A software-defined network (SDN) rule modification counter system provides counters that track all changes and edits to rules at SDN controllers and SDN switches on an SDN. The system compares counters at the SDN controller and SDN switch to determine if they match. If the counters do not match, a change has been made to the rules. With the addition of rule edit statistics the SDN controller will now have visibility that a rule modification was performed. The SDN controller then verifies that the state of the device is the same as its expected state as a secondary integrity check. Based on the rule modification notification, changes to a central rules table at the SDN controller and changes to rule settings at the SDN switch are made according to pre-programmed logic.

Some embodiments provide policy-driven methods for deploying edge forwarding elements in a public or private SDDC for tenants or applications. For instance, the method of some embodiments allows administrators to create different traffic groups for different applications and/or tenants, deploys edge forwarding elements for the different traffic groups, and configures forwarding elements in the SDDC to direct data message flows of the applications and/or tenants through the edge forwarding elements deployed for them. The policy-driven method of some embodiments also dynamically deploys edge forwarding elements in the SDDC for applications and/or tenants after detecting the need for the edge forwarding elements based on monitored traffic flow conditions.

Examples described herein relate to a network interface device comprising: circuitry, when operational, to: in response to congestion related to a link, cause transmission of link event information to at least one sender of packets to the link, wherein the link event information is to identify congestion information of at least one link other than the link.

A method and an electronic device for scheduling software upgrade of network devices in an internet protocol (IP) based network are provided. The method includes predicting traffic directed towards at least one of the network devices, predicting at least one event to be occurred at the at least one of the network devices, determining a time period to schedule the software upgrade based on the predicted traffic and the determined at least one event, and scheduling the software upgrade in the time period.

A method for managing traffic in a computerized system that may include routers and at least one edge device, the method may include performing traffic management operations for controlling traffic related to the routers while executing a first traffic management operations by the at least one edge device, and executing second traffic management operations by the routers.

Various approaches for allocating resources to an application having multiple application components, with at least one executing one or more functions, in a serverless service architecture include identifying multiple routing paths, each routing path being associated with a same function service provided by one or more containers or serverless execution entities; determining traffic information on each routing path and/or a cost, a response time and/or a capacity associated with the container or serverless execution entity on each routing path; selecting one of the routing paths and its associated container or serverless execution entity; and causing a computational user of the application to access the container or serverless execution entity on the selected routing path and executing the function(s) thereon.

The systems and methods disclosed herein comprise computer-based platforms configured for automated early-stage application security monitoring for allowing users (e.g., application developers) to make decisions at the early stage of the application development.

As described herein, a router signals a source device to establish a new stateful communication session with a destination device by changing a network path used by traffic associated with the session. In one example, a router forwards traffic of a first stateful routing session established by the source device along a first path. In response to determining that that the first path should not be used, the router forwards a packet of the first session along a second path. The destination device recognizes the change in path, which causes the destination device to reject the packet, which in turn causes the source device to establish a second stateful routing session. The router forwards subsequent traffic of the second stateful routing session along the second path.

Systems and methods include detecting whether a monitored network has a unique configuration; responsive to the unique configuration, determining an ingress point for flow samples; and utilizing the determined ingress point for the flow samples to generate a traffic report for the monitored network. The unique configuration is an inter-Autonomous System (AS) option-C Virtual Private Network (VPN) network where control and data planes are asymmetric. The approach provides traffic projection based on the flow samples with the asymmetric flows.

Systems and methods are disclosed for identifying a set of internal edges on a representation of a network that satisfy a set of demands on the network. The disclosed systems and methods perform a multi-step process of selecting the internal edges. In a first step, an initial set of internal edges can be selected using a clique graph (or in another suitable manner). In a second step, a second set of internal edges can be selected using stream graph(s) (or in another suitable manner). The second set of internal edges can be used when determining network paths that satisfy the demands. When the representation of the network has a cut of two, the disclosed systems and methods can identify a set of internal edges providing a degree of protection against link failure.