A device includes a multistage filter and an elephant trap. The multistage filter has hash functions and an array. The multistage filter is operable to receive a packet associated with a candidate heavy network user and send the packet to the hash functions. The hash functions generate hash function output values corresponding to indices in the array. The elephant trap is connected to the multistage filter. The elephant trap includes a buffer and probabilistic sampling logic. The probabilistic sampling logic is operable to attempt to add information associated with the packet to the buffer a particular percentage of the time based in part on the result of the multistage filter lookup. The buffer is operable to hold information associated with the packet, counter information, and timestamp information.

Technologies for efficient network flow classification include a computing device that receives a network packet that includes a header. The computing device generates a vector Bloom filter (VBF) key as a function of the header and searches multiple VBFs for a VBF that matches the VBF key. Each VBF is associated with a flow sub-table that includes one or more flow rules. Each flow sub-table is associated with a mask length. If a matching VBF is found, the computing device searches the corresponding flow sub-table for a flow rule that matches a masked header of the network packet. If no matching VBF is found or if no matching flow rule is found, the computing device searches all of the flow sub-tables for a flow rule that matches the header. The computing device applies a flow action of a matching flow rule. Other embodiments are described and claimed.

Some embodiments of the invention provide a method for WAN (wide area network) optimization for a WAN that connects multiple sites, each of which has at least one router. At a gateway router deployed to a public cloud, the method receives from at least two routers at least two sites, multiple data streams destined for a particular centralized datacenter. The method performs a WAN optimization operation to aggregate the multiple streams into one outbound stream that is WAN optimized for forwarding to the particular centralized datacenter. The method then forwards the WAN-optimized data stream to the particular centralized datacenter.

A virtual switch configured to switch packets between virtual switch ports based on classifier sub-tables. The virtual switch reserves blocks of last level cache for classifier sub-table storage. The virtual switch also maintains a global sub-table priority map for the classifier sub-tables. The global sub-table priority map indicates usage frequency of each classifier sub-table when switching the packets between the ports. A sub-set of the classifier sub-tables with a highest usage frequency, according to the global sub-table priority map, are pre-fetched to the reserved blocks of the last level cache. By pre-fetching the most used classifier sub-tables, memory related bottlenecks are reduced when searching through classifier sub-tables. This mechanism increases processing speed when matching packets/flows to classifier sub-tables, resulting in faster packet switching by the virtual switch. The virtual switch may leverage Cache Allocation Technology (CAT)/Code and Data Prioritization technology (CDP) to prevent cache eviction.

A method is performed by a network device acting as a controller in a software defined networking (SDN) network. The method detects control path loops in the SDN network. The method includes receiving a Packet-In message from a switch, where the Packet-In message includes a packet. The method further includes determining a packet identifier associated with the packet, determining a key based on the packet identifier associated with the packet, determining whether an entry associated with the key exists in a loop detection cache, updating a counter value associated with the entry in response to determining that the entry associated with the key exists in the loop detection cache, and determining that the packet is in a control path loop in response to determining that the counter value associated with the entry reaches a threshold value.

Technologies for efficient network flow classification include a computing device that receives a network packet that includes a header. The computing device generates a vector Bloom filter (VBF) key as a function of the header and searches multiple VBFs for a VBF that matches the VBF key. Each VBF is associated with a flow sub-table that includes one or more flow rules. Each flow sub-table is associated with a mask length. If a matching VBF is found, the computing device searches the corresponding flow sub-table for a flow rule that matches a masked header of the network packet. If no matching VBF is found or if no matching flow rule is found, the computing device searches all of the flow sub-tables for a flow rule that matches the header. The computing device applies a flow action of a matching flow rule. Other embodiments are described and claimed.

Interest packets are provided that include a dual control plane and forwarding plane function that avoids the asymmetry associated with traditional information centric networking. Interest packets are used to update the control plane for routing purposes, as well as to request data from the content caches and providers. Instead of identifying a return path, the interest packets include an identifier of other content advertised by the client device issuing the interest packet. An advertised content identifier is stored in a data structure with an identification of the corresponding client device. Data packets include the advertised content identifier of the corresponding interest packet, in addition to the name of the requested content. When a data packet is received for requested content, the advertised content identifier is used to determine where to route the data packet.

Implementations of the present disclosure are directed to systems and methods for reducing the size of packet headers by using a single field to encode multiple elements. Instead of including separate fields for each element, one or more encoded fields may be used, each of which is decoded to determine two or more values for the data packet. A receiving device decodes the encoded data field to retrieve the two or more values.

A virtual switch configured to switch packets between virtual switch ports based on classifier sub-tables. The virtual switch reserves blocks of last level cache for classifier sub-table storage. The virtual switch also maintains a global sub-table priority map for the classifier sub-tables. The global sub-table priority map indicates usage frequency of each classifier sub-table when switching the packets between the ports. A sub-set of the classifier sub-tables with a highest usage frequency, according to the global sub-table priority map, are pre-fetched to the reserved blocks of the last level cache. By pre-fetching the most used classifier sub-tables, memory related bottlenecks are reduced when searching through classifier sub-tables. This mechanism increases processing speed when matching packets/flows to classifier sub-tables, resulting in faster packet switching by the virtual switch. The virtual switch may leverage Cache Allocation Technology (CAT)/Code and Data Prioritization technology (CDP) to prevent cache eviction.

A network element (NE) comprising a receiver configured to receive a content request message from a client node via a network, wherein the content request message comprises an identifier of a data object, a memory configured to store a content routing table comprising local routing entries for popular data objects, and a content indicator indicating less popular data objects that are not associated with the local routing entries, a processor coupled to the memory and configured to check the content routing table for an entry associated with the requested data object, and check the content indicator for a match between the requested data object and the less popular data objects when the content routing table does not comprise the entry, and a transmitter coupled to the processor and configured to send a route request message to a network controller when the content indicator check returns a positive match.