Abstract: Some embodiments provide a forwarding element that detects and handles elephant flows. In detecting, the forwarding element of some embodiments monitors statistics or measurements relating to a data flow. In handling, the forwarding element marks each packet associated with a detected elephant flow in some manner to differentiate it from a packet associated with a mouse flow. Alternatively, the forwarding element of break elephant flows into a number mouse flow by facilitating in sending packets associated with the detected elephant flow along different paths.

Abstract: Some embodiments provide a system that detects whether a flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiment detect elephants based on one or more of the following: statistics associated with a flow, packet segment size, and invoked system calls. Also, some embodiments use one or more various methods to handle elephant flows. Examples of such methods include marking each packet belonging to an elephant with a particular marking, breaking the elephants into mice, reporting the elephant to a network controller, and selectively choosing a route for each packet belonging to the elephant.

Abstract: A particular network controller receives a first set of inputs from the first controller and a second set of inputs from the second controller. The particular controller then starts to compute a set of outputs using the first set of inputs. After a failure of the first controller, the particular controller receives a third set of inputs from the second controller. The third set of inputs and the first or second set of inputs makes up a group of inputs for being processed together and separately from another group of inputs. The particular controller then receives an indicator from the second controller, which indicates that all inputs of the group of inputs have arrived at the particular controller. After receiving the indicator and after computing the set of outputs completely, the particular controller sends the set of outputs to a fourth controller or to a managed forwarding element.

Abstract: Some embodiments provide a system that detects whether a data flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiments detects an elephant flow by examining, among other items, the operations of a machine. In detecting, the system identifies an initiation of a new data flow associated with the machine. The new data flow can be an outbound data flow or an inbound data flow. The system then determines, based on the amount of data being sent or received, if the data flow is an elephant flow. The system of some embodiments identifies the initiation of a new data flow by intercepting a socket call or request to transfer a file.

Abstract: Some embodiments of the invention provide a novel method of tunneling data packets. The method establishes a tunnel between a first forwarding element and a second forwarding element. For each data packet directed to the second forwarding element from the first forwarding element, the method encapsulates the data packet with a header that includes a tunnel option. The method then sends the data packet from the first forwarding element to the second forwarding element through the established tunnel. In some embodiments, the data packet is encapsulated using a protocol that is adapted to change with different control plane implementations and the implementations' varying needs for metadata.

Abstract: For a network control system that receives, from a user, logical datapath sets that logically express desired forwarding behaviors that are to be implemented by a set of managed switching elements, a controller for managing several managed switching elements that forward data in a network that includes the managed switching elements is described. The controller includes a set of modules for detecting a change in one or more managed switching elements and for updating logical datapath set based on the detected change. The logical datapath set is for subsequent translation into a set of physical forwarding behaviors of the managed switching elements.

Abstract: A method for upgrading a set of controller nodes in a controller cluster that manages a plurality of forwarding elements in a way that minimizes dataplane outages. The method of some embodiments upgrades the control applications of a subset of the controller nodes before upgrading a decisive controller node. Once the decisive controller node is upgraded, the method switches the controller cluster to use a new version of the control applications.

Abstract: Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. Each port in the virtual switches is associated with a private allocated network (PAN) from a group of possible PANs. In one embodiment, one or more PANs share the same physical media for data transmission. The intranet traffic within each PAN is not visible to nodes that are not connected to the each PAN. In another operation, the method defines addressing mode tables for the intranet traffic within each PAN. The entries in the addressing mode tables define addressing functions for routing the intranet traffic between the virtual switches, and different types of addressing functions are supported by the virtual switches.

Abstract: Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.

Abstract: A method for upgrading a set of controller nodes in a controller cluster that manages a plurality of forwarding elements in a way that minimizes dataplane outages. The method of some embodiments upgrades the control applications of a subset of the controller nodes before upgrading a decisive controller node. Once the decisive controller node is upgraded, the method switches the controller cluster to use a new version of the control applications.

Abstract: Some embodiments provide a system that detects whether a data flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiments detects an elephant flow by examining, among other items, the operations of a machine. In detecting, the system identifies an initiation of a new data flow associated with the machine. The new data flow can be an outbound data flow or an inbound data flow. The system then determines, based on the amount of data being sent or received, if the data flow is an elephant flow. The system of some embodiments identifies the initiation of a new data flow by intercepting a socket call or request to transfer a file.

Abstract: A particular network controller receives a first set of in-puts from the first controller and a second set of inputs from the second controller. The particular controller then starts to compute a set of out-puts using the first set of inputs. After a failure of the first controller, the particular controller receives a third set of inputs from the second controller. The third set of inputs and the first or second set of inputs makes up a group of inputs for being processed together and separately from another group of inputs. The particular controller then receives an indicator from the second controller, which indicates that all inputs of the group of inputs have arrived at the particular controller. After receiving the indicator and after computing the set of outputs completely, the particular controller sends the set of outputs to a fourth controller or to a managed forwarding element.

Abstract: Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. Each port in the virtual switches is associated with a private allocated network (PAN) from a group of possible PANs. In one embodiment, one or more PANs share the same physical media for data transmission. The intranet traffic within each PAN is not visible to nodes that are not connected to the each PAN. In another operation, the method defines addressing mode tables for the intranet traffic within each PAN. The entries in the addressing mode tables define addressing functions for routing the intranet traffic between the virtual switches, and different types of addressing functions are supported by the virtual switches.

Abstract: A particular network controller receives a first set of inputs from the first controller and a second set of inputs from the second controller. The particular controller then starts to compute a set of outputs using the first set of inputs. After a failure of the first controller, the particular controller receives a third set of inputs from the second controller. The third set of inputs and the first or second set of inputs makes up a group of inputs for being processed together and separately from another group of inputs. The particular controller then receives an indicator from the second controller, which indicates that all inputs of the group of inputs have arrived at the particular controller. After receiving the indicator and after computing the set of outputs completely, the particular controller sends the set of outputs to a fourth controller or to a managed forwarding element.

Abstract: Some embodiments provide a forwarding element that inspects the size of each of several packets in a data flow to determine whether the data flow is an elephant flow. The forwarding element inspects the size because, in order for the packet to be of a certain size, the data flow had to already have gone through a slow start in which smaller packets are transferred and by definition be an elephant flow. When the forwarding element receives a packet in a data flow, the forwarding element identifies the size of the packet. The forwarding element then determines if the size of the packet is greater than a threshold size. If the size is greater, the forwarding element specifies that the packet's data flow is an elephant flow.

Abstract: Some embodiments provide a method for identifying a realization status of one or more logical entities of a logical network. In some embodiments the method is implemented by a controller that controls network data communications in a logical network. The method receives a request for realization status of a set of logical entities at a particular point of time that is associated with a particular value of a realization number. The method determines whether configuration data up to the particular point of time for each logical entity in the set has been processed and distributed to a set of local controllers that operates on a set of host machines. The method returns a realization reply that includes a successful realization message when the configuration data up to the particular point in time for each logical entity in the set has been processed and distributed to the set of local controllers.

Abstract: Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. Upon receiving data that specifies the state of a logical entity of the logical network, the method publishes the logical entity state's data to the set of controllers. In some embodiments, the method queries the set of controllers for a realization status of the state data for a set of logical entities that is published to the set of controllers up to a particular point of time. The submitted query, in some embodiments, includes a particular value of the realization number associated with the particular point of time.

Abstract: A multi-layer policy framework for monitoring and enforcing policy is provided. The multi-layer policy framework receives the desired state of the policy at each layer and translates the desired state into a realized state for the layer. The desired state specifies the intent of the user and the realized specifies the specific actions that have to be performed in order to reach the desired state. The realized state at each layer is sent to the next lower layer as the desired state for the lower layer. At the lowest layer, the desired state is converted into a realized state that includes a set of rules used to enforce the policy. The set of rules are then enforced at different enforcement points at the lowest layer.

Abstract: For a managed network including first and second managed switching elements that implement logical data path sets, some embodiments provide a method that establishes, from the first managed switching element, a network tunnel through a network to the second managed switching element. The network includes a set of unmanaged switching elements. Through the network tunnel, the network forwards logical network data to the set of unmanaged switching elements for the set of unmanaged switching elements to forward to the second managed switching element. The logical network is hidden from the set of unmanaged switching elements when the logical network data is forwarded through the tunnel.

Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.