A physical interconnect having multiple virtual paths is coupled between network devices of independent networks operated by different entities. In one aspect, the interconnect is monitored so that the entities can simultaneously and separately monitor network traffic being exchanged across the interconnect. Each entity can be assigned two virtual paths through the interconnect to pass network traffic through their network device, over the interconnect, through a network device of the other entity, back over the interconnect link and back through their network device. The network devices can be configured to loop back network packets using a variety of loopback configurations. Hardware policers that monitor capacity usage of the virtual paths can also be tested.

Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.

Systems and methods for connecting devices via a virtual global network are disclosed. In one embodiment the network system may comprise an endpoint device including a tunnel manager and a first virtual interface, an access point server including at least one tunnel listener and a second virtual interface. One or more tunnels are formed connecting the tunnel managers and tunnel listeners. The virtual interfaces provide a logical point of access to the one or more tunnels.

In one embodiment, network operations are improved by performing updating operations data in an operations data field associated with the header of a particular protocol during the processing of a different protocol. A particular multiple-protocol (MP) packet is received by a particular network node in a network. The particular MP packet includes multiple protocol headers, including a first protocol header associated with a first protocol and a second protocol header associated with a second protocol. Further, the second protocol header associated with a second operations data field. During protocol processing of the first protocol on the particular MP packet, the second operations data field updated with particular operations data. The particular MP packet is sent from the particular network node, with said sent particular MP packet including said updated second operations data field with particular operations data.

Provided is a system and method for a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage. More specifically, the datacenter providing cloud storage, includes a plurality of Client Systems coupled to a first datacenter each Client System having a set of infrastructure resources and an initial networking configuration; and a first cloud computing environment established in the first datacenter, and coupled to the Client Systems by OSI Layer 2 as a data link layer for the transfer of data frames, each frame having a plurality of OSI Layer 2 tags, the first cloud computing environment providing storage resources for allocation to at least two Client Systems, the plurality of OSI Layer 2 tags permitting the at least two Client Systems to have overlapping network configurations. An associated method of providing a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage is also provided.

Provided is a system and method for a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage. More specifically, the datacenter providing cloud storage, includes a plurality of Client Systems coupled to a first datacenter each Client System having a set of infrastructure resources and an initial networking configuration; and a first cloud computing environment established in the first datacenter, and coupled to the Client Systems by OSI Layer 2 as a data link layer for the transfer of data frames, each frame having a plurality of OSI Layer 2 tags, the first cloud computing environment providing storage resources for allocation to at least two Client Systems, the plurality of OSI Layer 2 tags permitting the at least two Client Systems to have overlapping network configurations. An associated method of providing a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage is also provided.

A request to establish an encrypted VPN connection between a network external to a provider network connected to the provider network via a dedicated direct physical link and a set of resources of the provider network is received. A new isolated virtual network (IVN) is established to implement an encryption virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, address information of the one or more PPEs is exchanged with the external network and a respective encrypted VPN tunnel is configured between each of the PPEs and the external network. Routing information pertaining to the set of resources is provided to the external network via at least one of the encrypted VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the external network via an encrypted VPN tunnel implemented over a dedicated direct physical link between the external network and the provider network.

Provided is a system and method for a multi-tenant datacenter with layer 2 cloud interconnection. More specifically the multi-tenant datacenter includes a plurality of client systems in a first datacenter each client system having a set of physical infrastructure resources. A first cloud computing environment is also in the first datacenter, and coupled to the client systems by OSI Layer 2. The first cloud computing environment thereby virtually extending the physical infrastructure resources of each client system. An associated method of providing a multi-tenant datacenter with layer 2 cloud interconnection is also provided.

A host computer and method for multicasting data between networking interfaces of hypervisors in a distributed computer system uses a Virtual Extensible LAN Network Identifier (VNI) assigned to a multicast group and an identifier of a VXLAN Tunnel End Point (VTEP) of the host computer associated to the VNI so that data being multicast for the multicast group can be routed to the networking interfaces via VTEPs associated with the VNI.

A system and method for initializing and maintaining a series of virtual local area networks contained in a clustered computer system is disclosed; the system utilizes Q-in-Q technology consisting of a private management local area network (MLAN), a separate virtual local area network (VLAN) to place resources that are to be shared, and private instances (replicas) of the shared resources that are located on a client's private network.