Systems and methods for dynamically establishing network overlay tunnels between edges within different groups of a network architecture are provided. According to an embodiment, a Software-Defined Wide Area Network (SDWAN) controller associated with a private network, receives a request to initiate a dynamic Virtual Private Network (VPN) link for a network session between a source edge and a destination edge. The SDWAN controller determines configuration information for each of the source edge and the destination edge, which includes VPN and SDWAN configuration information determined based on pre-configured rules managed by the SDWAN controller for generating the dynamic VPN link between the source edge and the destination edge. The SDWAN controller directs the source edge and the destination edge to set up a VPN overlay tunnel in accordance with the determined configuration information by pushing the determined configuration information to each of the source edge and the destination edge.

Systems and methods for dynamically establishing network overlay tunnels between edges within different groups of a network architecture are provided. According to an embodiment, a Software-Defined Wide Area Network (SDWAN) controller associated with a private network, receives a request to initiate a dynamic Virtual Private Network (VPN) link for a network session between a source edge and a destination edge. The SDWAN controller determines configuration information for each of the source edge and the destination edge, which includes VPN and SDWAN configuration information determined based on pre-configured rules managed by the SDWAN controller for generating the dynamic VPN link between the source edge and the destination edge. The SDWAN controller directs the source edge and the destination edge to set up a VPN overlay tunnel in accordance with the determined configuration information by pushing the determined configuration information to each of the source edge and the destination edge.

Determining an upgrade path from a starting topology to a target topology of a network is computationally intense and does not guarantee a steadily increasing usable capacity of the network at each stage within the upgrade path. The disclosed technology allows for a sequence of stages related to network upgrades to be generated. The technology ensures that networks can be upgraded in a sequential manner, where each step in the sequence does not violate service level objectives related to the network, ensures operational continuity of the network by users of the network, and ensures that the available network resources increase as the sequential upgrades are rolled out. The pathway determined is determined in a computationally efficient manner.

Methods and systems are provided for service policy orchestration in a communication network. Executing a service policy in the communication network may include, at a service policy execution factory (SPEF), initiating a service policy request, evaluating the service policy request, selecting a unique service event identifier (ID) from a service repository, creating, based on the evaluating, a distributed service event object, where the creating includes defining dynamic elements to be included in the distributed service event object, sending the distributed service event object with the unique service event ID to an event broker that forwards, based on the distributed service event object, operator specific event data to one or more operator access domains, and in response to receiving from the event broker a new service event object, processing the received new service event object, and updating information associated with a corresponding operator access domain (OAD) based on the processing.

Systems and methods described herein support compartment quotas in a cloud infrastructure environment. Cloud administrators do not generally have the ability to restrict resource usage in existing clouds. Granting a user permission to create resources allows them to create any number of resources up to a predefined account limit. Compartment quotas allow admins to restrict a user's resource usage to the appropriate level allowing fine-tuned cost control.

A method, product and system including obtaining metadata associated with at least one plugin of a runtime environment, wherein the runtime environment is configured to provide a service to a client, wherein the plugin is configured to measure or enforce metrics of the service; obtaining user selections regarding the metrics, wherein the user selections comprise constraints on the runtime environment; obtaining, based on the metadata of the plugin and based on the user selections, corresponding clauses textually describing the constraints; generating a contract, wherein the contract comprises the corresponding clauses; automatically generating a configuration file based on the user selections; and automatically enforcing the contract by: activating the runtime environment, loading the service in the runtime environment, configuring the plugin according to the configuration file, executing the plugin to identify a violation of the contract, and executing a client function of the client.

Generally discussed herein are systems, devices, and methods for populating a cache in an information-centric network. A device of an ICN can include a content store including published content and attributes of the published content stored thereon, the attributes including at least two of a device from which the content originated attribute, a lineage attribute, and a service level agreement attribute, and content processing circuitry coupled to the content store, the content processing circuitry configured to manage the published content based on the attributes.

Generally discussed herein are systems, devices, and methods for populating a cache in an information-centric network. A device of an ICN can include a content store including published content and attributes of the published content stored thereon, the attributes including at least two of a device from which the content originated attribute, a lineage attribute, and a service level agreement attribute, and content processing circuitry coupled to the content store, the content processing circuitry configured to manage the published content based on the attributes.

Techniques are described for managing risk in a network that includes one or more Internet-of-Things (IoT) devices. Management module(s) may operate to determine a model for an IoT in a home, office, or other environment, the model describing typical operations of the device(s) that are connected over an IoT. The operations of the IoT devices may be monitored for compliance with the model. The management module(s) may detect instances when one or more IoT devices exhibit behaviors that are a deviation from the normal operations indicated in the model, such as device failures. A policy may operate (e.g., as a smart contract) to transfer value to a user account in response to detecting an operational deviation of IoT device(s).

A method for operating a multi-access edge computing (MEC) system includes establishing, between two or more MEC providers, an agreement that defines mutual access policies that specify which MEC platforms and which MEC applications and/or services running on the MEC platforms are allowed to be exposed among each other and/or to other tenants. The MEC platforms are provisioned with appropriate configurations in accordance with the access policies of the agreement. A discovery process is executed for discovering a MEC platform within a MEC stack of another tenant and a communication link is established with the other tenant's MEC platform.