Systems and methods for establishing routing information between software containers or other virtualized environments within a network, and providing inter-container routing between the software services operating on the network, are disclosed herein. The system utilizes an existing routing protocol such as Open Shortest Path First (OSPF) and establishes an overlay network that provides end-to-end connectivity between services of a customer operating in an Infrastructure as a Service (IaaS) network, while maintaining isolation from the traffic of other customers of the IaaS network. The system uses OSPF to learn aspects of the routes between containers in the network, and further builds a customer-specific overlay network based on IP-to-IP encapsulation of the OSPF messages.

A pattern matching engine interprets a query into a data structure resembling a finite state machine. Vertices in the query pattern are treated as states or stages, while edges connecting them are treated as state transitions or hops. To match the full pattern, the first stage is first matched by applying vertex filters, if any. If the vertex is eligible, its edges that satisfy the edge filters, if any, are followed to move to the neighbors that can potentially produce results, thus progressing to the next stage. This process is repeated; if all stages are matched, then the whole pattern has been matched successfully.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.

The packet capture manager uses a multi-tiered storage for storing captured network traffic. Captured packets are stored on a primary storage with a time-to-live according to a retention policy. The packet capture manager receives instructions from one or more network monitoring devices identifying one or more captured packets as packets of interest. The packet capture manager flags the identified packets as packets of interest, moves the flagged packets to a secondary storage, and changes the TTL of the moved packets. A machine learning model analyzes historical data of the instructions received from the one or more network monitoring devices. The packet capture manager uses the machine learning model to identify packets of interest and move identified packets to the secondary storage without specific instructions from a network monitoring device.

An Internet of Things (IoT) network includes an IoT device with a communicator to send a communication including egress frame, protocol library builder to determine available protocols, frame analyzer to analyze an ingress frame, and frame builder to build the egress frame from the ingress frame. An IoT network includes an IoT device with network discoverer to identify available parallel communication channels between IoT device and target device, payload, payload fragmenter/packager to fragment the payload into sub-objects for transmission, and packet communicator to send sub-objects to the target device over parallel communication channels. An IoT network includes a plurality of IoT devices, which each include a communication channel to an upstream device, a network link to another one of the plurality of IoT devices, a hash calculator to identify a neighbor IoT device, and a communicator to send out a message to the neighbor IoT device.

A system, method and apparatus for node selection of a sensor network. Multiple sensor networks can operate in or around a monitored location. Nodes can be organized amongst the multiple sensor networks using remote configuration updates that are provided by a host system to a sensor network node.

A device may include a memory storing instructions and a processor configured to execute the instructions to identify a communication link between a first domain object and a second domain object; identify a first endpoint associated with the first domain object and a second endpoint associated with the second domain object; and determine a location relationship between the first endpoint and the second endpoint. The processor may be further configured to select a communication mechanism based on the determined location relationship; instruct the first endpoint to communicate with the second endpoint using the selected communication mechanism; and instruct the second endpoint to communicate with the first endpoint using the selected communication mechanism.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.

Systems, methods, and devices for offloading best path computations in a networked computing environment. A method includes storing in memory, by a best path controller, a listing of a plurality of paths learnt by a device, wherein each of the plurality of paths is a route for transmitting data from the device to a destination device. The method includes receiving, by the best path controller, a message from the device. The method includes processing, by the best path controller, a best path computation to identify one or more best paths based on the message such that processing of the best path computation is offloaded from the device to the best path controller. The method includes sending the one or more best paths to the device.