Abstract: Some embodiments provide a method for diagnosing a logical network that includes several logical forwarding elements (LFEs) that logically connects a number of data compute nodes (DCNs) to each other. The method identifies a set of LFEs that logically connects a first DCN of the several DCNs to a second DCN. The method also identifies a transport node that couples to the first DCN and implements the set of LFEs. The method then, for each LFE in the set of LFEs (i) receives a first state of the LFE from the transport node, (ii) compares the first state of the LFE with a second state of the LFE that is received from a controller of the LFE, and (iii) reports the LFE as a problematic LFE along with the transport node and the controller of the LFE when the first and second states of the LFE do not match.

Abstract: Example methods are provided for first host to perform multicast packet handling in a software-defined networking (SDN) environment. The method may comprise: in response to the first host detecting, from a first virtualized computing instance, a request to join a multicast group address, obtaining control information from a network management entity. The control information may include one or more destination addresses associated with one or more second hosts that have joined the multicast group address on behalf of multiple second virtualized computing instances. The method may also comprise: in response to the first host detecting an egress multicast packet that includes an inner header addressed to the multicast group address, generating one or more encapsulated multicast packets based on the control information and sending the one or more encapsulated multicast packets in a unicast manner or multicast manner, or a combination of both.

Abstract: A method is provided for a coordinator to manage cluster membership. In a stable state, the coordinator provides a member list to all the nodes in a node list. The member list includes nodes that are cluster members. The node list includes nodes that are or wish to be members of the cluster. When the node list differs from the member list, the coordinator advances to a reconfiguration state to change the membership of the cluster. In the reconfiguration state, the coordinator sends a reconfiguration request to all the nodes in the node list. When reconfiguration acknowledgements are received from all the nodes within a timeout period, the coordinator updates the member list to be equal to the node list, persists the updated member list, sends a reconfiguration confirmation including the updated member list to all the nodes in the node list, and returns to the stable state.

Abstract: Some embodiments provide a method for a network controller. The method receives network configuration data including an association of an entity configuration profile set with a logical network entity. The entity configuration profile set is a group of at least two entity configuration profiles for different types of settings to apply to logical network entities with which the entity configuration profile set is associated. The method identifies a host machine at which the logical network entity is implemented. The method distributes the entity configuration profile set and each of the at least two entity configuration profiles to the identified host machine.

Abstract: Some embodiments provide a method for a network controller. The method receives network configuration data including an association of an entity configuration profile to a logical entity group that references at least two logical network entities. The entity configuration profile includes a set of configuration settings to apply to logical network entities with which the entity configuration profile is associated. The method associates the entity configuration profile with the logical network entities referenced by the logical entity group. Based on the associations of the entity configuration profile with the logical network entities, the method determines multiple host machines that require the configuration data for the entity configuration profile. The method distributes the entity configuration profile to the host machines.

Abstract: Example methods are provided for a host to perform packet handling based on a microprocessor architecture configuration that includes a first node and a second node. One example method may comprise detecting, from a virtualized computing instance supported by the host, an egress packet for transmission to a destination via one of multiple physical network interface controllers (PNICs) of the host. The method may also comprise: identifying the first node assigned to the virtualized computing instance and selecting a first PNIC associated with the first node assigned to the virtualized computing instance. The multiple PNICs may include the first PNIC, and a second PNIC associated with the second node. The method may further comprise sending the egress packet to the destination via the first PNIC associated with the first node.

Abstract: A method of determining the span of logical entities in a network is provided. The method generates a directed graph. Each node of the graph corresponds to a logical network entity. Each edge of the graph has one or two directions. A direction from a first node to a second node identifies the first node as the source of span for the second node. The method determines the span of each node based on the direction of the edges of the directed graph. The method groups each set of nodes that are accessible by all other nodes in the set in a strongly connected group (SCC) sub-graph. The method generates a group node in a directed acyclic graph (DAG) to correspond to each SCC sub-graph in the directed graph. The method assigns the span of each SCC to the corresponding group node of the DAG.

Abstract: Certain embodiments described herein are generally directed to configuring a generic channel for exchanging information between a hypervisor and a virtual machine run by the hypervisor that resides on a host machine. In some embodiments, the generic channel represents a network or communication path enabled by a logical switch that connects a HyperBus running on the hypervisor and a node agent running on the virtual machine. In some embodiments, network traffic handled by the generic channel is isolated from incoming and outgoing network traffic between the virtual machine and one or more other virtual machines or hosts.

Abstract: Certain embodiments described herein are generally directed to consistent processing of transport node network configuration data in a physical sharding architecture. For example, in some embodiments a first central control plane (CCP) node of a plurality of CCP nodes determines a sharding table, which is shared by the plurality of CCP nodes. In certain embodiments, the first CCP node determines a connection establishment between a first transport node and the first CCP node. In some embodiments, if the first CCP node determines, based on the sharding table, that it is a physical master of the first transport node, the first CCP node receives network configuration data from the first transport node, stores at least a portion of the network configuration data, and transmits a data update comprising at least a portion of the network configuration data to a shared data store accessible by the plurality of CCP nodes.

Abstract: Certain embodiments of the present disclosure include a method for translating an application-level abstraction to a logical network topology. The method includes receiving an event request from a container orchestrator at an orchestrator adaptor. The method also includes translating the event request to a logical network resource via an application programming interface associated with a network virtualization platform. The method includes mapping the event request to the logical network resource. The method also includes deploying the logical network resource in a logical network via the network virtualization platform.

Abstract: Example methods are provided for a network management entity to implement port mirroring in a virtualized computing environment. The method may comprise configuring a port mirroring session between a source virtual port and a destination virtual port. A source host may be configured using source session information and a destination host configured using destination session information such that packets passing through the source virtual port are mirrored and sent from the source host to the destination host. The method may also comprise: in response to detecting a status associated with the source virtual port, or the destination virtual port, that requires a reconfiguration of the port mirroring session, generating and send a first instruction to update the source session information at the source host, or a second instruction to update the destination session information at the destination host, or both.

Abstract: Example methods are provided for a network management entity to implement distributed network emulation in a virtualized computing environment. The method may comprise: generating a translated network emulation rule by translating a source identifier and a destination identifier in a network emulation rule to respective source network address and destination network address, and configuring a source host or destination host to apply the translated network emulation rule to emulate a desired network condition for one or more first packets from the source network address to the destination network address. The method may further comprise: in response to detecting that the source network address or destination network address has been updated, updating the source network address or destination network address in the translated network emulation rule; and reconfiguring the source host or destination host to apply the updated translated network emulation rule.

Abstract: Certain embodiments described herein are generally directed to configuring a generic channel for exchanging information between a hypervisor and a virtual machine run by the hypervisor that resides on a host machine. In some embodiments, the generic channel represents a network or communication path enabled by a logical switch that connects a HyperBus running on the hypervisor and a node agent running on the virtual machine. In some embodiments, network traffic handled by the generic channel is isolated from incoming and outgoing network traffic between the virtual machine and one or more other virtual machines or hosts.

Abstract: For a managed network including multiple host machines implementing multiple logical networks, some embodiments provide a method that reduces the memory and traffic load required to implement the multiple logical networks. The method generates configuration data for each of multiple host machines including (i) data to configure a host machine to implement a set of logical forwarding elements that belong to a set of routing domains and (ii) identifiers for each routing domain in the set of routing domains. The method then receives data regarding tunnels endpoints operating on each of the host machines and an association with the routing identifiers sent to the host machines. The method then generates a routing domain tunnel endpoint list for each routing domain based on the data received from each of the host machines including a list of the tunnel endpoints associated with the routing domain which the host machines can use to facilitate packet processing.

Abstract: A method of determining the span of logical entities in a network is provided. The method generates a directed graph. Each node of the graph corresponds to a logical network entity. Each edge of the graph has one or two directions. A direction from a first node to a second node identifies the first node as the source of span for the second node. The method determines the span of each node based on the direction of the edges of the directed graph. The method groups each set of nodes that are accessible by all other nodes in the set in a strongly connected group (SCC) sub-graph. The method generates a group node in a directed acyclic graph (DAG) to correspond to each SCC sub-graph in the directed graph. The method assigns the span of each SCC to the corresponding group node of the DAG.

Abstract: A method is provided to diagnose one or more malfunctions in a virtual network having a network functionality implemented in a distributed manner by hypervisors, each performing part of the network functionality. The method includes receiving user input of observed facts about the virtual network, where the observed facts include identifiers of virtual components in the virtual network, and adding the observed facts to a knowledge base. The method further includes, in response to the identifiers of the virtual components, querying agents on the hypervisors for collected facts related to the virtual components, receiving and adding the collected facts to the knowledge base, and applying logic rules to the knowledge base to produce one or more diagnoses of the virtual network.

Abstract: Example methods are provided for packet handling based on virtual network configuration information in a software-defined networking (SDN) environment. An example comprises a first host obtaining virtual network configuration information that specifies a first virtual object identifier (ID) and a first address associated with a first virtualized computing instance, and a second virtual object ID and a second address associated with a second virtualized computing instance. In response to detecting an egress packet with an inner header that is addressed from the first address to the second address, the first host may generate an encapsulated packet by encapsulating the egress packet with an outer header that specifies the second virtual object ID; and send the encapsulated packet to the second host to cause the second host to decapsulate the outer header and, based on the second virtual object ID, send the egress packet to the second virtualized computing instance.

Abstract: A computer system provides a method for processing network packets using unique identifiers associated with source and destination virtual machines (VMs). The method includes receiving, from a first VM, a request for address information associated with a second VM, generating and returning one or more arbitrarily assigned addresses for the second VM, mapping a unique identifier of the second VM to the one or more arbitrarily assigned addresses, receiving a packet from the first VM including one or more addresses associated with the first VM and the one or more arbitrarily assigned addresses associated with the second VM, replacing the addresses associated with the first VM with a unique identifier of the first VM and the one or more arbitrarily assigned addresses associated with the second VM with the unique identifier of the second VM, and transmitting the packet to a host machine associated with the second VM.

Abstract: Example methods are provided for filter-based control information query in a software-defined networking (SDN) environment that includes a host and a network management entity. One example method may comprise identifying a first query key for the host to query for control information associated with the first query key from the network management entity; and applying a set membership filter to determine whether the first query key is possibly a member of a set of second query keys that are known to the network management entity. The method may also comprise, in response to determination that the first query key is possibly a member of the set of second query keys, generating and sending a query message to the network management entity over a control-plane channel to query for the control information associated with the first query key.

Abstract: A method of allocating network bandwidth in a network that includes several tenant virtual machines (VMs). The method calculates a first bandwidth reservation for a flow between a source VM and a destination VM that are hosted on two different host machines. The source VM sends packets to a first set of VMs that includes the destination VM. The destination VM receives packets from a second set of VMs that includes the source VM. The method receives a second bandwidth reservation for the flow calculated at the destination. The method sets the bandwidth reservation for the flow as a minimum of the first and second bandwidth reservations.