Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.

A virtual network monitoring apparatus includes an acquisition unit configured to acquire first network information, the first network information being network information possessed by a virtual machine control unit functioning as an orchestrator, and second network information, the second network information being network information possessed by a virtual machine generated by the virtual machine control unit among network information on a virtual network to which the virtual machine is connected, and a generation unit configured to generate a traffic filter indicating a filter for traffic flowing through the virtual network on the basis of the first network information and the second network information.

Each switch unit in a networking system shares its local state information among other switch units in the networking system, collectively referred to as the shared forwarding state. Each switch unit creates a respective set of output queues that correspond to ports on other switch unites based on the shared forwarding state. A received packet on an ingress switch unit operating in accordance with a first routing protocol instance can be enqueued on an output queue in the ingress switch; the packet is subsequently processed by the egress switch unit, operating in accordance with a second routing protocol instance that corresponds to the output queue.

Techniques are disclosed for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment. At least two SDN appliances are configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment. The hosts are implemented on servers communicatively coupled to network interfaces of the SDN appliance. The servers host a plurality of virtual machines. The servers are communicatively coupled to network interfaces of at least two top-of-rack switches (ToRs). The SDN appliance comprises a plurality of smart network interface cards (sNICs) configured to implement functionality of the SDN appliance. The sNICs have a floating network interface configured to provide a virtual port connection to an endpoint within a virtual network of the virtual computing environment.

Systems and methods of network packet switching use a table representation of a trie data structure to identify a timestamp (TS) range (or time range) for a received packet based on the packet timestamp (TS). The trie data structure is programmed with a plurality of predetermined time ranges. Each node in the trie data structure corresponds to a TS prefix and is associated with a corresponding predetermined time range. A search engine in the network switch can use the packet TS as a key to traverse the trie data structure and thereby matching the packet TS to a predetermined time range according to a Longest Prefix Match (LPM) process. Provided with the TS ranges of the incoming packets, various applications and logic engines in the network switch can accordingly process the packets, such as determining a new destination IP address and performing channel switch accordingly.

Some embodiments provide novel inline switches that distribute data messages from source compute nodes (SCNs) to different groups of destination service compute nodes (DSCNs). In some embodiments, the inline switches are deployed in the source compute nodes datapaths (e.g., egress datapath). The inline switches in some embodiments are service switches that (1) receive data messages from the SCNs, (2) identify service nodes in a service-node cluster for processing the data messages based on service policies that the switches implement, and (3) use tunnels to send the received data messages to their identified service nodes. Alternatively, or conjunctively, the inline service switches of some embodiments (1) identify service-nodes cluster for processing the data messages based on service policies that the switches implement, and (2) use tunnels to send the received data messages to the identified service-node clusters. The service-node clusters can perform the same service or can perform different services in some embodiments. This tunnel-based approach for distributing data messages to service nodes/clusters is advantageous for seamlessly implementing in a datacenter a cloud-based XaaS model (where XaaS stands for X as a service, and X stands for anything), in which any number of services are provided by service providers in the cloud.

Methods and systems are disclosed. The method comprises: designating a first plurality of links from a first stack segment to a second stack segment as a first etherchannel link; designating a second plurality of links from the first stack segment to a third stack segment as a second etherchannel link, where the second stack segment and the third stack segment are in communication with a fourth stack segment; designating the first etherchannel link and the second etherchannel link as members of a hierarchical etherchannel link; and sending a packet from the first stack segment to the fourth stack segment using the hierarchical etherchannel link.

A system provisions global logical entities that facilitate the operation of logical networks that span two or more datacenters. These global logical entities include global logical switches that provide L2 switching as well as global routers that provide L3 routing among network nodes in multiple datacenters. The global logical entities operate along side local logical entities that are for operating logical networks that are local within a datacenter.

Systems and methods for managing an airport passenger processing system. The system includes a computing device and a peripheral device at an airport, a peripherals interface in communicative connection with the peripheral device and operable to execute a second client application, and a network outside the airport. The network includes a virtualization server for virtualizing an application for a first client application executed by the computing device and a peripherals manager in communication with the virtualization server. The first client application is configured to establish a first communication channel with the virtualization server for communication with an application virtualized on the virtualization server. The second client application is configured to establish a second communication channel with the peripherals manager. At least part of the network is configured to store an association between the first and second communication channels to associate the peripheral device with the computing device.

System and method for aggressive credit waiting in a high performance computing environment. In accordance with an embodiment, systems and methods can provide for an indexed matrix of credit wait policies between ports within a single switch. In addition, systems and methods can provide for an array of credit wait polices at an egress port from a switch, the array being indexed by virtual lane.