Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: A method for a node to become a member of a cluster includes, when the node is in an initialization state, refraining from starting any service for the cluster, rejecting any reconfiguration request from a coordinator of the cluster, and determining if a local copy of a member list is out-of-date. When the local member list is up-to-date, the method includes advancing to an observer state or a participant state depending on if the node is in the member list. When the local copy of the member list is out-of-date, the method includes waiting to receive the member list, updating the local member list to be equal to the member list, persisting the local member list, recording the local member list as up-to-date, and advancing to an observer state or a participant state depending if the node is in the member list.

Abstract: A method is provided for a coordinator to manage cluster membership. In a stable state, the coordinator provides a member list to all the nodes in a node list. The member list includes nodes that are cluster members. The node list includes nodes that are or wish to be members of the cluster. When the node list differs from the member list, the coordinator advances to a reconfiguration state to change the membership of the cluster. In the reconfiguration state, the coordinator sends a reconfiguration request to all the nodes in the node list. When reconfiguration acknowledgements are received from all the nodes within a timeout period, the coordinator updates the member list to be equal to the node list, persists the updated member list, sends a reconfiguration confirmation including the updated member list to all the nodes in the node list, and returns to the stable state.

Abstract: Some embodiments provide a method for diagnosing a logical network that includes several logical forwarding elements (LFEs) that logically connects a number of data compute nodes (DCNs) to each other. The method identifies a set of LFEs that logically connects a first DCN of the several DCNs to a second DCN. The method also identifies a transport node that couples to the first DCN and implements the set of LFEs. The method then, for each LFE in the set of LFEs (i) receives a first state of the LFE from the transport node, (ii) compares the first state of the LFE with a second state of the LFE that is received from a controller of the LFE, and (iii) reports the LFE as a problematic LFE along with the transport node and the controller of the LFE when the first and second states of the LFE do not match.

Abstract: For a managed network including multiple host machines implementing multiple logical networks, some embodiments provide a method that reduces the memory and traffic load required to implement the multiple logical networks. The method generates configuration data for each of multiple host machines including (i) data to configure a host machine to implement a set of logical forwarding elements that belong to a set of routing domains and (ii) identifiers for each routing domain in the set of routing domains. The method then receives data regarding tunnels endpoints operating on each of the host machines and an association with the routing identifiers sent to the host machines. The method then generates a routing domain tunnel endpoint list for each routing domain based on the data received from each of the host machines including a list of the tunnel endpoints associated with the routing domain which the host machines can use to facilitate packet processing.

Abstract: A method of allocating network bandwidth in a network that includes several tenant virtual machines (VMs). The method calculates a first bandwidth reservation for a flow between a source VM and a destination VM that are hosted on two different host machines. The source VM sends packets to a first set of VMs that includes the destination VM. The destination VM receives packets from a second set of VMs that includes the source VM. The method receives a second bandwidth reservation for the flow calculated at the destination. The method sets the bandwidth reservation for the flow as a minimum of the first and second bandwidth reservations.

Abstract: Some embodiments provide a method for diagnosing a logical network that includes several logical forwarding elements (LFEs) that logically connects a number of data compute nodes (DCNs) to each other. The method identifies a set of LFEs that logically connects a first DCN of the several DCNs to a second DCN. The method also identifies a transport node that couples to the first DCN and implements the set of LFEs. The method then, for each LFE in the set of LFEs (i) receives a first state of the LFE from the transport node, (ii) compares the first state of the LFE with a second state of the LFE that is received from a controller of the LFE, and (iii) reports the LFE as a problematic LFE along with the transport node and the controller of the LFE when the first and second states of the LFE do not match.

Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: Example methods are provided for configuring traffic flow monitoring in a virtualized computing environment. The method may comprise identifying a first logical entity and a second logical entity for which traffic flow monitoring is required and determining a span associated with the first logical entity and the second logical entity. The span may include a first host supporting the first logical entity and a second host supporting the second logical entity. The method may also comprise, based on the span, configuring the first host to monitor a first traffic flow travelling through the first logical entity at the first host, and the second host to monitor a second traffic flow travelling through the second logical entity at the second host.

Abstract: A method of creating containers in a physical host that includes a managed forwarding element (MFE) configured to forward packets to and from a set of data compute nodes (DCNs) hosted by the physical host. The method creates a container DCN in the host. The container DCN includes a virtual network interface card (VNIC) configured to exchange packets with the MFE. The method creates a plurality of containers in the container DCN. The method, for each container in the container DCN, creates a corresponding port on the MFE. The method sends packets addressed to each of the plurality of containers from the corresponding MFE port to the VNIC of the container DCN.

Abstract: Some embodiments provide a method for a network controller that manages multiple logical networks implemented by multiple managed forwarding elements (MFEs) operating on multiple host machines. The method receives a notification from a particular MFE that an interface corresponding to a logical port of a logical forwarding element has connected to the particular MFE and has a particular logical network address. The method assigns a unique physical network address to the interface. Each of multiple interfaces connected to the particular MFE is assigned a different physical network address. The method provides the assigned unique physical network address to the particular MFE for the particular MFE to convert data messages sent from the particular logical network address to have the unique physical network address.

Abstract: Some embodiments provide a method, that receives a packet having a first logical network address as a source address and a second logical network address as a destination network address. The method replaces the first and second logical network addresses with corresponding first and second physical network addresses. The method transmits the packet having the first and second physical network addresses as source and destination network addresses without encapsulation to a physical network for delivery to the second logical network address.

Abstract: An example method is provided for a host to perform network configuration health check in a virtualized computing environment. The method may include selecting a source NIC and one or more destination NICs, based on a first network configuration of the host, generating one or more unicast probe packets that are addressed from the source NIC to the respective one or more destination NICs, and sending the one or more unicast probe packets to the respective one or more destination NICs from the source NIC via a physical switch connected to the host. The method may also include in response to receiving the one or more unicast probe packets from the physical switch, determining that there is a match between the first network configuration and a second network configuration, but otherwise, determining that there is a mismatch between the first network configuration and second network configuration.

Abstract: Example methods are provided for first host to perform multicast packet handling in a software-defined networking (SDN) environment. The method may comprise: in response to the first host detecting, from a first virtualized computing instance, a request to join a multicast group address, obtaining control information from a network management entity. The control information may include one or more destination addresses associated with one or more second hosts that have joined the multicast group address on behalf of multiple second virtualized computing instances. The method may also comprise: in response to the first host detecting an egress multicast packet that includes an inner header addressed to the multicast group address, generating one or more encapsulated multicast packets based on the control information and sending the one or more encapsulated multicast packets in a unicast manner or multicast manner, or a combination of both.

Abstract: Certain embodiments of the present disclosure include a method for translating an application-level abstraction to a logical network topology. The method includes receiving an event request from a container orchestrator at an orchestrator adaptor. The method also includes translating the event request to a logical network resource via an application programming interface associated with a network virtualization platform. The method includes mapping the event request to the logical network resource. The method also includes deploying the logical network resource in a logical network via the network virtualization platform.

Abstract: Aspects of the present disclosure relate to introduction of a physical switch port and logical switch port to the virtualization layer. A virtual network interface card (VNIC) can be associated with a physical switch port that routes traffic to logical switch ports based on a transmit function. The logical switch ports each are associated with a filtering protocol and route traffic to a physical switch port based on a receive function associated with that logical switch port. The logical switch ports can be associated with container running on the virtual machine (VM) connected to the VNIC. Thus, a single VNIC can be shared by multiple containers running different filtering protocols. A single logical port can also route traffic to multiple physical switch ports, each associated with a different VNIC. Thus, a same filtering protocol can be shared by multiple VNICs.

Abstract: For a managed network including multiple host machines implementing multiple logical networks, some embodiments provide a method that reduces the memory and traffic load required to implement the multiple logical networks. The method generates configuration data for each of multiple host machines including (i) data to configure a host machine to implement a set of logical forwarding elements that belong to a set of routing domains and (ii) identifiers for each routing domain in the set of routing domains. The method then receives data regarding tunnels endpoints operating on each of the host machines and an association with the routing identifiers sent to the host machines. The method then generates a routing domain tunnel endpoint list for each routing domain based on the data received from each of the host machines including a list of the tunnel endpoints associated with the routing domain which the host machines can use to facilitate packet processing.

Abstract: Example methods are provided for assigning a routing domain identifier in a logical network environment that includes one or more logical distributed routers and one or more logical switches. In one example, the method may comprise obtaining network topology information specifying how the one or more logical distributed routers are connected with the one or more logical switches; and selecting, from the one or more logical switches, a particular logical switch for which routing domain identifier assignment is required. The method may also comprise: identifying a particular logical distributed router that is connected with the particular logical switch based on the network topology information; assigning the particular logical switch with the routing domain identifier that is associated with the particular logical distributed router; and using the routing domain identifier in a communication between a management entity and a host.

Abstract: A computer system provides a method for processing network packets using unique identifiers associated with source and destination virtual machines (VMs). The method includes receiving, from a first VM, a request for address information associated with a second VM, generating and returning one or more arbitrarily assigned addresses for the second VM, mapping a unique identifier of the second VM to the one or more arbitrarily assigned addresses, receiving a packet from the first VM including one or more addresses associated with the first VM and the one or more arbitrarily assigned addresses associated with the second VM, replacing the addresses associated with the first VM with a unique identifier of the first VM and the one or more arbitrarily assigned addresses associated with the second VM with the unique identifier of the second VM, and transmitting the packet to a host machine associated with the second VM.

Abstract: Example methods are provided for a host to perform multicast packet handling in a logical network. The method comprise in response to detecting a request to join a multicast group address, a hypervisor modifying the request by replacing a first address associated with a virtualized computing instance with a second address associated with the hypervisor; and sending the modified request to join the multicast group address on behalf of the virtualized computing instance. The method may also comprise: in response to detecting an egress multicast packet, the hypervisor encapsulating the egress multicast packet with an outer header that is addressed from the second address to the multicast group address; and sending the encapsulated egress multicast packet via one or more multicast-enabled network devices that are capable of forwarding, based on the outer header, the encapsulated egress multicast packet to one or more destinations that have joined the multicast group address.