Abstract: This application provides a microservice call method. The method includes: A network interface card receives service call requests separately generated by a plurality of first services deployed on a first device, where each of the plurality of first services is corresponding to one second service, and the second service is used to process first data of a service call request generated by the first service corresponding to the second service; and the network interface card sends the service call request to the second service based on service governance logic related to the first data. In this way, a problem that contention of a plurality of proxies for a system resource causes process context switching and further causes a sharp increase in a service delay is resolved, and application performance is improved.

Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.

Abstract: This application provides a method and apparatus for configuring a quality of service policy for a service, and a computing device, and belongs to the field of network communications technologies. The method includes: obtaining a first data flow forwarded by a virtual switch; determining service information of the first data flow, where the service information includes a service type of the first data flow and an access path of the first data flow; determining, based on the service information of the first data flow, a quality of service QoS policy matching the first data flow; and configuring devices on the access path based on the matched QoS policy. According to this application, efficiency of configuring a quality of service policy for a service can be improved.

Abstract: A latency assurance method is applied to a cloud platform and includes a service provision system and a latency assurance system. The service provision system includes a service created for a user according to a service requirement of the user. The latency assurance system is configured to provide a latency assurance cloud service for the user. The latency assurance cloud service provides latency assurance for the service of the user in the service provision system. The latency assurance method includes that the latency assurance system obtains a latency requirement parameter from the user and in a configuration interface, where the latency requirement parameter includes information about the service and a latency requirement that the service needs to meet.

Abstract: Example methods are provided for configuration tracking in a virtualized computing environment. One example method may comprise detecting a configuration request to configure a physical component, or a virtual component, of a host; identifying a particular interface via which the configuration request is initiated by a client device; and identifying one or more attributes associated with the configuration request. The particular interface may be one of multiple interfaces supported by the host or the management entity, or both. The method may also comprise generating configuration history information specifying the particular interface and the one or more attributes associated with the configuration request.

Abstract: Example methods are provided for a host to perform packet processing using a service chain in a software-defined networking (SDN) environment. The method may comprise establishing a datapath between a first virtualized computing instance and a second virtualized computing instance in the service chain, the datapath bypassing a forwarding element to which the first virtualized computing instance and the second virtualized computing instance are connected. The method may also comprise: the first virtualized computing instance obtaining a packet that requires processing by the service chain, and performing packet processing according to a first service. The method may further comprise: the second virtualized computing instance obtaining the processed packet via the datapath, and performing packet processing according to a second service.

Abstract: Example methods are provided for a host to perform packet processing using a service chain in a software-defined networking (SDN) environment. The method may comprise establishing a datapath between a first virtualized computing instance and a second virtualized computing instance in the service chain, the datapath bypassing a forwarding element to which the first virtualized computing instance and the second virtualized computing instance are connected. The method may also comprise: the first virtualized computing instance obtaining a packet that requires processing by the service chain, and performing packet processing according to a first service. The method may further comprise: the second virtualized computing instance obtaining the processed packet via the datapath, and performing packet processing according to a second service.

Abstract: A host computer and method for multicasting data between networking interfaces of hypervisors in a distributed computer system uses a Virtual Extensible LAN Network Identifier (VNI) assigned to a multicast group and an identifier of a VXLAN Tunnel End Point (VTEP) of the host computer associated to the VNI so that data being multicast for the multicast group can be routed to the networking interfaces via VTEPs associated with the VNI.

Abstract: This application relates generally to logging information, and more particularly to techniques for configuring a software product to have each log call in source code controllable at runtime. The source code can be preprocessed so that individual log calls in the source code can be identified and tracked. Information specifying locations of the log calls can be used to generate a bitmap indicating whether to write log messages (corresponding to the log calls) to a log file. The preprocessed source code can then be compiled into executable code, which can be packaged with the bitmap into an executable product such that the executable code can run based on the bitmap. While the executable code is executing, examples described herein can also allow the bitmap to be updated, allowing control during execution.

Abstract: Example methods are provided for configuration tracking in a virtualized computing environment. One example method may comprise detecting a configuration request to configure a physical component, or a virtual component, of a host; identifying a particular interface via which the configuration request is initiated by a client device; and identifying one or more attributes associated with the configuration request. The particular interface may be one of multiple interfaces supported by the host or the management entity, or both. The method may also comprise generating configuration history information specifying the particular interface and the one or more attributes associated with the configuration request.

Abstract: A virtual machine (VM) system includes a network, hosts that are able to communicate over the network, a storage cluster of nodes made up by the hosts, and VMs running on the hosts. As part of the storage cluster, the nodes pool their storage devices into a clustered datastore shared across all the nodes. The VMs are stored in the clustered datastore. Two of the nodes take roles of a reflector node and a backup reflector node. The other nodes, excluding the reflector node but including the backup reflector node, are configured to establish unicast connections over the network with the reflector node. The nodes in the storage cluster are configured to communicate clustering service information over the unicast connections.

Abstract: Aspects of the present disclosure provide a method for processing address resolution protocol (ARP) packets in a computing environment. The method includes the steps of maintaining a table mapping internet protocol (IP) addresses to port identifiers (port IDs), receiving a packet, determining a type of the received packet, based on the type of the received packet being a first type, checking whether a destination IP address in the received packet matches an entry in the table, and if the destination IP address in the received packet matches an entry in the table: determining a port ID associated with the matching entry, and forwarding the received packet over a port associated with the determined port ID.

Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.

Abstract: A host computer and method for multicasting data between networking interfaces of hypervisors in a distributed computer system uses a Virtual Extensible LAN Network Identifier (VNI) assigned to a multicast group and an identifier of a VXLAN Tunnel End Point (VTEP) of the host computer associated to the VNI so that data being multicast for the multicast group can be routed to the networking interfaces via VTEPs associated with the VNI.

Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.

Abstract: Aspects of the present disclosure provide a method for processing address resolution protocol (ARP) packets in a computing environment. The method includes the steps of maintaining a table mapping internet protocol (IP) addresses to port identifiers (port IDs), receiving a packet, determining a type of the received packet, based on the type of the received packet being a first type, checking whether a destination IP address in the received packet matches an entry in the table, and if the destination IP address in the received packet matches an entry in the table: determining a port ID associated with the matching entry, and forwarding the received packet over a port associated with the determined port ID.

Abstract: Some embodiments of the invention provide a method that performs security operations for packets that are processed by a forwarding element. The method of some embodiments receives, at a security agent operating on a physical machine, a packet from a forwarding element that also operates on the physical machine. The method then determines whether a security rule is stored for the packet at the security agent. When no security rule is stored for the packet, the method transmits the packet to a default security controller of several security controllers that store security rules for a network and process packets according to the stored security rules. When the security rule is stored for the packet, the method processes the packet according to the stored security rule for the packet.

Abstract: An example method to perform packet tracing in a Software-Defined Networking (SDN) environment is provided. The SDN environment comprises an SDN controller device and a plurality of forwarding devices configurable by the SDN controller device. The method may comprise the SDN controller device configuring the plurality of forwarding devices to generate trace information of packets associated with a communication flow in the SDN environment; and receiving trace information of packets associated with the communication flow. Based on the trace information, the SDN controller device may generate aggregated trace information by identifying, from header information and payload information of the packets, particular packets associated with the communication flow that are processed by one of the plurality of forwarding devices, or a particular packet associated with the communication flow that is processed by at least two of the plurality of forwarding devices, or both.

Abstract: A virtual machine (VM) system includes a network, hosts that are able to communicate over the network, a storage cluster of nodes made up by the hosts, and VMs running on the hosts. As part of the storage cluster, the nodes pool their storage devices into a clustered datastore shared across all the nodes. The VMs are stored in the clustered datastore. Two of the nodes take roles of a reflector node and a backup reflector node. The other nodes, excluding the reflector node but including the backup reflector node, are configured to establish unicast connections over the network with the reflector node. The nodes in the storage cluster are configured to communicate clustering service information over the unicast connections.

Abstract: An example method is provided for a network device to protect a Media Access Control (MAC) address table of a network switch in a virtualized computing environment. The method may comprise, in response to receiving a request message from a virtual machine, determining a shared MAC address that is usable for the virtual machine and at least one other virtual machine, modifying a source MAC address of the request message from a MAC address associated with the virtual machine to the shared MAC address; and sending, to the network switch, the request message having the shared MAC address as the modified source MAC address. The method may comprise, in response to receiving a reply message from the network switch, the reply message having the shared MAC address as a destination MAC address, sending, to the virtual machine, the reply message in reply to the request message.