Systems and methods provide for generating traffic class-specific congestion signatures and other machine learning models for improving network performance. In some embodiments, a network controller can receive historical traffic data captured by a plurality of network devices within a first period of time that the network devices apply one or more traffic shaping policies for a predetermined traffic class and a predetermined congestion state. The controller can generate training data sets including flows of the historical traffic data labeled as corresponding to the predetermined traffic class and predetermined congestion state. The controller can generate, based on the training data sets, traffic class-specific congestion signatures that receive input traffic data determined to correspond to the predetermined traffic class and output an indication whether the input traffic data corresponds to the predetermined congestion state. The controller can adjust, based on the congestion signatures, traffic shaping operations of the plurality of network devices.

An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (data-plane), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more data-plane services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more data-plane services.

This application describes a congestion control method and apparatus. In this application, a network device obtains time information of one or more congestion packets in a sent first data stream, where the one or more congestion packet carries a flag indicating a congestion notification. When the first data stream is congested, the network device obtains a first congestion notification packet based on the time information of the one or more congestion packets in the first data stream, where the first congestion notification packet notifies that a packet is congested beyond a first specified interval. The network device then sends the first congestion notification packet. According to the solutions in this application, a rate of a data stream can be prevented from being increased when the data stream is congested, and packet transmission efficiency is improved.

Systems, apparatuses, and methods are described for managing concurrent requests from clients for services. Client computing devices may be permitted to use available capacity beyond their assigned quotas. When backpressure exists, connections with a client exceeding a proportion of excess capacity may be closed before connections with a client not exceeding a proportion of excess capacity.

Graded throttling for network-on-chip traffic, including: calculating, by an agent of a network-on-chip, a number of outstanding transactions issued by the agent; determining that the number of outstanding transactions meets a threshold; and implementing, by the agent, in response to the number of outstanding transactions meeting the threshold, a traffic throttling policy.

Techniques are provided for a high availability solution (e.g., a network attached storage (NAS) solution) with address preservation during switchover. A first virtual machine is deployed into a first domain and a second virtual machine is deployed into a second domain of a computing environment. The first and second virtual machines are configured as a node pair for providing clients with access to data stored within an aggregate comprising one or more storage structures within shared storage of the computing environment. A load balancer is utilized to manage logical interfaces used by clients to access the virtual machines. During switchover, the load balancer preserves an IP address used to mount and access a data share of the aggregate used by a client.

Systems and methods of vertical auto-scaling a networking stack by adjusting the number of packet engines executing on a device are provided. A device intermediary to clients and servers executes first packet engines to process network traffic of a first set of connections. The device determines to adjust the number of packet engines executing on the device based on trigger parameters. The device activates second packet engines to process network traffic for a second set of connections. The device mirrors the network traffic from the first and second set of connections. The first packet engines reject the traffic from the second connections, and the second packet engines reject the traffic from the first connections. The device deactivates the first packet engines when the first connections timeout.

A method of dynamically routing packets to a destination node performed by a computing device is disclosed. The method includes: (1) detecting a status of a plurality of links to the destination node across a plurality of communications modalities; (2) determining a set of links to use for routing packets to the destination node based on the detected statuses; and (3) sending packets to the destination node via the determined set of links. A related computer program product, apparatus, and system are also disclosed.

A computer-implemented for allocating resources is disclosed. The method includes: receiving, from a client device associated with an entity, input including a selection of a first operation; obtaining a threshold quantity of resources associated with the first operation; allocating a first quantity of resources associated with the entity to the first operation; detecting a trigger condition for obtaining resources associated with the first operation; and in response to detecting the trigger condition for obtaining resources associated with the first operation: determining a second quantity of resources associated with the entity for allocation to the first operation based on a difference between the threshold quantity of resources associated with the first operation and the first quantity of resources; and transmitting, to the client device, a signal representing a message indicating the second quantity of resources.

The present invention relates to a DDoS attack detection and mitigation method for an industrial SDN network, and belongs to the field of network security. According to the method, by means of the cooperation between an east-west interface of an SDN controller in an industrial backhaul network and a system manager of an industrial access network, in conjunction with the features of the industrial backhaul network and an industrial access network data packet, a flow entry matching field of an OpenFlow switch is extended, and a flow table 0 is set to be a “flow table dedicated to DDoS attack mitigation” for defending against an attacking data flow in a timely manner. By using the SDN controller of an industrial backhaul network and a DDoS attack detection and mitigation system, an attacking data flow is identified and a DDoS attack source is found, and the policy of mitigating a DDoS attack is implemented by means of scheduling a system manager of the industrial access network. According to the present invention, the normal traffic of an industrial backhaul network and an industrial access network is ensured, and a threat posed by a DDoS attack to the security of an industrial network is overcome.