Example methods and systems for intent-based network virtualization design are disclosed. One example may comprise: obtaining configuration information and traffic information associated with multiple virtualized computing instances, processing the configuration information and traffic information to identify network connectivity intents and mapping the network connectivity intents to a logical network topology template. Based on a switching intent, a first group may be assigned to a logical network domain and the logical network topology template modified to include a logical switching element. Based on a routing intent, the logical network topology template may be modified to include a logical routing element. A logical network may be configured based on the modified logical network topology template to satisfy the switching intent and routing intent.

Some embodiments of the invention provide a novel method of performing network slice-based operations on a data message at a hardware forwarding element (HFE) in a network. For a received data message flow, the method has the HFE identify a network slice associated with the received data message flow. This network slice in some embodiments is associated with a set of operations to be performed on the data message by several network elements, including one or more machines executing on one or more computers in the network. Once the network slice is identified, the method has the HFE process the data message flow based on a rule that applies to data messages associated with the identified slice.

Apparatus and methods for optimizing bandwidth utilization and services in a data network infrastructure. In one embodiment, the data network is a managed Hybrid Fiber Coaxial (HFC) cable network, and the network infrastructure is configured to enable dynamic allocate of frequency bands to individual consumer premises device (e.g., DOCSIS-compliant cable modems). In one variant, the improved network infrastructure enables creation of virtual Service Groups (vSGs), and allocation of individual ones of the CM to such vSGs, to some degree irrespective of topological or “hardwired” location within the network. The allocations can be dynamic, and based on factors such as load balancing, evacuation of portions of the physical network topology (such as to support infrastructure upgrades or replacement), or for yet other reasons such as relating to subscriber tier or service level agreement (SLA).

A broadband network gateway (BNG) controller is described that includes a network subscriber database (NSDB) and one or more core applications. The NSDB is configured to store vBNG instance information for one or more subscriber devices. The vBNG instance information specifies vBNG instances operable by one or more edge routers. The vBNG instances are configured to receive requests to access service provider services from the one or more subscriber devices and to selectively authenticate the one or more subscriber devices for network services based on authentication information included in the requests to access services provider services. The one or more core applications include a network instance and configuration manager (NICM). The NICM is configured to modify the vBNG instance information at the NSDB to include an additional vBNG instance and to output, to an edge router, an instruction to generate the additional vBNG instance at the edge router.

A system and method for managing access congestion in a computer network, the system and method including: determining a plurality of channels within the computer network via a subscriber channel module; determining a set of subscribers for each of the channels of the plurality of channels via the subscriber channel module; determining a congestion level of each of the channels of the plurality of channels via an analysis module; determining each subscriber's impact on the respective channel based on each subscriber's network usage via the analysis module; and determining a reallocation of the subscribers to balance the channels, based on the congestion level and each subscriber's network usage, via a distribution module.

This document describes modeling and simulation techniques to select a cloud architecture profile based on correlations between application workloads and resource utilization. In some aspects, a method includes obtaining infrastructure data specifying utilization of computing resources of an existing computing system. Application workload data specifying tasks performed by one or more applications running on the existing computing system is obtained. One or more models are generated based on the infrastructure data and the application workload data. The model(s) define an impact on utilization of each computing resource in response to changes in workloads of the application(s). A workload is simulated, using the model(s), on a candidate cloud architecture profile that specifies a set of computing resources. A simulated utilization of each computing resource of the candidate cloud architecture profile is determined based on the simulation. An updated cloud architecture profile is generated based on the simulated utilization.

An example method of orchestrating a software-defined (SD) network layer of a virtualized computing system is described, the virtualized computing system including a host cluster, a virtualization management server, and a network management server each connected to a physical network, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes receiving, at the virtualization management server, a declarative specification describing a proposed state of an SD network for the host cluster, deploying, by the virtualization management server, virtualized infrastructure components in the host cluster in response to the proposed state in the declarative specification, and deploying, by the virtualization management server in cooperation with the network management server, logical network services supported by the virtualized infrastructure components in response to the proposed state in the declarative specification.

Systems and methods for efficient database management of non-transitory readable media, including a memory configured to store information associated with service instance requests across a plurality of distributed network resources and a processor configured to receive a service instance request, determine the first native domain object associated with the service instance request, allocate the plurality of network resources to a plurality of distributed worker instances dependent upon a first native domain object, assign the first service instance request to a first worker instance that includes a microservice instance that define service instance blocks to execute the request, and a service instance block manager configured to manage the first service instance request in conjunction with subsequent service instance requests associated with the plurality of worker instances, track running and completed requests, and allocate resources for similar requests across the distributed network nodes.

A particular overall architecture for transmission over a bonded channel system consisting of two interconnected MoCA (Multimedia over Coax Alliance) 2.0 SoCs (Systems on a Chip) and a method and apparatus for the case of a “bonded” channel network. With a bonded channel network, the data is divided into two segments, the first of which is transported over a primary channel and the second of which is transported over a secondary channel.

A DDoS attack handling technology is provided in which even when a plurality of IP addresses are attacked at the same time, resource load distribution between sites can be achieved while an increase in delay of target-addressed communications due to the handling of DDoS attacks is prevented. A DDoS handling apparatus 100 includes a load distribution determination unit 112 that determines whether load distribution processing is necessary, a processability determination unit 113 that determines whether load distribution processing is capable of being performed within a desired time, a grouping processing unit 115 that groups target-addressed communications into a plurality of groups, a load distribution processing unit 116 that determines, for each group, a mitigation site to be used to handle the target-addressed communications from among a plurality of mitigation sites, and an attack handling setting unit 117 that performs route control of the target-addressed communications. The DDoS handling apparatus 100 further includes a load distribution target reduction unit 114 that reduces the number of the target-addressed communications that are targets of the load distribution processing.