Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

Abstract: Embodiments of the present disclosure relate to methods, systems, and computer program products for event management. In a method, a token is obtained at a first agent device that is included in a network system, the token is for authenticating a first packet that is transmitted in the network system, and the first packet is generated according to a first network format. A second packet is generated based on the first packet and the token according to a second network format. The second packet is transmitted to a second agent device that is included in the network system, here both of the first and second agent devices support the first and second network formats. With these embodiments, the packet may be authenticated in a more effective way.

Abstract: Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.

Abstract: Embodiments of the present disclosure relate to methods, systems, and computer program products for event management. In a method, a token is obtained at a first agent device that is included in a network system, the token is for authenticating a first packet that is transmitted in the network system, and the first packet is generated according to a first network format. A second packet is generated based on the first packet and the token according to a second network format. The second packet is transmitted to a second agent device that is included in the network system, here both of the first and second agent devices support the first and second network formats. With these embodiments, the packet may be authenticated in a more effective way.

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

Abstract: Some embodiments provide a method for a module executing on a Kubernetes node in a cluster. The method retrieves data regarding ongoing connections processed by a forwarding element executing on the node. The method maps the retrieved data to Kubernetes concepts implemented in the cluster. The method exports the retrieved data along with the Kubernetes concepts to an aggregator that receives data regarding ongoing connections from a plurality of nodes in the cluster.

Abstract: Some mbodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

Abstract: Some embodiments provide a method for a module executing on a Kubernetes node in a cluster. The method retrieves data regarding ongoing connections processed by a forwarding element executing on the node. The method maps the retrieved data to Kubernetes concepts implemented in the cluster. The method exports the retrieved data along with the Kubernetes concepts to an aggregator that receives data regarding ongoing connections from a plurality of nodes in the cluster.

Abstract: Some embodiments provide a method that receives a request for flow entries associated with a particular Kubernetes concept. The method identifies flow entries that match the request. For each flow entry that matches the request, the method generates mapping data that maps elements of the flow entry to additional Kubernetes concepts. The method provides the flow entries with the mapping data in response to the request.

Abstract: Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.