Described in this document, among other things, is an overload protection system that can protect data sinks from overload by controlling the volume of data sent to those data sinks in a fine-grained manner. The protection system preferably sits in between edge servers, or other producers of data, and data sinks that will receive some or all of the data. Preferably, each data sink owner defines a policy to control how and when overload protection will be applied. Each policy can include definitions of how to monitor the stream of data for overload and specify one or more conditions upon which throttling actions are necessary. In embodiments, a policy can contain a multi-part specification to identify the class(es) of traffic to monitor to see if the conditions have been triggered.

A system and method for supporting network isolation in a multi-tenant cluster environment. An exemplary method can support one or more tenants, and can associate each of the one or more tenants with a partition of a plurality of partitions, and can also associate each of the plurality of partitions with one or more nodes of a plurality of nodes, each of the plurality of nodes being associated with a leaf switch of a plurality of switches. The method can mark each of the plurality of partitions with a policy parameter. The method can assign each node of the plurality of nodes a partitioning order based on the marked on the partition associated with each node. Finally, the method can, based at least upon the marking of the partition of the plurality of partitions, generate one or more linear forwarding tables for use in the multi-tenant cluster environment.

A device may receive, from a source, data destined for a destination. The device may identify a protocol associated with the data. The protocol may be used to transmit the data. The device may determine whether the protocol is unsupported by the device. The device may identify control information, associated with the protocol, based on determining that the protocol is unsupported by the device. The control information may identify an action, to perform on the data, other than dropping the data. The device may perform the action based on the control information.

An example of a system may include a processing resource and a controller including a memory resource storing instructions executable by the processing resource to determine a rate of traffic communication at each of a plurality of ingresses participating in a communication of a packet flow context, determine a rate of traffic communication at each of a plurality of egresses participating in the communication of the packet flow context, determine a target packet admission rate applicable to each of the plurality of ingresses from the rate of traffic communication at each of the plurality of ingresses and the rate of traffic communication at each of the plurality of egresses, and communicate the target packet admission rate to an ingress of the plurality of ingresses.

Methods, computer program products, and systems are presented. The methods include, for instance: a gateway stack that includes a master, a backup, and at least one slave amongst nodes of the GS based on an election pursuant to a gateway stack protocol. The gateway stack provides gateway services for a Network Virtualization over Layer 3 (NVO3) network in a fail-safe manner by utilizing all of the nodes in the gateway stack. A data interface between the gateway stack and a switch is aggregated to evenly distribute inbound packets amongst the nodes of the gateway stack.

A system and method for supporting network isolation in a multi-tenant cluster environment. An exemplary method can support one or more tenants, and can associate each of the one or more tenants with a partition of a plurality of partitions, and can also associate each of the plurality of partitions with one or more nodes of a plurality of nodes, each of the plurality of nodes being associated with a leaf switch of a plurality of switches. The method can mark each of the plurality of partitions with a policy parameter. The method can assign each node of the plurality of nodes a partitioning order based on the marked on the partition associated with each node. Finally, the method can, based at least upon the marking of the partition of the plurality of partitions, generate one or more linear forwarding tables for use in the multi-tenant cluster environment.

Methods and systems for managing packet flow in a local network in a manner that allows network devices at the edge of the network to use minimal buffer memory while maximizing use of bandwidth allocated on an interconnect between the local network and an external network. Packet flows facing external network problems are scaled back, reducing redundant traffic on the interconnect and allowing for use of small buffers in edge devices. A flow source marks a subset of packets within a flow for preferential treatment within the local network. The flow source then adjusts the flow rate only responsive to failures in transmission of the marked packets. In some implementations, an edge device removes the markings prior to packet egress. The local network honors the preferential treatment markings such that a loss of a marked packet is more likely to occur on an external network than on the local network.

Methods, computer program products, and systems are presented. The methods include, for instance: providing a distributed virtual gateway for Network Virtualization over Layer 3 (NVO3) network. A gateway stack having three or more nodes is implemented as a distributed virtual gateway, providing Layer 2 or Layer 3 gateway services in a fail-safe manner. Nodes of the gateway stack are configured to autonomously process and forward inbound NVO3 data packets with known destination addresses without engaging a master of the gateway stack.

An example of a system may include a processing resource and a controller including a memory resource storing instructions executable by the processing resource to determine a rate of traffic communication at each of a plurality of ingresses participating in a communication of a packet flow context, determine a rate of traffic communication at each of a plurality of egresses participating in the communication of the packet flow context, determine a target packet admission rate applicable to each of the plurality of ingresses from the rate of traffic communication at each of the plurality of ingresses and the rate of traffic communication at each of the plurality of egresses, and communicate the target packet admission rate to an ingress of the plurality of ingresses.

Methods and systems for managing packet flow in a local network in a manner that allows network devices at the edge of the network to use minimal buffer memory while maximizing use of bandwidth allocated on an interconnect between the local network and an external network. Packet flows facing external network problems are scaled back, reducing redundant traffic on the interconnect and allowing for use of small buffers in edge devices. A flow source marks a subset of packets within a flow for preferential treatment within the local network. The flow source then adjusts the flow rate only responsive to failures in transmission of the marked packets. In some implementations, an edge device removes the markings prior to packet egress. The local network honors the preferential treatment markings such that a loss of a marked packet is more likely to occur on an external network than on the local network.