Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for configuring a managed forwarding element (MFE) executing on a first host machine to implement a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines to process multicast data messages. The method receives a multicast group report from a data compute node (DCN) that executes on the first host, sends a summarized multicast group report indicating multicast groups joined by DCNs executing on the first host to a set of central controllers, receives data based on an aggregated multicast group report from the set of central controllers, and uses the data based on the aggregated multicast group report to configure the MFE to implement the distributed multicast logical router.

Abstract: In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: determining, at an egress interface of a host that hosts a virtual machine (“VM”), whether a service plane MAC address (“spmac”) in a packet header of a packet, provided to the egress interface, is the same as an inner destination MAC address in the packet; in response to determining that the spmac in the packet header of the packet, provided to the egress interface, is the same as the inner destination MAC address in the packet: encapsulating the packet with a destination virtual tunnel endpoint (“VTEP”) address retrieved from a mapping of VTEP-labels onto VTEP addresses; and causing providing the packet from the egress interface of the host that hosts the VM to a source host that hosts a source guest virtual machine (“GVM”).

Abstract: In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: receiving a query, from a service plane implementation module executing on a host of a service virtual machine (“SVM”), for a location of a source host implementing a guest virtual machine (“source GVM”) that originated a packet in a computer network and that serviced the packet; in response to receiving the query, performing a search of bindings associated with one or more virtual network identifiers (“VNIs”) or service virtual network identifiers (“SVNIs”) to identify a particular binding that includes a MAC address of the host implementing the source GVM; identifying, in the particular binding, the location of the source host; and providing the location of the source host to the host of the SVM to facilitate forwarding of the packet from the SVM to the GVM.

Abstract: Described herein are systems and methods for allocating to tunnel endpoints to virtual machines on a host. In one example, a host identifies when a new virtual machine is coupled to a virtual switch and determines a tenant associated with the new virtual machine. The host further determines whether a tunnel endpoint is allocated to the tenant and, when a tunnel endpoint has not been allocated, allocates a new tunnel endpoint to the tenant and maps the new virtual machine to the new tunnel endpoint.

Abstract: Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

Abstract: Certain embodiments herein are directed to a method of by a source virtual tunnel endpoint (VTEP) for selecting a tunneling protocol for encapsulating a packet destined for a destination VTEP. In some embodiments, the method includes receiving the packet for transmission to the destination VTEP. The method further includes determining whether the destination VTEP is configured with a first tunneling protocol. Upon determining that the destination VTEP is configured with the first tunneling protocol, the method includes encapsulating the packet using the first tunneling protocol, and transmitting the encapsulated packet to the destination VTEP. Upon determining that the destination VTEP is not configured with the first tunneling protocol, encapsulating the packet using a second tunneling protocol, and transmitting the encapsulated packet to the destination VTEP.

Abstract: The disclosure provides an approach for deploying an software defined networking (SDN) solution on a host using a single virtual switch and a single active network interface card (NIC) to handle overlay traffic and also other types of network traffic, such as traffic between management components of the logical overlay networks, traffic of a virtual storage area network (VSAN), traffic used to move VMs between hosts, traffic associated with VMKernel services or network stacks provided by a VMKernel that is provided as part of the hypervisor on the host, a gateway device that may be implemented as a VCI on the host, and different SDN-related components, such as an SDN manager implementing the MP and an SDN controller implementing the CP, etc.

Abstract: Example methods are provided for a first host to perform address resolution suppression in a logical network. The first host may support a first virtualized computing instance located on the logical network and a first hypervisor. The method may comprise the first hypervisor broadcasting a notification message within the logical network to trigger one or more control messages, and learning protocol-to-hardware address mapping information associated with multiple second virtualized computing instances located on the logical network based on the one or more control messages. The method may also comprise: in response to the first hypervisor detecting an address resolution request message that includes a protocol address associated with one of the multiple second virtualized computing instances, the first hypervisor generating and sending an address resolution response message to a first virtualized computing instance without broadcasting the address resolution request message on the logical network.

Abstract: The disclosure provides an approach for reducing multicast traffic within a network by optimizing placement of virtual machines within subnets and within hosts, and by optimizing mapping of overlay multicast groups to underlay multicast groups. In one embodiment, substantially all VMs of a multicast group are migrated to the same subnet of the network. Thereafter or independently, VMs in the same subnet are migrated to the same host, ideally to the subnet proxy endpoint of that subnet. In the same or in another embodiment, if multiple overlay groups map to the same underlay group, one or more of the overlay groups may be remapped to a separate underlay group to improve network performance.

Abstract: An approach for improving throughput for encapsulated network traffic is provided. In an embodiment, a method comprises obtaining a plurality of network addresses of a plurality of intermediaries that facilitate communications between a plurality of virtual machines. A set of source-destination intermediary pairs is determined based on the plurality of network addresses, and for each source-destination intermediary pair, from the set of source-destination intermediary pairs, a precomputed encapsulated header is generated and included in a set of precomputed encapsulated headers.

Abstract: Example methods are provided for a first host to restore control-plane connectivity with a network management entity. The method may comprise: detecting a loss of control-plane connectivity between the first host and the network management entity; and determining connectivity status information associated with one or more second hosts. The method may also comprise, based on the connectivity status information, selecting, from the one or more second hosts, a proxy host having data-plane connectivity with the first host and control-plane connectivity with the network management entity. The method may further comprise restoring control-plane connectivity between the first host with the network management entity via the proxy host such that the first host is able to send control information to, or receive control information from, the network management entity via the proxy host.

Abstract: The disclosure provides an approach for reducing multicast traffic within a network by optimizing placement of virtual machines within subnets and within hosts, and by optimizing mapping of overlay multicast groups to underlay multicast groups. In one embodiment, substantially all VMs of a multicast group are migrated to the same subnet of the network. Thereafter or independently, VMs in the same subnet are migrated to the same host, ideally to the subnet proxy endpoint of that subnet. In the same or in another embodiment, if multiple overlay groups map to the same underlay group, one or more of the overlay groups may be remapped to a separate underlay group to improve network performance.

Abstract: An approach for improving throughput for encapsulated network traffic is provided. In an embodiment, a method comprises obtaining a plurality of network addresses of a plurality of intermediaries that facilitate communications between a plurality of virtual machines. A set of source-destination intermediary pairs is determined based on the plurality of network addresses, and for each source-destination intermediary pair, from the set of source-destination intermediary pairs, a precomputed encapsulated header is generated and included in a set of precomputed encapsulated headers.

Abstract: Example methods are provided for a host to perform queue filter configuration for multicast packet handling in a software-defined networking (SDN) environment. One example method may comprise the host generating and sending a request to join an outer multicast group address to one or more multicast-enabled network devices; and configuring a queue filter based on the outer multicast group address. In response to detecting an ingress encapsulated multicast packet that includes an outer header addressed to the outer multicast group address, the host may assign the ingress encapsulated multicast packet to a particular NIC queue from the multiple NIC queues based on the queue filter; and retrieving, from the particular NIC queue, the ingress encapsulated multicast packet to generate and send a decapsulated multicast packet to a virtualized computing instance.

Abstract: Example methods are provided for a host to perform multicast packet handling a software-defined networking (SDN) environment. One example method may comprise: in response to detecting, from a virtualized computing instance supported by the host, a request to join a first inner multicast group address, obtaining an outer multicast group address that is assigned to the first inner multicast group address and one or more second inner multicast group addresses; and generating and sending a request to join the outer multicast group address to one or more multicast-enabled network devices. In response to detecting an ingress encapsulated multicast packet that includes an outer header addressed to the outer multicast group address and an inner header addressed to the first inner multicast group address, the host may generate and send a decapsulated multicast packet to the virtualized computing instance that has joined the first inner multicast group address.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for processing multicast data messages at a first managed forwarding element (MFE) executing on a first host machine that implements a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines. The method replicates multicast data messages received from a source data compute node (DCN), operating on the first host machine, that logically connects to a first logical switch of the multiple logical switches. The method replicates the multicast data message to a set of DCNs in the multicast group in the logical network without routing through a centralized local multicast router.

Abstract: In one implementation, a network controller includes a path analysis module, an instruction module, and a distribution module. The path analysis module defines a data path including a plurality of network devices for a flow within a network in response to a data path request from a network device. The instruction module generates a first message including an instruction to establish a first forwarding rule at a first network device, and a second message including a first instruction to establish a second forwarding rule at a second network device and a second instruction to establish a third forwarding rule at a third network device. The distribution module provides the first message to the first network device and the second message to the second network device.

Abstract: In response to movement of a wireless device, an active tunnel between switches is dynamically included as a member of a virtual network over which the wireless device communicates, where data communicated in the virtual network is carried over the active tunnel, and where the virtual network is overlaid on an underlay physical network that includes the switches and the wireless access points.