Abstract: Some embodiments provide a method for troubleshooting a virtual network that is implemented across a plurality of computing devices. The method provides a command line interface (CLI) for receiving and executing commands for debugging and monitoring the virtual network. Each command is for communicating with a set of the computing devices in order to monitor a network service being provided by the set of computing devices. The CLI operates in multiple different contexts for monitoring multiple different types of network services. While the CLI is operating in a particular context for a particular type of network service, the method receives a command comprising a set of identifiers. The method determines the validity of the received command under the particular context. When the received command is valid under the particular context, the method transmits data to a computing device identified by the received command.

Abstract: Some embodiments provide a method for troubleshooting a virtual network that is implemented over multiple computing devices, which include first and second host machines that host virtual machines (VMs). Each VM interfaces the virtual network through a set of virtual network interface controllers (VNICs). The method provides a command line interface (CLI) for debugging and monitoring the virtual network. In response to receiving a first command at the CLI that identifies a first VNIC, the method retrieves from the first host machine a first set of network service status data associated with the first VNIC. In response to receiving a second command at the CLI that identifies a second VNIC, the method retrieves from the second host machine a second set of network service status data associated with a second VNIC. The method presents the retrieved first and second sets of network service status data through the CLI.

Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: The technology disclosed herein enables a dynamic chain of virtual service functions for processing network traffic in a virtual computing environment. In a particular embodiment, a method includes providing a service chain policy to a virtual routing element connecting the respective service functions and determining an initial classification of a network packet entering the dynamic service chain. The initial classification indicates at least a first service function in a sequence of the service functions for processing the network packet. The method further includes providing a service chain policy to a virtual routing element connecting the respective service functions.

Abstract: A method for creating a set of virtual machines on a public datacenter. The method, from a first network controller of a private network, commands a second network controller of the public datacenter to create the virtual machines. The method, from the first network controller of the private network, communicates with the second network controller of the public datacenter to determine a type of the second network controller. When the first network controller includes instructions for using application programming interfaces (APIs) of the type of the second network controller, the method uses the APIs to set up a VLAN for the set of virtual machines in order to allow the virtual machines of the set of virtual machines to communicate securely with each other without sending the communications through the private network. In some embodiments, the VLAN is a private VLAN (PVLAN).

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.

Abstract: Some embodiments provide a novel method for performing services on a host computer that executes several data compute nodes (DCNs). The method receives, at a module executing on the host, a data message associated with a DCN executing on the host. The method supplies the data message to a service virtual machine (SVM) that executes on the host and on which several service containers execute. One or more of the service containers then perform a set of one or more services on the data message. The method then receives an indication from the SVM that the set of services has been performed on the data message.

Abstract: A method for monitoring several data compute nodes (DCNs) on a group of managed host machines is provided. The method receives service usage data from a group of managed hosts. The service usage data identifies service usage for each of a plurality of entities associated with each managed host. The method aggregates the received service usage data. The method displays the aggregated service usage data.

Abstract: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.

Abstract: A method for managing service resources of a group of host machines is provided. Each host machine provides services for a corresponding set of data compute nodes (DCNs). The method receives service distribution configuration for a set of entities comprising at least one of a tenant, a service, and a provider. The method identifies a set of host machines on which a set of DCNs for the set of entities operate. The method determines an amount of resources to be assigned to each entity of the set of entities. The method communicates with the set of host machines to modify a set of resource pools available on each host machine.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.

Abstract: Some embodiments provide a method for troubleshooting a virtual network that is implemented over multiple computing devices, which include first and second host machines that host virtual machines (VMs). Each VM interfaces the virtual network through a set of virtual network interface controllers (VNICs). The method provides a command line interface (CLI) for debugging and monitoring the virtual network. In response to receiving a first command at the CLI that identifies a first VNIC, the method retrieves from the first host machine a first set of network service status data associated with the first VNIC. In response to receiving a second command at the CLI that identifies a second VNIC, the method retrieves from the second host machine a second set of network service status data associated with a second VNIC. The method presents the retrieved first and second sets of network service status data through the CLI.

Abstract: Some embodiments provide a method for troubleshooting a virtual network that is implemented across a plurality of computing devices. The method provides a command line interface (CLI) for receiving and executing commands for debugging and monitoring the virtual network. Each command is for communicating with a set of the computing devices in order to monitor a network service being provided by the set of computing devices. The CLI operates in multiple different contexts for monitoring multiple different types of network services. While the CLI is operating in a particular context for a particular type of network service, the method receives a command comprising a set of identifiers. The method determines the validity of the received command under the particular context. When the received command is valid under the particular context, the method transmits data to a computing device identified by the received command.

Abstract: Techniques for transferring connection data for a migrated virtual computing instance are described. The connection data transfer process includes the steps of, responsive to determining the virtual computing instance is to be migrated, transmitting the connection data, from a first memory buffer shared between a first instance of a service virtual computing instance and a first hardware abstraction layer executing in a source host, to a second memory buffer shared between a second instance of the service virtual computing instance and a second hardware abstraction layer executing in a destination host; responsive to determining the virtual computing instance is stopped in the source host, packing connection data changes including changes made to the connection data at the source host during a time period beginning when the connection data is copied and ending when the virtual computing instance is stopped; and transmitting the connection data changes to the destination host.

Abstract: A method of enhancing log packets with context metadata is provided. The method at a redirecting filter on a host in a datacenter, intercepts a packet from a data compute node (DCN) of a datacenter tenant. The method determines that the intercepted packet is a log packet. The method forwards the log packet and a first set of associated context metadata to a proxy logging server. The first set of context metadata is associated with the log packet based on the DCN that generated the packet. The method, at the proxy logging server, associates a second set of context metadata with the log packet. The second set of context metadata is received from a compute manager of the datacenter. The method sending the log packet and the first and second sets of context metadata from the proxy logging server to a central logging server associated with the tenant.

Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.

Abstract: A method for creating a set of virtual machines on a public datacenter. The method, from a first network controller of a private network, commands a second network controller of the public datacenter to create the virtual machines. The method, from the first network controller of the private network, communicates with the second network controller of the public datacenter to determine a type of the second network controller. When the first network controller includes instructions for using application programming interfaces (APIs) of the type of the second network controller, the method uses the APIs to set up a VLAN for the set of virtual machines in order to allow the virtual machines of the set of virtual machines to communicate securely with each other without sending the communications through the private network. In some embodiments, the VLAN is a private VLAN (PVLAN).