Abstract: Techniques are disclosed for implementing direct memory access in a virtualized computing environment. A memory access policy of the virtualized computing environment is applied to a direct memory access connection request received from a first virtual machine via an exception path. The request is flagged to indicate that the request has been processed and the request is forwarded to a network interface device configured to execute offloaded network functions for one or more virtual machines. A memory access policy of the virtualized computing environment is applied to a direct memory access connection reply received from a second virtual machine on the exception path. The reply is flagged to indicate that the reply has been processed and the reply is forwarded to the network interface device. A direct memory access connection is established between first and second virtual machines in accordance with the request.

Abstract: A network appliance is configured to receive a packet having an address of a custom device as a source address. Policies are accessed that are applicable to a virtual network associated with the custom device. The policies are applied to the packet. A hairpin layer redirects the packet to a destination address contained in the packet. For subsequent packets, application of the policies is bypassed to the subsequent packets. Application of the policies is offloaded to an acceleration device.

Abstract: Techniques are disclosed for implementing direct memory access in a virtualized computing environment. A memory access policy of the virtualized computing environment is applied to a direct memory access connection request received from a first virtual machine via an exception path. The request is flagged to indicate that the request has been processed and the request is forwarded to a network interface device configured to execute offloaded network functions for one or more virtual machines. A memory access policy of the virtualized computing environment is applied to a direct memory access connection reply received from a second virtual machine on the exception path. The reply is flagged to indicate that the reply has been processed and the reply is forwarded to the network interface device. A direct memory access connection is established between first and second virtual machines in accordance with the request.

Abstract: Techniques are disclosed for implementing direct memory access in a virtualized computing environment. A memory access policy of the virtualized computing environment is applied to a direct memory access connection request received from a first virtual machine via an exception path. The request is flagged to indicate that the request has been processed and the request is forwarded to a network interface device configured to execute offloaded network functions for one or more virtual machines. A memory access policy of the virtualized computing environment is applied to a direct memory access connection reply received from a second virtual machine on the exception path. The reply is flagged to indicate that the reply has been processed and the reply is forwarded to the network interface device. A direct memory access connection is established between first and second virtual machines in accordance with the request.

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

Abstract: Techniques are disclosed for implementing direct memory access in a virtualized computing environment. A memory access policy of the virtualized computing environment is applied to a direct memory access connection request received from a first virtual machine via an exception path. The request is flagged to indicate that the request has been processed and the request is forwarded to a network interface device configured to execute offloaded network functions for one or more virtual machines. A memory access policy of the virtualized computing environment is applied to a direct memory access connection reply received from a second virtual machine on the exception path. The reply is flagged to indicate that the reply has been processed and the reply is forwarded to the network interface device. A direct memory access connection is established between first and second virtual machines in accordance with the request.

Abstract: A network appliance is configured to receive a packet having an address of a custom device as a source address. Policies are accessed that are applicable to a virtual network associated with the custom device. The policies are applied to the packet. A hairpin layer redirects the packet to a destination address contained in the packet. For subsequent packets, application of the policies is bypassed to the subsequent packets. Application of the policies is offloaded to an acceleration device.

Abstract: Techniques are disclosed for implementing direct memory access in a virtualized computing environment. A memory access policy of the virtualized computing environment is applied to a direct memory access connection request received from a first virtual machine via an exception path. The request is flagged to indicate that the request has been processed and the request is forwarded to a network interface device configured to execute offloaded network functions for one or more virtual machines. A memory access policy of the virtualized computing environment is applied to a direct memory access connection reply received from a second virtual machine on the exception path. The reply is flagged to indicate that the reply has been processed and the reply is forwarded to the network interface device. A direct memory access connection is established between first and second virtual machines in accordance with the request.

Abstract: An overlay network refers to a network that is implemented as various different virtual resources on a physical network referred to as an underlay network. Diagnostics are performed on the overlay network by injecting diagnostic packets from a source endpoint targeting a target endpoint. These endpoints can be in the overlay network, on-premises with the other endpoint but in a different overlay network, or off-premises form the other endpoint. The diagnostic packets include a data packet encapsulated with a diagnostic encapsulation header that can be removed by a network element in the underlay network to allow processing of the data packet, and then added back on. The network element maintains trace information that is a record of receipt of the diagnostic packet and operations performed on the diagnostic packet. A tracing service collects and analyzes this trace information from the various network elements.

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

Abstract: Techniques are disclosed for implementing direct memory access in a virtualized computing environment. A memory access policy of the virtualized computing environment is applied to a direct memory access connection request received from a first virtual machine via an exception path. The request is flagged to indicate that the request has been processed and the request is forwarded to a network interface device configured to execute offloaded network functions for one or more virtual machines. A memory access policy of the virtualized computing environment is applied to a direct memory access connection reply received from a second virtual machine on the exception path. The reply is flagged to indicate that the reply has been processed and the reply is forwarded to the network interface device. A direct memory access connection is established between first and second virtual machines in accordance with the request.

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

Abstract: An overlay network refers to a network that is implemented as various different virtual resources on a physical network referred to as an underlay network. Diagnostics are performed on the overlay network by injecting diagnostic packets from a source endpoint targeting a target endpoint. These endpoints can be in the overlay network, on-premises with the other endpoint but in a different overlay network, or off-premises form the other endpoint. The diagnostic packets include a data packet encapsulated with a diagnostic encapsulation header that can be removed by a network element in the underlay network to allow processing of the data packet, and then added back on. The network element maintains trace information that is a record of receipt of the diagnostic packet and operations performed on the diagnostic packet. A tracing service collects and analyzes this trace information from the various network elements.

Abstract: Methods, media, and systems for implementing packet routing rules are provided for herein. In some embodiments, a packet routing rule is received that is to be applied to network packets in accordance with conditions identified by the packet routing rule. The conditions including a first condition associated with a first header field and a second condition associated with a second header field. In embodiments, a first cost associated with searching a first classifier for the packet routing rule utilizing the first condition and a second cost associated with searching a second classifier for the packet routing rule utilizing the second condition can then be determined. The packet routing rule can then be stored in a selected one of the first and second classifiers, based, at least in part, on the first and second cost. Other embodiments may be described and/or claimed herein.

Abstract: The present invention extends to methods, systems, and computer program products for offloading packet processing for networking device virtualization. A host maintains rule set(s) for a virtual machine, and a physical network interface card (NIC) maintains flow table(s) for the virtual machine. The physical NIC receives and processes a network packet associated with the virtual machine. Processing the network packet includes the physical NIC comparing the network packet with the flow table(s) at the physical NIC. When the network packet matches with a flow in the flow table(s) at the physical NIC, the physical NIC performs an action on the network packet based on the matching flow. Alternatively, when the network packet does not match with a flow in the flow table(s) at the physical NIC, the physical NIC passes the network packet to the host partition for processing against the rule set(s).

Abstract: Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition.

Abstract: The present invention extends to methods, systems, and computer program products for offloading packet processing for networking device virtualization. A host maintains rule set(s) for a virtual machine, and a physical network interface card (NIC) maintains flow table(s) for the virtual machine. The physical NIC receives and processes a network packet associated with the virtual machine. Processing the network packet includes the physical NIC comparing the network packet with the flow table(s) at the physical NIC. When the network packet matches with a flow in the flow table(s) at the physical NIC, the physical NIC performs an action on the network packet based on the matching flow. Alternatively, when the network packet does not match with a flow in the flow table(s) at the physical NIC, the physical NIC passes the network packet to the host partition for processing against the rule set(s).

Abstract: Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition.