Abstract: A method to offload network function packet processing from a virtual machine onto an offload destination is disclosed. In an embodiment, a method comprises: defining an application programing interface (“API”) for capturing, in a packet processor offload, a network function packet processing for a data flow by specifying how to perform the network function packet processing on data packets that belong to the data flow. Based on capabilities of the packet processor offload and available resources, a packet processing offload destination is selected. Based at least on the API, the packet processor offload for the packet processing offload destination is generated. The packet processor offload is downloaded to the packet processing offload destination to configure the packet processing offload destination to provide the network function packet processing on the data packets that belong to the data flow. The packet processing offload destination is a PNIC or a hypervisor.

Abstract: Some embodiments of the invention provide a method for offloading one or more data message processing services from a machine executing on a host computer. The method is performed at a virtual network interface card (VNIC) that executes on the host computer and is connected to the machine. The method receives, through a communications channel between the machine and the VNIC, (1) configuration data associated with processing data messages belonging to a particular data message flow associated with the machine, and (2) a set of service rules defined for the particular data message flow. The method determines that a first data message received at the VNIC belongs to the particular data message flow and matches at least one service rule in the set of service rules. The method performs, on the first data message, a service specified by the at least one service rule.

Abstract: Some embodiments of the invention provide a method for offloading one or more data message processing services from a machine executing on a host computer. The method is performed by the machine. The method uses a set of virtual resources allocated to the machine to perform a set of services for a first set of data messages belonging to a particular data message flow. The method determines that for a second set of data messages belonging to the particular data message flow, the set of services should be performed by a virtual network interface card (VNIC) that executes on the host computer and is attached to the machine. Based on the determination, the method directs the VNIC to perform the set of services for the second set of data messages. The VNIC uses resources of the host computer to perform the set of services for the second set of data messages.

Abstract: Some embodiments of the invention provide a method for offloading one or more data message processing services from a machine executing on a host computer. The method is performed at a virtual network interface card (VNIC) that executes within a set of virtualization software executing on the host computer and that is connected to the machine. The method uses a set of configuration data received from the machine to perform the set of data message processing services for a first set of data messages belonging to a particular data message flow associated with the machine. The method determines that a physical network interface card (PNIC) connected to the host computer is available to perform the set of data message processing services for a subsequent second set of data messages belonging to the particular data message flow. The method directs the PNIC to perform the set of data message processing services for subsequent data messages belonging to the particular data message flow.

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an egress packet associated with a packet flow via a first virtual function supported by the PNIC. The PNIC may steer the egress packet towards a processing pipeline by applying a filter associated with the first virtual function or content of the egress packet, or both. The egress packet may be processed using the processing pipeline to generate a processed packet by (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC and (b) performing one or more actions according to the logical network policy. The processed packet may be forwarded towards the destination via a second virtual function supported by the PNIC or a physical network connected to the PNIC.

Abstract: The disclosure provides an approach for segmenting a user datagram protocol (UDP) packets. A method includes generating the UDP packet, containing UDP data, at a virtual computing instance (VCI) running on a host machine; sending the UDP packet from the VCI to a hypervisor running on the host machine; after sending the UDP packet to the hypervisor, segmenting the UDP packet into a plurality of UDP segments, wherein each of the plurality of UDP segments includes a portion of the UDP data and a UDP header; and transmitting the plurality of UDP segments, over a network, to a destination of the UDP packet.

Abstract: The disclosure provides an approach for segmenting a user datagram protocol (UDP) packets. A method includes generating the UDP packet, containing UDP data, at a virtual computing instance (VCI) running on a host machine; sending the UDP packet from the VCI to a hypervisor running on the host machine; after sending the UDP packet to the hypervisor, segmenting the UDP packet into a plurality of UDP segments, wherein each of the plurality of UDP segments includes a portion of the UDP data and a UDP header; and transmitting the plurality of UDP segments, over a network, to a destination of the UDP packet.

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an ingress encapsulated packet associated with a packet flow via a physical network. The ingress encapsulated packet may include an outer header and an inner packet that is destined for a virtualized computing instance. The ingress encapsulated packet may be steered towards a processing pipeline for processing to generate a processed packet. The processing pipeline may include (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC; and (b) performing decapsulation to remove the outer header and one or more actions on the inner packet according to the logical network policy. The processed packet may be forwarded towards the virtualized computing instance via a virtual function supported by the PNIC or a physical network connected to the PNIC.

Abstract: Example methods and systems for a programmable virtual network interface controller (VNIC) to perform packet processing are described. In one example, the programmable VNIC may modify a packet processing pipeline based on the instruction. The modification may include injecting a second packet processing stage among the multiple first packet processing stages of the packet processing pipeline. In response to detecting an ingress packet that requires processing by the programmable VNIC, the ingress packet may be steered towards the modified packet processing pipeline. The ingress packet may then be processed using the modified packet processing pipeline by performing the second packet processing stage (a) to bypass at least one of the multiple first processing stages, or (b) in addition to the multiple first processing stages.

Abstract: Example methods and systems for a programmable virtual network interface controller (VNIC) to perform packet processing are described. In one example, the programmable VNIC may modify a packet processing pipeline based on the instruction. The modification may include injecting a second packet processing stage among the multiple first packet processing stages of the packet processing pipeline. In response to detecting an ingress packet that requires processing by the programmable VNIC, the ingress packet may be steered towards the modified packet processing pipeline. The ingress packet may then be processed using the modified packet processing pipeline by performing the second packet processing stage (a) to bypass at least one of the multiple first processing stages, or (b) in addition to the multiple first processing stages.

Abstract: Example methods and systems for packet handling based on a multiprocessor architecture configuration are provided. One example method may comprise: in response to receiving a first ingress packet that requires processing by a first virtual central processing unit (VCPU) running on the first node, steering the first ingress packet towards a first receive (RX) queue and performing local memory access on the first node to access the first ingress packet from the first RX queue. The method may also comprise: in response to receiving a second ingress packet that requires processing by a second VCPU running on the second node, steering the second ingress packet towards a second RX queue and performing local memory access on the second node to access the second ingress packet from the second RX queue.

Abstract: Example methods and computer systems are provided for filter-based packet handling at a virtual network adapter. The method may comprise: receiving an ingress packet destined for the virtualized computing instance that is supported by the host and connected to the virtual network adapter; and matching the ingress packet to one of multiple filters configured for the virtual network adapter. The multiple filters may include a first filter specifying one or more first packet characteristics and a second filter specifying one or more second packet characteristics. The method may also comprise: in response to matching the ingress packet to the first filter, assigning the ingress packet to a first packet queue; and in response to matching the ingress packet to the second filter, assigning the ingress packet to a second packet queue.

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an egress packet associated with a packet flow via a first virtual function supported by the PNIC. The PNIC may steer the egress packet towards a processing pipeline by applying a filter associated with the first virtual function or content of the egress packet, or both. The egress packet may be processed using the processing pipeline to generate a processed packet by (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC and (b) performing one or more actions according to the logical network policy. The processed packet may be forwarded towards the destination via a second virtual function supported by the PNIC or a physical network connected to the PNIC.

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an ingress encapsulated packet associated with a packet flow via a physical network. The ingress encapsulated packet may include an outer header and an inner packet that is destined for a virtualized computing instance. The ingress encapsulated packet may be steered towards a processing pipeline for processing to generate a processed packet. The processing pipeline may include (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC; and (b) performing decapsulation to remove the outer header and one or more actions on the inner packet according to the logical network policy. The processed packet may be forwarded towards the virtualized computing instance via a virtual function supported by the PNIC or a physical network connected to the PNIC.

Abstract: Example methods and systems for packet handling based on a multiprocessor architecture configuration are provided. One example method may comprise: in response to receiving a first ingress packet that requires processing by a first virtual central processing unit (VCPU) running on the first node, steering the first ingress packet towards a first receive (RX) queue and performing local memory access on the first node to access the first ingress packet from the first RX queue. The method may also comprise: in response to receiving a second ingress packet that requires processing by a second VCPU running on the second node, steering the second ingress packet towards a second RX queue and performing local memory access on the second node to access the second ingress packet from the second RX queue.

Abstract: Described herein are systems, methods, and software to enhance flow operations on a host computing system. In one implementation, a virtual switch on a host identifies a packet from a virtual node. In response to identifying the packet, the virtual switch determines whether the packet corresponds to a cached result action based on traits of the packet. If the packet corresponds to a cached result action, then the virtual switch may process the packet in accordance with the cached result action. In contrast, if the packet does not correspond to a cached result action, then the virtual switch may process the packet in accordance with first flow operations to determine a result action, and cache the result action for use with future packets.

Abstract: A method for a sender side assisted flow classification is disclosed. In an embodiment, a method comprises detecting a packet by a network virtualization layer engine implemented in a hypervisor on a sender side of a virtualization computer system; and determining, by the network virtualization layer engine, whether the packet requires special processing. In response to determining that the packet requires special processing, a special processing flag is inserted in a certain field of an outer header of the packet; and the packet is forwarded toward a destination of the packet for a PNIC on a receiver side to process the packet.

Abstract: Example methods and computer systems are provided for filter-based packet handling at a virtual network adapter. The method may comprise: receiving an ingress packet destined for the virtualized computing instance that is supported by the host and connected to the virtual network adapter; and matching the ingress packet to one of multiple filters configured for the virtual network adapter. The multiple filters may include a first filter specifying one or more first packet characteristics and a second filter specifying one or more second packet characteristics. The method may also comprise: in response to matching the ingress packet to the first filter, assigning the ingress packet to a first packet queue; and in response to matching the ingress packet to the second filter, assigning the ingress packet to a second packet queue.

Abstract: A method for a sender side assisted flow classification is disclosed. In an embodiment, a method comprises detecting a packet by a network virtualization layer engine implemented in a hypervisor on a sender side of a virtualization computer system; and determining, by the network virtualization layer engine, whether the packet requires special processing. In response to determining that the packet requires special processing, a special processing flag is inserted in a certain field of an outer header of the packet; and the packet is forwarded toward a destination of the packet for a PNIC on a receiver side to process the packet.

Abstract: A method to offload network function packet processing from a virtual machine onto an offload destination is disclosed. In an embodiment, a method comprises: defining an application programing interface (“API”) for capturing, in a packet processor offload, a network function packet processing for a data flow by specifying how to perform the network function packet processing on data packets that belong to the data flow. Based on capabilities of the packet processor offload and available resources, a packet processing offload destination is selected. Based at least on the API, the packet processor offload for the packet processing offload destination is generated. The packet processor offload is downloaded to the packet processing offload destination to configure the packet processing offload destination to provide the network function packet processing on the data packets that belong to the data flow. The packet processing offload destination is a PNIC or a hypervisor.