Abstract: Example methods are provided a computer system to perform context-aware domain name system (DNS) query handling in a software-defined networking (SDN) environment. One example method may comprise detecting a DNS query to translate a domain name; identifying DNS record information that translates the domain name to a network address assigned to a virtualized computing instance; and identifying context information that is associated with the virtualized computing instance and mapped to the DNS record information. The method may also comprise: in response to detecting a potential security threat based on the context information, performing a remediation action to block access to the virtualized computing instance; but otherwise, generating and sending a DNS reply specifying the network address assigned to allow access to the virtualized computing instance.

Abstract: A method of performing ingress traffic optimization for active/active data centers. The method creates site-specific grouping constructs for virtual machines that run applications that are advertised to the external networks. The site specific grouping constructs provide an abstraction to decouple virtual machines from traditional networks for common ingress network policies. Each site-specific container includes a list of the virtual machines currently located at the site as well as a unique identifier of the site. Each virtual machine in a container is identified through the abstraction of metadata tag, logical data center objects, or the virtual machine's unique name. The IP address of each virtual machine is retrieved from the guest operating system and a network policy is generated to advertise the IP addresses of the virtual machines to the site's routing peer.

Abstract: Example methods are provided a computer system to perform context-aware domain name system (DNS) query handling in a software-defined networking (SDN) environment. One example method may comprise detecting a DNS query to translate a domain name; identifying DNS record information that translates the domain name to a network address assigned to a virtualized computing instance; and identifying context information that is associated with the virtualized computing instance and mapped to the DNS record information. The method may also comprise: in response to detecting a potential security threat based on the context information, performing a remediation action to block access to the virtualized computing instance; but otherwise, generating and sending a DNS reply specifying the network address assigned to allow access to the virtualized computing instance.

Abstract: A method of performing ingress traffic optimization for active/active data centers. The method creates site-specific grouping constructs for virtual machines that run applications that are advertised to the external networks. The site specific grouping constructs provide an abstraction to decouple virtual machines from traditional networks for common ingress network policies. Each site-specific container includes a list of the virtual machines currently located at the site as well as a unique identifier of the site. Each virtual machine in a container is identified through the abstraction of metadata tag, logical data center objects, or the virtual machine's unique name. The IP address of each virtual machine is retrieved from the guest operating system and a network policy is generated to advertise the IP addresses of the virtual machines to the site's routing peer.