Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).

Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.

Abstract: Systems, methods and computer storage media for utilizing IPv6 addressing for globally unique identification of network endpoints when communications from or to an IPv4 compatible application. An IPv4 packet of data that is from and/or directed to an IPv4 endpoint is encapsulated in an IPv6 packet of data. An IPv6 compatible address is identified for a destination of the IPv6 packet of data. The IPv6 address is a globally unique identifier that is comprised of an IPv4 identifier that represents an IPv4 address of the encapsulated IPv4 packet. The IPv6 packet of data is communicated to the destination identified by the IPv6 address. A 4 to 6 stack may intercept the incoming IPv6 packet of data before the destination to strip the IPv6 header information revealing the IPv4 packet of data.

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.

Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: Systems, methods and computer storage media for utilizing IPv6 addressing for globally unique identification of network endpoints when communications from or to an IPv4 compatible application. An IPv4 packet of data that is from and/or directed to an IPv4 endpoint is encapsulated in an IPv6 packet of data. An IPv6 compatible address is identified for a destination of the IPv6 packet of data. The IPv6 address is a globally unique identifier that is comprised of an IPv4 identifier that represents an IPv4 address of the encapsulated IPv4 packet. The IPv6 packet of data is communicated to the destination identified by the IPv6 address. A 4 to 6 stack may intercept the incoming IPv6 packet of data before the destination to strip the IPv6 header information revealing the IPv4 packet of data.

Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).

Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a virtual network overlay (“overlay”) are provided. The overlay spans between a data center and a private enterprise network and includes endpoints, of a service application, that reside in each location. The service-application endpoints residing in the data center and in the enterprise private network are reachable by data packets at physical IP addresses. Virtual presences of the service-application endpoints are instantiated within the overlay by assigning the service-application endpoints respective virtual IP addresses and maintaining an association between the virtual IP addresses and the physical IP addresses. This association facilitates routing the data packets between the service-application endpoints, based on communications exchanged between their virtual presences within the overlay.

Abstract: The present invention provides for a system This document describes embodiments for communicating with a host using a global address and a local address. The present invention allows These embodiments allow for the communication to be initiated by an entity outside the host's network. The entity initiating the communication resolves the destination host's domain name into a global address and a local address. Messages are sent to the destination host using both the global address and the local address. In one embodiment, both the global and local address are included in the message by encapsulating IP packets. Some embodiments of the present invention also use pseudo addressing.