A traffic control and monitoring module includes a firewall operating in a container namespace that is configured to control and monitor traffic to and from a container in the container namespace. The traffic control and monitoring module reports detected traffic to a traffic flow reporting module operating in a host namespace of the host operating system. The traffic control and monitoring module obtains traffic flows associated with a plurality of containers in different container namespaces and reports the traffic flows to a segmentation policy. Based on the reported traffic flows, the segmentation server may update a segmentation policy to improve network security.

A traffic control and monitoring module includes a firewall operating in a container namespace that is configured to control and monitor traffic to and from a container in the container namespace. The traffic control and monitoring module reports detected traffic to a traffic flow reporting module operating in a host namespace of the host operating system. The traffic control and monitoring module obtains traffic flows associated with a plurality of containers in different container namespaces and reports the traffic flows to a segmentation policy. Based on the reported traffic flows, the segmentation server may update a segmentation policy to improve network security.

Described are platforms, systems, and methods for resource fairness enforcement. In one aspect, a programmable input output (IO) device comprises a memory unit, the memory unit having instructions stored thereon which, when executed by the programmable IO device, cause the programmable IO device to perform operations comprising: receiving an input from a logical interface (LIF); determining, by at least one meter, a metric regarding at least one resource used during a processing of the input through a programmable pipeline; and regulating additional input received from the LIF based on the metric and a threshold for the at least one resource.

Described are platforms, systems, and methods for resource fairness enforcement. In one aspect, a programmable input output (IO) device comprises a memory unit, the memory unit having instructions stored thereon which, when executed by the programmable IO device, cause the programmable IO device to perform operations comprising: receiving an input from a logical interface (LIF); determining, by at least one meter, a metric regarding at least one resource used during a processing of the input through a programmable pipeline; and regulating additional input received from the LIF based on the metric and a threshold for the at least one resource.

The disclosed apparatus, systems and methods relate a failover and internet connection monitoring system featuring a cloud server running an API, a probe, a firewall and a policy routing system. The failover connection monitoring system is capable of gathering and analyzing performance data and controlling the flow of packets to and from the internet over one or more connections to optimize performance of the network.

The disclosed apparatus, systems and methods relate a failover and internet connection monitoring system featuring a cloud server running an API, a probe, a firewall and a policy routing system. The failover connection monitoring system is capable of gathering and analyzing performance data and controlling the flow of packets to and from the internet over one or more connections to optimize performance of the network.

Methods, systems, devices, and software are disclosed for generating a network usage profile. Certain embodiments of the network usage profile include a devices-by-node profile, indicating the set of customer devices available for use in communicating with a customer-side network node located at a customer side of an access network over a period of time, where some of the customer devices are not in operative communication with the customer-side network node during a portion of that time. Other embodiments associate the network usage profile with customer information to generate device-by-customer profiles. Still other embodiments associate the network usage profile with network traffic information to generate traffic-by-device profiles. Even other embodiments associate the multiple sources and types of information to generate traffic-by-customer profiles and/or traffic-by-device-by-customer profiles. Any of the profiles may then be accessed by one or more parties for use in affecting various network services, including targeting content delivery.

A messaging system comprises a plurality of connected components and including a schema defining fields for messages, at least one field defined as non-essential. A mechanism for operating the messaging system comprises the steps of collecting one or more performance metrics for one or more components of the messaging system, determining that at least one performance metric has crossed a predetermined threshold, informing one or more components of the messaging system that a surge in workload has occurred, and the informed components removing non-essential fields from transmitted messages and/or not processing non-essential fields from received messages.

An output circuit, included in a device, may determine counter information associated with a packet provided via an output queue managed by the output circuit. The output circuit may determine that a latency event, associated with the output queue, has occurred. The output circuit may provide the counter information and time of day information associated with the counter information. The output circuit may provide a latency event notification associated with the output queue. An input circuit, included in the device, may receive the latency event notification associated with the output queue. The input circuit may determine performance information associated with an input queue. The input queue may correspond to the output queue and may be managed by the input circuit. The input circuit may provide the performance information associated with the input queue and time of day information associated with the performance information.

Systems and methods for performance-based content delivery are disclosed. A performance management service can define client performance categories based on performance data regarding content requesting, delivery and rendering, and thereby enable content providers to generate or update content based on characteristics of different performance categories in order to improve user experience. The performance management service may also predict performance categories for clients with respect to their currently submitted content requests based on applicable client classification criteria. The performance management service can provide the category prediction to content providers so that a version of the requested content appropriate for the predicted category is transmitted to the client.