A device may identify a plurality of first values associated with network traffic of a label-switched path of a plurality of label-switched paths. The device may determine an adjustment policy based on the plurality of first values. The adjustment policy may include one or more factors associated with a plurality of second values. The plurality of second values may be determined based on the plurality of first values. The device may implement the adjustment policy in association with the label-switched path. A bandwidth reservation of the label-switched path may be adjusted based on the adjustment policy. The adjustment policy may be implemented for fewer than all of the plurality of label-switched paths.

A system for applying metadata tags based on metadata tag groups is described. The system includes a plurality of compute nodes configured to provide a plurality of computing resources for clients of a provider network and a resource tag manager for the provider network. The resource tag manager is configured to receive, from a first client of an account of the provider network, a creation request to establish a resource attribute group comprising a plurality of resource keys and a plurality of resource values, wherein respective metadata keys correspond to respective resource values. The resource tag manager may receive, from a second client of the account, an application request to apply the resource attribute group to a computing resource and apply the plurality of resource keys and the plurality of resource values to metadata maintained for the computing resource.

A system for applying metadata tags based on metadata tag groups is described. The system includes a plurality of compute nodes configured to provide a plurality of computing resources for clients of a provider network and a resource tag manager for the provider network. The resource tag manager is configured to receive, from a first client of an account of the provider network, a creation request to establish a resource attribute group comprising a plurality of resource keys and a plurality of resource values, wherein respective metadata keys correspond to respective resource values. The resource tag manager may receive, from a second client of the account, an application request to apply the resource attribute group to a computing resource and apply the plurality of resource keys and the plurality of resource values to metadata maintained for the computing resource.

A cloud data center tenant-level outbound rate limiting method includes: starting a timer, receiving and generating statistics of outbound packets of tenants in a current period, obtaining local traffic rate information of the tenants based on all the outbound packets of the tenants in the current period, and generating local bandwidth demand frames of the tenants based on the local traffic rate information of the tenants; when a timing of the timer reaches the end of the current period, sending the local bandwidth demand frames of the tenants to a switch; receiving a global bandwidth demand frame sent by the switch, and computing bandwidth budgets of the tenants based on the local traffic rate information of the tenants and the global bandwidth demand frames of the tenants; modifying rate limiting parameters, and limiting the rate of the outbound packets of the tenants in a next period.

A cloud data center tenant-level outbound rate limiting method includes: starting a timer, receiving and generating statistics of outbound packets of tenants in a current period, obtaining local traffic rate information of the tenants based on all the outbound packets of the tenants in the current period, and generating local bandwidth demand frames of the tenants based on the local traffic rate information of the tenants; when a timing of the timer reaches the end of the current period, sending the local bandwidth demand frames of the tenants to a switch; receiving a global bandwidth demand frame sent by the switch, and computing bandwidth budgets of the tenants based on the local traffic rate information of the tenants and the global bandwidth demand frames of the tenants; modifying rate limiting parameters, and limiting the rate of the outbound packets of the tenants in a next period.

A VNF operation apparatus (10) is a processing apparatus that relocates data processing functions to another apparatus to continue data processing and includes: a storage unit (12) configured to store information indicating a communication relationship between apparatuses; an estimation unit (132) configured to calculate, based on the information indicating the communication relationship, an estimation value of a transfer delay of data generated during relocation for a plurality of schedulings having different orders of relocation of the data processing functions; a scheduling unit (133) configured to select a scheduling for which the estimation value calculated by the estimation unit (132) is minimized, and sets, based on the selected scheduling, an order of relocation of the data processing functions and a start timing of relocation of the data processing functions; and a relocation unit (134) configured to relocate VNFs to the other apparatus in accordance with the order and the timing set by the scheduling unit.

A VNF operation apparatus (10) is a processing apparatus that relocates data processing functions to another apparatus to continue data processing and includes: a storage unit (12) configured to store information indicating a communication relationship between apparatuses; an estimation unit (132) configured to calculate, based on the information indicating the communication relationship, an estimation value of a transfer delay of data generated during relocation for a plurality of schedulings having different orders of relocation of the data processing functions; a scheduling unit (133) configured to select a scheduling for which the estimation value calculated by the estimation unit (132) is minimized, and sets, based on the selected scheduling, an order of relocation of the data processing functions and a start timing of relocation of the data processing functions; and a relocation unit (134) configured to relocate VNFs to the other apparatus in accordance with the order and the timing set by the scheduling unit.

A method for managing data includes obtaining, by a service function chain (SFC) orchestrator, a SFC request for a SFC, wherein the SFC comprises at least one virtual network function (VNF) and one service, in response to the SFC request: determining a set of candidate local data systems (LDSs) based on a resource availability mapping, performing a LDS analysis on the set of candidate LDSs, based on the LDS analysis: assigning the VNF to a candidate LDS of the set of candidate LDSs, assigning the service to a second LDS of the set of candidate LDSs, and based on the assigning of the VNF and the assigning of the service, initiating a deployment of the VNF and the service.

System and computer-implemented method for managing remote access to managed components in a cloud-based virtual computer network uses a virtual jumpbox infrastructure to establish a cryptographic network protocol connection between the virtual jumpbox infrastructure and the cloud-based virtual computer network on behalf of an user interface making a request for remote access to the cloud-based virtual computer network. After the cryptographic network protocol connection has been established, communication data between the user interface and a target managed component in the cloud-based virtual computer network is automatically moderated at the virtual jumpbox infrastructure at a data path that is not within the cryptographic network protocol connection. The automatic moderation includes at least one of inserting new information into the communication data and removing existing information from the communication data.

System and computer-implemented method for managing remote access to managed components in a cloud-based virtual computer network uses a virtual jumpbox infrastructure to establish a cryptographic network protocol connection between the virtual jumpbox infrastructure and the cloud-based virtual computer network on behalf of an user interface making a request for remote access to the cloud-based virtual computer network. After the cryptographic network protocol connection has been established, communication data between the user interface and a target managed component in the cloud-based virtual computer network is automatically moderated at the virtual jumpbox infrastructure at a data path that is not within the cryptographic network protocol connection. The automatic moderation includes at least one of inserting new information into the communication data and removing existing information from the communication data.