Abstract: Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a network external to the logical network and (ii) use a second routing table for exchanging routes with other edge computing devices that implement the logical router.

Abstract: Systems and methods include determining a Multi-Point to Point (MP2P) tree from a plurality of source nodes to a destination node in a Segment Routing network, wherein the plurality of source nodes are sending traffic with guaranteed bandwidth requirements to the destination node, and wherein the MP2P tree is determined based on the guaranteed bandwidth; assigning a globally unique Segment Identifier (SID) for the MP2P tree; and causing programming of forwarding entries in the plurality of source nodes, any intermediate nodes, and the destination node, based on the MP2P tree. The steps can further include receiving measurements from nodes on the MP2P tree of bandwidth utilized against the globally unique SID; and updating the MP2P tree if required based on the measurements. Each of the plurality of source nodes utilize the globally unique SID to send traffic with guaranteed bandwidth requirements to the destination node.

Abstract: Systems and methods associated with a node in a Segment Routing network include, responsive to what services are support at a node in a Segment Routing network, creating a bitmap to represent the plurality of services supported at the node; and transmitting an advertisement with the bitmap such that the advertisement is a single advertisement of multiple services. This approach can reduce the advertisement of rout updates by orders of magnitude.

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

Abstract: Systems and methods include determining a Multi-Point to Point (MP2P) tree from a plurality of source nodes to a destination node in a Segment Routing network, wherein the plurality of source nodes are sending traffic with guaranteed bandwidth requirements to the destination node, and wherein the MP2P tree is determined based on the guaranteed bandwidth; assigning a globally unique Segment Identifier (SID) for the MP2P tree; and causing programming of forwarding entries in the plurality of source nodes, any intermediate nodes, and the destination node, based on the MP2P tree. The steps can further include receiving measurements from nodes on the MP2P tree of bandwidth utilized against the globally unique SID; and updating the MP2P tree if required based on the measurements. Each of the plurality of source nodes utilize the globally unique SID to send traffic with guaranteed bandwidth requirements to the destination node.

Abstract: Systems and methods for incrementally eliminating Border Gateway Protocol—Labeled Unicast (BGP-LU) in a multi-region network include receiving BGP-LU updates from one or more Area Border Router (ABR) nodes in a multi-region network with the ABR nodes between two areas including a first area utilizing Segment Routing without utilizing BGP-LU and a second area utilizing BGP-LU; and, responsive to a request from a first node in the first area to reach a second node in the second area, providing a Segment Identifier (SID) list to the first node where the SID list is determined based on the Segment Routing in the first area and the BGP-LU updates from the second area.

Abstract: Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner IP address, anycast MAC address, and to associate with a same anycast VTEP IP address. In some embodiments, the modules are operating in an active-active mode and all nodes running modules advertise the anycast VTEP IP addresses with equal local preference. In some embodiments, modules are operating in active-standby mode and the node running the active module advertises the anycast VTEP IP address with higher local preference.

Abstract: Systems and methods include obtaining a plurality of services supported at the node; determining a bitmask to represent the plurality of services supported at the node, wherein the bitmask includes a starting service and each subsequent bit representing another service of the plurality of services and with each bit in the bitmask set based on the plurality of services supported at the node; and transmitting an advertisement to nodes in the Segment Routing network with a starting Service SID value and the bitmask based on the plurality of services supported at the node. The plurality of services can include any of a Virtual Private Wire Service (VPWS) and a Flexible Cross Connect (FXC) service.

Abstract: The present disclosure provides an approach for scaling the number of VNFs in a data center without scaling the number of control sessions between VNFs and a data center gateway. The approach includes opening a session between a VNF and a route server, rather than between the VNF and the gateway, when the VNF needs to send its connectivity information to the gateway. The VNF sends its connectivity information to the route server, and the route server forwards the connectivity information to the gateway. The gateway receives connectivity information of a plurality of VNFs in the data center from the route server rather than from each of the VNFs individually. The connectivity information is then used to send packets, by the gateway to a VNF, for processing. The packets are sent using three layers of networking: an underlay physical network, an overlay logical network, and a second overlay logical network.

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

Abstract: Systems and methods for micro-loop avoidance include detecting a remote link failure in a network and identifying an associated Point of Local Repair (PLR); determining destinations in the network that are impacted due to the remote link failure; and installing of a temporary tunnel to the PLR. The steps can further include sending traffic destined for nodes impacted by the remote link failure via the temporary tunnel to the PLR. The temporary tunnel can be implemented by a node Segment Identifier (SID) for the PLR.

Abstract: A Provider Edge (PE) node includes a plurality of ports including an inter-chassis port to a second PE node, a port connected to a root node, and one or more ports connected to leaf nodes, wherein the plurality of ports are in an Ethernet Tree (E-Tree), and wherein the root node is dual-homed to the PE node and the second PE node; switching circuitry configured to switch traffic between the plurality of ports; and circuitry configured to designate the inter-chassis port as one of a leaf node and a root node in the E-Tree instance, and manage a designation of the inter-chassis port based on a status of the port connected to the root node. The designation is changed in a data plane instead of in a control plane.

Abstract: Example methods and systems for uplink-aware logical overlay tunnel monitoring are described. In one example, a first computer system may establish a logical overlay tunnel with a second computer system. The first computer system may generate and send, over the logical overlay tunnel via the first uplink, a first encapsulated monitoring packet identifying the first uplink. Based on a first reply, first performance metric information associated with the first uplink may be determined. The first computer system may generate and send, over the logical overlay tunnel via the second uplink, a second encapsulated monitoring packet identifying the second uplink. Based on a second reply, second performance metric information associated with the second uplink may be determined. Based on the first performance metric information and the second performance metric information, the first uplink or the second uplink may be selected to send encapsulated data packet(s) over the logical overlay tunnel.

Abstract: Systems and methods for creating loopback packets for transmission through a section of a network for the purpose of testing the operability of links and nodes in this section of the network are provided. A method, according to one implementation, includes a step of obtaining information, by a Network Element (NE), about the topology of the network related to at least the nodes in direct communication with a peer node. The method also includes a step of generating one or more loopback packets, where each loopback packet includes at least a header having a path list including one or more nodes of the plurality of nodes in the network. Each path list defines an order of nodes through which the respective loopback packet is to be transmitted.

Abstract: Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner IP address, anycast MAC address, and to associate with a same anycast VTEP IP address. In some embodiments, the modules are operating in an active-active mode and all nodes running modules advertise the anycast VTEP IP addresses with equal local preference. In some embodiments, modules are operating in active-standby mode and the node running the active module advertises the anycast VTEP IP address with higher local preference.

Abstract: Some embodiments of the invention provide a method for managing logical forwarding elements (LFEs) implemented by multiple physical forwarding elements (PFEs) operating on multiple devices, each LFE including multiple logical ports. On a host computer executing a particular machine connected to the LFE and a PFE implementing the LFE, the method identifies an address discovery message associating a particular network address of the particular machine with another network address of the particular machine. The method identifies an LFE logical port associated with the particular machine, stores in an encapsulation header an identifier that identifies this port, and then forwards the encapsulated message to a set of one or more devices implementing the LFE for the devices to use in processing data messages associated with the particular machine.

Abstract: The present disclosure provides an approach for scaling the number of VNFs in a data center without scaling the number of control sessions between VNFs and a data center gateway. The approach includes opening a session between a VNF and a route server, rather than between the VNF and the gateway, when the VNF needs to send its connectivity information to the gateway. The VNF sends its connectivity information to the route server, and the route server forwards the connectivity information to the gateway. The gateway receives connectivity information of a plurality of VNFs in the data center from the route server rather than from each of the VNFs individually. The connectivity information is then used to send packets, by the gateway to a VNF, for processing. The packets are sent using three layers of networking: an underlay physical network, an overlay logical network, and a second overlay logical network.

Abstract: Systems and methods include determining one or more Layer 3 Virtual Private Networks (L3VPNs) supported at the router; and advertising the one or more L3 VPNs to one or more routers in the Segment Routing network with each advertisement including a service Segment Identifier (SID) for each of the one or more L3VPNs and one of a node SID for the router or an Anycast SID when the router is connected to a Multi-Home site. The steps can further include transmitting a Layer 3 (L3) packet for an L3 VPN of the one or more L3 VPNs with a destination SID and a service SID of the L3VPN. The advertisement can include encapsulation as an IPv6 prefix containing both the node SID for the router and the service SID, and wherein prefixes are treated as attributes of a route.

Abstract: The disclosure provides an approach for reducing multicast traffic within a network by optimizing placement of virtual machines within subnets and within hosts, and by optimizing mapping of overlay multicast groups to underlay multicast groups. In one embodiment, substantially all VMs of a multicast group are migrated to the same subnet of the network. Thereafter or independently, VMs in the same subnet are migrated to the same host, ideally to the subnet proxy endpoint of that subnet. In the same or in another embodiment, if multiple overlay groups map to the same underlay group, one or more of the overlay groups may be remapped to a separate underlay group to improve network performance.