Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Abstract: In some embodiments, a method receives data for a block in a blockchain during a recovery process in which a recovering replica is recovering the block for a first instance of the blockchain being maintained by the recovering replica. The block is received from a second instance of the blockchain being maintained by a source replica. The method splits the data for the block into a plurality of chunks. Each chunk includes a portion of the data for the block; It is determined whether the recovering replica can recover a chunk in the plurality of chunks using a representation of the chunk. In response to determining that the recovering replica can recover the chunk, sending the representation of the chunk to the recovering replica. In response to determining that the recovering replica cannot recover the chunk, sending the data for the chunk to the recovering replica.

Abstract: The method of some embodiment provides DNS service for an SD-WAN. The method receives a DNS request for a domain name (e.g., a FQDN) from one of the compute nodes connected to the SD-WAN (e.g., from a branch site or datacenter site, or a machine of a remote user). The method selects a particular network address (e.g., a particular IP address) from several network addresses (e.g., several IP addresses) of several different sets of servers that are associated with the domain name based on measurements taken by agents deployed in the SD-WAN and based on SD-WAN DNS-resolution selection criteria. The method provides the particular network address in response to the DNS request to the machine that sent the DNS request (e.g., to the branch site or datacenter that sent the DNS request, or to the machine of the remote user that sent the request).

Abstract: Some embodiments provide a novel method for sharing data between user-space processes and kernel-space processes without copying the data. The method dedicates, by a driver of a network interface controller (NIC), a memory address space for a user-space process. The method allocates a virtual region of the memory address space for zero-copy operations. The method maps the virtual region to a memory address space of the kernel. The method allows access to the virtual region by both the user-space process and a kernel-space process.

Abstract: The method of some embodiments provides values from a server over a network connection. The method, for each of multiple values (i) creates a file including the value on a random access memory filing system (RAMFS), (ii) receives a request to receive the value, and (iii) sends the file via a sendfile system call.

Abstract: The method of some embodiments receives a file from a server. The method is implemented at a client machine. The method creates a page fragment cache, including multiple page fragments, for receiving file data from the server. The method allocates page fragments from the page fragment cache to a dedicated receiving (RX) ring. The method sends a request file packet over a TCP connection to the server. The method receives multiple data packets, each data packet including a header and file data. The method stores the file data for the multiple data packets sequentially in the page fragment cache.

Abstract: Some embodiments provide a method of reducing network congestion in a virtual network. The method, at a first CFE of the virtual network, receives multiple encapsulated data packets of a data stream. The encapsulated data packets having been encapsulated by a second CFE, operating on a server of the virtual network. The second CFE identifies a load percentage of the server, sets explicit congestion notification (ECN) bits on a percentage of the data packets based on the load percentage of the server, and encapsulates each data packet. The first CFE determines whether to forward a new connection to the second CFE based at least on the percentage of data packets from the first CFE with the ECN bits set.

Abstract: The method, in some embodiments, aggregates duplicate transmission control protocol (TCP) packets of a data stream duplicated and sent over disjoint routing paths. Each duplicate pair of packets includes a packet sequence number unique to that duplicate pair. The method iteratively (1) generates a window of packet sequence numbers for the data stream starting with a lowest packet sequence number, of the data stream, that has not been received, (2) receives a TCP packet sent over one of a first routing path and a second, disjoint routing path. If the packet sequence number of the received TCP packet is outside the window or is a duplicate of a previously received TCP packet, the method drops the received TCP packet. If the packet sequence number of the received TCP packet is within the window and is not a duplicate of a previously received TCP packet, the method stores the received packet.

Abstract: The method of some embodiments selects a backup overlay network route when rerouting data packets to avoid delays on a primary overlay network route. The method, for each of multiple overlay network routes, measures delays of data packet transmissions on the overlay network route. The method correlates changes in the delays of data packet transmissions sent through different overlay network routes of the plurality of overlay network routes. The method selects the backup overlay network route based on the backup overlay network route having a low correlation or no correlation of changes of delays with the primary overlay route. In some embodiments, multiple physical network routes underlie the multiple overlay network routes, and correlating changes in the delays of data packet transmissions sent through different overlay network routes of the plurality of overlay network routes includes identifying overlay network routes for which the underlying physical network routes share infrastructure.

Abstract: In some embodiments, a method receives data for a block in a blockchain during a recovery process in which a recovering replica is recovering the block for a first instance of the blockchain being maintained by the recovering replica. The block is received from a second instance of the blockchain being maintained by a source replica. The method splits the data for the block into a plurality of chunks. Each chunk includes a portion of the data for the block; It is determined whether the recovering replica can recover a chunk in the plurality of chunks using a representation of the chunk. In response to determining that the recovering replica can recover the chunk, sending the representation of the chunk to the recovering replica. In response to determining that the recovering replica cannot recover the chunk, sending the data for the chunk to the recovering replica.

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Abstract: In a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow. The prepended set of SD-WAN header values are then used to not only forward the first packet through the SD-WAN, but also to create records at each subsequent hop, which are then used to forward subsequent packets of the flow through the SD-WAN. Instead of identifying the entire packet flow, the first hop in the SD-WAN does not identify the entire path for the packet flow in some embodiments, but just identifies the next hop, as each subsequent hop in the SD-WAN has the task of identifying the next hop through the SD-WAN for the packet flow.

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Abstract: In a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow. The prepended set of SD-WAN header values are then used to not only forward the first packet through the SD-WAN, but also to create records at each subsequent hop, which are then used to forward subsequent packets of the flow through the SD-WAN. Instead of identifying the entire packet flow, the first hop in the SD-WAN does not identify the entire path for the packet flow in some embodiments, but just identifies the next hop, as each subsequent hop in the SD-WAN has the task of identifying the next hop through the SD-WAN for the packet flow.

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Abstract: Some embodiments provide a novel method for splicing Transmission Control Protocol (TCP) sockets on a computing device that processes a kernel of an operating system. The method receives a set of packets at a first TCP socket of the kernel. The method stores the set of packets at a kernel memory location sends the set of packets directly from the kernel memory location out through a second TCP socket of the kernel.

Abstract: In a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow. The prepended set of SD-WAN header values are then used to not only forward the first packet through the SD-WAN, but also to create records at each subsequent hop, which are then used to forward subsequent packets of the flow through the SD-WAN. Instead of identifying the entire packet flow, the first hop in the SD-WAN does not identify the entire path for the packet flow in some embodiments, but just identifies the next hop, as each subsequent hop in the SD-WAN has the task of identifying the next hop through the SD-WAN for the packet flow.

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.