A hash value is determined based on a payload of a message associated with a first system, the hash value related to a message flow instance that includes the message, wherein the payload associates the message with the message flow instance. Upon sending the message to a second system, generating a first event corresponding to the message, wherein the first event includes the hash value. The first event is sent to a monitoring system. The monitoring system receives a second event including the hash value, wherein the hash value included in the second event is determined in association with the second system. Based on the hash value, a relation is determined to associate the first event and the second event with the message flow instance. The message flow instance is reconstructed based on the determined relation.

The technology disclosed relates to failure recovery in cloud-based services. In particular, the technology disclosed relates to a service instance BA that identifies a service instance BB as having a secondary role for packets carrying a stream affinity code which is specified in a service map distributed to service instances. Service instance BA state information is synchronized with the service instance BB after processing a first packet. After failure of the service instance BA, a service instance AA receives an updated service map, and prepares to forward to the service instance BA a second packet. The second packet includes a same stream affinity code as the first packet forwarded before the failure. The updated service map is used to determine that the service instance BB is available and servicing the same stream affinity code as the service instance BA. The second packet is forwarded to the service instance BB.

Systems and techniques are disclosed for receiving, with a load balancer, a request from a client device. The request includes a session identifier corresponding to a session state associated with the request. The session state is stored on a first node within a cluster of nodes associated with the load balancer. A hash function is applied using the session identifier and topology information about the cluster of nodes. Based on a result of the hash function, a determination is made as to a selected node within the cluster of nodes to which the request is to be routed. The request is routed to the selected node.

Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

The disclosed technology teaches distributed routing and load balancing in a dynamic service chain: receiving and processing a packet, with added header including stream affinity code, at a first service instance and based on processing determining a second service, among available services, that should next handle the packet. The technology teaches accessing a flow table using the stream affinity code in the header to select a service instance performing the second service in the service chain, and routing the packet to the second service instance upon egress from the first service instance. When the flow table lacks an entry for the second service corresponding to the stream affinity code, the disclosed technology teaches accessing a consistent hash table of service instances performing the second service, selecting an available instance, and updating the flow table to specify the second service instance as providing the second service for packets sharing the header.

Systems and methods are provided for programming a network device. A method includes receiving a wild card entry at the network device, the network device including a ternary content addressable memory (TCAM) table and an exact match (EM) table. The method determines whether the wild card entry is compatible with the EM table. In response to determining that the wild card entry is compatible with the EM table, the method determines the available space in the EM table, the usage of the TCAM table, and at least one flow characteristic of the wild card entry. The method evaluates the determined available space in the EM table, usage of the TCAM table, and the at least one flow characteristic against a set of stored rules that select the EM table or the TCAM table. The method programs the wild card entry in the EM table or TCAM table based upon the selection.

A system and method for endpoint selection in a global accelerator system. The global accelerator system includes client devices communicating with a global access point to access various endpoints that can host services. Multiple endpoints are grouped geographically according to different data centers. Client service requests are received at a global access point, which in turns selects an endpoint to service the request. A selection mechanism utilized by the global access point implements a distribution algorithm that facilitates that distribution of endpoint requests according to a product of distribution criteria and geographic criteria. Additionally, the global access point can then identify individual endpoints within the group to process the request using a consistent hashing algorithm that ensures an endpoint can be continuously selected over the course of interaction with a client.

Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.

A network device receives a fragmented packet of an internet protocol (IP) packet. The fragmented packet is subsequently received relative to an initial fragmented packet of the IP packet and includes a first set of tuple information. The network device determines an entry of a hash table associated with the IP packet, based on the first set of tuple information and a fragment identifier (ID) within the fragmented packet. The network device retrieves a second set of tuple information associated with the fragmented packet from the hash table entry, and transmits an indication of the first and second sets of tuple information.

Techniques described herein improve network security and traffic management. In an embodiment, a request associated with an identifier (ID) is received. It is determined whether the ID exists in a first membership database (MDB). If the ID exists in the first MDB, the request is serviced subject to a rate limit. If the ID does not exist in the first MDB, it is determined whether the ID exists in a second MDB. If the ID exists in the second MDB, the request is serviced. If the ID does not exist in the second MDB, the request is serviced subject to another rate limit. A response is received. The first and second MDBs can be updated based on the type of received response. In an embodiment, the response is classified as indicative of degraded or typical network performance, and the first and second MDBs are updated accordingly.