Abstract: Particular embodiments may detect, by a core network, a change in network traffic types from a first network traffic type to a second network traffic type. The core network includes one or more network functionality components. Each of the one or more network functionality components is decomposed into multiple service types. The core network may determine several service instances for deployment in response to the change in the network traffic types. Each of the service instances may belong to one of the multiple decomposed service types. The core network may deploy several service instances to one or more server machines of the core network according to a decomposed service type of a respective service instance.

Abstract: Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Abstract: Particular embodiments may detect, by a core network, a change in network traffic types from a first network traffic type to a second network traffic type. The core network includes one or more network functionality components. Each of the one or more network functionality components is decomposed into multiple service types. The core network may determine several service instances for deployment in response to the change in the network traffic types. Each of the service instances may belong to one of the multiple decomposed service types. The core network may deploy several service instances to one or more server machines of the core network according to a decomposed service type of a respective service instance.

Abstract: Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Abstract: Particular embodiments may receive a request to perform a task to a core network by a user device via an access point. The user device may be authenticated by the core network which comprises one or more network functionality components, and each of the one or more network functionality components may be decomposed into multiple service types. The core network may identify service instances for deployment based on the task. Each of the service instances may belong to one of the multiple decomposed service types. The service instances may be deployed to one or more server machines to accomplish the task by the core network based on resource requirements of the service instances and current resource availability of the one or more server machines.

Abstract: Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

Abstract: Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

Abstract: Techniques disclosed herein provide an approach for managing aggregation service hierarchies. In some embodiments, a hierarchy of an aggregation service is identified. The hierarchy comprises a plurality of nodes, where a respective node is associated with at least one host computer. The aggregation service places resource consumers based on the nodes. A host computer is assigned as a child host of a leaf node based on a clustering heuristic. The clustering heuristic requires the host computer to have access to at least one resource that is accessible to an existing child host of the leaf node. A resource consumer associated with the leaf node is executed on the host computer.

Abstract: Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Abstract: Particular embodiments may receive a request to perform a task to a core network by a user device via an access point. The user device may be authenticated by the core network which comprises one or more network functionality components, and each of the one or more network functionality components may be decomposed into multiple service types. The core network may identify service instances for deployment based on the task. Each of the service instances may belong to one of the multiple decomposed service types. The service instances may be deployed to one or more server machines to accomplish the task by the core network based on resource requirements of the service instances and current resource availability of the one or more server machines.

Abstract: Some embodiments provide a non-transitory machine readable medium of a first middlebox element of several middlebox elements to implement a middlebox instance in a distributed manner in several hosts. The non-transitory machine readable medium stores a set of instructions for receiving (1) configuration data for configuring the middlebox instance to implement a middlebox in a logical network and (2) a particular identifier associated with the middlebox in the logical network. The non-transitory machine readable medium stores a set of instructions for generating (1) a set of rules to process packets for the middlebox in the logical network and (2) an internal identifier associated with the set of rules. The non-transitory machine readable medium stores a set of instructions for associating the particular identifier with the internal identifier for later processing of packets having the particular identifier.

Abstract: Particular embodiments may receive a request to perform a task to a core network by a user device via an access point. The user device may be authenticated by the core network which comprises one or more network functionality components, and each of the one or more network functionality components may be decomposed into multiple service types. The core network may identify a sequence of a service instances based on the task. Each of the service instances may belong to one of the multiple decomposed service types. The sequence of service instances may be scheduled for deployment to accomplish the task by the core network. The core network may deploy the sequence of the service instances to one or more server machines of the core network.

Abstract: Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

Abstract: Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Abstract: Particular embodiments may receive a request to perform a task to a core network by a user device via an access point. The user device may be authenticated by the core network which comprises one or more network functionality components, and each of the one or more network functionality components may be decomposed into multiple service types. The core network may identify a sequence of a service instances based on the task. Each of the service instances may belong to one of the multiple decomposed service types. The sequence of service instances may be scheduled for deployment to accomplish the task by the core network. The core network may deploy the sequence of the service instances to one or more server machines of the core network.

Abstract: Some embodiments provide a method for identifying unnecessary firewall rules for a distributed firewall of a logical network. The method identifies a firewall policy for network traffic of the logical network. The firewall policy includes a set of firewall rules. The method generates a set of data for implementing the firewall policy on a set of managed forwarding elements that implement the logical network. The method analyzes potential network traffic based on the generated set of data to identify a subset of unnecessary data. The method identifies a subset of unnecessary firewall rules of the set of firewall rules that corresponds to the subset of unnecessary data.

Abstract: Particular embodiments may communicate to a core network by a user device via an access point. The user device may be authenticated by the core network which comprises one or more network functionality components, and each of the one or more network functionality components may be decomposed into multiple service types. The core network may receive a user task associating with service instances. Each of the service instances may belong to one of the multiple decomposed service types and be configured by a service chaining orchestration entity. The service instances may be deployed to one or more of server machines of the core network with respect to the configurations of the service instances, by a service chaining orchestration entity. The capacity of the core network may be scaled up or down by network dimensioning.

Abstract: Particular embodiments may communicate to a core network by a user device via an access point. The user device may be authenticated by the core network which comprises one or more network functionality components, and each of the one or more network functionality components may be decomposed into multiple service types. The core network may receive a user task associating with service instances. Each of the service instances may belong to one of the multiple decomposed service types and be configured by a service chaining orchestration entity. The service instances may be deployed to one or more of server machines of the core network with respect to the configurations of the service instances, by a service chaining orchestration entity. The capacity of the core network may be scaled up or down by network dimensioning.

Abstract: A method for upgrading a set of controller nodes in a controller cluster that manages a plurality of forwarding elements in a way that minimizes dataplane outages. The method of some embodiments upgrades the control applications of a subset of the controller nodes before upgrading a decisive controller node. Once the decisive controller node is upgraded, the method switches the controller cluster to use a new version of the control applications.

Abstract: Techniques disclosed herein provide an approach for assigning resource consumers to available resources. In one embodiment, components of a distributed scheduler are organized into a hierarchy, such as a tree. A placement request received at a root scheduler of the hierarchy is propagated down the hierarchy, either to all children or to randomly selected subsets of children of each scheduler in the hierarchy. Leaf schedulers in the hierarchy that receive the request each propagate back up a score indicating the amount of free resources in its corresponding resource bucket. Branch schedulers then compare scores that they receive, and each further propagate one of the received scores, such as the highest score, based on the comparison, until the root scheduler is reached. The root scheduler makes an additional comparison and returns one of the resource buckets in response to the received placement request.