Abstract: In some embodiments, a method receives a packet for a flow from a first application in a first workload to a second application in a second workload. The packet includes an inner header that includes layer 4 information for the first application. The method determines if a setting indicates an outer source port in an outer header should be generated using layer 4 information from the inner header. The setting is based on an analysis of packet types in the flow to determine if fragmented packets are sent. When the setting indicates the outer source port in the outer header should be generated using layer 4 information from the inner header, the method generates the outer source port using the layer 4 information for the first application from the inner header. The packet is encapsulated using the outer header, wherein the outer header includes the outer source port.

Abstract: In some embodiments, a method detects a state of a first session between a first workload and a second workload. The first workload and the second workload send packets in the first session via a first path to maintain a state of the first session. When the state of the first session indicates the first workload is down, the method receives information for network metrics of network traffic being sent in the first path. The method determines when the second workload should transition from a standby mode to an active mode to take over as an active workload in an active/standby configuration between the first workload and the second workload based on the information for the network metrics.

Abstract: The disclosure provides an approach for deploying an software defined networking (SDN) solution on a host using a single virtual switch and a single active network interface card (NIC) to handle overlay traffic and also other types of network traffic, such as traffic between management components of the logical overlay networks, traffic of a virtual storage area network (VSAN), traffic used to move VMs between hosts, traffic associated with VMKernel services or network stacks provided by a VMKernel that is provided as part of the hypervisor on the host, a gateway device that may be implemented as a VCI on the host, and different SDN-related components, such as an SDN manager implementing the MP and an SDN controller implementing the CP, etc.

Abstract: In some embodiments, a method receives a control message from a second host. The control message includes a first address to use as a next hop to reach an active workload that has migrated to the second host from another host. The method reprograms a local route table to include a policy to send packets to check a liveness of the active workload with the next hop of the first address. A packet is sent from a standby workload to the active workload using the next hop of the first address to check the liveness of the active workload. The packet is encapsulated and sent between the first host and the second host using an overlay channel between a first endpoint of the overlay channel on the first host and a second endpoint of the channel on the second host.

Abstract: In some embodiments, a method determines when a packet is fragmented into multiple fragmented packets in a flow between a first workload and a second workload. The method switches from generating an outer source port in the outer header using layer 4 information from the inner header to using layer 3 information from the inner header. A fragmented packet is encapsulated with the outer header that includes an outer source port value that is generated using the layer 3 information. The method initiates a process to determine when to switch back to using layer 4 information from the inner header to generate the outer source port. When it is determined to switch back to using layer 4 information, the method switches back to using layer 4 information from the inner header to generate the source port in the outer header of a packet from the first workload.

Abstract: In some embodiments, a method determines when a packet is fragmented into multiple fragmented packets in a flow between a first workload and a second workload. The method switches from generating an outer source port in the outer header using layer 4 information from the inner header to using layer 3 information from the inner header. A fragmented packet is encapsulated with the outer header that includes an outer source port value that is generated using the layer 3 information. The method initiates a process to determine when to switch back to using layer 4 information from the inner header to generate the outer source port. When it is determined to switch back to using layer 4 information, the method switches back to using layer 4 information from the inner header to generate the source port in the outer header of a packet from the first workload.

Abstract: In some embodiments, a method receives a control message from a second host. The control message includes a first address to use as a next hop to reach an active workload that has migrated to the second host from another host. The method reprograms a local route table to include a policy to send packets to check a liveness of the active workload with the next hop of the first address. A packet is sent from a standby workload to the active workload using the next hop of the first address to check the liveness of the active workload. The packet is encapsulated and sent between the first host and the second host using an overlay channel between a first endpoint of the overlay channel on the first host and a second endpoint of the channel on the second host.

Abstract: In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: determining, at an egress interface of a host that hosts a virtual machine (“VM”), whether a service plane MAC address (“spmac”) in a packet header of a packet, provided to the egress interface, is the same as an inner destination MAC address in the packet; in response to determining that the spmac in the packet header of the packet, provided to the egress interface, is the same as the inner destination MAC address in the packet: encapsulating the packet with a destination virtual tunnel endpoint (“VTEP”) address retrieved from a mapping of VTEP-labels onto VTEP addresses; and causing providing the packet from the egress interface of the host that hosts the VM to a source host that hosts a source guest virtual machine (“GVM”).

Abstract: An approach for improving throughput for encapsulated network traffic is provided. In an embodiment, a method comprises obtaining a plurality of network addresses of a plurality of intermediaries that facilitate communications between a plurality of virtual machines. A set of source-destination intermediary pairs is determined based on the plurality of network addresses, and for each source-destination intermediary pair, from the set of source-destination intermediary pairs, a precomputed encapsulated header is generated and included in a set of precomputed encapsulated headers.

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: Example methods are provided for a first host to maintain data-plane connectivity with a second host via a third host in a virtualized computing environment. The method may comprise identifying an intermediate host, being the third host, having data-plane connectivity with both the first host and the second host. The method may also comprise: in response to detecting, from a first virtualized computing instance supported by the first host, an egress packet that includes an inner header addressed to a second virtualized computing instance supported by the second host, generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first host to the third host instead of the second host; and sending the encapsulated packet to the third host for subsequent forwarding to the second host.

Abstract: The disclosure provides an approach for overcoming the limitations of a cloud provider network when a data center with software-defined network and multiple hosts, each with multiple virtual machines, operates on the cloud provider network. Single-host aware routers and a multiple-host aware distributed router are combined into a hybrid router in each host. The hybrid router receives a route table from the control plane of the data center and updates the received table based on the locations of VMs, such as edge VMs and management VAs on each of the hosts. An agent in each host also updates a router in the cloud provider network based on the locations of the virtual machines on the hosts. Thus, the hybrid routers maintain local routing information and global routing information for the virtual machines on the hosts in the data center.

Abstract: The disclosure provides an approach for workload migration. Embodiments include receiving logical network resource capacity information and logical network resource utilization information relating to a plurality of host computers and to one or more logical network resources. Embodiments include determining that a virtual computing instance (VCI) is to be run on one of the plurality of host computers and determining for each respective host computer of the plurality of host computers, a respective realization cost of the VCI for the respective host computer, wherein the respective realization cost relates to the one or more logical network resources. Embodiments include selecting, based on the logical network resource capacity information, the logical network resource utilization information, and the realization cost, a target host computer for the VCI from the plurality of host computers and loading the VCI on the target host computer.

Abstract: The disclosure provides an approach for workload migration. Embodiments include receiving logical network resource capacity information and logical network resource utilization information relating to a plurality of host computers and to one or more logical network resources. Embodiments include determining that a virtual computing instance (VCI) is to be run on one of the plurality of host computers and determining for each respective host computer of the plurality of host computers, a respective realization cost of the VCI for the respective host computer, wherein the respective realization cost relates to the one or more logical network resources. Embodiments include selecting, based on the logical network resource capacity information, the logical network resource utilization information, and the realization cost, a target host computer for the VCI from the plurality of host computers and loading the VCI on the target host computer.

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: determining, at an egress interface of a host that hosts a virtual machine (“VM”), whether a service plane MAC address (“spmac”) in a packet header of a packet, provided to the egress interface, is the same as an inner destination MAC address in the packet; in response to determining that the spmac in the packet header of the packet, provided to the egress interface, is the same as the inner destination MAC address in the packet: encapsulating the packet with a destination virtual tunnel endpoint (“VTEP”) address retrieved from a mapping of VTEP-labels onto VTEP addresses; and causing providing the packet from the egress interface of the host that hosts the VM to a source host that hosts a source guest virtual machine (“GVM”).

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: Example methods are provided for a host to perform multicast packet handling a software-defined networking (SDN) environment. One example method may comprise: in response to detecting, from a virtualized computing instance supported by the host, a request to join a first inner multicast group address, obtaining an outer multicast group address that is assigned to the first inner multicast group address and one or more second inner multicast group addresses; and generating and sending a request to join the outer multicast group address to one or more multicast-enabled network devices. In response to detecting an ingress encapsulated multicast packet that includes an outer header addressed to the outer multicast group address and an inner header addressed to the first inner multicast group address, the host may generate and send a decapsulated multicast packet to the virtualized computing instance that has joined the first inner multicast group address.

Abstract: The disclosure provides an approach for overcoming the limitations of a cloud provider network when a data center with software-defined network and multiple hosts, each with multiple virtual machines, operates on the cloud provider network. Single-host aware routers and a multiple-host aware distributed router are combined into a hybrid router in each host. The hybrid router receives a route table from the control plane of the data center and updates the received table based on the locations of VMs, such as edge VMs and management VAs on each of the hosts. An agent in each host also updates a router in the cloud provider network based on the locations of the virtual machines on the hosts. Thus, the hybrid routers maintain local routing information and global routing information for the virtual machines on the hosts in the data center.