Abstract: The disclosure provides an approach for seamless hand-off of data traffic in public cloud environments. Techniques are provided for activating an edge services gateway (ESG) virtual computing instance (VCI) on a new host. Prior to activating the ESG VCI on the new host, an underlay routing table is reprogrammed to associate a first IP address of a first tunnel endpoint (TEP) with a first network interface of an old host and to associate a second IP address of a second TEP with a second network interface of the new host. The routing table associates a third IP address of the ESG VCI with the first network interface. After activating the ESG VCI, a packet having as a destination address the third IP address is received at the first network interface and is encapsulated, by the first TEP, with an outer header having as a destination address the second IP address.

Abstract: Some embodiments provide a method for proxying ARP requests. At an MFE that executes on a host computer operating at a first site to implement a distributed router along with at least one additional MFE at the first site, the method receives, from a router at a remote second site, an ARP request for an IP address associated with a logical switch that spans the first site and the remote second site, and to which both the distributed router and the router at the remote second site connect. The method determines whether a table that includes IP addresses for a set of DCNs that use the distributed router as a default gateway includes the IP address. When the IP address is in the table, the method proxies the request at the host computer. When the particular IP address is not in the table, the MFE does not proxy the request.

Abstract: The disclosure provides an approach for seamless hand-off of data traffic in public cloud environments. Techniques are provided for activating an edge services gateway (ESG) virtual computing instance (VCI) on a new host. Prior to activating the ESG VCI on the new host, an underlay routing table is reprogrammed to associate a first IP address of a first tunnel endpoint (TEP) with a first network interface of an old host and to associate a second IP address of a second TEP with a second network interface of the new host. The routing table associates a third IP address of the ESG VCI with the first network interface. After activating the ESG VCI, a packet having as a destination address the third IP address is received at the first network interface and is encapsulated, by the first TEP, with an outer header having as a destination address the second IP address.

Abstract: Some embodiments provide a method for deploying edge forwarding elements in a public or private software defined datacenter (SDDC). For an entity, the method deploys a default first edge forwarding element to process data message flows between machines of the entity in a first network of the SDDC and machines external to the first network of the SDDC. The method subsequently receives a request to allocate more bandwidth to a first set of the data message flows entering or exiting the first network of the SDDC. In response, the method deploys a second edge forwarding element to process the first set of data message flows of the entity in order to allocate more bandwidth to the first set of the data message flows, while continuing to process a second set of data message flows of the entity through the default first edge node.

Abstract: In some embodiments, a method detects a state of a first session between a first workload and a second workload. The first workload and the second workload send packets in the first session via a first path to maintain a state of the first session. When the state of the first session indicates the first workload is down, the method receives information for network metrics of network traffic being sent in the first path. The method determines when the second workload should transition from a standby mode to an active mode to take over as an active workload in an active/standby configuration between the first workload and the second workload based on the information for the network metrics.

Abstract: In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group; in response to determining that a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group: distributing the information about the object to network agents implemented in transport nodes to cause the network agents to automatically update a group membership policy associated with the membership group; and wherein the group membership policy affects packet forwarding behavior of a forwarding node.

Abstract: Some embodiments provide a method for deploying edge forwarding elements in a public or private software defined datacenter (SDDC). For an entity, the method deploys a default first edge forwarding element to process data message flows between machines of the entity in a first network of the SDDC and machines external to the first network of the SDDC. The method subsequently receives a request to allocate more bandwidth to a first set of the data message flows entering or exiting the first network of the SDDC. In response, the method deploys a second edge forwarding element to process the first set of data message flows of the entity in order to allocate more bandwidth to the first set of the data message flows, while continuing to process a second set of data message flows of the entity through the default first edge node.

Abstract: In some embodiments, a method detects a state of a first session between a first workload and a second workload. The first workload and the second workload send packets in the first session via a first path to maintain a state of the first session. When the state of the first session indicates the first workload is down, the method receives information for network metrics of network traffic being sent in the first path. The method determines when the second workload should transition from a standby mode to an active mode to take over as an active workload in an active/standby configuration between the first workload and the second workload based on the information for the network metrics.

Abstract: In some embodiments, a method determines when a packet is fragmented into multiple fragmented packets in a flow between a first workload and a second workload. The method switches from generating an outer source port in the outer header using layer 4 information from the inner header to using layer 3 information from the inner header. A fragmented packet is encapsulated with the outer header that includes an outer source port value that is generated using the layer 3 information. The method initiates a process to determine when to switch back to using layer 4 information from the inner header to generate the outer source port. When it is determined to switch back to using layer 4 information, the method switches back to using layer 4 information from the inner header to generate the source port in the outer header of a packet from the first workload.

Abstract: In some embodiments, a method adds a specific route for an IP address that is associated with a first workload into a routing table for a first network device in a first site in response to the first workload being migrated from a second site to the first site. The first network device receives a packet from a second workload for the first workload and determines that a destination of the packet matches the specific route in the routing table. The method routes the packet from the second workload to the first workload using the specific route in the routing table without sending the packet to the second site.

Abstract: In some embodiments, a method configures, at a first host, an overlay channel for sending packets to check whether a failure has occurred at a workload. The first host and a second host are connected via a layer 3 network. The first host generates a packet to check whether the failure has occurred at the workload and encapsulates the packet. The first host sends the encapsulated packet to the second host using the overlay channel via the layer 3 network. The packet is decapsulated and forwarded to the workload at the second host.

Abstract: Some embodiments provide a method for deploying edge forwarding elements in a public or private software defined datacenter (SDDC). For an entity, the method deploys a default first edge forwarding element to process data message flows between machines of the entity in a first network of the SDDC and machines external to the first network of the SDDC. The method subsequently receives a request to allocate more bandwidth to a first set of the data message flows entering or exiting the first network of the SDDC. In response, the method deploys a second edge forwarding element to process the first set of data message flows of the entity in order to allocate more bandwidth to the first set of the data message flows, while continuing to process a second set of data message flows of the entity through the default first edge node.

Abstract: In some embodiments, a method detects a state of a first session between a first workload and a second workload. The first workload and the second workload send packets in the first session via a first path to maintain a state of the first session. When the state of the first session indicates the first workload is down, the method receives information for network metrics of network traffic being sent in the first path. The method determines when the second workload should transition from a standby mode to an active mode to take over as an active workload in an active/standby configuration between the first workload and the second workload based on the information for the network metrics.

Abstract: In some embodiments, a method receives a control message from a second host. The control message includes a first address to use as a next hop to reach an active workload that has migrated to the second host from another host. The method reprograms a local route table to include a policy to send packets to check a liveness of the active workload with the next hop of the first address. A packet is sent from a standby workload to the active workload using the next hop of the first address to check the liveness of the active workload. The packet is encapsulated and sent between the first host and the second host using an overlay channel between a first endpoint of the overlay channel on the first host and a second endpoint of the channel on the second host.

Abstract: In some embodiments, a first network device in a first site sets a first IP address for an interface of the first network device to a value of a second IP address of a second network device in a second site. Policies are added in a policy table to cover IP addresses used in the second site and a specific route for a third IP address associated with a first workload migrated from the second site to the first site is added into a routing table. The first workload is on a stretched network that is coupled via a layer 2 channel. The policy table configures the first network device to send a second packet from the first workload to a third workload in the second site via the layer 2 channel when an IP address for the third workload does not match an eligible route in the routing table.

Abstract: In some embodiments, a method determines when a packet is fragmented into multiple fragmented packets in a flow between a first workload and a second workload. The method switches from generating an outer source port in the outer header using layer 4 information from the inner header to using layer 3 information from the inner header. A fragmented packet is encapsulated with the outer header that includes an outer source port value that is generated using the layer 3 information. The method initiates a process to determine when to switch back to using layer 4 information from the inner header to generate the outer source port. When it is determined to switch back to using layer 4 information, the method switches back to using layer 4 information from the inner header to generate the source port in the outer header of a packet from the first workload.

Abstract: In some embodiments, a method receives, by a first network device, a packet from a first workload that is located in first site. The first site includes stretched networks across a second site and a third site. The packet includes a destination IP address for a device in the second site. The method determines that the destination IP address does not match an eligible route in a routing table. The first workload was migrated from the second site to the first site and is located on a stretched network between the first site and the second site. A site identifier associated with the first workload is determined where the site identifier identifies the second site. The method selects a site policy based on the site identifier and uses the site policy to send the packet through a layer 2 channel to the second network device in the second site.

Abstract: In some embodiments, a method determines when a packet is fragmented into multiple fragmented packets in a flow between a first workload and a second workload. The method switches from generating an outer source port in the outer header using layer 4 information from the inner header to using layer 3 information from the inner header. A fragmented packet is encapsulated with the outer header that includes an outer source port value that is generated using the layer 3 information. The method initiates a process to determine when to switch back to using layer 4 information from the inner header to generate the outer source port. When it is determined to switch back to using layer 4 information, the method switches back to using layer 4 information from the inner header to generate the source port in the outer header of a packet from the first workload.

Abstract: In some embodiments, a method receives a control message from a second host. The control message includes a first address to use as a next hop to reach an active workload that has migrated to the second host from another host. The method reprograms a local route table to include a policy to send packets to check a liveness of the active workload with the next hop of the first address. A packet is sent from a standby workload to the active workload using the next hop of the first address to check the liveness of the active workload. The packet is encapsulated and sent between the first host and the second host using an overlay channel between a first endpoint of the overlay channel on the first host and a second endpoint of the channel on the second host.

Abstract: Some embodiments provide a method for deploying edge forwarding elements in a public or private software defined datacenter (SDDC). For an entity, the method deploys a default first edge forwarding element to process data message flows between machines of the entity in a first network of the SDDC and machines external to the first network of the SDDC. The method subsequently receives a request to allocate more bandwidth to a first set of the data message flows entering or exiting the first network of the SDDC. In response, the method deploys a second edge forwarding element to process the first set of data message flows of the entity in order to allocate more bandwidth to the first set of the data message flows, while continuing to process a second set of data message flows of the entity through the default first edge node.