Abstract: Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. The method selects several host machines to host a L3 gateway that implements the connection to the external network for the logical router from a set of host machines designated for hosting logical routers. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the L3 gateway to the selected host machines. The data tuples specify for the managed forwarding elements to distribute the data packets across the selected host machines.

Abstract: Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner IP address, anycast MAC address, and to associate with a same anycast VTEP IP address. In some embodiments, the modules are operating in an active-active mode and all nodes running modules advertise the anycast VTEP IP addresses with equal local preference. In some embodiments, modules are operating in active-standby mode and the node running the active module advertises the anycast VTEP IP address with higher local preference.

Abstract: Some embodiments provide a method for applying a security policy defined for a logical network to an MHFE that integrates physical workloads (e.g., physical machines connected to the MHFE) with the logical network. The method applies the security policy to the MHFE by generating a set of ACL rules based on the security policy's definition and configuring the MHFE to apply the ACL rules on the network traffic that is forwarded to and/or from the physical machines. In order to configure an MHFE to implement the different LFEs of a logical network, some embodiments propagate an open source database stored on the MHFE, using an open source protocol. Some embodiments propagate a particular table of the database such that each record of the table creates an association between a port of an LFE stored in a logical forwarding table and one or more ACL rules stored in an ACL table.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

Abstract: Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. The method selects several host machines to host a L3 gateway that implements the connection to the external network for the logical router from a set of host machines designated for hosting logical routers. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the L3 gateway to the selected host machines. The data tuples specify for the managed forwarding elements to distribute the data packets across the selected host machines.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

Abstract: Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. The method selects several host machines to host a L3 gateway that implements the connection to the external network for the logical router from a set of host machines designated for hosting logical routers. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the L3 gateway to the selected host machines. The data tuples specify for the managed forwarding elements to distribute the data packets across the selected host machines.

Abstract: Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that includes a logical router. The method selects at least two host machines to implement a routing table for the logical router from several host machines designated for hosting logical routers. The selected host machines include a designated master host machine for the routing table. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the routing table to the selected host machines. The data tuples specify an order for the selected host machines with the designated master host machine as the first host machine in the specified order.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines hosting virtual machines that connect to each other through a logical network. The network system includes a second set of host machines hosting virtualized containers that operate as gateways to process packets entering the logical network from external sources. Each of the virtualized containers advertises itself to an external router as a next hop for packets entering the logical network such that the external router uses equal-cost multi-path forwarding to distribute the packets across the virtualized containers on the second set of host machines.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines hosting virtual machines that connect to each other through a logical network. The network system includes a second set of host machines hosting virtualized containers that operate as gateways to process packets entering the logical network from external sources. Each of the virtualized containers advertises itself to an external router as a next hop for packets entering the logical network such that the external router uses equal-cost multi-path forwarding to distribute the packets across the virtualized containers on the second set of host machines.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

Abstract: Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. The method selects several host machines to host a L3 gateway that implements the connection to the external network for the logical router from a set of host machines designated for hosting logical routers. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the L3 gateway to the selected host machines. The data tuples specify for the managed forwarding elements to distribute the data packets across the selected host machines.

Abstract: Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that includes a logical router. The method selects at least two host machines to implement a routing table for the logical router from several host machines designated for hosting logical routers. The selected host machines include a designated master host machine for the routing table. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the routing table to the selected host machines. The data tuples specify an order for the selected host machines with the designated master host machine as the first host machine in the specified order.