Systems and methods are disclosed for clients and servers operating in a scaled cluster environment. Efficiencies are introduced to the process of connecting a client to a clustered environment by providing the client with the ability to attempt a connection with multiple servers in parallel. Servers operating the in the clustered environment are also capable of providing persistent storage of file handles and other state information. Ownership of the state information and persistent handles may be transferred between servers, thereby providing clients with the opportunity to move from one server to another while maintaining access to resources in the clustered environment.

Systems and methods are disclosed for clients and servers operating in a scaled cluster environment. Efficiencies are introduced to the process of connecting a client to a clustered environment by providing the client with the ability to attempt a connection with multiple servers in parallel. Servers operating the in the clustered environment are also capable of providing persistent storage of file handles and other state information. Ownership of the state information and persistent handles may be transferred between servers, thereby providing clients with the opportunity to move from one server to another while maintaining access to resources in the clustered environment.

The present specification discloses a data processing method, apparatus, medium and device. The method includes: receiving a QUIC data packet that is sent by a first device and that includes a CID; parsing the CID and determining a routing address based on a parsing result; and routing the received QUIC data packet to a second device based on the routing address, so the second device processes the QUIC data packet. When a data packet sent by a transmitting end device is received, a routing address of data transmission is determined by processing the received data packet, to quickly establish a data transmission channel between the transmitting end device and a receiving end device. As such, stored context information is not required, and connection errors caused by exceptions such as restarting and scaling in/out on a load balancer will not occur, thereby effectively improving processing efficiency of data transmission by using the QUIC protocol.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

Techniques for NAT-based steering of traffic in cloud-based networks. The techniques may include establishing, by a frontend node of a network, a connection with a client device. The frontend node may receive, via the connection, a packet including an indication of an identity of a service hosted on a backend node of the network. Based at least in part on the indication, the frontend node may establish a second connection with the backend node. Additionally, the frontend node may store a mapping indicating that packets received from the client device are to be sent to the backend node. The techniques may also include receiving another packet at the frontend node or another frontend node of the network. Based at least in part on the mapping, the frontend node or other frontend node may alter one or more network addresses of the other packet and forward it to the backend node.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

A network load balancer, a request message distribution method, a program product, and a system provided by the present disclosure relate to cloud computing technology. The network load balancer includes: a network port and N intermediate chips; the N intermediate chips are connected in sequence; the network port is connected to a first intermediate chip among the N intermediate chips; N is a positive integer greater than or equal to 1; the network port is configured to receive a request message and forward the request message to the first intermediate chip; each of the intermediate chips is configured to forward the request message to a next intermediate chip connected to a current intermediate chip if connection information matching the request message is not found; and transmit the request message to a background server according to the connection information if the connection information matching the request message is found.

Methods, systems, and processes to simplify networking setup complexity for security agents implemented in cybersecurity computer environments are disclosed. A request with an intentionally bad Transport Layer Security (TLS) handshake is transmitted from an agent to a server. An indication is received from the server that the request has been rejected. A Round Trip Time (RTT) of the request and rejection of the request is determined. The server is then pinged based on the RTT. The subsequent pinging does not require whitelisting of an additional port and does not negatively interact with network intermediaries that support protocol detection.