Abstract: Some embodiments of the invention provide a novel network architecture for providing edge services of a virtual private cloud (VPC) at host computers hosting machines of the VPC. The host computers in the novel network architecture are reachable from external networks through a gateway router of an availability zone (AZ). The gateway router receives a data message from the external network addressed to one or more data compute nodes (DCNs) in the VPC and forwards the data message to a particular host computer identified as providing a distributed edge service for the VPC. The particular host computer, upon receiving the forwarded data message, performs the distributed edge service and provides the serviced data message to a destination DCN.

Abstract: In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: In some embodiments, a method for selecting an egress point for accessing an external network associated with a distributed logical router that is distributed across at least a first computing device and a second computing device is provided. The method receives, by an instance of the logical router at the first computing device, first identification information and a first preference value. The method compares the first preference value to a second preference value. The second preference value is associated with second identification information corresponding to a current computing device that is identified as a current preferred egress point for the logical router. The method determines whether to set the egress point connected to the instance of the logical router in the second computing device as a new preferred egress point for the logical router.

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: A node in a Segment Routing network includes circuitry configured to signal first service Segment Identifiers (SIDs), for one or more first Ethernet services configured at the node, to other nodes in the Segment Routing network, receive second service SIDs for one or more second Ethernet services configured at the other nodes in the Segment Routing network, and configure the second service SIDs for one or more second Ethernet services. The first service SIDs and the second service SIDs can be signaled by one of Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP).

Abstract: Systems and methods for micro-loop avoidance include detecting a remote link failure in a network and identifying an associated Point of Local Repair (PLR); determining destinations in the network that are impacted due to the remote link failure; and installing of a temporary tunnel to the PLR. The steps can further include sending traffic destined for nodes impacted by the remote link failure via the temporary tunnel to the PLR. The temporary tunnel can be implemented by a node Segment Identifier (SID) for the PLR.

Abstract: A Provider Edge (PE) node includes a plurality of ports including an inter-chassis port to a second PE node, a port connected to a root node, and one or more ports connected to leaf nodes, wherein the plurality of ports are in an Ethernet Tree (E-Tree), and wherein the root node is dual-homed to the PE node and the second PE node; switching circuitry configured to switch traffic between the plurality of ports; and circuitry configured to designate the inter-chassis port as one of a leaf node and a root node in the E-Tree instance, and manage a designation of the inter-chassis port based on a status of the port connected to the root node. The designation is changed in a data plane instead of in a control plane.

Abstract: A method implemented by a node in a network having a ring topology includes the step of discovering a first peer node arranged in a first direction around the ring with respect to the node. The method further includes the step of discovering a second peer node arranged in a second direction around the ring with respect to the node. Upon determining that data packets are propagating in the first direction and communication with the first peer node is interrupted, the method include performing a direction reversal procedure to propagate the data packets in the second direction. In response to the second peer node being unable to perform the direction reversal procedure, the method includes the step of tunnelling the data packets to a next node in the second direction to thereby bypass the second peer node.

Abstract: A method implemented by a node in a network utilizing Multiprotocol Label Switching (MPLS) includes performing a convergence procedure to discover the topology of a network in which multiple nodes are arranged; and upon determining that the topology of the network is a ring topology whereby the node is connected to two neighboring nodes by a respective link, creating a first table for a first link, the first table including labels representing at least a portion of a label stack for allowing the node to transmit packets to another node in the network in a clockwise (CW) direction around the ring; and creating a second table for a second link, the second table including labels representing at least a portion of a label stack for allowing the node to transmit packets to another node in the network in an anti-clockwise (ACW) direction around the ring.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: Systems and methods for incrementally eliminating Border Gateway Protocol—Labeled Unicast (BGP-LU) in a multi-region network include receiving BGP-LU updates from one or more Area Border Router (ABR) nodes in a multi-region network with the ABR nodes between two areas including a first area utilizing Segment Routing without utilizing BGP-LU and a second area utilizing BGP-LU; and, responsive to a request from a first node in the first area to reach a second node in the second area, providing a Segment Identifier (SID) list to the first node where the SID list is determined based on the Segment Routing in the first area and the BGP-LU updates from the second area.

Abstract: The technology disclosed herein enables a dynamic chain of service functions for processing network traffic. In a particular embodiment, a method includes, in a logical router for a logical network connecting service functions, receiving a network packet from a service function over the logical network after the network packet has been processed by the service function. The method further includes determining a new classification of the network packet and determining a next service function based on application of a service chain policy to the new classification. The method also includes directing the network packet to the next service function over the logical network.

Abstract: Systems and methods in a node in an MPLS network include determining a plurality of services supported at the node; determining a bitmask to represent the plurality of services supported at the node, wherein the bitmask includes a starting service and each subsequent bit representing another service of the plurality of services and with each bit in the bitmask set based on the plurality of services supported at the node; and transmitting an advertisement to other nodes in the network with the bitmask based on the plurality of services supported at the node. The steps can further include transmitting a packet associated with a service of the plurality of services with an MPLS label stack including one or more transport labels for a destination of the packet, a service label identifying the service, and a source label identifying a source Internet Protocol (IP) address of the packet.

Abstract: Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a network external to the logical network and (ii) use a second routing table for exchanging routes with other edge computing devices that implement the logical router.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.

Abstract: Systems and methods include, in a node in a Segment Routing network, learning an adjacency Segment Identifier (SID) of a directly connected neighbor; and programming forwarding entries including a primary path and backup path associated with the adjacency SID. The programming is only performed for adjacency SIDs of directly connected neighbors, for use as a Point of Local Repair (PLR). This addresses holes in Topology Independent Loop Free Alternative (TI-LFA) node protection scheme for Segment Routing Traffic Engineering (SR-TE) paths.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).