Abstract: Exemplary methods, apparatuses, and systems maintain network membership information for a host when it is disconnected from a controller. When the host detects a loss of connectivity with the network controller, the host identifies and selects one or more hosts that are members of a control logical network. The control logical network includes hosts configured to run data compute nodes that are members of the overlay network, regardless of whether or not each of the hosts is currently running a data compute node that is a member of the overlay network. The host then sends any broadcast, unknown destination, or multicast (BUM) data packet(s) to the selected one or more hosts.

Abstract: The disclosure provides an approach for seamless hand-off of data traffic in public cloud environments. Techniques are provided for activating an edge services gateway (ESG) virtual computing instance (VCI) on a new host. Prior to activating the ESG VCI on the new host, an underlay routing table is reprogrammed to associate a first IP address of a first tunnel endpoint (TEP) with a first network interface of an old host and to associate a second IP address of a second TEP with a second network interface of the new host. The routing table associates a third IP address of the ESG VCI with the first network interface. After activating the ESG VCI, a packet having as a destination address the third IP address is received at the first network interface and is encapsulated, by the first TEP, with an outer header having as a destination address the second IP address.

Abstract: In some embodiments, a method configures, at a first host, an overlay channel for sending packets to check whether a failure has occurred at a workload. The first host and a second host are connected via a layer 3 network. The first host generates a packet to check whether the failure has occurred at the workload and encapsulates the packet. The first host sends the encapsulated packet to the second host using the overlay channel via the layer 3 network. The packet is decapsulated and forwarded to the workload at the second host.

Abstract: In some embodiments, a method determines when a packet is fragmented into multiple fragmented packets in a flow between a first workload and a second workload. The method switches from generating an outer source port in the outer header using layer 4 information from the inner header to using layer 3 information from the inner header. A fragmented packet is encapsulated with the outer header that includes an outer source port value that is generated using the layer 3 information. The method initiates a process to determine when to switch back to using layer 4 information from the inner header to generate the outer source port. When it is determined to switch back to using layer 4 information, the method switches back to using layer 4 information from the inner header to generate the source port in the outer header of a packet from the first workload.

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

Abstract: Described herein are systems and methods for allocating to tunnel endpoints to virtual machines on a host. In one example, a host identifies when a new virtual machine is coupled to a virtual switch and determines a tenant associated with the new virtual machine. The host further determines whether a tunnel endpoint is allocated to the tenant and, when a tunnel endpoint has not been allocated, allocates a new tunnel endpoint to the tenant and maps the new virtual machine to the new tunnel endpoint.

Abstract: Some embodiments provide a method for forwarding multicast data messages at a forwarding element on a host computer. The method receives a multicast data message from a routing element executing on the host computer along with metadata appended to the multicast data message by the routing element. Based on a destination address of the multicast data message, the method identifies a set of recipient ports for a multicast group with which the multicast data message is associated. For each recipient port, the method uses the metadata appended to the multicast data message by the routing element to determine whether to deliver a copy of the multicast data message to the recipient port.

Abstract: In some embodiments, a method detects a state of a first session between a first workload and a second workload. The first workload and the second workload send packets in the first session via a first path to maintain a state of the first session. When the state of the first session indicates the first workload is down, the method receives information for network metrics of network traffic being sent in the first path. The method determines when the second workload should transition from a standby mode to an active mode to take over as an active workload in an active/standby configuration between the first workload and the second workload based on the information for the network metrics.

Abstract: In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: determining, at an egress interface of a host that hosts a virtual machine (“VM”), whether a service plane MAC address (“spmac”) in a packet header of a packet, provided to the egress interface, is the same as an inner destination MAC address in the packet; in response to determining that the spmac in the packet header of the packet, provided to the egress interface, is the same as the inner destination MAC address in the packet: encapsulating the packet with a destination virtual tunnel endpoint (“VTEP”) address retrieved from a mapping of VTEP-labels onto VTEP addresses; and causing providing the packet from the egress interface of the host that hosts the VM to a source host that hosts a source guest virtual machine (“GVM”).

Abstract: A method for offloading multicast replication from multiple tiers of edge nodes implemented by multiple host machines to a physical switch is provided. Each of the multiple host machines implements a provider edge node and a tenant edge node. One host machine among the multiple host machines receives a packet having an overlay multicast group identifier. The host machine maps the overlay multicast group identifier to an underlay multicast group identifier. The host machine encapsulates the packet with an encapsulation header that includes the underlay multicast group identifier to create an encapsulated packet. The host machine forwards the encapsulated packet to a physical switch of the network segment. The physical switch forwards copies of the encapsulated packet to tenant edge nodes at one or more ports that are determined to be interested in the underlay multicast group identifier.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: A method for offloading multicast replication from multiple tiers of edge nodes implemented by multiple host machines to a physical switch is provided. Each of the multiple host machines implements a provider edge node and a tenant edge node. One host machine among the multiple host machines receives a packet having an overlay multicast group identifier. The host machine maps the overlay multicast group identifier to an underlay multicast group identifier. The host machine encapsulates the packet with an encapsulation header that includes the underlay multicast group identifier to create an encapsulated packet. The host machine forwards the encapsulated packet to a physical switch of the network segment. The physical switch forwards copies of the encapsulated packet to tenant edge nodes at one or more ports that are determined to be interested in the underlay multicast group identifier.

Abstract: Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

Abstract: Some embodiments provide a method for forwarding multicast data messages at a forwarding element on a host computer. The method receives a multicast data message from a routing element executing on the host computer along with metadata appended to the multicast data message by the routing element. Based on a destination address of the multicast data message, the method identifies a set of recipient ports for a multicast group with which the multicast data message is associated. For each recipient port, the method uses the metadata appended to the multicast data message by the routing element to determine whether to deliver a copy of the multicast data message to the recipient port.

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

Abstract: The disclosure provides an approach for deploying an software defined networking (SDN) solution for overlay routing of traffic on a host with colocated a workload virtual machine (VM), addressable on an overlay network and VM addressable on an underlay network. An overlay interceptor in a hypervisor of the host can intercept traffic from a virtual switch and route the traffic to destination VM. The overlay interceptor can route the traffic directly, without the traffic exiting the host. A fast path can be created for the routing.

Abstract: Certain embodiments herein are directed to a method of by a source virtual tunnel endpoint (VTEP) for selecting a tunneling protocol for encapsulating a packet destined for a destination VTEP. In some embodiments, the method includes receiving the packet for transmission to the destination VTEP. The method further includes determining whether the destination VTEP is configured with a first tunneling protocol. Upon determining that the destination VTEP is configured with the first tunneling protocol, the method includes encapsulating the packet using the first tunneling protocol, and transmitting the encapsulated packet to the destination VTEP. Upon determining that the destination VTEP is not configured with the first tunneling protocol, encapsulating the packet using a second tunneling protocol, and transmitting the encapsulated packet to the destination VTEP.