Techniques for using trace with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include determining a number of hops from a source that is the user device and a destination, including determining metrics from the source to the destination; performing a trace to all intermediate nodes between the source and the destination, including determining metrics from the source to each of the intermediate nodes; and combining and presenting the metrics from the source to the destination and from the source to each of the intermediate nodes.

A network element includes multiple ports and a packet classifier. The packet classifier is configured to receive rules and Rule Patterns (RPs), each RP corresponding to a subset of the rules and specifies positions of unmasked packet-header bits to be matched by the rules in the subset, to store in a RAM a grouping of the RPs into Extended RPs (ERPs), each ERP defining a superset of the unmasked bits in the RPs associated therewith, to receive packets and match each packet to one or more of the rules by accessing the ERPs in the RAM, to determine counter values, each counter value corresponding to a respective RP and is indicative of a number of the received packets that match the RP, and to adaptively modify grouping of the RPs into the ERPs depending on the counter values.

Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

A system, process, and computer-readable medium for updating an application cache using a stream listening service is described. A stream listening service may monitor one or more data streams for content relating to a user. The stream listening service may forward the content along with time-to-live values to an application cache. A user may use an application to obtain information regarding the user's account, where the application obtains information from a data store and/or cached information from the application cache. The stream listening service, by forwarding current account information, obtained from listening to one or more streams, to the application cache, reduces traffic at the data store by providing current information from the data stream to the application cache.

A network device is configured to route an ingress packet based on its L2 header. In some configurations the ingress packet is routed based only on the destination MAC (DMAC) address in the L2 header, which allows the network device to begin routing as soon as the DMAC is received. The DMAC can be used in a table look up operation to identify routing actions for a nexthop. An egress packet is produced from the ingress packet using the routing actions. The egress packet is then sent on an egress port specified in the routing actions.

Preemptive caching within content/name/information centric networking environment is contemplated. The preemptively caching may be performed within content/name/information centric networking environments of the type having a branching structure or other architecture sufficient to facilitate routing data, content, etc. such that one or more nodes other than a node soliciting a content object also receive the content object.

Some embodiments of the invention provide a forwarding element (e.g., a switch, a router, etc.) that has one or more data plane, message-processing pipelines with key-value processing circuits. The forwarding element's data plane key-value circuits allow the forwarding element to perform key-value services that would otherwise have to be performed by data compute nodes connected by the network fabric that includes the forwarding element. In some embodiments, the key-value (KV) services of the forwarding element and other similar forwarding elements supplement the key-value services of a distributed set of key-value servers by caching a subset of the most commonly used key-value pairs in the forwarding elements that connect the set of key-value servers with their client applications. In some embodiments, the key-value circuits of the forwarding element perform the key-value service operations at message-processing line rates at which the forwarding element forwards messages to the data compute nodes and/or to other network forwarding elements in the network fabric.

Some embodiments provide a method for handling failure at one of several peer centralized components of a logical router. At a first one of the peer centralized components of the logical router, the method detects that a second one of the peer centralized components has failed. In response to the detection, the method automatically identifies a network layer address of the failed second peer. The method assumes responsibility for data traffic to the failed peer by broadcasting a message on a logical switch that connects all of the peer centralized components and a distributed component of the logical router. The message instructs recipients to associate the identified network layer address with a data link layer address of the first peer centralized component.

A method for communicating in real-time to users of a provider of Internet access service, without requiring any installation or set-up by the user, that utilizes the unique identification information automatically provided by the user during communications for identifying the user to provide a fixed identifier which is then communicated to a redirecting device. Messages may then be selectively transmitted to the user. The system is normally transparent to the user, with no modification of its content along the path. Content then may be modified or replaced along the path to the user. For the purposes of establishing a reliable delivery of bulletin messages from providers to their users, the system forces the delivery of specially-composed World Wide Web browser pages to the user, although it is not limited to that type of data.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.