Abstract: Distributed computing systems, devices, and associated methods of packet processing are disclosed herein. One example method includes receiving a packet having a header with a protocol field, a source address field, a source port field, a destination address field, and a destination port field individually containing a corresponding value. The method also includes extracting the values of the protocol field, the source address field, the source port field, the destination field, and the destination port field, determining whether a first match action table (“MAT”) contains an entry indexed to the extracted values, and in response to determining that the first MAT does not contain an entry indexed to the extracted values, using a subset of the extracted values to identify an entry in a second MAT.

Abstract: A network appliance is configured to receive a packet having an address of a custom device as a source address. Policies are accessed that are applicable to a virtual network associated with the custom device. The policies are applied to the packet. A hairpin layer redirects the packet to a destination address contained in the packet. For subsequent packets, application of the policies is bypassed to the subsequent packets. Application of the policies is offloaded to an acceleration device.

Abstract: A virtual network comprising virtual machines executing at a computing environment is implemented. A floating network interface is attached to a software defined networking (SDN) appliance. The floating network interface is configured to provide a connection to computing resources via a virtual network of a virtual computing environment, and the floating network interface is attachable to and detachable from the SDN appliance. The SDN appliance is configured to apply policies of the virtual computing environment to data traffic on the virtual network.

Abstract: A virtual network comprising virtual machines executing at a computing environment is implemented. A flexibly extensible NIC (eNIC) is executed at a software defined networking (SDN) appliance. A data packet is received that is addressed to a host that is connected to the virtual network. Based on a layer 2 address and a network identifier, the virtual switch identifies the host represented by the eNIC that is associated with the data packet. A policy associated with the host is determined and applied to the data packet. The policy is dynamically adjustable based on the host.

Abstract: A method to provide network connectivity to a virtual machine hosted on a server computer system includes detecting a change in a configuration of a software-defined network to which the server computer system provides access; issuing a network configuration update (NCU) for consumption by the virtual machine, the NCU including a data structure reflecting the change in the configuration; and providing a link-state notification (LSN) to a virtual network interface card of the virtual machine pursuant to the change in the configuration, the LSN including data indicating a state of network connectivity of the virtual machine. Receipt of the LSN triggers a dynamic host-configuration protocol (DHCP) handshake by the virtual machine; the NCU is received by the virtual machine pursuant to the DHCP handshake.

Abstract: A method of communicating data traffic including data packets through a virtual switch on a host device is provided. The data traffic flowing through the virtual switch is monitored. The data traffic includes at least virtual machine data traffic flowing to and from virtual machine processes on the host device and host data traffic flowing to and from host operating system processes on the host device. Each of the data packets are designated as virtual machine data traffic or host data traffic based on an evaluation of the Media Access Controller (MAC) address of each of the one or more data packets of the monitored data traffic. Virtual machine data traffic is directed through a packet processor as the virtual machine data traffic traverses the virtual switch. Host data traffic is directed to bypass the packet processor as the host data traffic traverses the virtual switch.

Abstract: A route tracing request packet is generated comprising a time-to-live value, a source address of a source of the route tracing request packet, and an address of a destination of the route tracing request packet. The source and destination are in the virtual network; the route tracing request packet is usable to identify the virtual appliance, and the virtual appliance is configured to examine the route tracing request packet for a time-to-live value indicating that the route tracing request packet has expired and sending a time-to-live exceeded message to the source address. The time-to-live exceeded message comprises an identifier for the virtual appliance. The route tracing request packet is forwarded to the destination. The time-to-live exceeded message is received. Data is extracted to determine network virtual appliances that were traversed by the route tracing request packet prior to expiration of the time-to-live. The network virtual appliances are reported.

Abstract: A route tracing request packet is generated comprising a time-to-live value, a source address of a source of the route tracing request packet, and an address of a destination of the route tracing request packet. The source and destination are in the virtual network; the route tracing request packet is usable to identify the virtual appliance, and the virtual appliance is configured to examine the route tracing request packet for a time-to-live value indicating that the route tracing request packet has expired and sending a time-to-live exceeded message to the source address. The time-to-live exceeded message comprises an identifier for the virtual appliance. The route tracing request packet is forwarded to the destination. The time-to-live exceeded message is received. Data is extracted to determine network virtual appliances that were traversed by the route tracing request packet prior to expiration of the time-to-live. The network virtual appliances are reported.

Abstract: A network appliance is configured to receive a packet having an address of a custom device as a source address. Policies are accessed that are applicable to a virtual network associated with the custom device. The policies are applied to the packet. A hairpin layer redirects the packet to a destination address contained in the packet. For subsequent packets, application of the policies is bypassed to the subsequent packets. Application of the policies is offloaded to an acceleration device.

Abstract: A method to provide network connectivity to a virtual machine hosted on a server computer system includes detecting a change in a configuration of a software-defined network to which the server computer system provides access; issuing a network configuration update (NCU) for consumption by the virtual machine, the NCU including a data structure reflecting the change in the configuration; and providing a link-state notification (LSN) to a virtual network interface card of the virtual machine pursuant to the change in the configuration, the LSN including data indicating a state of network connectivity of the virtual machine. Receipt of the LSN triggers a dynamic host-configuration protocol (DHCP) handshake by the virtual machine; the NCU is received by the virtual machine pursuant to the DHCP handshake.

Abstract: An overlay network refers to a network that is implemented as various different virtual resources on a physical network referred to as an underlay network. Diagnostics are performed on the overlay network by injecting diagnostic packets from a source endpoint targeting a target endpoint. These endpoints can be in the overlay network, on-premises with the other endpoint but in a different overlay network, or off-premises form the other endpoint. The diagnostic packets include a data packet encapsulated with a diagnostic encapsulation header that can be removed by a network element in the underlay network to allow processing of the data packet, and then added back on. The network element maintains trace information that is a record of receipt of the diagnostic packet and operations performed on the diagnostic packet. A tracing service collects and analyzes this trace information from the various network elements.

Abstract: A method of communicating data traffic including data packets through a virtual switch on a host device is provided. The data traffic flowing through the virtual switch is monitored. The data traffic includes at least virtual machine data traffic flowing to and from virtual machine processes on the host device and host data traffic flowing to and from host operating system processes on the host device. Each of the data packets are designated as virtual machine data traffic or host data traffic based on an evaluation of the Media Access Controller (MAC) address of each of the one or more data packets of the monitored data traffic. Virtual machine data traffic is directed through a packet processor as the virtual machine data traffic traverses the virtual switch. Host data traffic is directed to bypass the packet processor as the host data traffic traverses the virtual switch.

Abstract: Methods, systems, and devices are described herein for modifying the monitoring of the health of a data center IP endpoint (such as VM) during live migration of the data center IP endpoint from a source host to a destination host. In one example, the described techniques may include receiving an indication that a virtual machine is going to be live migrated from a source host to a destination host. Next, evaluation of health probe responses originating from the virtual machine may be suspended for a time period. The time period may be selected based on the live migration. The evaluation of the probe responses originating from the virtual machine may be resumed upon completion of the time period. In some cases, a health probe status of the virtual machine may be migrated from the source host to the destination host.

Abstract: Methods, systems, and devices are described herein for managing a load balancer bypass between two virtual machines through live migration of at least one of the virtual machines. In one aspect, a load balancer bypass may be established between a source virtual machine associated with a source host and a destination virtual machine associated with a destination host. The source virtual machine identification information, source host identification information, destination virtual machine identification information, and destination host identification information may be associated with an indication of whether the bypass is active, for example, in a bypass data structure. Upon a determination that live migration of at least one of the source virtual machine or the destination virtual machine has been completed to a third host, the bypass data structure may be updated with identification information of the third host to maintain the load balancer bypass after completion of the live migration.

Abstract: Methods, systems, and devices are described herein for modifying the monitoring of the health of a data center IP endpoint (such as VM) during live migration of the data center IP endpoint from a source host to a destination host. In one example, the described techniques may include receiving an indication that a virtual machine is going to be live migrated from a source host to a destination host. Next, evaluation of health probe responses originating from the virtual machine may be suspended for a time period. The time period may be selected based on the live migration. The evaluation of the probe responses originating from the virtual machine may be resumed upon completion of the time period. In some cases, a health probe status of the virtual machine may be migrated from the source host to the destination host.

Abstract: An overlay network refers to a network that is implemented as various different virtual resources on a physical network referred to as an underlay network. Diagnostics are performed on the overlay network by injecting diagnostic packets from a source endpoint targeting a target endpoint. These endpoints can be in the overlay network, on-premises with the other endpoint but in a different overlay network, or off-premises form the other endpoint. The diagnostic packets include a data packet encapsulated with a diagnostic encapsulation header that can be removed by a network element in the underlay network to allow processing of the data packet, and then added back on. The network element maintains trace information that is a record of receipt of the diagnostic packet and operations performed on the diagnostic packet. A tracing service collects and analyzes this trace information from the various network elements.

Abstract: Methods, systems, and devices are described herein for managing a load balancer bypass between two virtual machines through live migration of at least one of the virtual machines. In one aspect, a load balancer bypass may be established between a source virtual machine associated with a source host and a destination virtual machine associated with a destination host. The source virtual machine identification information, source host identification information, destination virtual machine identification information, and destination host identification information may be associated with an indication of whether the bypass is active, for example, in a bypass data structure. Upon a determination that live migration of at least one of the source virtual machine or the destination virtual machine has been completed to a third host, the bypass data structure may be updated with identification information of the third host to maintain the load balancer bypass after completion of the live migration.

Abstract: Methods, systems, and devices are described herein for facilitating live migration of a virtual machine from a source host to a destination host. In one aspect, a method for facilitating live migration may include obtaining connection state information corresponding to a configured communication link of a virtual machine associated with a source host. The method may further include migrating the connection state information to a destination host selected for live migration of the virtual machine. The method may additionally include modifying the connection state information based on the destination host to generate modified connection state information. The virtual machine, after live migration to the destination host, may be configured to maintain the configured communication link using the modified connection state information.

Abstract: Methods, systems, and devices are described herein for modifying the monitoring of the health of a data center IP endpoint (such as VM) during live migration of the data center IP endpoint from a source host to a destination host. In one example, the described techniques may include receiving an indication that a virtual machine is going to be live migrated from a source host to a destination host. Next, evaluation of health probe responses originating from the virtual machine may be suspended for a time period. The time period may be selected based on the live migration. The evaluation of the probe responses originating from the virtual machine may be resumed upon completion of the time period. In some cases, a health probe status of the virtual machine may be migrated from the source host to the destination host.

Abstract: In computing environments having multiple computers, where such computers may comprise virtual machines, events are logged in association with corresponding activity identifiers. When a data packet associated with an activity is transferred to a destination machine, the activity identifier corresponding to the activity is transferred along with the data packet and used by the destination machine when logging its events. This allows events from the two machines to be correlated according to the activities to which they pertain.