Methods and systems for generating a forwarding table for a packet switch. The system includes a route manager for the packet switch, configured to identify a plurality of multi-path groups each corresponding to a respective initial set of routing entries in the forwarding table and generate, for one or more multi-path groups, at least one replacement set of routing entries with fewer routing entries than the initial set corresponding to the respective multi-path group. The route manager selects, based on a traffic reduction cost metric, one or more of the replacement sets of routing entries, each corresponding to a different respective multi-path group, and updates the forwarding table with the selected replacement sets. In some implementations, the traffic reduction cost metric includes a traffic characteristic. In some implementations, the packet switch participates in a software-defined network (SDN) and the route manager is part of an SDN controller.

Systems and techniques are described which improve performance, reliability, and predictability of networks without having costly hardware upgrades or replacement of existing network equipment. An adaptive communication controller provides WAN performance and utilization measurements to another network node over multiple parallel communication paths across disparate asymmetric networks which vary in behavior frequently over time. An egress processor module receives communication path quality reports and tagged path packet data and generates accurate arrival times, send times, sequence numbers and unutilized byte counts for the tagged packets. A control module generates path quality reports describing performance of the multiple parallel communication paths based on the received information and generates heartbeat packets for transmission on the multiple parallel communication paths if no other tagged data has been received in a predetermined period of time to ensure performance is continually monitored. An ingress processor module transmits the generated path quality reports and heartbeat packets.

A method and system that takes advantage of processes that are efficient for determining the topology of small to medium size networks to determine individual network topologies for such networks, and then merges these individual topologies into a consolidated topology for the entire network. Each of the processes that determines the topology of the smaller networks provides the determined network topology, as well as a list of factors that may be relevant in the determination of how the given topology might be attached to any other given topology, such as the identification of a node that is not included in the given topology, or other indications of external connections. The merging process is configured to substantially restrict its analysis to these factors, thereby limiting the extent, and therefore the time consumed, by this stitching and merging process.

Provided are a computer program product, system, and method for processing requests for multiple services in a service request. A receiving controller, comprising one of a controlling forwarder or a data forwarder, receives a service request for a service from an originating device node. The receiving controller forwards an internal service request to a processing controller providing response information for the service request. The processing controller comprises a data forwarder when the receiving controller comprises the controlling forwarder or comprises the controlling forwarder when the receiving controller comprises one of the at least one data forwarder. The processing controller processes the internal service request to generate response information requested by the service request and forwards a reply including the response information to the receiving controller, which forwards the response information in a reply to the service request to the originating device node.

Remediating a security threat to a network includes obtaining, from a network, security information about the network to determine traffic patterns of the network, identifying, based on the traffic patterns of the network, a security threat to the network, determining, from a playbook library and a workflow library, a workflow template and at least one software-defined networking (SDN) flow rule template to remediate the security threat, and deploying, via a SDN controller, a SDN flow rule based on the at least one SDN flow rule template in the network to remediate the security threat by altering a control path of the network.

In one embodiment, an apparatus includes a memory, a hardware processor, and logic integrated with and/or executable by the processor. The logic is configured to receive one or more software defined network (SDN) routes dictating a path through a network comprising a plurality of devices. The logic is also configured to store the one or more SDN routes to the memory along with one or more traditional routes learned by the apparatus and/or configured by an administrator, and indicate the one or more SDN routes as being of a type different from the traditional routes. Moreover, the logic is configured to receive a priority ordering for a plurality of routes stored in the memory from the SDN controller, the plurality of routes including at least one SDN route, and construct a route information base (RIB) based on the plurality of routes and the priority ordering.

Systems, methods, and interfaces for the management of virtual machine networks and other programmatically controlled networks are provided. Hosted virtual networks are configured in a manner such that a virtual machine manager of the virtual network may monitor activity such as user requests, network traffic, and the status and execution of various virtual machine instances to determine possible security assessments. A security assessment may be performed before, after, or simultaneous to the execution of the activity associated with the security assessment event. The execution of an activity may further be synchronous with the results of the security assessment. The timing of the assessment may correspond to the type of assessment or type of activity that is requested or detected.

A hybrid control method for a network includes operating edge switches under software defined networking control, wherein each of the edge switches is communicatively coupled to a controller for the software defined networking control; operating non-adjacent switches communicatively coupling the edge switches together under distributed control, wherein the non-adjacent switches are not coupled to the controller; and utilizing the controller to route traffic between the edge switches through the non-adjacent switches in a hybrid control scheme including both the software defined networking control and the distributed control.

A method for computing a frequency slot channel, a path computation element and a node are disclosed. The method includes: when a frequency slot channel needs to be established, an ingress node sending to a path computation element a path computation request message which carries spectrum resource information needed for establishing the frequency slot channel; according to the received spectrum resource information sent by the ingress node, the path computation element computing out the frequency slot channel by combining of topology information of a network and spectrum resource information of each node in the network. The path computation element includes a receiving module and a computing module. When working as an ingress node in a process of establishing a frequency slot channel, the node includes a message construction module and a sending module.

Embodiments relate generally to systems and methods for transitioning a system from a tradition network to a Software Defined Network (SDN) enabled network. In some embodiments, the systems and methods may comprise the use of a Path Computation Element (PCE) as a central controller. Smooth transition between traditional network and the new SDN enabled network, especially from a cost impact assessment perspective, may be accomplished using the existing PCE components from the current network to function as the central controller of the SDN network is one choice, which not only achieves the goal of having a centralized controller to provide the functionalities needed for the central controller, but also leverages the existing PCE network components.