form different routes (depending on the results of the serverless function) as part of SFC.

Abstract: Systems, methods, and computer-readable storage media are provided to populate databases with routing data for containers to eliminate the need for continuously accessing a global discovery service. An example method includes initiating, from a source container operating on a first machine in a first rack, a communication with a destination container operating on a second machine on a second rack, wherein a local database on the first machine does not know an address of the destination container. The method includes accessing a global discovery service to provide the address of the destination container, populating the local database on the first machine with the address of the destination container and routing a packet from the source container to the destination container according to the address of the destination container.