Abstract: Various systems and methods for implementing efficient TCAM resource sharing are described herein. Entries are allocated across a plurality of ternary content addressable memories (TCAMs), with the plurality of TCAMs including a primary TCAM and a secondary TCAM, where the entries are allocated by sequentially accessing a plurality of groups of value-mask-result (VMR) entries, with each group having at least one VMR entry associated with the group, and iteratively analyzing the VMR entries associated with each group to determine a result set of VMR entries, with the result set being a subset of VMR entries from the plurality of groups of VMR entries, and the result set to be stored in the primary TCAM.

Abstract: Techniques are presented herein for receipt/transmission of packets to/from a host via a connected input/output (IO) device. In general, a packet is associated with a payload, an inner packet header, and an outer overlay header. The IO device is configured to perform independent offload operations on the inner packet header and the outer overlay header.

Abstract: An example method for providing a self-stretching policer in a Quality of Service (QoS) community including a root node and one or more agent nodes can include maintaining and enforcing a policer policy in the root node. The policer policy can include at least one packet classification rule and corresponding police action, and the policer policy can be enforced by taking the corresponding police action if a traffic flow violates the packet classification rule. The method can include collecting policer statistics and determining if the traffic flow violates the packet classification rule by greater than a predetermined threshold using the policer statistics. If the traffic flow violates the packet classification rule by greater than the predetermined threshold, the method can include transmitting the policer policy to one or more of the agent nodes.

Abstract: Techniques are presented herein for receipt/transmission of packets to/from a host via a connected input/output (IO) device. In general, a packet is associated with a payload, an inner packet header, and an outer overlay header. The IO device is configured to perform independent offload operations on the inner packet header and the outer overlay header.

Abstract: An example method for providing a self-stretching policer in a Quality of Service (QoS) community including a root node and one or more agent nodes can include maintaining and enforcing a policer policy in the root node. The policer policy can include at least one packet classification rule and corresponding police action, and the policer policy can be enforced by taking the corresponding police action if a traffic flow violates the packet classification rule. The method can include collecting policer statistics and determining if the traffic flow violates the packet classification rule by greater than a predetermined threshold using the policer statistics. If the traffic flow violates the packet classification rule by greater than the predetermined threshold, the method can include transmitting the policer policy to one or more of the agent nodes.

Abstract: Techniques are presented herein for receipt/transmission of packets to/from a host via a connected input/output (IO) device. In general, a packet is associated with a payload, an inner packet header, and an outer overlay header. The IO device is configured to perform independent offload operations on the inner packet header and the outer overlay header.

Abstract: In a data center computing system, multiple nested hypervisors are run, including an outer hypervisor and at least one inner hypervisor running as a virtual machine on top of the outer hypervisor. A guest operating system is run as a virtual machine in the innermost hypervisor. An emulated network interface card device is executed in all hypervisors. An extender component is executed in the outer hypervisor and an extender component is executed in the inner hypervisors such that the extender components in the outer hypervisor and in the inner hypervisors are architecturally cascaded. An interface for the guest operating system is assigned to the emulated network interface card device in each of the outer hypervisor and the inner hypervisors to enable network communications to bypass the outer hypervisor and the inner hypervisors.

Abstract: An example method for a distributed NetFlow exporter with a single IP endpoint in a network environment is provided and includes configuring a network protocol stack of an exporter with switched virtual interface (SVI) state information of an SVI associated with a switch in a network, retrieving flow data from a NetFlow cache, and communicating the flow data to a collector according to the configured network protocol stack. Although the communication bypasses the SVI, the collector perceives the flow records as being communicated by the SVI. The SVI state information includes a public Internet Protocol (IP) address and a Media Access Control (MAC) address of the SVI, where the exporter executes on an adaptor of a server in the network. The method also includes configuring a destination IP address and a destination MAC address on the exporter according to a NetFlow policy.

Abstract: A an example method includes building a dictionary between an exporter and a collector by encoding a first data record of a flow according to a dictionary template and exporting the first data record to the collector via a network communication. The method can also include compressing a second data record of the flow using the dictionary, where the compressing comprises encoding the second data record according to an encoding template; and exporting the second data record to the collector to be decompressed using the dictionary.

Abstract: A notification from a source host is received at a network interface device that indicates that a data packet is ready for transmission to a destination host. The data packet may be transmitted to the destination host via the network interface device, and a first completion queue event is generated. The first completion queue event may be used as a trigger to re-transmit the data packet to a port mirroring destination via the network interface device. In another example, a network interface device receives a data packet transmitted from a source host to a destination host. A first completion queue event is generated based on the receipt of the packet, and is used as a trigger to re-transmit the data packet to a port mirroring destination via the network interface device.

Abstract: A method and network device (e.g., a switch) is described for assigning virtual Ethernet bindings. The method may comprise accessing the network device to obtain information related to hardware (e.g., switching hardware) of the network device. Thereafter, an uplink binding from a plurality of physical uplinks is selected based on the information. A virtual network interface of a virtual machine is then mapped to the selected uplink binding.

Abstract: In a data center computing system, multiple nested hypervisors are run, including an outer hypervisor and at least one inner hypervisor running as a virtual machine on top of the outer hypervisor. A guest operating system is run as a virtual machine in the innermost hypervisor. An emulated network interface card device is executed in all hypervisors. An extender component is executed in the outer hypervisor and an extender component is executed in the inner hypervisors such that the extender components in the outer hypervisor and in the inner hypervisors are architecturally cascaded. An interface for the guest operating system is assigned to the emulated network interface card device in each of the outer hypervisor and the inner hypervisors to enable network communications to bypass the outer hypervisor and the inner hypervisors.

Abstract: Techniques are presented herein for receipt/transmission of packets to/from a host via a connected input/output (IO) device. In general, a packet is associated with a payload, an inner packet header, and an outer overlay header. The IO device is configured to perform independent offload operations on the inner packet header and the outer overlay header.

Abstract: An example method for a distributed NetFlow exporter with a single IP endpoint in a network environment is provided and includes configuring a network protocol stack of an exporter with switched virtual interface (SVI) state information of an SVI associated with a switch in a network, retrieving flow data from a NetFlow cache, and communicating the flow data to a collector according to the configured network protocol stack. Although the communication bypasses the SVI, the collector perceives the flow records as being communicated by the SVI. The SVI state information includes a public Internet Protocol (IP) address and a Media Access Control (MAC) address of the SVI, where the exporter executes on an adaptor of a server in the network. The method also includes configuring a destination IP address and a destination MAC address on the exporter according to a NetFlow policy.

Abstract: A notification from a source host is received at a network interface device that indicates that a data packet is ready for transmission to a destination host. The data packet may be transmitted to the destination host via the network interface device, and a first completion queue event is generated. The first completion queue event may be used as a trigger to re-transmit the data packet to a port mirroring destination via the network interface device. In another example, a network interface device receives a data packet transmitted from a source host to a destination host. A first completion queue event is generated based on the receipt of the packet, and is used as a trigger to re-transmit the data packet to a port mirroring destination via the network interface device.

Abstract: Various systems and methods for implementing efficient TCAM resource sharing are described herein. Entries are allocated across a plurality of ternary content addressable memories (TCAMs), with the plurality of TCAMs including a primary TCAM and a secondary TCAM, where the entries are allocated by sequentially accessing a plurality of groups of value-mask-result (VMR) entries, with each group having at least one VMR entry associated with the group, and iteratively analyzing the VMR entries associated with each group to determine a result set of VMR entries, with the result set being a subset of VMR entries from the plurality of groups of VMR entries, and the result set to be stored in the primary TCAM.

Abstract: A network appliance that is part of a distributed virtual switch collects network flow information for network flows passing through the network appliance. The network flow information is encapsulated into packets as a data record for transport. Network flow exporter type information is added to the network flow records configured to indicate that the packets are from a distributed exporter. An option template is sent to the network flow data collectors that includes a device identifier that is configured to uniquely identify the network appliance. The packets are exported to the network flow data collector. The network flow data collector uses the network flow exporter type information and the device identifier to associate the network flow information with the distributed virtual switch.

Abstract: A method and network device (e.g., a switch) is described for assigning virtual Ethernet bindings. The method may comprise accessing the network device to obtain information related to hardware (e.g., switching hardware) of the network device. Thereafter, an uplink binding from a plurality of physical uplinks is selected based on the information. A virtual network interface of a virtual machine is then mapped to the selected uplink binding.

Abstract: A an example method includes building a dictionary between an exporter and a collector by encoding a first data record of a flow according to a dictionary template and exporting the first data record to the collector via a network communication. The method can also include compressing a second data record of the flow using the dictionary, where the compressing comprises encoding the second data record according to an encoding template; and exporting the second data record to the collector to be decompressed using the dictionary.

Abstract: A network appliance that is part of a distributed virtual switch collects network flow information for network flows passing through the network appliance. The network flow information is encapsulated into packets as a data record for transport. Network flow exporter type information is added to the network flow records configured to indicate that the packets are from a distributed exporter. An option template is sent to the network flow data collectors that includes a device identifier that is configured to uniquely identify the network appliance. The packets are exported to the network flow data collector. The network flow data collector uses the network flow exporter type information and the device identifier to associate the network flow information with the distributed virtual switch.