Described herein are various technologies pertaining to identification of inbound and outbound network and application attacks with respect to a data center. Commodity servers are used to monitor ingress and egress traffic flows, and anomalies are detected in the traffic flows. Responsive to detecting an anomaly, a mitigation strategy is executed to mitigate damage caused by a cyber-attack.

A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled. Network traffic received by the switching device is directed to appropriate cluster units based on the LB function and the LB table. A traffic load on each of the cluster units is monitored. Responsive to a deviation from a predefined ideal traffic distribution, an attempt is made to improve performance of the HA cluster by dynamically adjusting the LB balancing table to address the deviation.

Various embodiments of methods and apparatus for load balancing requests such that target resources serve a single client are described. In at least some embodiments, a single resource, such as a compute instance, is assigned to only one client, and that single resource is used for all subsequent connections and communications from that client. Some embodiments comprise a resource selection system which provides identifying information of an available resource, in order for a connection to be established between the client and the resource. The resource selection system then removes that identifying information from its memory. In some of these embodiments, a routing layer interfaces with the resource selection system to establish the connection between the client and the available resource. When a client is assigned to a resource, other clients may be prevented from establishing connections with the resource.

Disclosure method that includes traversing a user instance distribution of user instances of a user on hosts in a cluster to detect whether a trigger condition for user scheduling of adjustment of the user instance distribution is satisfied; migrating the user instance to be migrated out from the one or more hosts from which the user instances are to be migrated out to the one or more second hosts to which the one or more user instances are to be migrated in if the trigger condition for user scheduling is satisfied. The implementations of the present disclosure may schedule resources based on user instance distributions of users on hosts and achieve a balanced distribution of user instances. The implementations further avoid placing user instances of all users into a small number of hosts, increase the ability to prevent risks, and enhance the user experience.

A broadband network gateway (BNG) controller is described that includes a network subscriber database (NSDB) and one or more core applications. The NSDB is configured to store vBNG instance information for one or more subscriber devices. The vBNG instance information specifies vBNG instances operable by one or more edge routers. The vBNG instances are configured to receive requests to access service provider services from the one or more subscriber devices and to selectively authenticate the one or more subscriber devices for network services based on authentication information included in the requests to access services provider services. The one or more core applications include a network instance and configuration manager (NICM). The NICM is configured to modify the vBNG instance information at the NSDB to include an additional vBNG instance and to output, to an edge router, an instruction to generate the additional vBNG instance at the edge router.

Technologies for providing adaptive utilization of different interconnects for workloads include a compute device. The compute device includes a connection abstraction logic unit to determine a quality of service target to be satisfied in the execution of a workload that is to communicate with at least one other workload through one or more interconnects of a set of interconnects associated with the compute device, determine a quality of service property of each interconnect of the set of interconnects, and allocate, as a function of the determined quality of service property of each interconnect, one or more of the set of interconnects to the workload to satisfy the quality of service target. The compute device also includes circuitry to execute the workload and communicate with the at least one other workload through the allocated one or more interconnects. Other embodiments are also described and claimed.

Technologies for providing adaptive utilization of different interconnects for workloads include a compute device. The compute device includes a connection abstraction logic unit to determine a quality of service target to be satisfied in the execution of a workload that is to communicate with at least one other workload through one or more interconnects of a set of interconnects associated with the compute device, determine a quality of service property of each interconnect of the set of interconnects, and allocate, as a function of the determined quality of service property of each interconnect, one or more of the set of interconnects to the workload to satisfy the quality of service target. The compute device also includes circuitry to execute the workload and communicate with the at least one other workload through the allocated one or more interconnects. Other embodiments are also described and claimed.

Method, management node and processing node are disclosed for continuous availability in a cloud environment. According to an embodiment, the cloud environment comprises a plurality of layers and each layer includes at least two processing nodes. Each processing node in a layer can pull job(s) from the processing nodes in the upper layer if any and prepare job(s) for the processing nodes in the under layer if any. A method implemented at a management node comprises receiving measurement reports from the plurality of layers. The measurement report of each processing node comprises information about job(s) pulled from the upper layer if any and job(s) pulled by the under layer if any. The method further comprises determining information about failure in the cloud environment based on the measurement reports.

Method, management node and processing node are disclosed for continuous availability in a cloud environment. According to an embodiment, the cloud environment comprises a plurality of layers and each layer includes at least two processing nodes. Each processing node in a layer can pull job(s) from the processing nodes in the upper layer if any and prepare job(s) for the processing nodes in the under layer if any. A method implemented at a management node comprises receiving measurement reports from the plurality of layers. The measurement report of each processing node comprises information about job(s) pulled from the upper layer if any and job(s) pulled by the under layer if any. The method further comprises determining information about failure in the cloud environment based on the measurement reports.

The disclosed computer-implemented method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a label stack that includes a plurality of labels that collectively represent at least a portion of a label-switched path within the network, (3) popping, from the label stack, a label that corresponds to a next hop of the network node, (4) determining, based at least in part on the label, that the next hop has experienced a failure that prevents the packet from reaching a destination via the next hop, (5) identifying a backup path that merges with the label-switched path at a next-to-next hop included in the label-switched path, and then (6) forwarding the packet to the next-to-next hop via the backup path. Various other methods, systems, and apparatuses are also disclosed.