Abstract: Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.

Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. An example apparatus includes memory, instructions, and processor circuitry to execute the instructions. The processor circuitry is to convert first network state data in a first format to a first data tuple in a unified format, the first network state data from a first cloud management application that manages a first aspect of a network and convert second network state data in a second format to a second data tuple in the unified format, the second network state data from a second cloud management application that manages a second aspect of the network, the first format different than the second format.

Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. An example computer readable storage device includes instructions that, when executed, cause processor circuitry to at least identify a proposed change to a state of a network. The example instructions, when executed, also cause the processor circuitry to, in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change. In some examples, the instructions, when executed, cause the processor circuitry to, when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change.

Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state.

Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state.

Abstract: Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.

Abstract: Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. Upon receiving data that specifies the state of a logical entity of the logical network, the method publishes the logical entity state's data to the set of controllers. In some embodiments, the method queries the set of controllers for a realization status of the state data for a set of logical entities that is published to the set of controllers up to a particular point of time. The submitted query, in some embodiments, includes a particular value of the realization number associated with the particular point of time.

Abstract: Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. A computer readable storage device comprising instructions that, when executed, cause a processor to at least: identify a proposed change to a state of a network; in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change.

Abstract: Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. Upon receiving data that specifies the state of a logical entity of the logical network, the method publishes the logical entity state's data to the set of controllers. In some embodiments, the method queries the set of controllers for a realization status of the state data for a set of logical entities that is published to the set of controllers up to a particular point of time. The submitted query, in some embodiments, includes a particular value of the realization number associated with the particular point of time.

Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of declared policies. The method stores network state data received from a plurality of data sources as a set of tables. The method receives a declaration of a policy that specifies a set of conditions for a particular set of network state entities received from at least two of the data sources. The set of conditions is specified as an existence of a set of data tuples involving the set of network state entities in the stored set of tables. The method monitors the network state data according to the declared policy.

Abstract: Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. Upon receiving data that specifies the state of a logical entity of the logical network, the method publishes the logical entity state's data to the set of controllers. In some embodiments, the method queries the set of controllers for a realization status of the state data for a set of logical entities that is published to the set of controllers up to a particular point of time. The submitted query, in some embodiments, includes a particular value of the realization number associated with the particular point of time.

Abstract: Some embodiments provide a method for identifying a realization status of one or more logical entities of a logical network. In some embodiments the method is implemented by a controller that controls network data communications in a logical network. The method receives a request for realization status of a set of logical entities at a particular point of time that is associated with a particular value of a realization number. The method determines whether configuration data up to the particular point of time for each logical entity in the set has been processed and distributed to a set of local controllers that operates on a set of host machines. The method returns a realization reply that includes a successful realization message when the configuration data up to the particular point in time for each logical entity in the set has been processed and distributed to the set of local controllers.

Abstract: Some embodiments provide a method for a system that enforces policy for a network. The method receives (i) a first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format and (ii) a second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format. The method stores the first and second sets of network state data in a single, unified data format. The method monitors the stored sets of network state data to determine whether the network state violates one or more network policies that constrain the network state received from the first and second cloud management applications.

Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of network policies. The method stores network state data that describes the network. The method identifies that a first set of stored network state data violates a particular policy declared for the network. The method issues a command to a first cloud management application to modify the network state data such that the modified network state data does not violate the particular policy. The method determines whether a requested action that modifies a second set of network state data, received from a second cloud management application, violates any policies. The method responds to the second cloud management application to permit the requested change when the modified second set of network state data does not violate any policies and deny the requested change when the modified second set of network state data violates the particular policy.

Abstract: Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.

Abstract: Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.

Abstract: Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. Upon receiving data that specifies the state of a logical entity of the logical network, the method publishes the logical entity state's data to the set of controllers. In some embodiments, the method queries the set of controllers for a realization status of the state data for a set of logical entities that is published to the set of controllers up to a particular point of time. The submitted query, in some embodiments, includes a particular value of the realization number associated with the particular point of time.