The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.

An apparatus and method is disclosed for segment routing (SR) over label distribution protocol (LDP). In one embodiment, the method includes a node receiving a packet with an attached segment ID. In response, the node may attach a label to the packet. Thereafter, the node may forward the packet with the attached label and segment ID to another node via a label switched path (LSP).

A method for capturing packets originating from a first container from a cluster of containers that each container includes at least one network interface for transmitting packets, wherein the method includes detecting a first connection for transmission of packets from a first network interface associated with a first container and injecting container information of the first container in a packet stream associated with the first connection, where the injected container information serves for identification of the first container by a packet capture tool configured to capture the packet stream associated with the first connection.

For a managed network, some embodiments provide a method for a set of service nodes in an active-active service node cluster in conjunction with a host computer hosting a destination data compute node (DCN) to improve the efficiency of directing a data message to a service node storing state information for the flow to which the data message belongs. a first service node receives a data message in a particular data message flow for which it does not maintain state information. The first service node then identifies a second service node to process the data message and forwards the data message to the second service node. The second service node sends state information for the particular data message flow to the first service node, for the first service node to use to process subsequent data messages in the particular data message flow.

In one embodiment, a device clusters traffic characteristics of traffic associated with a plurality of online applications into one or more clusters. The device determines representative traffic characteristics for a particular cluster in the one or more clusters. The device generates, based on the representative traffic characteristics, a probing strategy for the plurality of online applications associated with the particular cluster. The device causes path probes to be sent along one or more network paths in accordance with the probing strategy

A distributed routing system is provided for use in a communication network, wherein the distributed routing system includes at least one cluster comprising a first plurality of cluster elements from which a second plurality of cluster elements is selected, wherein each of the cluster elements comprised in the second plurality of cluster elements is configured to operate as a cluster leader candidate and wherein one of that second plurality of cluster elements is selected on a temporary basis to act as cluster leader.

Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.

Methods, systems, and apparatus, including an apparatus for generating clusters of building blocks of compute nodes using an optical network. In one aspect, a method includes receiving request data specifying requested compute nodes for a computing workload. The request data specifies a target n-dimensional arrangement of the compute nodes. A selection is made, from a superpod that includes a set of building blocks that each include an m-dimensional arrangement of compute nodes, a subset of the building blocks that, when combined, match the target n-dimensional arrangement specified by the request data. The set of building blocks are connected to an optical network that includes one or more optical circuit switches. A workload cluster of compute nodes that includes the subset of the building blocks is generated. The generating includes configuring, for each dimension of the workload cluster, respective routing data for the one or more optical circuit switches.

In order to enable dynamic scaling of network services at the edge, novel systems and methods are provided to enable addition of add new nodes or removal of existing nodes while retaining the affinity of the flows through the stateful services. The methods provide a cluster of network nodes that can be dynamically resized to handle and process network traffic that utilizes stateful network services. The existing traffic flows through the edge continue to function during and after the changes to membership of the cluster. All nodes in the cluster operate in active-active mode, i.e., they are receiving and processing traffic flows, thereby maximizing the utilization of the available processing power.

A method implemented by a first controller in a network comprising a cluster of controllers including the first controller and a second controller, the method comprises transmitting, to a network element (NE), a first BGP message comprising a first controllers network layer reachability information (NLRI), the first controllers NLRI carrying a position of the first controller relative to other controllers in the cluster of controllers, receiving, from the NE, a second BGP message comprising a second controllers NLRI, the second controllers NLRI carrying a position of the second controller relative to the other controllers in the cluster of controllers, and determining the primary controller from the cluster of controllers based on the position of the first controller and the position of the second controller, with the primary controller being responsible for controlling the network.