A method is provided for a hyper-converged storage-compute system to implement an active-active failover architecture for providing Internet Small Computer System Interface (iSCSI) target service. The method intelligently selects multiple hosts to become storage nodes that process iSCSI input/output (I/O) for a target. The method further enables iSCSI persistent reservation (PR) to handle iSCSI I/Os from multiple initiators.

Layer 7 protocol (non-HTTP) client applications are executed in the browser. The non-HTTP layer 7 protocol client application connects to a compute server that proxies layer 4 packets to the origin network that has the non-HTTP layer 7 protocol service. As an example, an SSH client (a non-HTTP layer 7 protocol) can execute in the browser and the TCP packets (layer 4 packets) are proxied by a compute server to the origin network that has the appropriate SSH server. The non-HTTP layer 7 protocol client application allows users to run commands or otherwise interact with the client as if they were using a native application (one that is not executed within the browser) without any client-side configuration or agent.

A method of data transfer to a plurality of devices on a mesh network includes receiving bulk data at a proxy device in the mesh network; storing, at the proxy device, the bulk data; confirming, to a source of the bulk data, that the bulk data is received; after confirming that the bulk data is received, performing a transfer of the bulk data packet-by-packet to at least one other node in the mesh network; and performing a unicast communication to identify missing packets. The transfer can be or include a cascade transfer in which the data is transferred packet-by-packet to a next available node in the mesh network that itself passes a received packet to its next available node in the mesh network.

A method of data transfer to a plurality of devices on a mesh network includes receiving bulk data at a proxy device in the mesh network; storing, at the proxy device, the bulk data; confirming, to a source of the bulk data, that the bulk data is received; after confirming that the bulk data is received, performing a transfer of the bulk data packet-by-packet to at least one other node in the mesh network; and performing a unicast communication to identify missing packets. The transfer can be or include a cascade transfer in which the data is transferred packet-by-packet to a next available node in the mesh network that itself passes a received packet to its next available node in the mesh network.

Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

Methods of selecting an identity provider using an identity attribute sharing system may include accessing, by a user device, a page of a relying party. The methods may include receiving, by the user device, a selection to utilize an identity network to share a number of identity attributes with the relying party. The methods may include displaying, by the user device, a plurality of identity providers enrolled for use with the identity attribute sharing system. The methods may include receiving, by the user device, a selection of one of the plurality of identity providers. The methods may include providing access to a page of a selected identity provider.

Disclosed by embodiments of the present application are a network access method used for an edge router and an edge router. One specific embodiment of the method comprises: receiving a first request message sent by a first tenant network edge device among at least one tenant network edge device; on the basis of port information of a port connected to the first tenant network edge device, obtaining a first request identification corresponding to the first tenant network edge device, wherein the first request identification is used to identify the first tenant network edge device; adding the first request identification to the first request message so as to generate a processed first request message; and on the basis of a stored routing table, forwarding the processed first request message to a cloud gateway.

Disclosed by embodiments of the present application are a network access method used for an edge router and an edge router. One specific embodiment of the method comprises: receiving a first request message sent by a first tenant network edge device among at least one tenant network edge device; on the basis of port information of a port connected to the first tenant network edge device, obtaining a first request identification corresponding to the first tenant network edge device, wherein the first request identification is used to identify the first tenant network edge device; adding the first request identification to the first request message so as to generate a processed first request message; and on the basis of a stored routing table, forwarding the processed first request message to a cloud gateway.

Examples described herein relate to apparatuses and methods for managing communications within a supercluster or across superclusters, including a first supercluster having a plurality of first machines and a publish-subscribe (Pub-Sub) channel to which each of the plurality of first machines is subscribed. A second supercluster has a plurality of second machines and a bridge between the first supercluster and the second supercluster. A first machine is configured to receive, via the bridge, an availability status and resource allocation information of each second machine and publish, on the Pub-Sub channel of the first supercluster, the availability status and the resource allocation information.

Examples described herein relate to apparatuses and methods for managing communications within a supercluster or across superclusters, including a first supercluster having a plurality of first machines and a publish-subscribe (Pub-Sub) channel to which each of the plurality of first machines is subscribed. A second supercluster has a plurality of second machines and a bridge between the first supercluster and the second supercluster. A first machine is configured to receive, via the bridge, an availability status and resource allocation information of each second machine and publish, on the Pub-Sub channel of the first supercluster, the availability status and the resource allocation information.