Abstract: Systems and methods for a virtual network routing gateway that supports address translation for data plane as well as dynamic routing protocols are disclosed herein. The method can include coupling a gateway with a plurality of ports to a network having a plurality of first IP addresses in a private address space, generating a Network Address Translation (“NAT”) function in the gateway, inputting translation information into the NAT function, advertising routes based on the translation information, populating a unified routing table in the gateway based on the plurality of first IP addresses in the private address space and on translated route advertisements, receive an inbound network packet at the gateway, translating an inbound address of the inbound network packet with the NAT function, and delivering the network packet according to the routing table and based on the translated inbound address.

Abstract: Techniques are described for communications in an L2 virtual network. In an example, the L2 virtual network includes a plurality of L2 compute instances hosted on a set of host machines and a plurality of L2 virtual network interfaces and L2 virtual switches hosted on a set of network virtualization devices. An L2 virtual network interface emulates an L2 port of the L2 virtual network. Access control list (ACL) information applicable to the L2 port is sent to a network virtualization device that hosts the L2 virtual network interface.

Abstract: A network environment comprises a plurality of host machines that are communicatively coupled to each other via a network fabric comprising a plurality of switches that in turn include a plurality of ports. Each host machine comprises one or more GPUs. A first subset of ports from is associated with a first virtual plane, wherein the first virtual plane identifies a first collection of resources to be used for communicating packets from and to host machines associated with the first virtual plane. A second subset of ports is associated with a second virtual plane that is different from the first virtual plane. A first host machine and a second host machine are associated with the first virtual plane. A packet originating at the first host machine and destined for the second host machine is communicated using only ports from the first subset of ports.

Abstract: A network environment comprises a plurality of host machines that are coupled to each other via a network fabric comprising a plurality of switches, that in turn include a plurality of ports. Each host machine comprises one or more GPUs. A first subset of ports from is associated with a first virtual plane, wherein the first virtual plane identifies a first collection of resources to be used for communicating packets from/to host machines associated with the first virtual plane. A second subset of ports is associated with a second virtual plane that is different from the first virtual plane. A first host machine and a second host machine are associated with the first virtual plane and the second virtual plane, respectively. A packet is communicated from the first host machine to the second host machine using ports from the first subset of ports and the second subset of ports.

Abstract: A network environment comprises a plurality of host machines that are coupled to each other via a network fabric comprising a plurality of switches, that in turn include a plurality of ports. Each host machine comprises one or more GPUs. A first subset of ports from is associated with a first virtual plane, wherein the first virtual plane identifies a first collection of resources to be used for communicating packets from/to host machines associated with the first virtual plane. A second subset of ports is associated with a second virtual plane that is different from the first virtual plane. A first host machine and a second host machine are associated with the first virtual plane and the second virtual plane, respectively. A packet is communicated from the first host machine to the second host machine using ports from the first subset of ports and the second subset of ports.

Abstract: Discussed herein is a mechanism of building/constructing a network fabric for a cluster of GPUs. A plurality of sets of GPUs are created, wherein each set of GPUs is created by selecting one GPU from each host machine in the plurality of host machines. Each set of GPUs is coupled to a different group of switches in a plurality of groups of switches. The coupling included: (i) coupling each GPU in the set of GPUs to a unique ingress port of a first switch included in a corresponding group of switches that is associated with the set of GPUs, and (ii) mapping virtually, each ingress port of the first switch to a unique egress port of a plurality of egress ports of the first switch. A packet originating at a source GPU and destined for a destination GPU is communicated via the network fabric.

Abstract: A network environment comprises a plurality of host machines that are communicatively coupled to each other via a network fabric comprising a plurality of switches that in turn include a plurality of ports. Each host machine comprises one or more GPUs that execute customer workloads. Described herein are different approaches that provide for addressing the problem of handling network overlay encapsulation without causing adverse impact to the performance of workloads executed on the GPU clusters.

Abstract: A network environment comprises a plurality of host machines that are coupled to each other via a network fabric comprising a plurality of switches, that in turn include a plurality of ports. Each host machine comprises one or more GPUs. A first subset of ports from is associated with a first virtual plane, wherein the first virtual plane identifies a first collection of resources to be used for communicating packets from/to host machines associated with the first virtual plane. A second subset of ports is associated with a second virtual plane that is different from the first virtual plane. A first host machine and a second host machine are associated with the first virtual plane and the second virtual plane, respectively. A packet is communicated from the first host machine to the second host machine using ports from the first subset of ports and the second subset of ports.

Abstract: Techniques are described for communications in an L2 virtual network. In an example, the L2 virtual network includes a plurality of L2 compute instances hosted on a set of host machines and a plurality of L2 virtual network interfaces and L2 virtual switches hosted on a set of network virtualization devices. An L2 virtual network interface emulates an L2 port of the L2 virtual network. IGMP configuration is distributed to the L2 virtual switches. A control plane of the L2 virtual network coordinates IGMP configuration across the L2 virtual switches.

Abstract: Systems and methods for support server high availability with network link bonding for cloud overlay networks are disclosed herein. The method can include selecting a compute instance, identifying a plurality of Network Virtualization Devices (“NVD”) for association with the compute instance, and creating a number of Virtualized Network Interface Cards (“VNIC”), each of which VNICs can reside in one of the plurality of NVDs. The method can include overlaying an IP address of the compute instance to each of the VNICs, such that each of the VNICs share a common IP address, designating a network path formed by one of the VNICs in one of the NVDs as an active network path and another of the network paths as an inactive network path, and activating the inactive network path when the active network path fails.

Abstract: Aspects of the present application relate to systems, methods and non-transitory computer readable media for network virtualization in a rack-based switch. The method can include sending a communication from a first virtual machine (“VM”) instantiated on a first host machine to a first network virtualization Top of Rack (“ToR”) switch. The first network virtualization ToR can include a peripheral component interconnect express (“PCIe”) switch coupled to a plurality of host-side Ethernet ports, a virtualization device communicatingly coupled to the PCIe switch, which virtualization device can include a plurality of virtualization functions, and a switching ASIC coupled to the virtualization device and to a network-side Ethernet port. The method can include forming the communication into an Internet Protocol (“IP”) packet with a first virtualization function of the virtualization device, and sending the IP packet to a second VM with the switching ASIC.

Abstract: A network interface card, such as a SmartNIC, is used to provide encryption, such as network encryption virtual function (NEVF), for a virtual machine, so that a customer can control network keys in a virtual cloud network. The NEVF includes a memory device (e.g., SRAM) and a crypto processor (e.g., a crypto core). The memory device stores a crypto key. The crypto processor uses the crypto key to encrypt data to and from a virtual machine in the virtual cloud network. A key management system can be used to securely transfer crypto keys to the NEVF. Having one NEVF per virtual machine can enable a customer to manage the crypto key for a virtual cloud network.

Abstract: Techniques are described for creating a network-link between a first virtual network in a first cloud environment and a second virtual network in a second cloud environment. The first virtual network in the first cloud environment is created to enable a user associated with a customer tenancy in the second cloud environment to access one or more services provided in the first cloud environment. The network-link is created based on one or more link-enabling virtual networks being deployed in the first cloud environment and the second cloud environment.

Abstract: Aspects of the present application relate to systems, methods and non-transitory computer readable media for network virtualization in a rack-based switch. The method can include sending a communication from a first virtual machine (“VM”) instantiated on a first host machine to a first network virtualization Top of Rack (“ToR”) switch. The first network virtualization ToR can include a peripheral component interconnect express (“PCIe”) switch coupled to a plurality of host-side Ethernet ports, a virtualization device communicatingly coupled to the PCIe switch, which virtualization device can include a plurality of virtualization functions, and a switching ASIC coupled to the virtualization device and to a network-side Ethernet port. The method can include forming the communication into an Internet Protocol (“IP”) packet with a first virtualization function of the virtualization device, and sending the IP packet to a second VM with the switching ASIC.

Abstract: Techniques for loop prevention while allowing multipath in a virtual L2 network are described. In an example, a network virtualization device can generate a first L2 bridge protocol data unit by applying a first loop detection protocol specific to only the first port and the first host machine. The network virtualization device can transmit, to the first compute instance via the first port, a first frame that includes the first L2 BPDU. The network virtualization device can receive, from the first compute instance via the first port, a second frame. The network virtualization device can determine that the second frame comprises the first L2 BPDU. The network virtualization device can determine that a loop exists between the network virtualization device and the first compute instance based on the first loop detection protocol and the first L2 BPDU of the second frame.

Abstract: A method for providing a dedicated region cloud at customer is provided. A first physical port of a network virtualization device (NVD) included in a datacenter is communicatively coupled to a first top-of-rack (TOR) switch and a second TOR switch. A second physical port of the NVD is communicatively coupled with a network interface card (NIC) associated with a host machine. The second physical port provided a first logical port and a second logical port for communications between the NVD and the NIC. The NVD receives a packet from the host machine via the first logical port or the second logical port. Upon receiving the packet, the NVD determines a particular TOR, from a group including the first TOR and the second TOR, for communicating the packet. The NVD transmits the packet to the particular TOR to facilitate communication of the packet to a destination host machine.

Abstract: Generally described, systems and methods are provided for monitoring and detecting causes of failures of network paths. The system collects performance information from a plurality of nodes and links in a network, aggregates the collected performance information across paths in the network, processes the aggregated performance information for detecting failures on the paths, analyzes each of the detected failures to determine at least one root cause, and initiates a remedial workflow for the at least one root cause determined. In some aspects, processing the aggregated information may include performing a statistical regression analysis or otherwise solving a set of equations for the performance indications on each of a plurality of paths. In another aspect, the system may also include an interface which makes available for display one or more of the network topology, the collected and aggregated performance information, and indications of the detected failures in the topology.

Abstract: Techniques are described for creating a network-link between a first virtual network in a first cloud environment and a second virtual network in a second cloud environment. The first virtual network in the first cloud environment is created to enable a user associated with a customer tenancy in the second cloud environment to access one or more services provided in the first cloud environment. The network-link is created based on one or more link-enabling virtual networks being deployed in the first cloud environment and the second cloud environment.

Abstract: A Network Virtualization Device (NVD) executes a set of Virtual Network Interface Cards (VNICs). The set of VNICs includes a first VNIC that forwards packets for a set of one or more packet flows. The NVD stores a first VNIC-related information that includes information identifying a first set of one or more packet flows and associated state information The NVD in response to determining that the state information for the first VNIC is to be synchronized with another NVD, identifies a first backup NVD for the first VNIC, wherein the first backup NVD is a backup for the first VNIC, and communicates to the first backup NVD, a portion of the state information stored by the NVD for the first VNIC.

Abstract: Techniques are described for communications in an L2 virtual network of a customer. In an example, the L2 virtual network includes a plurality of L2 compute instances hosted on a set of host machines and a plurality of L2 virtual network interfaces and L2 virtual switches hosted on a set of network virtualization devices. An L2 virtual network interface emulates an L2 port of the L2 virtual network. Information associated with the L2 virtual switches is collected and provided to the customer.