An object is to provide a communication apparatus, a communication method, and a program capable of avoiding an increase in network load when input traffic continues to be large and a communication delay when input traffic is very small. A communication apparatus according to the present invention prepares three token buckets and can transfer, discard, or hold a packet in accordance with the amount of tokens in each token bucket. This enables the communication apparatus to operate so as not to exceed a set maximum bandwidth when large traffic is received for the delay guarantee shaping. Further, When the maximum bandwidth is exceeded, the communication apparatus can select whether to discard a packet to prioritize a delay guarantee or to hold a packet to prioritize no loss of packets. Furthermore, the communication apparatus can immediately transmit a packet without increasing a communication delay when input traffic is very small.

Techniques for orchestrating workloads based on policy to operate in optimal host and/or network proximity in cloud-native environments are described herein. The techniques may include receiving flow data associated with network paths between workloads hosted by a cloud-based network. Based at least in part on the flow data, the techniques may include determining that a utilization of a network path between a first workload and a second workload is greater than a relative utilization of other network paths between the first workload and other workloads. The techniques may also include determining that reducing the network path would optimize communications between the first workload and the second workload without adversely affecting communications between the first workload and the other workloads. The techniques may also include causing at least one of a redeployment or a network path re-routing to reduce the networking proximity between the first workload and the second workload.

Methods and systems for managing data transmissions are disclosed. An example method can comprise determining a plurality of time allocations for a time cycle. The plurality of time allocations can comprise a first time allocation which can be determined based on an information rate, a committed information rate, an excess information rate, an effective bandwidth rate, other factors, or a combination thereof. Data can be received from multiple sources into a buffer, for example, and can be processed within a time cycle if processing the data will not exceed the time allocation.

Technologies for managing burst bandwidth requirements are disclosed. In the illustrative embodiment, a software-defined network (SDN) controller monitors storage devices in a data center. If a storage device fails, the SDN controller manages the bandwidth used to replicate the data that was stored on the failed storage device. The SDN controller may allocate an initial amount of bandwidth based on one or more parameters of the storage device, and the SDN controller may increase the bandwidth in a series of discrete steps. In another embodiment, the SDN controller may predict a bandwidth burst based on sequential writes at a storage sled from several compute devices, and allocate bandwidth accordingly in a tiered manner.

Some embodiments provide a method for scheduling a packet to be dequeued to a processing pipeline of a hardware forwarding element. The method selects a node representing one of multiple ports associated with the processing pipeline. For each of one or more layers of logical queues, the method (i) identifies a set of logical queue nodes associated with a previously selected node based on a configuration that maps multiple physical queues to the multiple ports via the one or more layers of logical queues and (ii) selects one of the identified logical queue nodes based on properties of the identified logical queue nodes. The method selects one of a set of physical queues associated with a selected logical queue node of the last layer of logical queues. The method dequeues a next packet from the selected physical queue for processing by the processing pipeline.

Methods and systems for managing data transmissions are disclosed. An example method can comprise determining a plurality of time allocations for a time cycle. The plurality of time allocations can comprise a first time allocation which can be determined based on an information rate, a committed information rate, an excess information rate, an effective bandwidth rate, other factors, or a combination thereof. Data can be received from multiple sources into a buffer, for example, and can be processed within a time cycle if processing the data will not exceed the time allocation.

Systems and methods are disclosed for enhancing network performance by using modified traffic control (e.g., rate limiting and/or scheduling) techniques to control a rate of packet (e.g., data packet) traffic to a queue scheduled by a Quality of Service (QoS) engine for reading and transmission. In particular, the QoS engine schedules packets using estimated packet sizes before an actual packet size is known by a direct memory access (DMA) engine coupled to the QoS engine. The QoS engine subsequently compensates for discrepancies between the estimated packet sizes and actual packet sizes (e.g., when the DMA engine has received an actual packet size of the scheduled packet). Using these modified traffic control techniques that leverage estimating packet sizes may reduce and/or eliminate latency introduced due to determining actual packet sizes.

In one embodiment, a method includes measuring a rate of traffic received at a leaf node, marking a plurality of packets in the flow as protected at the leaf node to match the rate of traffic with a configured rate of traffic for the flow at the leaf node, and dropping a plurality of non-protected packets at the leaf node when a queue at the leaf node is congested. A minimum bandwidth is provided for the flow based on the configured rate of traffic at the leaf node. The leaf node comprises an ingress node or an egress node connected to a fabric. An apparatus is also disclosed herein.

Methods to strengthen the cyber-security and privacy in a proposed deterministic Internet of Things (IOT) network are described. The proposed deterministic IoT consists of a network of simple deterministic packet switches under the control of a low-complexity Software Defined Networking (SDN) control-plane. The network can transport Deterministic Traffic Flows (DTFs), where each DTF has a source node, a destination node, a fixed path through the network, and a deterministic or guaranteed rate of transmission. The SDN control-plane can configure millions of distinct interference-free Deterministic Virtual Networks (D)VNs) into the IoT, where each DVN is a collection of interference-free DTFs. The SDN control-plane can configure each deterministic packet switch to store several deterministic periodic schedules, defined for a scheduling-frame which comprises F time-slots. The schedules of a network determine which DTFs are authorized to transmit data over each fiber-optic link of the network. These schedules also ensure that each DTF will receive a deterministic rate of transmission through every switch it traverses, with full immunity to congestion, interference and Denial-of-Service (DOS) attacks. Any unauthorized transmissions by a cyber-attacker can also be detected quickly, since the schedules also identify unauthorized transmissions. Each source node and destination node of a DTF, and optionally each switch in the network, can have a low-complexity private-key encryption/decryption unit. The SDN control-plane can configure the source and destination nodes of a DTF, and optionally the switches in the network, to encrypt and decrypt the packets of a DTF using these low-complexity encryption/decryption units. To strengthen security and privacy and to lower the energy use, the private keys can be very large, for example several thousands of bits. The SDN control-plane can configure each DTF to achieve a desired level of security well beyond what is possible with exitsing schemes such as AES, by using very long keys. The encryption/decryption units also use a new serial permutation unit the very low hardware cost, which allows for exceptional security and very-high throughputs in FPGA hardware.

Methods to strengthen the cyber-security and privacy in a proposed deterministic Internet of Things (IoT) network are described. The proposed deterministic IoT consists of a network of simple deterministic packet switches under the control of a low-complexity Software Defined Networking (SDN) control-plane. The network can transport Deterministic Traffic Flows (DTFs), where each DTF has a source node, a destination node, a fixed path through the network, and a deterministic or guaranteed rate of transmission. The SDN control-plane can configure millions of distinct interference-free Deterministic Virtual Networks (DVNs) into the IoT, where each DVN is a collection of interference-free DTFs. The SDN control-plane can configure each deterministic packet switch to store several deterministic periodic schedules, defined for a scheduling-frame which comprises F time-slots. The schedules of a network determine which DTFs are authorized to transmit data over each fiber-optic link of the network. These schedules also ensure that each DTF will receive a deterministic rate of transmission through every switch it traverses, with full immunity to congestion, interference and Denial-of-Service (DoS) attacks. Any unauthorized transmissions by a cyber-attacker can also be detected quickly, since the schedules also identify unauthorized transmissions. Each source node and destination node of a DTF, and optionally each switch in the network, can have a low-complexity private-key encryption/decryption unit. The SDN control-plane can configure the source and destination nodes of a DTF, and optionally the switches in the network, to encrypt and decrypt the packets of a DTF using these low-complexity encryption/decryption units. To strengthen security and privacy and to lower the energy use, the private keys can be very large, for example several thousands of bits. The SDN control-plane can configure

each DTF to achieve a desired level of security well beyond what is possible with existing schemes such as AES, by using very long keys. The encryption/decryption units also use a new serial permutation unit the very low hardware cost, which allows for exceptional security and very-high throughputs in FPGA hardware.