Abstract: An example method of managing tenant networks in a data center includes: obtaining, by tenant network topology discovery software executing in the data center, inventory data for a tenant network deployed in the data center from a network manager, the tenant network comprising a software-defined network managed by the network manager; generating, by the tenant network topology discovery software, a tenant network model based on the inventory data, the tenant network model including objects representing components of the tenant network and relationships between the components; storing, by the tenant network topology discovery software, the tenant network model in a database; and updating, by the tenant network topology discovery software, the tenant network model in response to monitoring the tenant network.

Abstract: The disclosure provides an approach for gateway optimization. Embodiments include receiving, at a first gateway associated with a first tenant within a data center, a packet directed to a first public network address of an endpoint associated with a second tenant within the data center. Embodiments include performing, by the first gateway, network address translation (NAT) to translate the first public network address to a private network address of the endpoint. Embodiments include forwarding, by the first gateway, the packet to an edge gateway of the data center. Embodiments include forwarding, by the edge gateway, the packet to a second gateway associated with the second tenant within the data center without sending the packet to a public interface of the edge gateway. Embodiments include forwarding, by the second gateway, the packet to the endpoint.

Abstract: Some embodiments provide a novel method for configuring edge routers in a first network. The method configures on a first compute node of the first network (1) a first higher-level edge router and (2) a set of lower-level edge routers. Each lower-level edge router is configured for a different set of subnetworks defined in the first network and is connected to an external second network through the first higher-level edge router. The method detects a condition that requires a particular lower-level edge router for a particular subnetwork to be moved to another compute node. The method configures the particular lower-level edge router to operate on a second compute node below a second higher-level edge router operating on the second compute node to connect the particular lower-level edge router to the external second network.

Abstract: Example methods and systems for connectivity service provisioning for a software-defined data center (SDDC) group are described. In one example, a computer system may detect an event that affects a first connectivity service connecting multiple members of the SDDC group. The computer system may obtain first routing information that is applicable in a first SDDC; and second routing information that is applicable in a second SDDC. In response to the event, the computer system may generate and send a first instruction towards the first SDDC and a second instruction towards the second SDDC to cause: (a) the first SDDC and second SDDC to establish a second connectivity service; (b) the first SDDC to update the first routing information to associate a first flow with the second connectivity service; and (c) the second SDDC to update the second routing information to associate a second flow with the second connectivity service.

Abstract: Some embodiments provide a method for configuring a gateway router of a virtual datacenter. The method is performed at a network management component of a virtual datacenter that is defined in a public cloud and comprises a set of network management components and a set of network endpoints connected by a logical network managed by the network management components of the virtual datacenter. The method receives a set of network addresses of the network endpoints. The method aggregates at least a subset of the network addresses into a single subnet address that encompasses all of the aggregated network addresses. The method provides an aggregated route for the subset of network addresses to a gateway router that connects the virtual datacenter to a public cloud underlay network in order for the router to route data messages directed to the network endpoints to the logical network of the virtual datacenter.

Abstract: Some embodiments provide a novel method for dynamically deploying gateways for a first network connecting machines. The first network includes segments, routers, and a first gateway that connects to an external network. The method identifies a set of two or more segments that consumes more than a threshold amount of bandwidth of the first gateway. The identified set includes at least first and second segments. The method identifies one or more segment groups by aggregating two or more segments in the identified set. A first segment group includes the first and second segments and a third segment that is not in the identified set of two or more segments. The method configures a second gateway to process flows associated with each identified group including the first group. The method configures a set of routers to forward flows from machines of each segment of each identified group to the second gateway.

Abstract: A noisy neighbor in a cloud multitenant system can present resource governance issues. Usage quotas can be applied, and traffic can be throttled to mitigate the problem. Network traffic can be monitored from routers of a software defined data center (SDDC) configured to process network traffic for machines of different tenants. By default, the network traffic from the routers can be processed via a first edge router for the SDDC. A second edge router can be deployed for the SDDC in response to the network traffic from a particular router exceeding a threshold. Network traffic from the particular router can be processed via the second edge router while the remaining traffic can continue to be processed via the first edge router.

Abstract: Some embodiments provide a novel method for associating machines of a first network with gateways that connect the machines to an external second network. The method assigns first and second sets of machines to first and second traffic groups that are associated with first and second gateways. Based on statistics regarding data message load on the first gateway, the method identifies a first machine to reassign from a first traffic group to the second traffic group. The method reassigns the first machine to the second traffic group to reduce data message load on the first gateway.

Abstract: Example methods and systems for adaptive traffic forwarding are described. In one example, a first computer system may monitor metric information associated with at least a first connectivity service from multiple connectivity services that are connecting (a) the first computer system and a second computer system. In response to determination that a condition for scaling up is satisfied based on the metric information, the first computer system may select, from a set of multiple flows associated with the first connectivity service, a subset that includes at least a first flow. Routing information may be updated to associate the subset with a second connectivity service. In response to detecting egress packets associated with the first flow from the first endpoint, the first computer system may forward the egress packets towards the second computer system using the second connectivity service based on the updated routing information.

Abstract: An example method of implementing a logical network in a software-defined data center (SDDC) includes: receiving, at a control plane, first configurations for first logical routers comprising advertised routes and a second configuration for a second logical router comprising a global in-filter, the global in-filter including filter rules, applicable to all southbound logical routers, which determine a set of allowable routes for the second logical router, the first logical routers connected to a southbound interface of the second logical router; determining, based on the filter rules, that a first advertised route is an allowed route; determining, based on the filter rules, that a second advertised route is a disallowed route; and distributing routing information to a host that implements at least a portion of the second logical router, the routing information including a route for the first advertised route and excluding any route for the second advertised route.

Abstract: Some embodiments provide a novel method for deploying cloud gateways between a set of cloud machines in a first network and a set of on-premises machines in an external network. The method collects a set of statistics for a first cloud gateway used to connect the set of cloud machines and the set of on-premises machines. The method analyzes the set of statistics to determine that a second cloud gateway is needed to connect the set of cloud machines and the set of on-premises machines. The method identifies a subset of the set of cloud machines. The method distributes a set of one or more forwarding rules to the subset of cloud machines to forward a set of data message flows from the subset of cloud machines to the set of on-premises machines through the second cloud gateway.

Abstract: Some embodiments provide a novel method for dynamically deploying gateways for a first network connecting machines. The first network includes segments, routers, and a first gateway that connects to an external network. The method identifies a set of two or more segments that consumes more than a threshold amount of bandwidth of the first gateway. The identified set includes at least first and second segments. The method identifies one or more segment groups by aggregating two or more segments in the identified set. A first segment group includes the first and second segments and a third segment that is not in the identified set of two or more segments. The method configures a second gateway to process flows associated with each identified group including the first group. The method configures a set of routers to forward flows from machines of each segment of each identified group to the second gateway.

Abstract: Some embodiments provide a novel method for preemptively deploying gateways in a first network to one or more external networks. The first network of some embodiments includes a first gateway connecting to the one or more external networks. The method collects a set of statistics for the first gateway associated with bandwidth usage of the first gateway. The method determines that a second gateway needs to be deployed in the first network (1) by using the collected set of statistics to perform predictive modeling computations to predict a future load on the first gateway, and (2) by determining that the predicted future load exceeds a particular threshold. The method distributes a set of one or more forwarding rules to forward data message flows from a subset of machines in the first network to a particular external network through the second gateway.

Abstract: Described herein are systems, methods, and software to manage prefixes for a route table in a gateway according to an implementation. In one implementation, a management service monitors a quantity of prefix routes associated with a route table in a gateway and determines when the quantity satisfies one or more criteria. When the capacity satisfies the one or more criteria, the management service determines one or more supernets that each represent a subset of the prefix routes and adds the one or more supernets to the route table to replaces the subset of the prefix routes.

Abstract: A noisy neighbor in a cloud multitenant system can present resource governance issues. Usage quotas can be applied, and traffic can be throttled to mitigate the problem. Network traffic can be monitored from routers of a software defined data center (SDDC) configured to process network traffic for machines of different tenants. By default, the network traffic from the routers can be processed via a first edge router for the SDDC. A second edge router can be deployed for the SDDC in response to the network traffic from a particular router exceeding a threshold. Network traffic from the particular router can be processed via the second edge router while the remaining traffic can continue to be processed via the first edge router.

Abstract: Some embodiments provide a method for configuring a gateway router of a virtual datacenter. The method is performed at a network management component of a virtual datacenter that is defined in a public cloud and comprises a set of network management components and a set of network endpoints connected by a logical network managed by the network management components of the virtual datacenter. The method receives a set of network addresses of the network endpoints. The method aggregates at least a subset of the network addresses into a single subnet address that encompasses all of the aggregated network addresses. The method provides an aggregated route for the subset of network addresses to a gateway router that connects the virtual datacenter to a public cloud underlay network in order for the router to route data messages directed to the network endpoints to the logical network of the virtual datacenter.