Some embodiments provide policy-driven methods for deploying edge forwarding elements in a public or private SDDC for tenants or applications. For instance, the method of some embodiments allows administrators to create different traffic groups for different applications and/or tenants, deploys edge forwarding elements for the different traffic groups, and configures forwarding elements in the SDDC to direct data message flows of the applications and/or tenants through the edge forwarding elements deployed for them. The policy-driven method of some embodiments also dynamically deploys edge forwarding elements in the SDDC for applications and/or tenants after detecting the need for the edge forwarding elements based on monitored traffic flow conditions.

Disclosed herein are systems and methods for multi-level classification of data traffic flows based on information in a first packet for a data traffic flow. In exemplary embodiments of the present disclosure, a key can be generated from intercepted DNS data to track data traffic flows by application names and destination IP addresses. Based on these keys, patterns can be discerned to infer data traffic information based on only the information in a first packet, such as destination IP address. The determined patterns can be used to predict classifications of future traffic flows with similar key information. In this way, data traffic flows can be classified and steered in a network based on limited information available in a first packet.

Systems, methods, and computer-readable storage media are provided to populate databases with routing data for containers to eliminate the need for continuously accessing a global discovery service. An example method includes initiating, from a source container operating on a first machine in a first rack, a communication with a destination container operating on a second machine on a second rack, wherein a local database on the first machine does not know an address of the destination container. The method includes accessing a global discovery service to provide the address of the destination container, populating the local database on the first machine with the address of the destination container and routing a packet from the source container to the destination container according to the address of the destination container.

A control device includes an information acquisition unit that receives a source address of a packet from a node that receives the packet transmitted from a user terminal, and acquires position information about the user terminal on a basis of the source address, a determination unit that determines a hub to which the user terminal should connect, on a basis of the position information, and a control execution unit that launches an application in the hub and changes a routing such that packets transmitted from the user terminal are transmitted to the application.

A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.

A system that enables end-user devices that operate within different enterprise networks to exchange data with one another. In particular, the disclosed system uses unique IP addresses that are dedicated solely to supporting a predefined communication service between enterprise computer networks, in order to identify and route each data packet according to the communications service. As part of the communications service, the data packets are transmitted, for example, from a first local service provider network hosting a first enterprise network, through a participating backbone service provider network on the public Internet and based on deterministic routing, and to a second local service provider network hosting a second enterprise network. In handling the data packets in this way, the disclosed system creates an Internet wide-area-network (WAN): the data packets are transmitted over the Internet and conceivably over a large geographic distance between enterprise networks.

A method of routing messages includes receiving a request message from an originating device to be forwarded to one of a plurality of target devices, the request message having a first network address as a source address identifying the originating device. The first network address of the request message is dynamically mapped to a second network address of a selected target device, and the first and second network addresses are stored in association with each other as address mapping information. The method also includes forwarding the selected target device using the second network address. The routing device receives from the target device an error message in relation to the request message, and identifies the originating device which originated the request message using the address mapping information and the second network address of the target device which issued the error message.

Systems, methods, and computer-readable media for improving the reliability of service function (SF) application in a service function chain (SFC) are provided. In some aspects, the subject technology facilitates automatic service function type validation by a service function forwarder (SFF), for example, by using a probe configured to query a function type of a SF module associated with the validating SFF.

One embodiment provides a system for facilitating efficient communication of a collection of interests. During operation, the system receives, by an intermediate node, a first packet which has a name and a first nonce, wherein the first packet indicates a set of member interests, wherein a member interest has a name. In response to not obtaining a matching entry in a pending interest table based on the name for the first packet, the system creates a new entry in the pending interest table, wherein an entry includes a second nonce, a reference count, and a set of arrival nonces and corresponding arrival interfaces. The system sets the new entry's second nonce to a new nonce, and sets the new entry's reference count to a number of member interests indicated in the first packet. The system forwards the first packet, wherein the first nonce is replaced with the new nonce.

Disclosed herein is a method including receiving, from a user application, data to be transmitted from a source address to a destination address using a single connection through a network; and splitting the data into a plurality of packets according to a communication protocol. For each packet of the plurality of packets, a respective flowlet for the packet to be transmitted in is determined from a plurality of flowlets. Assignment of the flowlets to the packets can be dynamically adjusted based on utilization of the flowlets.