Abstract: A controller may control client switches in a network including client and non-client switches. The controller may maintain a link discovery table including entries that identify links between client switches. The controller may classify the links as direct or broadcast links. To classify links of the link discovery table, the controller may direct client switches to send broadcast and directed discovery packets from switch ports. Client switches that receive the discovery packets from other client switches may forward the discovery packets to the controller. The controller may use the discovery packets to classify the links of the link discovery table. The controller may classify ports as broadcast or regular ports based on the classified links. Non-client broadcast domains of the network topology may be identified from the broadcast ports using the broadcast and direct links of the link discovery table.

Abstract: A controller may control switches in a network that forwards network packets between end hosts. The controller may generate a directed acyclic graph based on maintained network topology information. The directed acyclic graph may include multiple network paths between any given pair of switches. For a given network packet received from an end host, the controller may generate an identifier or otherwise classify the network packet based on network attributes of the network packet. The network attributes may include packet header information retrieved from the network packet, information maintained by the controller such as which virtual switch is associated with the network packet, and/or other network attributes. The controller may use the network packet identifier to select a network forwarding path for the network packet from the directed acyclic graph.

Abstract: A controller may be used to control client switches in a network that includes non-client switches. The controller may form client domains from groups of client switches that are separated by intervening non-client domains formed from non-client switches. The controller may determine a network domain topology from the client domains and non-client domains. The controller may determine a spanning tree that interconnects the nodes of the network domain topology. The controller may control client switches of the client domains to allow only network traffic between the client domains and the non-client domains along the spanning tree. The controller may use the network domain topology to generate inter-domain forwarding maps. The inter-domain forwarding maps may be used to determine network forwarding paths between end hosts in the network.

Abstract: A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may configure the switches in the network to identify broadcast network packets and to forward the broadcast network packets to the controller. The controller may identify which broadcast domain is associated with a received broadcast network packet based on information such as source information retrieved from the broadcast network packet. The controller may identify switches that are coupled to the end hosts of a broadcast domain associated with the received broadcast network packet. The controller may forward the broadcast network packet to the identified switches through network control paths and may direct the identified switches to forward the broadcast network packet to end hosts of the associated broadcast domain.

Abstract: A network may include network switches with network switch ports that may be coupled to end hosts. The network switches may be controlled by a controller such as a controller server. Virtual switches may be formed using the controller from groups of the network switch ports and the end hosts. Each virtual switch may include virtual interfaces associated with end hosts or network switches. Virtual links may be formed that define network connections between the virtual interfaces and end hosts or between two virtual interfaces. Virtual network policies such as selective packet forwarding, packet dropping, packet redirection, packet modification, or packet logging may be implemented at selected virtual interfaces to control traffic through the communications network. The controller may translate the virtual network policies into network switch forwarding paths that satisfy the virtual network policies.

Abstract: A network may include switches that have controller clients that are controlled from one or more controller servers. Clusters of the switches that have the controller clients may be isolated from other clusters by switches without the controller clients. The controller server may use graph searches to identify the clusters. The controller server may use information on the cluster topology of switches containing controller clients along with information in per-switch forwarding databases to generate per-cluster forwarding databases. The controller server may use the per-cluster forwarding databases in generating flow tables for the network switches that direct the switches to forward packets along desired paths through the network.

Abstract: A network may include a core region having routers and peripheral regions coupled to the core regions. Switches controlled by a controller may be interposed between the routers. The controller may maintain network topology information of the network. A path computation module may identify forwarding paths between the network routers based on the network topology information and other information such as network traffic history, current network traffic conditions, future network traffic forecasts, or other desired network information. The controller may control the switches to implement the identified forwarding paths. The controller may detect network topology changes and update forwarding paths based on the detected network topology changes. The controller may determine weights of path segments of the network topology. A routing module may provide the path segment weights to the routers using a network protocol.

Abstract: A controller may control switches such as physical and software switches in a network. The controller may generate virtual switches from groups of end hosts in forming a virtual network topology. The controller may receive one or more network policy rules that govern network traffic through the switches. For a given network policy rule, the controller may perform a test in determining whether the network satisfies the network policy rule. The test may be performed based on a testing rule identifying test parameters and expected test results. The controller may perform tests in determining whether the network satisfies the testing rule and the corresponding network policy rule. The tests may be performed via simulation at the controller or by injecting a tagged test packet into the network.

Abstract: A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may use network topology information to determine which of the switches are coupled in a forwarding tree formed from network paths between the end hosts of a broadcast domain. The controller may be used to configure the switches with an identifier that identifies which broadcast domain is associated with each subset of end hosts. The controller may configure switches of a given forwarding tree that are coupled to end hosts of an associated broadcast domain to modify broadcast network packets received from the end hosts with the identifier and to forward the modified broadcast network packets along the forwarding tree exclusively to end hosts of the associated broadcast domain.

Abstract: A packet forwarding network may include switches that perform network forwarding operations to forward network traffic between end hosts that are coupled to the packet forwarding network. An analysis network that is controlled by a controller may be coupled to the packet forwarding network. The analysis network and the packet forwarding network may overlap. Switches such as hybrid switches in the overlapping network portions may be controlled by the controller to copy network packets without interfering with the network forwarding operations of the packet forwarding network. The analysis network may include a central portion to which analysis tools are coupled and one or more isolated portions. The controller may control the client switches of the central portion and the isolated portions to establish tunneling paths through the forwarding network.

Abstract: Network switches may be configured using flow tables. Flow table entries may contain header fields and associated actions. When a packet is received by a network switch, the network switch can compare fields in the packet to fields in the flow table entries and can take corresponding actions when matches are detected. A controller server can determine the topology of a network and can gather information on the capacities of network switches and other network switch capabilities. Based on this information and network configuration rules, the controller server can generate flow tables for the network switches that direct the switches to forward packets along desired paths through the network. The flow table entries for switches that are nearer the network core can be provided with more wildcarding than switches nearer the network edge. Traffic can be forwarded through encapsulation and deencapsulation engines to allow tunneling between isolated network domains.

Abstract: A network controlled by a controller may include end hosts that are coupled to the switches. The network may be coupled to gateways that interface between the network and an external network. The network may include subnetworks formed from respective portions of the end hosts of the network. The controller may create virtual gateways that interface between each of the subnetworks and the network by providing the end hosts of each subnetwork with virtual gateway Ethernet addresses. The controller may receive a network packet having a virtual gateway Ethernet address from an end host of a given subnetwork. The network packet may be destined for an end host of an external network or subnetwork. The controller may forward the network packet to the destination end host by redirecting the network packet through a selected gateway or by controlling the switches to perform gateway functions.

Abstract: A controller may help reduce network traffic that is associated with broadcasting of Dynamic Host Configuration Protocol (DHCP) packets by converting broadcast DHCP packets into unicast DHCP packets and forwarding the unicast DHCP packets to appropriate DHCP servers. The servers may be identified from a database of servers that is updated with DHCP server address information based on DHCP reply packets that are received by the controller from servers in the network. To convert DHCP request packets into unicast packets, the controller may modify address header fields of the packets such as Ethernet addresses and Internet Protocol (IP) addresses. The controller may forward the modified DHCP request packets to the server by providing packet forwarding rules such as flow table entries to the switches or by forwarding the modified DHCP request packets through the controller.

Abstract: Network packets may be transmitted from packet sources to packet destinations through a network of switches. The switches may have corresponding flow tables that control how the packets are forwarded through the switches. A controller server may generate network switch forwarding paths for the network packets by modifying the flow tables with entries based on attributes of the network packets and network topology information. The controller server may forward selected packets directly to packet destinations instead of generating the network switch forwarding paths. To determine which packets to directly forward, the controller server may calculate cost metrics associated with the network switch forwarding paths and associated with forwarding network packets directly to packet destinations.

Abstract: Network policies that control the flow of traffic through a network may be implemented using a controller server that controls a network of switches. Based on network packet attributes, the controller server may identify network policies that are associated with the network traffic. The controller server may identify dependencies between the network policies based on priorities that are associated with the network policies and overlap between the network policies. The controller server may provide the switches with packet forwarding rules based on the identified dependencies between the network policies, network switch attributes, and network switch capabilities. The packet forwarding rules may implement network policies for current network traffic and future network traffic.

Abstract: Network switches that are controlled by a controller server may contain ports through which network packets are received and forwarded. An architect may configure the controller server to create virtual switches. Each virtual switch may be formed from a subset of the ports of the network switches. The architect may assign administrators to the virtual switches. The administrators may configure the virtual switches. An administrator may use a command line interface to configure a virtual switch. The administrator may use commands such as a show port command, an access list command, a show access list command, and a membership rule command to manage the virtual switch. The controller server may prevent the administrator from logging on to virtual switches that have been assigned to other administrators.