Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.

Abstract: In one embodiment, a method for applying security policy in an overlay network includes receiving a request, including a packet, for a communication path through an overlay network, determining whether a security policy is to be applied to the packet based on at least one of: contents of the packet, first information, and second information, selecting a communication path between a source physical switch and a destination physical switch, wherein the selected communication path directly connects the source physical switch to the destination physical switch when it is determined to not apply the security policy to the packet, and the selected communication path connects the source physical switch to the destination physical switch via a security appliance when it is determined to apply the security policy to the packet, and sending the selected communication path to the source physical switch.

Abstract: Packet processing logic of a host system's virtualization manager detects packets on the ingress or the egress path to/from a virtual port having three bitmap arrays for processing packets within a virtual local area network (VLAN). The logic checks the VLAN identifier (VID) of the packet to determine, based on an offset position within the corresponding bitmap array, whether the port supports the VLAN. Both the ingress array offset position and egress array offset positions correspond to the value of the VID, and are set within the specific bitmap array during configuration of the VLAN on the port. When the VLAN is supported by the port, the logic enables the packet to be processed by the port. Otherwise, the logic discards the packet. A strip bitmap array indicates when a packet's VID should be removed prior to forwarding the packet on the egress of a port (or destination port).

Abstract: According to one embodiment, a server includes an accelerated network interface card (NIC), the accelerated NIC including a plurality of network ports including multiple Peripheral Component Interconnect express (PCIe) ports, an Overlay Network Offload System (ONOS), the ONOS including logic adapted for providing overlay functionality to network traffic received by the accelerated NIC, a first receiving/transmitting (RX/TX) packet buffer adapted for caching network traffic sent to or received from a network, a second RX/TX packet buffer adapted for caching the network traffic received from or sent to the server, and an Ethernet controller adapted for interfacing with the network. The server also includes a hypervisor coupled to one or more virtual machines (VMs) and a NIC driver adapted for interfacing with and supporting the accelerated NIC, wherein the NIC driver includes logic adapted for managing operations of the accelerated NIC.

Abstract: A method includes receiving a packet having a VLAN ID at a first physical overlay switch located at an edge of an IP network, encapsulating the packet with an overlay header, and tunneling the encapsulated packet to a second physical overlay switch via IP network.

Abstract: A system includes a server including: logic adapted for receiving traffic from a virtual machine (VM), the traffic including at least one packet, logic adapted for hashing at least a portion of the at least one packet according to a hashing algorithm to obtain a hash value, and logic adapted for selecting an uplink based on the hash value; at least one accelerated network interface card (NIC), each accelerated NIC including: network ports including multiple Peripheral Component Interconnect express (PCIe) ports adapted for communicating with the server and a network, each network port including an uplink, logic adapted for encapsulating the at least one packet into an overlay-encapsulated packet, logic adapted for storing a media access control (MAC) address corresponding to the selected uplink as a source MAC (SMAC) address in an outer header of the overlay-encapsulated packet, and logic adapted for sending the overlay-encapsulated packet via the selected uplink.

Abstract: A method for providing location independent dynamic port mirroring on distributed virtual switches is disclosed. A controller is provided to configure one or more virtual switches within a group of physical machines to appear as a set of distributed virtual switches. In response to the receipt of a data packet at a port of a physical machine, a determination is made whether or not the port has a monitor port located on the physical machine. If the port has a monitor port located on the same physical machine, a copy of the data packet is sent to the monitor port of the physical machine. If the port has a monitor port located on a different physical machine, a copy of the data packet along with an identification (ID) of the port and an ID of the monitor port are encapsulated, and the encapsulated information are sent to a controller.

Abstract: Techniques for providing location independent dynamic port mirroring on distributed virtual switches is disclosed. A controller is provided to configure one or more virtual switches within a group of physical machines to appear as a set of distributed virtual switches. In response to the receipt of a data packet at a port of a physical machine, a determination is made whether or not the port has a monitor port located on the physical machine. If the port has a monitor port located on the same physical machine, a copy of the data packet is sent to the monitor port of the physical machine. If the port has a monitor port located on a different physical machine, a copy of the data packet along with an identification (ID) of the port and an ID of the monitor port are encapsulated, and the encapsulated information are sent to a controller.

Abstract: In one embodiment, a first physical overlay switch located at an edge of an IP network includes logic adapted for: receiving a packet having a virtual local area network (VLAN) identifier (ID) from a virtual switch, encapsulating the packet with an overlay header, tunneling the encapsulated packet via the IP network to a second physical overlay switch, receiving a second encapsulated packet having a second overlay header from the second physical overlay switch, de-encapsulating the second encapsulated packet to create a second packet having a second VLAN ID, and sending the second packet to the virtual switch. In another embodiment, a method includes receiving a packet having a VLAN ID at a first physical overlay switch located at an edge of an IP network, encapsulating the packet with an overlay header, and tunneling the encapsulated packet to a second physical overlay switch via the IP network.

Abstract: A switching network includes an upper tier and a lower tier including a plurality of lower tier entities. A master switch in the upper tier, which has a plurality of ports each coupled to a respective lower tier entity, implements on each of the ports a plurality of virtual ports each corresponding to a respective one of a plurality of remote physical interfaces (RPIs) at the lower tier entity coupled to that port. Data traffic communicated between the master switch and RPIs is queued within virtual ports that correspond to the RPIs on lower tier entities with which the data traffic is communicated. The master switch enforces priority-based flow control (PFC) on data traffic of a given virtual port by transmitting, to a lower tier entity on which a corresponding RPI resides, a PFC data frame specifying priorities for at least two different classes of data traffic communicated by the particular RPI.

Abstract: In one embodiment, a system includes logic adapted for receiving, at a first end point station, an information exchange packet from each end point station in a virtual network having a specified virtual network identifier (VNID) and logic adapted for processing each received information exchange packet to retrieve information about connections at each end point station in the virtual network having the specified VNID, wherein each end point station either terminates or originates a tunnel shared by the first end point station in an overlay network. In this way, the information may be used to respond to address resolution protocol (ARP) requests sent locally in lieu of flooding the ARP request. Other systems, methods, and computer program products are also presented regarding the overlay tunnel information exchange protocol, according to various embodiments.

Abstract: In one embodiment, a method for exchanging overlay tunnel information includes receiving an information exchange packet, at a first end point station, from each end point station in a virtual network having a specified virtual network identifier (VNID); and processing each received information exchange packet to retrieve information about connections at each end point station in the virtual network having the specified VNID, wherein each end point station either terminates or originates a tunnel shared by the first end point station in an overlay network. In this way, the information may be used to respond to address resolution protocol (ARP) requests sent locally in lieu of flooding the ARP request. Other systems, methods, and computer program products are also presented regarding the overlay tunnel information exchange protocol, according to various embodiments.

Abstract: A switching network includes an upper tier and a lower tier including a plurality of lower tier entities. A master switch in the upper tier, which has a plurality of ports each coupled to a respective lower tier entity, implements on each of the ports a plurality of virtual ports each corresponding to a respective one of a plurality of remote physical interfaces (RPIs) at the lower tier entity coupled to that port. Data traffic communicated between the master switch and RPIs is queued within virtual ports that correspond to the RPIs on lower tier entities with which the data traffic is communicated. The master switch enforces priority-based flow control (PFC) on data traffic of a given virtual port by transmitting, to a lower tier entity on which a corresponding RPI resides, a PFC data frame specifying priorities for at least two different classes of data traffic communicated by the particular RPI.

Abstract: Systems for switching traffic include a physical machine running source and destination virtual machines (VMs). The source VM issues a data unit addressed to the destination VM. The physical machine has a physical network interface in communication with the VMs. The physical network interface transmits a sub-packet, which includes a partial portion of the data unit, over a network while a majority portion of the data unit remains at the physical machine. A network switch on the network receives the sub-packet transmitted by the physical network interface. The network switch performs one or more OSI Layer 2 through Layer 7 switching functions on the sub-packet and returns that sub-packet to the physical network interface. The physical network interface identifies the data unit stored in the memory in response to the sub-packet returned from the network switch and forwards the identified data unit to the destination VM.

Abstract: Methods for switching traffic include a physical machine running source and destination virtual machines (VMs). The source VM issues a data unit addressed to the destination VM. The physical machine has a physical network interface in communication with the VMs. The physical network interface transmits a sub-packet, which includes a partial portion of the data unit, over a network while a majority portion of the data unit remains at the physical machine. A network switch on the network receives the sub-packet transmitted by the physical network interface. The network switch performs one or more OSI Layer 2 through Layer 7 switching functions on the sub-packet and returns that sub-packet to the physical network interface. The physical network interface identifies the data unit stored in the memory in response to the sub-packet returned from the network switch and forwards the identified data unit to the destination VM.

Abstract: Systems are provided for overlaying a virtual network on a physical network in a data center environment. An overlay system is arranged in an overlay virtual network to include an overlay agent and an overlay helper. The overlay agent is implemented in an access switch. The overlay helper is implemented in an end station that is in communication with the access switch. Overlay parameters in compliance with an in-band protocol are transmitted between the overlay agent and the overlay helper.

Abstract: Methods are provided for overlaying a virtual network on a physical network in a data center environment. An overlay system is arranged in an overlay virtual network to include an overlay agent and an overlay helper. The overlay agent is implemented in an access switch. The overlay helper is implemented in an end station that is in communication with the access switch. Overlay parameters in compliance with an in-band protocol are transmitted between the overlay agent and the overlay helper.

Abstract: An approach is provided in which a virtual function, which executes on a network adapter, receives a data packet from a first virtual machine. A translation entry is identified that corresponds to sending the data packet from the first virtual machine to a second virtual machine, and a determination is made as to whether an onboard memory partition assigned to the virtual function includes the identified translation. If the onboard memory location includes the translation entry, the data packet is sent to the destination virtual machine using the translation entry retrieved from the onboard memory partition. Otherwise, if the translation entry is not located in the onboard memory partition, the data packet is sent to the destination virtual machine using a translation entry retrieved from an off board memory location.

Abstract: An approach is provided in which a virtual function, which executes on a network adapter, receives a data packet from a first virtual machine. A translation entry is identified that corresponds to sending the data packet from the first virtual machine to a second virtual machine, and a determination is made as to whether an onboard memory partition assigned to the virtual function includes the identified translation. If the onboard memory location includes the translation entry, the data packet is sent to the destination virtual machine using the translation entry retrieved from the onboard memory partition. Otherwise, if the translation entry is not located in the onboard memory partition, the data packet is sent to the destination virtual machine using a translation entry retrieved from an off board memory location.

Abstract: An approach is provided which a system selects a first virtual function from a plurality of virtual functions executing on a network adapter that includes a memory area. Next, the system allocates, in the memory area, a memory corresponding to the first virtual function. The system then stores one or more translation entries in the allocated memory partition, which are utilized to send data traversing through the first virtual function. As such, the system sends, utilizing one or more of the translation entries, the data packets from the network adapter to one or more destinations. In turn, the system dynamically resizes the memory partition based upon an amount of the memory partition that is utilized to store the one or more translation entries.