Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state.

Abstract: Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. The method monitors data traffic fluctuations on the network connections to determine when connection validating control signals may not be needed. The method reduces unnecessary connection validating control signals in order to optimize the usage of network resources.

Abstract: Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.

Abstract: Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.

Abstract: Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.

Abstract: Some embodiments provide a network system that includes a first network and a second network. The first network includes several unmanaged switching elements. The second network includes several managed switching elements. The network system includes a particular managed switching element for communicating network data between the first and second networks.

Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state.

Abstract: Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. The method monitors data traffic fluctuations on the network connections to determine when connection validating control signals may not be needed. The method reduces unnecessary connection validating control signals in order to optimize the usage of network resources.

Abstract: Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. The method monitors data traffic fluctuations on the network connections to determine when connection validating control signals may not be needed. The method reduces unnecessary connection validating control signals in order to optimize the usage of network resources.

Abstract: Some embodiments provide a network architecture that includes several lower level managed switching elements for forwarding network data to several of network hosts. The network architecture includes a set of higher level managed switching elements. The several lower level managed switching elements and the set of higher level managed switching elements implement several logical datapath sets. Communication channels are established among the several lower level managed switching elements and the set of higher level managed switching elements based on a mesh topology.

Abstract: For a network that includes several managed edge switching elements and several managed non-edge switching elements that are for implementing a logical switching element, some embodiments provide a method of distributing packet processing across the several managed non-edge switching elements. The method receives a packet for processing through the logical switching element. Based on a determination that the packet needs to be processed by a managed non-edge switching element, the method determines a particular managed non-edge switching element of the several managed non-edge switching elements to forward the packet. The method forwards the packet to the particular managed non-edge switching element for the particular managed non-edge switching element to process the packet.

Abstract: A novel method for logically routing a packet between a source machine that is in a first logical domain and a destination machine that is in a second logical domain is described. The method configures a managed switching element as a second-level managed switching element. The method configures a router in a host that includes the second-level managed switching element. The method communicatively couples the second-level managed switching element with the router. The method causes the router to route a packet when the router receives a packet from the first logical domain that is addressed to the second logical domain.

Abstract: Some embodiments of the invention provide a robust scaling-out of network functionality by providing a software layer, called the network hypervisor, that sits between the network forwarding functions (i.e., the forwarding plane) and the network control interfaces (i.e., the control plane). The network hypervisor of some embodiments provides a logical abstraction of the network's forwarding functionality, so that network operators make their control decisions in terms of this abstraction, independent of the details of the underlying networking hardware. The network hypervisor of some embodiments may then “compile” commands placed against this abstraction into configurations of the underlying hardware. Accordingly, in some embodiments, there are two design challenges: (1) the choice of the network abstraction, and (2) the technology needed to compile the logical “abstract” controls into low-level configurations.

Abstract: Some embodiments provide a method for managing several managed switching elements in a network. The method determines configurations for the several managed switching elements to implement a first logical data path set. Based on the determined configurations, the method configures a first set of the several managed switching elements to implement the first logical data path set. The method configures a second set of the several managed switching elements to implement a second logical data path set.

Abstract: Some embodiments provide a method that processes network data through a network. The method receives a packet destined for a network host associated with a logical datapath set implemented by a set of managed edge switching elements and a set of managed non-edge switching elements in the network. The method determines whether the packet is a known packet. When the packet is a known packet, the method forwards the packet to a managed switching element in the set of managed edge switching elements for forwarding to the network host. When the packet is not a known packet, the method forwards the packet to a managed switching element in the set of managed non-edge switching elements for further processing.

Abstract: Some embodiments of the invention provide a robust scaling-out of network functionality by providing a software layer, called the network hypervisor, that sits between the network forwarding functions (i.e., the forwarding plane) and the network control interfaces (i.e., the control plane). The network hypervisor of some embodiments provides a logical abstraction of the network's forwarding functionality, so that network operators make their control decisions in terms of this abstraction, independent of the details of the underlying networking hardware. The network hypervisor of some embodiments may then “compile” commands placed against this abstraction into configurations of the underlying hardware. Accordingly, in some embodiments, there are two design challenges: (1) the choice of the network abstraction, and (2) the technology needed to compile the logical “abstract” controls into low-level configurations.

Abstract: Some embodiments provide a method for managing several managed switching elements in a network. The method determines configurations for the several managed switching elements to implement a first logical data path set. Based on the determined configurations, the method configures a first set of the several managed switching elements to implement the first logical data path set. The method configures a second set of the several managed switching elements to implement a second logical data path set.

Abstract: Some embodiments provide a network architecture that includes several lower level managed switching elements for forwarding network data to several of network hosts. The network architecture includes a set of higher level managed switching elements. The several lower level managed switching elements and the set of higher level managed switching elements implement several logical datapath sets. Communication channels are established among the several lower level managed switching elements and the set of higher level managed switching elements based on a mesh topology.

Abstract: Some embodiments provide a network system that includes a first network and a second network. The first network includes several unmanaged switching elements. The second network includes several managed switching elements. The network system includes a particular managed switching element for communicating network data between the first and second networks.

Abstract: Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.