In an approach for achieving resilience and load balancing control over layer 2 gateways in a cluster, a processor forms a cluster, wherein the cluster includes one or more layer 2 gateways. A processor registers endpoints for a tenant system attached to a virtual network through a bridge network to add to an endpoint database used to associate a destination MAC address with the cluster. A processor distributes flow of data.

In one embodiment, a device forms a plurality of clusters of network paths used to convey traffic for an online application by applying clustering to telemetry data for those network paths. The device determines a predictability metric for a particular cluster in the plurality of clusters. The device provides an indication of the predictability metric for the particular cluster for display. The device enables, based in part on the predictability metric, predictive routing for the network paths in the particular cluster.

An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

Data-driven intelligent networking systems and methods are provided. The system can accommodate dynamic traffic while applying injection limits to different traffic classes at an ingress edge port. The system can maintain state information of individual packet flows, which can be set up or released dynamically based on injected data. Each flow can be provided with a flow-specific input queue upon arriving at a switch. Packets of a respective flow can be acknowledged after reaching the egress point of the network, and the acknowledgement packets can be sent back to the ingress point of the flow along the same data path. Furthermore, an edge switch can dynamically allocate the ingress port bandwidth among the traffic classes that are active at a given moment.

Systems and methods for clustering emergency services routing proxies are provided. The described features allow a group of ESRPs running as individual servers or a group of virtual servers, to be referenced using a single URI. In one implementation, an emergency services routing proxy device includes an emergency services routing proxy node configured to route a call to a downstream entity, the call received from an upstream entity. The device further includes a cluster manager configured to receive registration information from the emergency services routing proxy node, the registration information including a routing service identifier. The cluster manager may be further configured to identify the emergency services routing proxy node for call routing based on a comparison of an identifier included in the call with the routing service identifier.

In some implementations, a first network device may receive an advertisement from a second network device. The advertisement may be associated with indicating that the second network device is configured to support a particular flex-algorithm. The first network device may identify, in the advertisement, an address of the second network device. The first network device may configure a routing table of the first network device to indicate that the second network device is capable of receiving traffic associated with the particular flex-algorithm based on the address. The first network device may perform, using the routing table, an action associated with routing the traffic associated with the particular flex-algorithm.

A method for distributed multi-choice voting/ranking in a network with a plurality of nodes associated to a set of choices is disclosed. The method includes setting a plurality of value sets for a plurality of nodes, setting a plurality of collections of memory sets for the plurality of nodes, and updating the plurality of value sets. In addition, the method includes updating the plurality of collections of memory sets, calculating a majority vote for the set of choices, and calculating a rank set for the set of choices.

Configuration of firewall functionality and/or determining positioning for routers operating within a multi-router network is contemplated. The firewall functionality configured for one or more of the routers may be based router positioning within the multi-router network. The firewall functionality may be automatically selected according to the router positioning in order to facilitate dynamic and/or adaptive router configuring.

Embodiments of the present invention include systems and methods for preventing or reducing traffic losses of data. If an information handling system, such as a switch or router, in a network attempts to install route information in the data store of the information handling system and has a failure or a potential failure, the information handling system may take one of several options or combinations thereof. In embodiments, the information handling system may not advertise the route information. In embodiments, the information handling system may send a route withdrawal message to one or more peer information handling systems to remove that system from routing determinations involving the route information. Alternatively, the information handling system may advertise the route prefix with a high metric to indicate that the system is a non-preferred forwarder for data intended for a destination associated with the route information.

One embodiment provides a system that facilitates routable prefix queries in a CCN. During operation, the system generates, by a client computing device, a query for one or more indices based on a name for an interest, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. An index indicates a number of the contiguous name components beginning from the most general level that represent a routable prefix needed to route the interest to a content producing device that can satisfy the interest. In response to the query, the system receives the one or more indices, which allows the client computing device to determine a remaining number of name components of the interest name which can be encrypted, thereby facilitating protection of private communication in a content centric network.