Abstract: Exemplary methods, apparatuses, and systems maintain network membership information for a host when it is disconnected from a controller. When the host detects a loss of connectivity with the network controller, the host identifies and selects one or more hosts that are members of a control logical network. The control logical network includes hosts configured to run data compute nodes that are members of the overlay network, regardless of whether or not each of the hosts is currently running a data compute node that is a member of the overlay network. The host then sends any broadcast, unknown destination, or multicast (BUM) data packet(s) to the selected one or more hosts.

Abstract: A system is provided that enables efficient traffic forwarding in a hypervisor. During operation, the hypervisor determines that a packet is from a first virtual machine (VM) running on the hypervisor and destined to a second VM running on a remote hypervisor. The hypervisor then includes a virtual local area network (VLAN) identifier of a transit VLAN (TVLAN) in a layer-2 header of the packet. The TVLAN is dedicated for inter-VM traffic associated with a distributed virtual routing (DVR) instance operating on the hypervisor and the remote hypervisor. Subsequently, the hypervisor sets a first media access control (MAC) address of the hypervisor as a source MAC address and a second MAC address of the remote hypervisor as a destination MAC address in the layer-2 header. The hypervisor then determines an egress port for the packet based on the second MAC address.

Abstract: The disclosure provides an approach for virtual computing instance (VCI) placement. Embodiments include receiving, by a resource optimization system, physical network interface (NIC) queue availability information relating to a plurality of host computers. Embodiments include determining, by the resource optimization system, physical NIC queue requirements of a VCI. Embodiments include selecting, by the resource optimization system, a target host computer for the VCI from the plurality of host computers based on the physical NIC queue availability information and the physical NIC queue requirements of the VCI. Embodiments include loading, by the resource optimization system, the VCI on the target host computer.

Abstract: Example methods and systems to register and manage a plug-in in a virtualized computing environment have been disclosed. One example method includes initiating a deployment process to deploy a virtual appliance configured to host the plug-in, pushing information associated with a user interface on a management entity to the virtual appliance to be one or more Open Virtual Appliance (OVA) environment properties, powering on the virtual appliance and registering and managing the plug-in on the management entity through the UI.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: Some embodiments provide a method for a set of central controllers that manages forwarding elements operating in a plurality of datacenters. The method receives a configuration for a bridge between (i) a logical L2 network that spans at least two datacenters and (ii) a physical L2 network. The configuration specifies a particular one of the datacenters for implementation of the bridge. The method identifies multiple managed forwarding elements that implement the logical L2 network and are operating in the particular datacenter. The method selects one of the identified managed forwarding elements to implement the bridge. The method distributes bridge configuration data to the selected managed forwarding element.

Abstract: Example methods are provided for a first host to maintain data-plane connectivity with a second host via a third host in a virtualized computing environment. The method may comprise identifying an intermediate host, being the third host, having data-plane connectivity with both the first host and the second host. The method may also comprise: in response to detecting, from a first virtualized computing instance supported by the first host, an egress packet that includes an inner header addressed to a second virtualized computing instance supported by the second host, generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first host to the third host instead of the second host; and sending the encapsulated packet to the third host for subsequent forwarding to the second host.

Abstract: An approach for securing a DHCP server against unauthorized client attacks in a SDN environment is presented. In an embodiment, a method comprises: determining a count of sub-interfaces implemented on an interface card of a virtual machine; setting a count of unique client identifiers for the virtual machine to zero; determining whether a dynamic host configuration protocol (DHCP) request has been received from the virtual machine; in response to determining that a DHCP request has been received from the virtual machine, incrementing the count of unique client identifiers; determining whether the count of unique client identifiers exceeds the count of sub-interfaces implemented on the interface card of the virtual machine; and in response to determining that the count of unique client identifiers does not exceed the count of sub-interfaces implemented on the interface card of the virtual machine, forwarding the DHCP request to an uplink port.

Abstract: A system is provided that enables efficient traffic forwarding in a hypervisor. During operation, the hypervisor determines that a packet is from a first virtual machine (VM) running on the hypervisor and destined to a second VM running on a remote hypervisor. The hypervisor then includes a virtual local area network (VLAN) identifier of a transit VLAN (TVLAN) in a layer-2 header of the packet. The TVLAN is dedicated for inter-VM traffic associated with a distributed virtual routing (DVR) instance operating on the hypervisor and the remote hypervisor. Subsequently, the hypervisor sets a first media access control (MAC) address of the hypervisor as a source MAC address and a second MAC address of the remote hypervisor as a destination MAC address in the layer-2 header. The hypervisor then determines an egress port for the packet based on the second MAC address.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: Example methods are provided for a first host to perform address resolution suppression in a logical network. The first host may support a first virtualized computing instance located on the logical network and a first hypervisor. The method may comprise the first hypervisor broadcasting a notification message within the logical network to trigger one or more control messages, and learning protocol-to-hardware address mapping information associated with multiple second virtualized computing instances located on the logical network based on the one or more control messages. The method may also comprise: in response to the first hypervisor detecting an address resolution request message that includes a protocol address associated with one of the multiple second virtualized computing instances, the first hypervisor generating and sending an address resolution response message to a first virtualized computing instance without broadcasting the address resolution request message on the logical network.

Abstract: The disclosure provides an approach for reliable and secure data delivery on a data plane of a network between virtual tunnel endpoints of hypervisors. The approach involves using the Bidirectional Forwarding Detection protocol to transport additional information without adding to network congestion. Data is added to periodic health-check packets and processed by the receiving side. The packets are further modified to set an echo bit and receive an acknowledgement of the packets' successful transmission to the destination side.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: Example methods are provided for a first host to restore control-plane connectivity with a network management entity. The method may comprise: detecting a loss of control-plane connectivity between the first host and the network management entity; and determining connectivity status information associated with one or more second hosts. The method may also comprise, based on the connectivity status information, selecting, from the one or more second hosts, a proxy host having data-plane connectivity with the first host and control-plane connectivity with the network management entity. The method may further comprise restoring control-plane connectivity between the first host with the network management entity via the proxy host such that the first host is able to send control information to, or receive control information from, the network management entity via the proxy host.

Abstract: Some embodiments provide a method for a set of central controllers that manages forwarding elements operating in a plurality of datacenters. The method receives a configuration for a bridge between (i) a logical L2 network that spans at least two datacenters and (ii) a physical L2 network. The configuration specifies a particular one of the datacenters for implementation of the bridge. The method identifies multiple managed forwarding elements that implement the logical L2 network and are operating in the particular datacenter. The method selects one of the identified managed forwarding elements to implement the bridge. The method distributes bridge configuration data to the selected managed forwarding element.

Abstract: Some embodiments provide a method for a set of central controllers that manages forwarding elements operating in a plurality of datacenters. The method receives a configuration for a bridge between (i) a logical L2 network that spans at least two datacenters and (ii) a physical L2 network. The configuration specifies a particular one of the datacenters for implementation of the bridge. The method identifies multiple managed forwarding elements that implement the logical L2 network and are operating in the particular datacenter. The method selects one of the identified managed forwarding elements to implement the bridge. The method distributes bridge configuration data to the selected managed forwarding element.

Abstract: The technology disclosed herein enables high availability bridging between Layer 2 (L2) networks. In a particular embodiment, a method includes high availability bridge cluster comprising a first bridge node and a second bridge node. The first and second bridge nodes include first and second active bridges and first and second standby bridges, respectively. The method provides, in the first active bridge, bridging network communications between two or more L2 networks. The second standby bridge acts as a failover bridge for the first active bridge. The method further provides generating a failure detection message that incorporates a hardware address of the first bridge node and transferring the failure detection message from the first bridge node to the second bridge node. In the second standby bridge, the method provides receiving the failure detection message and using the hardware address to synchronize bridging information between the first active bridge and the second standby bridge.

Abstract: The disclosure provides an approach for reliable and secure data delivery on a data plane of a network between virtual tunnel endpoints of hypervisors. The approach involves using the Bidirectional Forwarding Detection protocol to transport additional information without adding to network congestion. Data is added to periodic health-check packets and processed by the receiving side. The packets are further modified to set an echo bit and receive an acknowledgement of the packets' successful transmission to the destination side.

Abstract: Some embodiments provide a method for a network manager that manages multiple managed forwarding elements at a particular datacenter. The method receives a configuration for a bridge between a logical L2 network that spans at least two datacenters and physical L2 networks at one or more of the spanned datacenters. The configuration includes a generic physical network identifier. The method maps the generic physical network identifier to a particular physical L2 network at the particular datacenter. The generic physical network identifier maps to other physical networks at other spanned datacenters. The method provides the configuration to a set of central controllers using an identifier for the particular physical L2 network. The set of central controllers configures a managed forwarding element operating at the particular datacenter to implement the bridge to bridge packets between the logical L2 network and the particular physical L2 network.

Abstract: Some embodiments provide a method for a set of central controllers that manages forwarding elements operating in a plurality of datacenters. The method receives a configuration for a bridge between (i) a logical L2 network that spans at least two datacenters and (ii) a physical L2 network. The configuration specifies a particular one of the datacenters for implementation of the bridge. The method identifies multiple managed forwarding elements that implement the logical L2 network and are operating in the particular datacenter. The method selects one of the identified managed forwarding elements to implement the bridge. The method distributes bridge configuration data to the selected managed forwarding element.