Abstract: Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (MHFEs) in a transactional manner. The transactional communication methods of some embodiments ensure that an MHFE receives the entirety of a control plane update that a controller supplies to it, before the MHFE starts to modify its data plane forwarding data and operations. The transactional communication methods of some embodiments provide one or more transactional boundary controls to the controllers to define complete control plane data set updates. In some embodiments, the transactional controls ensure that an MHFE receives all of a control plane update before it starts to modify its data plane forwarding data. Controllers use one transactional control in some embodiments when they define logical forwarding elements (e.g., logical switches or routers) on the MHFEs.

Abstract: The network control system of some embodiments implements logical port classifications to implement different features of logical networks onto a physical network. The network control system of some embodiments modifies flow entries at forwarding elements of the physical network to implement the logical network. The network control system classifies logical source and destination ports into disjoint equivalence classes for logical network flows in a virtualized network, and encodes this information in the tunneled traffic carrying the logical flow. The network control system of some such embodiments provides logical port classifications to minimize the necessary flow entries at each forwarding element of the physical network.

Abstract: Some embodiments provide a method for a network controller that manages several logical networks. The method receives a specification of a logical network that includes at least one logical forwarding element attached to a logical service (e.g., DHCP). The method selects at least one host machine to host the specified logical service from several host machines designated for hosting logical services. The method generates logical service configuration information for distribution to the selected host machine. In some embodiments, the method selects a master host machine and a backup host machine for hosting logical service. In some embodiments, a particular one of the designated host machines hosts at least two DHCP services for two different logical networks as separate processes operating on the particular host machine.

Abstract: Some embodiments provide a method for configuring a hardware switch to implement a security policy associated with a logical router of a logical network. The method receives a logical router definition. The logical router logically connects a physical machine, connected to a physical port of the hardware switch, to several VMs that execute on a set of host machines. The method defines a set of routing components for the logical router, each of which, has several interfaces. The method receives a security policy that includes a set of security rules for the physical machine and populates an ACL table with ACL rules data generated based on the received set of security rules. The method then for at least one interface of one of the routing components, generates linking data that links a set of one or more ACL rules in the ACL table to the interface of the routing component.

Abstract: Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

Abstract: A method for configuring a managed hardware forwarding element (MHFE) to perform packet forwarding operations for a logical network is described. The method receives data for the logical network that defines a logical router and a set of logical switches for logically connecting several end machines that operate on different host machines to several physical machines that are connected to the MHFE. The method defines multiple routing components for the logical router, where each routing component includes a separate set of logical ports. The method then configures a forwarding table on the MHFE by populating the forwarding table with tunnel endpoint data for each logical port of each routing component of the logical router that is associated with a logical port of a logical switch. The tunnel endpoint data populated for logical ports of one routing component indicate that no tunnel should be established for any of the logical ports.

Abstract: A method for configuring an edge MHFE for a logical network to communicate with other networks is described. The method receives data for the logical network that defines a logical router and a set of logical switches for logically connecting several end machines that operate on different host machines. The method, based on the received logical network data, identifies a physical port of the MHFE to bind a logical uplink port of the logical router to the identified physical port. The uplink port is for connecting the logical router to the external network. The method then binds the logical uplink port to the identified physical port by defining an uplink logical switch with a logical port that is associated with the identified physical port and assigning network and data link addresses of the logical uplink port to the logical port of the uplink logical switch.

Abstract: For a network with host machines that are hosting virtual machines, a method for facilitating BUM (broadcast, unknown unicast, and multicast) traffic between a hardware switch (e.g., ToR switch) and the host machines is provided. The network has a set of host machines configured as a cluster of replicators for replicating BUM traffic from the hardware switch to the host machines. A set of network controllers establishes failure-detection tunnels for links between the hardware switch and the replicator cluster. The replicator cluster informs the set of controllers of a change in the membership of the replicator cluster to initiate an update to the active failure-detection sessions. The set of network controllers communicates with the replicator cluster and a ToR switch to establish bidirectional forwarding detection (BFD) sessions between one or more replicator nodes in the replicator cluster and the ToR switch.

Abstract: A method for providing a “just-in-time” distributed capability for classification encoding is described. When a source transport node processes a new flow (a flow for the first time), the source transport node in some embodiments sends a metadata packet “just-in-time” to the destination transport node to propagate the classification encoding to use for the given flow.

Abstract: Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

Abstract: Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (MHFEs) in a transactional manner. The transactional communication methods of some embodiments ensure that an MHFE receives the entirety of a control plane update that a controller supplies to it, before the MHFE starts to modify its data plane forwarding data and operations. The transactional communication methods of some embodiments provide one or more transactional boundary controls to the controllers to define complete control plane data set updates. In some embodiments, the transactional controls ensure that an MHFE receives all of a control plane update before it starts to modify its data plane forwarding data. Controllers use one transactional control in some embodiments when they define logical forwarding elements (e.g., logical switches or routers) on the MHFEs.

Abstract: Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (MHFEs) in a transactional manner. The transactional communication methods of some embodiments ensure that an MHFE receives the entirety of a control plane update that a controller supplies to it, before the MHFE starts to modify its data plane forwarding data and operations. The transactional communication methods of some embodiments provide one or more transactional boundary controls to the controllers to define complete control plane data set updates. In some embodiments, the transactional controls ensure that an MHFE receives all of a control plane update before it starts to modify its data plane forwarding data. Controllers use one transactional control in some embodiments when they define logical forwarding elements (e.g., logical switches or routers) on the MHFEs.

Abstract: Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (MHFEs) in a transactional manner. The transactional communication methods of some embodiments ensure that an MHFE receives the entirety of a control plane update that a controller supplies to it, before the MHFE starts to modify its data plane forwarding data and operations. The transactional communication methods of some embodiments provide one or more transactional boundary controls to the controllers to define complete control plane data set updates. In some embodiments, the transactional controls ensure that an MHFE receives all of a control plane update before it starts to modify its data plane forwarding data. Controllers use one transactional control in some embodiments when they define logical forwarding elements (e.g., logical switches or routers) on the MHFEs.

Abstract: A novel method that uses the source port field in the transport or connection layer (L4) header to encode control plane information is provided. Specifically, the method encodes control plane information in UDP or TCP source port field of data plane tunnels in an overlay network such as VXLAN. Network virtualization is implemented by a network controller over an overlay network on the physical fabric. The network controller provides a mapping table to the data plane hosts for mapping the encoded bits in the source port field to semantically richer information. The data plane hosts in turn uses the encoded source bits and the mapping table to infer this semantically richer information. This semantically richer information is used to allow receivers of proxied traffic to learn the address of the original sender. The semantically richer information can also be used to enable ECMP for the transmitted packets.

Abstract: Some embodiments provide an ARP-offload service node for several managed hardware forwarding elements (MHFEs) in a datacenter in order to offload ARP query processing by the MHFEs. The MHFEs are managed elements because one or more network controllers (e.g., one or more management servers) send configuration data to the MHFEs to configure their operations. In some of these embodiments, the network controllers configure the MHFEs to create logical forwarding elements (e.g., logical switches, logical routers, etc.) each of which can span two or more managed forwarding elements.

Abstract: Some embodiments provide a novel method for a network control system (or controllers of the network control system) to manage a set of hardware Virtual Tunnel End Points (VTEPs) used to implement a logical network. Many network devices or entities (such as interfaces or transport nodes) have a functionality to mark the device or entity as “administratively down”. In that mode, such a device does not participate in any further forwarding in the dataplane, until it is marked as administratively up. This feature is often used to troubleshoot networks, and/or to remove misbehaving or faulty devices.

Abstract: Some embodiments provide a novel method of configuring a managed hardware forwarding element (MHFE) that implements a logical forwarding element (LFE) of a logical network to handle address resolution requests (e.g., Address Resolution Protocol (ARP) requests) for multiple addresses (e.g., IP addresses) associated with a single network interface of the logical network. The method identifies a physical port of the MHFE with which the multiple addresses are to be associated. The physical port is coupled to an end machine (e.g., a virtual machine, server, container, etc.) of the logical network. The method then modifies associations stored at the MHFE to associate the physical port with the multiple addresses.

Abstract: Some embodiments provide, for a first controller application, a method for configuring a managed hardware forwarding element (MHFE) to implement one or more logical networks. The method of some embodiments receives logical network data that defines at least one logical forwarding element of a logical network to be implemented by the MHFE. The method then identifies a set of tables of a database instance that is instantiated on the MHFE in order to distribute the logical network data to the MHFE. In some embodiments, the method monitors the identified set of tables in order to determine whether a second controller application updates any one of the set of tables. The method distributes the logical network data to the MHFE so long as none of the tables in the set of tables is updated by the second controller application.

Abstract: Some embodiments of the invention provide a novel method for interfacing between a first tuple-based controller and a second controller using a message-based protocol. The method of some embodiments identifies a set of changed tuples stored in a set of output tables, generates a set of messages based on the changed tuples, and sends the generated set of messages to a second controller. In some embodiments, the first and second controllers are parts of a network control system that manages forwarding elements to implement a logical network.

Abstract: A method for learning a MAC address of an end machine that is logically connected to a logical network is described. The method receives configuration data for implementing a distributed logical router having different logical ports each of which is associated with a logical port of a logical switch. The method receives a packet through a first logical port of the logical router that has a destination IP address associated with a particular logical switch that is associated with a second logical port of the logical router. In order to learn the MAC address of the end machine, the method sends a first broadcast packet with a first source MAC address to a first set of forwarding elements that implements the particular logical switch, and sends a second broadcast packet with a second source MAC address to a second set of forwarding elements that also implements the particular logical switch.