Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.

In an example, a system and method for data plane integration is described. Aspects of the embodiments are directed to a service application connected to a switch of a network fabric and a method of data plane integration performed at a service appliance, the service appliance providing firewall functionality. The service appliance can receive a data packet from a network location; determine a flow owner of the data packet based on a hashing table; and transmit the data packet based on the determined flow owner of the data packet.

Systems and methods are provided to use a custom tuple definition to route packets of network traffic. Each packet can correspond to a different custom tuple definition based on the custom tuple definitions provided. Each custom tuple definition may be applied to a subset of network traffic based on certain parameters. A stateful network routing service may intercept packets and determine a tuple value for the packet based on a corresponding tuple definition and information from the packet. The stateful network routing service may route the packet based on the tuple value of the packet to a network appliance. Further, subsequent packets associated with the same tuple value may be routed to the same network appliance. In some embodiments, the custom tuple definition may be used to determine multiple tuple values for a subset of network traffic.

Systems and methods are provided to use a custom tuple definition to route packets of network traffic. Each packet can correspond to a different custom tuple definition based on the custom tuple definitions provided. Each custom tuple definition may be applied to a subset of network traffic based on certain parameters. A stateful network routing service may intercept packets and determine a tuple value for the packet based on a corresponding tuple definition and information from the packet. The stateful network routing service may route the packet based on the tuple value of the packet to a network appliance. Further, subsequent packets associated with the same tuple value may be routed to the same network appliance. In some embodiments, the custom tuple definition may be used to determine multiple tuple values for a subset of network traffic.

Methods, apparatus, systems, and articles of manufacture to improve packet flow among virtualized servers are disclosed. An example apparatus includes memory, and hardware to execute instructions to generate a load balance list identifying first ones of virtualized network resources having respective values of a utilization status parameter that satisfy a first threshold, in response to at least a number of the first virtualized network resources not satisfying a load balance list threshold, update the load balance list to additionally identify second ones of the virtualized network resources, the second ones of the virtualized network resources having respective values of the utilization status parameter that satisfy a second threshold, the first threshold different from the second threshold, and adjust a policy of a physical hardware resource corresponding to one or more of the virtualized network resources based on the load balance list.

A method for use in a communication network is provided. The method comprises the steps of: (i) providing a plurality of network processing units (NPU's) comprised in the communication network; (ii) establishing a replication of at least one of the NPU's; (iii) virtually arranging the NPU's and the replication(s) in a ring configuration; (iv) associating a unique primary virtual identification and a corresponding unique backup virtual identification with each active and available entity selected from among the plurality of NPU's and replication(s); (v) establishing a list of hash values, each associated with the primary virtual identification or the backup virtual identification of a corresponding active and available entity; (vi) implementing a ring consistent hashing algorithm for carrying out a search resolution for a consistent hashing; and (vii) in a case of a change in an active and available entity having a certain primary virtual identification, using the corresponding backup virtual identification to maintain the ring continuity.

A method for use in a communication network is provided. The method comprises the steps of: (i) providing a plurality of network processing units (NPU's) comprised in the communication network; (ii) establishing a replication of at least one of the NPU's; (iii) virtually arranging the NPU's and the replication(s) in a ring configuration; (iv) associating a unique primary virtual identification and a corresponding unique backup virtual identification with each active and available entity selected from among the plurality of NPU's and replication(s); (v) establishing a list of hash values, each associated with the primary virtual identification or the backup virtual identification of a corresponding active and available entity; (vi) implementing a ring consistent hashing algorithm for carrying out a search resolution for a consistent hashing; and (vii) in a case of a change in an active and available entity having a certain primary virtual identification, using the corresponding backup virtual identification to maintain the ring continuity.

Some embodiments of the invention provide a forwarding element that can be configured through in-band data-plane messages from a remote controller that is a physically separate machine from the forwarding element. The forwarding element of some embodiments has data plane circuits that include several configurable message-processing stages, several storage queues, and a data-plane configurator. A set of one or more message-processing stages of the data plane are configured (1) to process configuration messages received by the data plane from the remote controller and (2) to store the configuration messages in a set of one or more storage queues. The data-plane configurator receives the configuration messages stored in the set of storage queues and configures one or more of the configurable message-processing stages based on configuration data in the configuration messages.

Some embodiments of the invention provide a forwarding element that can be configured through in-band data-plane messages from a remote controller that is a physically separate machine from the forwarding element. The forwarding element of some embodiments has data plane circuits that include several configurable message-processing stages, several storage queues, and a data-plane configurator. A set of one or more message-processing stages of the data plane are configured (1) to process configuration messages received by the data plane from the remote controller and (2) to store the configuration messages in a set of one or more storage queues. The data-plane configurator receives the configuration messages stored in the set of storage queues and configures one or more of the configurable message-processing stages based on configuration data in the configuration messages.

Data-driven intelligent networking systems and methods are provided. The system can accommodate dynamic traffic while applying injection limits to different traffic classes at an ingress edge port. The system can maintain state information of individual packet flows, which can be set up or released dynamically based on injected data. Each flow can be provided with a flow-specific input queue upon arriving at a switch. Packets of a respective flow can be acknowledged after reaching the egress point of the network, and the acknowledgement packets can be sent back to the ingress point of the flow along the same data path. Furthermore, an edge switch can dynamically allocate the ingress port bandwidth among the traffic classes that are active at a given moment.