Abstract: Some embodiments provide a method for a first smart NIC of multiple smart NICs of a host computer. Each of the smart NICs executes a smart NIC operating system that performs networking operations for a set of data compute machines executing on the host computer. When the first smart NIC identifies itself as an active smart NIC for the host computer, the first smart NIC sends a first message through a datapath to a second smart NIC to verify whether the second smart NIC identifies as an active smart NIC or a standby smart NIC. If the second smart NIC sends a reply second message to the first smart NIC through the datapath, the first smart NIC (i) determines that the second smart NIC identifies as a standby smart NIC and (ii) operates to process data traffic sent to and from the host computer as the active smart NIC.

Abstract: Example methods and systems for receive side scaling (RSS) are described. In one example, a computer system may generate and send instruction(s) to the programmable physical network interface controller (PNIC) to configure a first flow entry that associates a first packet flow with a first queue and a second flow entry that associates a second packet flow with a second queue. In response to receiving a first packet that is associated with the first packet flow, the programmable PNIC may match the first packet with the first flow entry and steer the first packet towards the first queue for processing by a first processing thread. In response to receiving a second packet that is associated with the second packet flow, the programmable PNIC may match the second packet with the second flow entry and steer the second packet towards the second queue for processing by a second processing thread.

Abstract: Some embodiments of the invention provide a method of migrating a virtual machine (VM) from a first host computer to a second host computer, the first host computer having a first PNIC, the second host computer having a second PNIC, the first and second PNICs for performing at least one of network forwarding operations and middlebox service operations for the VM. At an RDMA client executing on a set of one or more processors of the second PNIC, the method receives a notification from the second host computer indicating a data migration that is performed to migrate the particular VM from the first host computer to the second host computer has started. Based on the notification, at the RDMA client, the method directs an RDMA server executing on the first PNIC to provide networking state data associated with at least one of network forwarding operations and middlebox service operations that the first PNIC performs for the VM.

Abstract: Some embodiments of the invention provide a method of migrating a VM from a first host computer to a second host computer, the first host computer having a first PNIC that performs at least one of network forwarding operations and middlebox service operations for the VM. At an RDMA client executing on a set of one or more processors of the first host computer, the method directs an RDMA server executing on the first PNIC to provide networking state data associated with at least one of network forwarding operations and middlebox service operations that the first PNIC performs for the VM. The provided networking state data resides in a memory of the first PNIC that is accessible to the RDMA server. At the RDMA client, the method provides the obtained networking state data to the second host computer as part of a data migration that is performed to migrate the VM from the first host computer to the second host computer.

Abstract: Described herein are systems, methods, and software to manage the deployment of virtual machines based on smart network interface connector (SmartNIC) resource availability. In one implementation, a management service identifies a request to deploy a virtual machine in a computing environment. The management service further identifies SmartNIC resource requirement information associated with the virtual machine and identifies resource availability information associated with SmartNICs on hosts in the computing environment. The management service also selects a host from the hosts for the virtual machine based on the SmartNIC resource requirement information and the resource availability information.

Abstract: Some embodiments provide a novel method of migrating a particular virtual machine (VM) from a first host computer to a second host computer. The first host computer of some embodiments has a physical network interface card (PNIC) that performs at least one of network forwarding operations and middlebox service operations for the particular VM. The first host computer sends, to the PNIC of the first host computer, a request for state information relating to at least one of network forwarding operations and middlebox service operations that the PNIC performs for the particular VM. The first host computer receives the state information from the PNIC. The first host computer provides the state information received from the PNIC to the second host computer as part of a data migration that is performed to migrate the particular VM from the first host computer to the second host computer.

Abstract: Systems and methods for dynamic migration between Receive Side Scaling (RSS) engine states include monitoring a traffic load of a first shared RSS engine of a physical network interface card (PNIC) of a host machine, the first shared RSS engine being shared among a first plurality of virtual machines (VMs) running on the host machine, determining the traffic load of the first shared RSS engine exceeds a threshold, and, in response to determining that the traffic load of the first shared RSS engine exceeds the threshold, migrating a first VM of the first plurality of VMs to either a dedicated RSS engine of the PNIC or to a second shared RSS engine of the PNIC.

Abstract: Exemplary methods, apparatuses, and systems maintain network membership information for a host when it is disconnected from a controller. When the host detects a loss of connectivity with the network controller, the host identifies and selects one or more hosts that are members of a control logical network. The control logical network includes hosts configured to run data compute nodes that are members of the overlay network, regardless of whether or not each of the hosts is currently running a data compute node that is a member of the overlay network. The host then sends any broadcast, unknown destination, or multicast (BUM) data packet(s) to the selected one or more hosts.

Abstract: A system is provided that enables efficient traffic forwarding in a hypervisor. During operation, the hypervisor determines that a packet is from a first virtual machine (VM) running on the hypervisor and destined to a second VM running on a remote hypervisor. The hypervisor then includes a virtual local area network (VLAN) identifier of a transit VLAN (TVLAN) in a layer-2 header of the packet. The TVLAN is dedicated for inter-VM traffic associated with a distributed virtual routing (DVR) instance operating on the hypervisor and the remote hypervisor. Subsequently, the hypervisor sets a first media access control (MAC) address of the hypervisor as a source MAC address and a second MAC address of the remote hypervisor as a destination MAC address in the layer-2 header. The hypervisor then determines an egress port for the packet based on the second MAC address.

Abstract: The disclosure provides an approach for virtual computing instance (VCI) placement. Embodiments include receiving, by a resource optimization system, physical network interface (NIC) queue availability information relating to a plurality of host computers. Embodiments include determining, by the resource optimization system, physical NIC queue requirements of a VCI. Embodiments include selecting, by the resource optimization system, a target host computer for the VCI from the plurality of host computers based on the physical NIC queue availability information and the physical NIC queue requirements of the VCI. Embodiments include loading, by the resource optimization system, the VCI on the target host computer.

Abstract: Example methods and systems to register and manage a plug-in in a virtualized computing environment have been disclosed. One example method includes initiating a deployment process to deploy a virtual appliance configured to host the plug-in, pushing information associated with a user interface on a management entity to the virtual appliance to be one or more Open Virtual Appliance (OVA) environment properties, powering on the virtual appliance and registering and managing the plug-in on the management entity through the UI.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: Some embodiments provide a method for a set of central controllers that manages forwarding elements operating in a plurality of datacenters. The method receives a configuration for a bridge between (i) a logical L2 network that spans at least two datacenters and (ii) a physical L2 network. The configuration specifies a particular one of the datacenters for implementation of the bridge. The method identifies multiple managed forwarding elements that implement the logical L2 network and are operating in the particular datacenter. The method selects one of the identified managed forwarding elements to implement the bridge. The method distributes bridge configuration data to the selected managed forwarding element.

Abstract: Example methods are provided for a first host to maintain data-plane connectivity with a second host via a third host in a virtualized computing environment. The method may comprise identifying an intermediate host, being the third host, having data-plane connectivity with both the first host and the second host. The method may also comprise: in response to detecting, from a first virtualized computing instance supported by the first host, an egress packet that includes an inner header addressed to a second virtualized computing instance supported by the second host, generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first host to the third host instead of the second host; and sending the encapsulated packet to the third host for subsequent forwarding to the second host.

Abstract: An approach for securing a DHCP server against unauthorized client attacks in a SDN environment is presented. In an embodiment, a method comprises: determining a count of sub-interfaces implemented on an interface card of a virtual machine; setting a count of unique client identifiers for the virtual machine to zero; determining whether a dynamic host configuration protocol (DHCP) request has been received from the virtual machine; in response to determining that a DHCP request has been received from the virtual machine, incrementing the count of unique client identifiers; determining whether the count of unique client identifiers exceeds the count of sub-interfaces implemented on the interface card of the virtual machine; and in response to determining that the count of unique client identifiers does not exceed the count of sub-interfaces implemented on the interface card of the virtual machine, forwarding the DHCP request to an uplink port.

Abstract: A system is provided that enables efficient traffic forwarding in a hypervisor. During operation, the hypervisor determines that a packet is from a first virtual machine (VM) running on the hypervisor and destined to a second VM running on a remote hypervisor. The hypervisor then includes a virtual local area network (VLAN) identifier of a transit VLAN (TVLAN) in a layer-2 header of the packet. The TVLAN is dedicated for inter-VM traffic associated with a distributed virtual routing (DVR) instance operating on the hypervisor and the remote hypervisor. Subsequently, the hypervisor sets a first media access control (MAC) address of the hypervisor as a source MAC address and a second MAC address of the remote hypervisor as a destination MAC address in the layer-2 header. The hypervisor then determines an egress port for the packet based on the second MAC address.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: Example methods are provided for a first host to perform address resolution suppression in a logical network. The first host may support a first virtualized computing instance located on the logical network and a first hypervisor. The method may comprise the first hypervisor broadcasting a notification message within the logical network to trigger one or more control messages, and learning protocol-to-hardware address mapping information associated with multiple second virtualized computing instances located on the logical network based on the one or more control messages. The method may also comprise: in response to the first hypervisor detecting an address resolution request message that includes a protocol address associated with one of the multiple second virtualized computing instances, the first hypervisor generating and sending an address resolution response message to a first virtualized computing instance without broadcasting the address resolution request message on the logical network.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: The disclosure provides an approach for reliable and secure data delivery on a data plane of a network between virtual tunnel endpoints of hypervisors. The approach involves using the Bidirectional Forwarding Detection protocol to transport additional information without adding to network congestion. Data is added to periodic health-check packets and processed by the receiving side. The packets are further modified to set an echo bit and receive an acknowledgement of the packets' successful transmission to the destination side.