This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Systems and methods are provided for performing routing in a switch network or fabric. Switches can be configured in a hierarchical topology having a plurality of groups, where switches in a group are connected to one another, and groups are connected to other groups. Routing can be performed by maintaining per-group group load information. A packet can be routed between at least two groups using the per-group group load information to effect a set of routing decisions. The set of routing decisions can be biased towards or away one or more paths.

Embodiments of methods and systems for managing traffic across a WAN are disclosed. A method involves advertising an input rate limit across a WAN from a first node, advertising an input distribution array across the WAN from the first node, wherein the input distribution array includes forwarding class-specific weights, and adapting at least one of the input rate limit and the input distribution array in response to an error between a target forwarding class distribution and an observed input traffic distribution.

A network congestion notification method and network node are provided in a network system. The network node receives a remote direct memory access (RDMA) packet, where the RDMA packet carries a source queue pair number corresponding to a transmit end and a destination queue pair number corresponding to a receive end. The network node generates a congestion notification packet when detecting network congestion, where a destination queue pair number of the congestion notification packet is the source queue pair number. Then the network node sends the congestion notification packet to the transmit end so that the transmit end may decrease a sending rate of a data flow to which the first data packet belongs.

A network congestion notification method and network node are provided in a network system. The network node receives a remote direct memory access (RDMA) packet, where the RDMA packet carries a source queue pair number corresponding to a transmit end and a destination queue pair number corresponding to a receive end. The network node generates a congestion notification packet when detecting network congestion, where a destination queue pair number of the congestion notification packet is the source queue pair number. Then the network node sends the congestion notification packet to the transmit end so that the transmit end may decrease a sending rate of a data flow to which the first data packet belongs.

A flow control method and system, and a device are provided to implement flow control in a process of transmitting a media stream between devices. The method includes: receiving, by a first device, a media stream that is sent by a second device at a first rate; instructing based on a rate of a media stream in a first time period in which a buffer usage rises from a first threshold to a second threshold, the second device to send a media stream to the first device at a second rate which is less than the first rate; instructing based on a rate of a media stream in a second time period in which the buffer usage rises from the second threshold to a third threshold, the second device to send a media stream to the first device at a third rate which is not greater than the second rate.

The present application disclose a method for implementing congestion control. The method includes: obtaining congestion control information of a first network device, where the congestion control information includes a total bandwidth of a first egress port of the first network device and a quantity of active flows corresponding to a first queue of the first egress port; and determining a sending rate of a first data flow in the active flows based on the congestion control information, where the sending rate is positively related to the total bandwidth and negatively related to the quantity of active flows, and the sending rate is used by a sending device of the first data flow to send the first data flow.

A method for distributing, by a content distribution device and by a communication network, at least one audiovisual service to a user terminal associated with a network user point. The method including the steps of: transmitting, to said network user point, at least a first service and a second service, said second service comprising an audiovisual service intended for the fruition while it is transmitted to the network user point; determining a reception performance index relating to said network user point based on telemetry data; determining a maximum transmission rate for said first service based on said reception performance index; in which transmitting comprises transmitting, by said content distribution device, said first service at a transmission rate not higher than said maximum bitrate.

Systems and methods are provided for passing data amongst a plurality of switches having a plurality of links attached between the plurality of switches. At a switch, a plurality of load signals are received from a plurality of neighboring switches. Each of the plurality of load signals are made up of a set of values indicative of a load at each of the plurality of neighboring switches providing the load signal. Each value within the set of values provides an indication for each link of the plurality of links attached thereto as to whether the link is busy or quiet. Based upon the plurality of load signals, an output link for routing a received packet is selected, and the received packet is routed via the selected output link.

A network interface controller (NIC) capable of performing message passing interface (MPI) list matching is provided. The NIC can include a host interface, a network interface, and a hardware list-processing engine (LPE). The host interface can couple the NIC to a host device. The network interface can couple the NIC to a network. During operation, the LPE can receive a match request and perform MPI list matching based on the received match request.