Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.

Abstract: Some embodiments provide a forwarding element that inspects the size of each of several packets in a data flow to determine whether the data flow is an elephant flow. The forwarding element inspects the size because, in order for the packet to be of a certain size, the data flow had to already have gone through a slow start in which smaller packets are transferred and by definition be an elephant flow. When the forwarding element receives a packet in a data flow, the forwarding element identifies the size of the packet. The forwarding element then determines if the size of the packet is greater than a threshold size. If the size is greater, the forwarding element specifies that the packet's data flow is an elephant flow.

Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.

Abstract: Some embodiments provide a forwarding element that inspects the size of each of several packets in a data flow to determine whether the data flow is an elephant flow. The forwarding element inspects the size because, in order for the packet to be of a certain size, the data flow had to already have gone through a slow start in which smaller packets are transferred and by definition be an elephant flow. When the forwarding element receives a packet in a data flow, the forwarding element identifies the size of the packet. The forwarding element then determines if the size of the packet is greater than a threshold size. If the size is greater, the forwarding element specifies that the packet's data flow is an elephant flow.

Abstract: Some embodiments of the invention provide a method of tunneling a data packet by encapsulating the data packet with a protocol header and specifying information in the fields of the header in a manner that a network switch can offload processing tasks to its network interface controller. The switch on a transmit side sends the processed data packet through the tunnel to another switch on a receive side. The two sides represent the two ends of the tunnel established between the two switches. Each of the transmit and received side switches is controlled by a switch controller, which in some embodiments is implemented as software. The switch controllers and network interface controllers together process the data packet which is being transferred through the tunnel between the switches.

Abstract: A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.

Abstract: Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. Each port in the virtual switches is associated with a private allocated network (PAN) from a group of possible PANs. In one embodiment, one or more PANs share the same physical media for data transmission. The intranet traffic within each PAN is not visible to nodes that are not connected to the each PAN. In another operation, the method defines addressing mode tables for the intranet traffic within each PAN. The entries in the addressing mode tables define addressing functions for routing the intranet traffic between the virtual switches, and different types of addressing functions are supported by the virtual switches.

Abstract: Some embodiments of the invention provide a novel method of tunneling data packets. The method establishes a tunnel between a first forwarding element and a second forwarding element. For each data packet directed to the second forwarding element from the first forwarding element, the method encapsulates the data packet with a header that includes a tunnel option. The method then sends the data packet from the first forwarding element to the second forwarding element through the established tunnel. In some embodiments, the data packet is encapsulated using a protocol that is adapted to change with different control plane implementations and the implementations' varying needs for metadata.

Abstract: Some embodiments of the invention provide a method of tunneling a data packet by encapsulating the data packet with a protocol header and specifying information in the fields of the header in a manner that a network switch can offload processing tasks to its network interface controller. The switch on a transmit side sends the processed data packet through the tunnel to another switch on a receive side. The two sides represent the two ends of the tunnel established between the two switches. Each of the transmit and received side switches is controlled by a switch controller, which in some embodiments is implemented as software. The switch controllers and network interface controllers together process the data packet which is being transferred through the tunnel between the switches.

Abstract: A network control system for managing a plurality of managed switching elements that implement a plurality of logical datapath sets. The network control system includes a first controller instance that manages the logical datapath sets by generating, based on logical forwarding plane data, physical control plane data. The network control system also includes a second controller instance that manages the managed switching elements by receiving physical control plane data and sending the physical control plane data to the switching elements.

Abstract: Some embodiments of the invention provide a novel method of tunneling data packets. The method establishes a tunnel between a first forwarding element and a second forwarding element. For each data packet directed to the second forwarding element from the first forwarding element, the method encapsulates the data packet with a header that includes a tunnel option. The method then sends the data packet from the first forwarding element to the second forwarding element through the established tunnel. In some embodiments, the data packet is encapsulated using a protocol that is adapted to change with different control plane implementations and the implementations' varying needs for metadata.

Abstract: Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. Each port in the virtual switches is associated with a private allocated network (PAN) from a group of possible PANs. In one embodiment, one or more PANs share the same physical media for data transmission. The intranet traffic within each PAN is not visible to nodes that are not connected to the each PAN. In another operation, the method defines addressing mode tables for the intranet traffic within each PAN. The entries in the addressing mode tables define addressing functions for routing the intranet traffic between the virtual switches, and different types of addressing functions are supported by the virtual switches.

Abstract: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes (1) a first controller for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data, (2) a second controller for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element, and (3) a third controller for receiving UPCP data generated by the first controller instance, identifying the second controller as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller. Each controller includes a network information base (NIB) storage for exchanging data with another controller instance.

Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.

Abstract: For a particular controller for managing managed forwarding elements that forward data in a network, a method for computing forwarding state using a set of inputs from a first controller and a second controller that is a back up controller for the first controller is described. The method receives a first subset of the set of inputs from the first controller. After failure of the first controller, the method receives a second subset of the set of inputs from the second controller. At least one input of the second subset of the set of inputs is duplicative of an input in the first subset. The method computes forwarding state using the first and second subsets of the inputs but without using the duplicative input.

Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.

Abstract: A method creates a distributed virtual switch (DVswitch) and distributed virtual ports (DVports) for the DVswitch. The DVswitch binds virtual switches in a collection of hosts together in a software abstraction. Also, the DVports are available for connection by virtual network interface cards (VNICs) of virtual machines in the collection of hosts. A request is received for a connection of a virtual network interface card (VNIC) of a virtual machine for a host in the collection of hosts to a DVport. If the requested DVport is available, the method provides connection information for the requested DVport to the host to allow the host to connect the requested DVport to the VNIC. The DVport stores a runtime state for a virtual port associated with a virtual switch for the host and the virtual switch forwards network frames between the VNIC and a physical network interface card (NIC).

Abstract: Some embodiments provide a network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. Each controller instance includes a network information base (NIB) storage for storing data and exchanging data with the other controller instance.

Abstract: Some embodiments provide a network system that includes a first network and a second network. The first network includes several unmanaged switching elements. The second network includes several managed switching elements. The network system includes a particular managed switching element for communicating network data between the first and second networks.

Abstract: A network control system for managing several switching elements. The network control system includes first and second controllers for generating data for managing first and second sets of switching elements. The first controller is further for serving as a master controller of the first set of switching elements. The second controller is further for serving as a master controller of the second set of switching elements. The master controller for a particular set of switching elements is the only controller that is allowed to propagate data to the particular set of switching elements data for managing the particular set of switching elements.