Abstract: Some embodiments provide a method for a network controller. The method receives network configuration data including an association of an entity configuration profile to a logical entity group that references at least two logical network entities. The entity configuration profile includes a set of configuration settings to apply to logical network entities with which the entity configuration profile is associated. The method associates the entity configuration profile with the logical network entities referenced by the logical entity group. Based on the associations of the entity configuration profile with the logical network entities, the method determines multiple host machines that require the configuration data for the entity configuration profile. The method distributes the entity configuration profile to the host machines.

Abstract: Example methods and systems for a network management entity to perform adaptive packet flow monitoring. One example method may comprise receiving a request to monitor a packet flow between a first virtualized computing instance supported by a first host and a second virtualized computing instance supported by a second host. The method may also comprise activating a first set of checkpoints by instructing the first host and/or the second host to monitor the packet flow using the first set of checkpoints. The method may further comprise: in response to detecting a predetermined event based on first performance metric information associated with the packet flow, activating a second set of checkpoints by instructing the first host and/or the second host to monitor the packet flow using the second set of checkpoints.

Abstract: Example methods and systems for a network management entity to perform configuration change monitoring. One example method may comprise receiving a request to monitor a datapath to which a configuration change is applicable. The datapath may include multiple network elements. The method may also comprise instructing the first host to inject, at a first network element, one or more trace packets for transmission along the datapath to a second network element. The method may further comprise: obtaining state information associated with the configuration change, and detecting that an operating condition associated with the datapath is affected by the configuration change based on the state information.

Abstract: A method of creating containers in a physical host that includes a managed forwarding element (MFE) configured to forward packets to and from a set of data compute nodes (DCNs) hosted by the physical host. The method creates a container DCN in the host. The container DCN includes a virtual network interface card (VNIC) configured to exchange packets with the MFE. The method creates a plurality of containers in the container DCN. The method, for each container in the container DCN, creates a corresponding port on the MFE. The method sends packets addressed to each of the plurality of containers from the corresponding MFE port to the VNIC of the container DCN.

Abstract: Example methods and systems for a network management entity to perform topology-aware control information dissemination in a software-defined networking (SDN) environment. The method may comprise obtaining group topology information specifying a network group, and a network configuration object that references the network group. The method may also comprise: processing the group topology information to identify, from multiple members of the network group, a first member that is relevant to a first host; and processing the group topology information to identify, from the multiple members, a second member that is irrelevant to the first host. The method may further comprise: generating and sending, to the first host, control information associated with a subset of the network group. The subset may include the first member but exclude the second member.

Abstract: Example methods are provided for a network management entity to perform network configuration failure diagnosis in a software-defined networking (SDN) environment. The method may comprise receiving a request to diagnose a network configuration failure; and generating and sending control information to a host to cause the host to inject, at a first network element, a diagnostic packet for transmission along a datapath to a configuration server via multiple second network elements. The diagnostic packet may be configured according to a network configuration protocol supported by the configuration server. The method may also comprise: receiving report information associated with the diagnostic packet from at least one of the following: the first network element, the multiple second network elements and the configuration server; and based on the report information, determining a diagnosis result associated with the network configuration failure.

Abstract: Example methods are provided for port mirroring based on remote direct memory access (RDMA) in a software-defined networking (SDN) environment. One example method may comprise obtaining configuration information associated with a port mirroring session between a source logical port supported by a source host and a destination logical port supported by a destination host, and establishing an RDMA-based connection between the source and destination hosts. The method may also comprise: in response to detecting a packet passing through the source logical port, generating a mirrored packet based on the detected packet, and storing, in source memory associated with the source host, the mirrored packet in association with destination information identifying the destination logical port or destination host. The method may further comprise transferring the mirrored packet from the source memory to destination memory associated with the destination host via the RDMA-based connection.

Abstract: Example methods are provided for a network management entity to perform query failure diagnosis in a software-defined networking (SDN) environment. The method may comprise receiving a request to diagnose a query failure; and generating and sending control information to a host to cause the host to inject, at a first network element, a diagnostic packet for transmission along a datapath to a query failure via multiple second network elements. The diagnostic packet may be a query configured according to a query protocol supported by the query server. The method may also comprise: receiving report information associated with the diagnostic packet from at least one of the following: the first network element, the multiple second network elements and the query failure; and based on the report information, determining a diagnosis result associated with the query failure.

Abstract: Example methods are provided for first host to perform multicast packet handling in a software-defined networking (SDN) environment. The method may comprise: in response to the first host detecting, from a first virtualized computing instance, a request to join a multicast group address, obtaining control information from a network management entity. The control information may include one or more destination addresses associated with one or more second hosts that have joined the multicast group address on behalf of multiple second virtualized computing instances. The method may also comprise: in response to the first host detecting an egress multicast packet that includes an inner header addressed to the multicast group address, generating one or more encapsulated multicast packets based on the control information and sending the one or more encapsulated multicast packets in a unicast manner or multicast manner, or a combination of both.

Abstract: Some embodiments provide a method for a network controller that manages multiple logical networks implemented by multiple managed forwarding elements (MFEs) operating on multiple host machines. The method receives a notification from a particular MFE that an interface corresponding to a logical port of a logical forwarding element has connected to the particular MFE and has a particular logical network address. The method assigns a unique physical network address to the interface. Each of multiple interfaces connected to the particular MFE is assigned a different physical network address. The method provides the assigned unique physical network address to the particular MFE for the particular MFE to convert data messages sent from the particular logical network address to have the unique physical network address.

Abstract: Some embodiments provide a local network controller that manages a first managed forwarding element (MFE) operating to forward traffic on a host machine for several logical networks and configures the first MFE to forward traffic for a set of containers operating within a container virtual machine (VM) that connects to the first MFE. The local network controller receives, from a centralized network controller, logical network configuration information for a logical network to which the set of containers logically connect. The local network controller receives, from the container VM, a mapping of a tag value used by a second MFE operating on the container VM to a logical forwarding element of the logical network to which the set of containers connect. The local network controller configures the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the tag value.

Abstract: Some embodiments provide a method, that receives a packet having a first logical network address as a source address and a second logical network address as a destination network address. The method replaces the first and second logical network addresses with corresponding first and second physical network addresses. The method transmits the packet having the first and second physical network addresses as source and destination network addresses without encapsulation to a physical network for delivery to the second logical network address.

Abstract: A method of creating containers in a physical host that includes a managed forwarding element (MFE) configured to forward packets to and from a set of data compute nodes (DCNs) hosted by the physical host. The method creates a container DCN in the host. The container DCN includes a virtual network interface card (VNIC) configured to exchange packets with the MFE. The method creates a plurality of containers in the container DCN. The method, for each container in the container DCN, creates a corresponding port on the MFE. The method sends packets addressed to each of the plurality of containers from the corresponding MFE port to the VNIC of the container DCN.

Abstract: Some embodiments provide a method for diagnosing a logical network that includes several logical forwarding elements (LFEs) that logically connects a number of data compute nodes (DCNs) to each other. The method identifies a set of LFEs that logically connects a first DCN of the several DCNs to a second DCN. The method also identifies a transport node that couples to the first DCN and implements the set of LFEs. The method then, for each LFE in the set of LFEs (i) receives a first state of the LFE from the transport node, (ii) compares the first state of the LFE with a second state of the LFE that is received from a controller of the LFE, and (iii) reports the LFE as a problematic LFE along with the transport node and the controller of the LFE when the first and second states of the LFE do not match.

Abstract: Example methods are provided for a host to implement distributed network emulation in a virtualized computing environment. The method may comprise detecting one or more packets from a source network address associated with a source virtualized computing instance to a destination network address associated with a destination virtualized computing instance. The method may also comprise, in response to determination that a network emulation rule configured for the source virtualized computing instance and destination virtualized computing instance is applicable to the one or more packets, determining a physical network condition associated with a path between the source virtualized computing instance and destination virtualized computing instance. The method may further comprise emulating a desired network condition specified by the network emulation rule by performing an emulation action on the one or more packets.

Abstract: A method for a node to become a member of a cluster includes, when the node is in an initialization state, refraining from starting any service for the cluster, rejecting any reconfiguration request from a coordinator of the cluster, and determining if a local copy of a member list is out-of-date. When the local member list is up-to-date, the method includes advancing to an observer state or a participant state depending on if the node is in the member list. When the local copy of the member list is out-of-date, the method includes waiting to receive the member list, updating the local member list to be equal to the member list, persisting the local member list, recording the local member list as up-to-date, and advancing to an observer state or a participant state depending if the node is in the member list.

Abstract: Certain embodiments described herein are generally directed to configuring a generic channel for exchanging information between a hypervisor and a virtual machine run by the hypervisor that resides on a host machine. In some embodiments, the generic channel represents a network or communication path enabled by a logical switch that connects a HyperBus running on the hypervisor and a node agent running on the virtual machine. In some embodiments, network traffic handled by the generic channel is isolated from incoming and outgoing network traffic between the virtual machine and one or more other virtual machines or hosts.

Abstract: Certain embodiments described herein are generally directed to consistent processing of transport node network configuration data in a physical sharding architecture. For example, in some embodiments a first central control plane (CCP) node of a plurality of CCP nodes determines a sharding table, which is shared by the plurality of CCP nodes. In certain embodiments, the first CCP node determines a connection establishment between a first transport node and the first CCP node. In some embodiments, if the first CCP node determines, based on the sharding table, that it is a physical master of the first transport node, the first CCP node receives network configuration data from the first transport node, stores at least a portion of the network configuration data, and transmits a data update comprising at least a portion of the network configuration data to a shared data store accessible by the plurality of CCP nodes.

Abstract: Example methods are provided for configuring traffic flow monitoring in a virtualized computing environment. The method may comprise identifying a first logical entity and a second logical entity for which traffic flow monitoring is required and determining a span associated with the first logical entity and the second logical entity. The span may include a first host supporting the first logical entity and a second host supporting the second logical entity. The method may also comprise, based on the span, configuring the first host to monitor a first traffic flow travelling through the first logical entity at the first host, and the second host to monitor a second traffic flow travelling through the second logical entity at the second host.

Abstract: Example methods are provided for packet handling based on virtual network configuration information in a software-defined networking (SDN) environment. An example comprises a first host obtaining virtual network configuration information that specifies a first virtual object identifier (ID) and a first address associated with a first virtualized computing instance, and a second virtual object ID and a second address associated with a second virtualized computing instance. In response to detecting an egress packet with an inner header that is addressed from the first address to the second address, the first host may generate an encapsulated packet by encapsulating the egress packet with an outer header that specifies the second virtual object ID; and send the encapsulated packet to the second host to cause the second host to decapsulate the outer header and, based on the second virtual object ID, send the egress packet to the second virtualized computing instance.