Systems and methods for allocating a per-interface access control list (ACL) counter are disclosed. An ACL is applied to a data packet received at an interface of the network element. In response to matching the highest priority ACL rule, a counter value is obtained based on a combination of a base index and an expansion index value. The base index, expansion index, and counter values are stored in their respective tables. The counter value is uniquely associated with the specific ACL rule hit and the interface used to receive the data packet. Systems and methods also allocate a next set of expansion and counter tables when their storage capacity is exceeded. When the next set of tables are allocated, the older set of tables along with their index mappings and entries are preserved.

In one embodiment, a method includes receiving a request to establish a path for a data stream from the first network apparatus to a second network apparatus, where the request is associated with a requested bandwidth for the data stream, and where the first network apparatus and the second network apparatus are connected by a link aggregation group including a number of physical Ethernet links, accessing bandwidth information representing a number of remaining bandwidths of the respective multiple of physical Ethernet links, determining that the requested bandwidth is not satisfied by any of the number of remaining bandwidths of the number of physical Ethernet links, and sending a response rejecting the request to establish the path.

In one embodiment, a method includes receiving a request to establish a path for a data stream from the first network apparatus to a second network apparatus, where the request is associated with a requested bandwidth for the data stream, and where the first network apparatus and the second network apparatus are connected by a link aggregation group including a number of physical Ethernet links, accessing bandwidth information representing a number of remaining bandwidths of the respective multiple of physical Ethernet links, determining that the requested bandwidth is not satisfied by any of the number of remaining bandwidths of the number of physical Ethernet links, and sending a response rejecting the request to establish the path.

In a resource-pooling system, predictions can be made as to when and how resources may be needed by particular processes in the system. Requests can be made preemptively to client systems to pre-allocate resources such that resources are ready to use when needed. Client systems can submit constraints on how particular resources may be used by the system. In order to efficiently evaluate these constraints, the system may be organized into a hierarchy of groups, subsystems, and processes, and the constraints may be formulated to match this hierarchy. When resources need to be allocated, constraints may be evaluated using an algorithm that traverses levels of the hierarchy to quickly identify pre-allocations that are available for a particular process based on its location in the system hierarchy.

Described are computer-based methods and apparatuses, including computer program products, for leveraging available compute resources from a plurality of computing devices using containers. Each computing device from the plurality of computing devices executes a container that virtualizes a portion of an operating system executing on the computing device such that the container can execute one or more secondary applications in isolation from any incumbent applications being executed by the operating system on the computing device that have priority over the one or more secondary applications.

The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.

The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.

Methods and systems for identifying the amount of a network's traffic that is attributable to each service running over the network. The method comprises generating a set of candidate demand vectors (each candidate demand vector comprising a predicted bandwidth value for each service) from the topology of the network, bandwidth utilization information for the network and routing information for the network; evaluating each of the candidate demand vectors against the bandwidth utilization information; and, determining if a stop condition is satisfied. If the stop condition is not satisfied then the set of candidate demand vectors is evolved. If, however, the stop condition is satisfied then the best candidate demand vector based on the evaluation is selected and output as the demand vector for the services.

In some examples, a system monitors a network that includes a collection of interconnected virtual network functions (VNFs), the monitoring comprising receiving control information from a VNF of the VNFs, the control information specifying an action to take to address an issue detected by the VNF. Responsive to the monitoring, the system modifies an allocation of resources to the VNF.

In some examples, a system monitors a network that includes a collection of interconnected virtual network functions (VNFs), the monitoring comprising receiving control information from a VNF of the VNFs, the control information specifying an action to take to address an issue detected by the VNF. Responsive to the monitoring, the system modifies an allocation of resources to the VNF.