The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.

The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.

A node of a network configured to forward packets based on network programming instructions encoded in the packets, performs a method. The method includes generating a probe packet encoded with a replication network programming instruction. The replication network programming instruction is configured to validate equal-cost multi-path (ECMP) routing in the network from the node to a destination by remotely triggering transit nodes of the network, that are traversed by the probe packet, to each perform replicate-and-forward actions. The replicate-and-forward actions include: identifying ECMP paths toward the destination; generating, for the ECMP paths, replicated probe packets that each include the replication network programming instruction; and forwarding the replicated probe packets along the ECMP paths. The method further includes forwarding the probe packet toward the destination.

A node of a network configured to forward packets based on network programming instructions encoded in the packets, performs a method. The method includes generating a probe packet encoded with a replication network programming instruction. The replication network programming instruction is configured to validate equal-cost multi-path (ECMP) routing in the network from the node to a destination by remotely triggering transit nodes of the network, that are traversed by the probe packet, to each perform replicate-and-forward actions. The replicate-and-forward actions include: identifying ECMP paths toward the destination; generating, for the ECMP paths, replicated probe packets that each include the replication network programming instruction; and forwarding the replicated probe packets along the ECMP paths. The method further includes forwarding the probe packet toward the destination.

Snapshots of storage volumes and containers of a bundled application may be created and used to rollback or clone the bundled application. Clone snapshots of storage volumes may be gradually populated with data from prior snapshots to reduce loading on a primary snapshot. Components of cloned applications may communicate with one another using addresses of these components in the parent application. Containers of the bundled application may communicate with an open virtual switch (OVS) that implements flows to implement translation between clone and parent addresses. Containers may be modified to execute operation-specific entrypoint functions prior to invoking an entrypoint of an application instance loaded in the containers.

Snapshots of storage volumes and containers of a bundled application may be created and used to rollback or clone the bundled application. Clone snapshots of storage volumes may be gradually populated with data from prior snapshots to reduce loading on a primary snapshot. Components of cloned applications may communicate with one another using addresses of these components in the parent application. Containers of the bundled application may communicate with an open virtual switch (OVS) that implements flows to implement translation between clone and parent addresses. Containers may be modified to execute operation-specific entrypoint functions prior to invoking an entrypoint of an application instance loaded in the containers.

A data multicast implementation method, apparatus, and system are provided. In some embodiments, a transmission device receives a standby forwarding path establishment request, where the standby forwarding path establishment request includes a device identifier, has a destination address being an address of a multicast source device, and is used to request to establish a standby forwarding path between a multicast destination device identified by the device identifier and the multicast source device. In those embodiments, when determining, based on the device identifier in the standby forwarding path establishment request, that the transmission device is located on an active forwarding path between the multicast destination device and the multicast source device, the transmission device skips using the transmission device as a device on the standby forwarding path between the multicast destination device and the multicast source device, and skips forwarding the standby forwarding path establishment request.

In some examples, fabric driven NVMe subsystem zoning may include receiving, from a non-volatile memory express (NVMe) Name Server (NNS), a zoning specification that includes an indication of a host that is to communicate with a given NVMe subsystem of an NVMe storage domain. Based on the zoning specification, the host may be designated as being permitted to connect to the given NVMe subsystem of the NVMe storage domain. An NVMe connect command may be received from the host. Based on the designation and an analysis of the NVMe connect command, a connection may be established between the given NVMe subsystem of the NVMe storage domain and the host.

Cloud based router with policy enforcement. In some implementations, a system is provided. The system includes a plurality of access points. The plurality of access points receive data packets from a plurality of client devices. The system also includes a plurality of tunnel devices coupled to the plurality of access points. The plurality of tunnel devices generate encapsulated packets based on the data packets received by the plurality of access points. The system further includes a plurality of packet forwarding components coupled to the plurality of tunnel devices via a first set of tunnels. The plurality of packet forwarding components receive the encapsulated packets from the plurality of tunnel devices and forward the encapsulate packets. The system further includes a plurality of network access controllers coupled to the plurality of packet forwarding components via a second set of tunnels. The plurality of network access controllers enforce one or more network policies for the plurality of client devices, as the plurality of client devices move between the plurality of access points.

Cloud based router with policy enforcement. In some implementations, a system is provided. The system includes a plurality of access points. The plurality of access points receive data packets from a plurality of client devices. The system also includes a plurality of tunnel devices coupled to the plurality of access points. The plurality of tunnel devices generate encapsulated packets based on the data packets received by the plurality of access points. The system further includes a plurality of packet forwarding components coupled to the plurality of tunnel devices via a first set of tunnels. The plurality of packet forwarding components receive the encapsulated packets from the plurality of tunnel devices and forward the encapsulate packets. The system further includes a plurality of network access controllers coupled to the plurality of packet forwarding components via a second set of tunnels. The plurality of network access controllers enforce one or more network policies for the plurality of client devices, as the plurality of client devices move between the plurality of access points.