Abstract: Some embodiments provide a method for diagnosing a logical network that includes several logical forwarding elements (LFEs) that logically connects a number of data compute nodes (DCNs) to each other. The method identifies a set of LFEs that logically connects a first DCN of the several DCNs to a second DCN. The method also identifies a transport node that couples to the first DCN and implements the set of LFEs. The method then, for each LFE in the set of LFEs (i) receives a first state of the LFE from the transport node, (ii) compares the first state of the LFE with a second state of the LFE that is received from a controller of the LFE, and (iii) reports the LFE as a problematic LFE along with the transport node and the controller of the LFE when the first and second states of the LFE do not match.

Abstract: A novel centralized troubleshooting tool that enables user to troubleshoot a distributed virtual network with a single consistent user interface is provided. The distributed virtual network being monitored or debugged by the centralized troubleshooting tool includes different types of logical resources (LRs) that placed or distributed across different physical endpoints (PEs). The centralized troubleshooting tool provides functions that allow the user to invoke commands on different physical endpoints in order to collect information about the logical resources running in those physical endpoints. This allows the user to compare and analyze the information from different PEs for a same LR.

Abstract: A novel method of conducting multicast traffic in a network is provided. The network includes multiple endpoints that receive messages from the network and generate messages for the network. The endpoints are located in different segments of the network, each segment including one or more of the endpoints. For a source endpoint to replicate a particular message (e.g., a data packet) for all endpoints belonging to a particular replication group (i.e., multicast group) within the network, the source endpoint replicates the particular message to each endpoint within the source endpoint's own segment and to a proxy endpoint in each of the other segments. Each proxy endpoint in turn replicates the particular message to all endpoints belonging to the particular replication group within the proxy endpoint's own segment.

Abstract: Example methods are provided for performing a connectivity check for multi-node application(s) in a virtualized computing environment. The method may comprise identifying a group of multiple virtualized computing instances that implements multi-node application(s), the group including a first virtualized computing instance supported by the first host that requires connectivity with a second virtualized computing instance supported by the second host. The method may also comprise configuring the first host to generate and send a connectivity check packet to the second host; and based on report information from one or more entities along a path traversed by the connectivity check packet, determining a connectivity status associated with the first virtualized computing instance and the second virtualized computing instance.

Abstract: A method of creating containers in a physical host that includes a managed forwarding element (MFE) configured to forward packets to and from a set of data compute nodes (DCNs) hosted by the physical host. The method creates a container DCN in the host. The container DCN includes a virtual network interface card (VNIC) configured to exchange packets with the MFE. The method creates a plurality of containers in the container DCN. The method, for each container in the container DCN, creates a corresponding port on the MFE. The method sends packets addressed to each of the plurality of containers from the corresponding MFE port to the VNIC of the container DCN.

Abstract: Example methods are provided for first host to perform multicast packet handling in a software-defined networking (SDN) environment. The method may comprise: in response to the first host detecting, from a first virtualized computing instance, a request to join a multicast group address, obtaining control information from a network management entity. The control information may include one or more destination addresses associated with one or more second hosts that have joined the multicast group address on behalf of multiple second virtualized computing instances. The method may also comprise: in response to the first host detecting an egress multicast packet that includes an inner header addressed to the multicast group address, generating one or more encapsulated multicast packets based on the control information and sending the one or more encapsulated multicast packets in a unicast manner or multicast manner, or a combination of both.

Abstract: Certain embodiments of the present disclosure include a method for translating an application-level abstraction to a logical network topology. The method includes receiving an event request from a container orchestrator at an orchestrator adaptor. The method also includes translating the event request to a logical network resource via an application programming interface associated with a network virtualization platform. The method includes mapping the event request to the logical network resource. The method also includes deploying the logical network resource in a logical network via the network virtualization platform.

Abstract: Some embodiments provide a method for a managed forwarding element (MFE). The method receives a packet from a data compute node for which the MFE performs first-hop processing. The data compute node is associated with multiple tunnel endpoints of the MFE. The method determines a destination tunnel endpoint for the packet. The method uses a load balancing algorithm to select one of the multiple tunnel endpoints of the MFE as a source tunnel endpoint for the packet. The method encapsulates the packet in a tunnel using the source and destination tunnel endpoints.

Abstract: Some embodiments provide a novel method for distributing control-channel communication load between multiple controllers in a network control system. In some embodiments, the controllers manage physical forwarding elements that forward data between several computing devices (also called hosts or host computers), some or all of which execute one or more virtual machines (VMs). The method of some embodiments distributes a controller assignment list to the host computers. The host computers use this list to identify the controllers with which they need to interact to perform some of the forwarding operations of their associated logical forwarding elements. In some embodiments, agents executing on the host computers (1) review the controller assignment list to identify the appropriate controllers, and (2) establish control channel communications with these controllers to obtain the needed data for effectuating the forwarding operations of their associated physical forwarding elements.

Abstract: For a managed network including multiple host machines implementing multiple logical networks, some embodiments provide a method that reduces the memory and traffic load required to implement the multiple logical networks. The method generates configuration data for each of multiple host machines including (i) data to configure a host machine to implement a set of logical forwarding elements that belong to a set of routing domains and (ii) identifiers for each routing domain in the set of routing domains. The method then receives data regarding tunnels endpoints operating on each of the host machines and an association with the routing identifiers sent to the host machines. The method then generates a routing domain tunnel endpoint list for each routing domain based on the data received from each of the host machines including a list of the tunnel endpoints associated with the routing domain which the host machines can use to facilitate packet processing.

Abstract: Example methods are provided for assigning a routing domain identifier in a logical network environment that includes one or more logical distributed routers and one or more logical switches. In one example, the method may comprise obtaining network topology information specifying how the one or more logical distributed routers are connected with the one or more logical switches; and selecting, from the one or more logical switches, a particular logical switch for which routing domain identifier assignment is required. The method may also comprise: identifying a particular logical distributed router that is connected with the particular logical switch based on the network topology information; assigning the particular logical switch with the routing domain identifier that is associated with the particular logical distributed router; and using the routing domain identifier in a communication between a management entity and a host.

Abstract: Example methods are provided for a first host to handle control-plane connectivity loss in a virtualized computing environment that includes the first host, multiple second hosts and a network management entity. The method may comprise: detecting a loss of control-plane connectivity between the first host and the network management entity; and generating a request message for control information that the first host is unable to obtain from the network management entity. The method may also comprise sending the request message via a peer-to-peer network that connects the first host with the multiple second hosts; and obtaining the control information from a response message that is sent by at least one of the multiple second hosts.

Abstract: Example methods are provided for a network management entity to implement distributed network emulation in a virtualized computing environment. The method may comprise: generating a translated network emulation rule by translating a source identifier and a destination identifier in a network emulation rule to respective source network address and destination network address, and configuring a source host or destination host to apply the translated network emulation rule to emulate a desired network condition for one or more first packets from the source network address to the destination network address. The method may further comprise: in response to detecting that the source network address or destination network address has been updated, updating the source network address or destination network address in the translated network emulation rule; and reconfiguring the source host or destination host to apply the updated translated network emulation rule.

Abstract: Example methods are provided for a host to implement distributed network emulation in a virtualized computing environment. The method may comprise detecting one or more packets from a source network address associated with a source virtualized computing instance to a destination network address associated with a destination virtualized computing instance. The method may also comprise, in response to determination that a network emulation rule configured for the source virtualized computing instance and destination virtualized computing instance is applicable to the one or more packets, determining a physical network condition associated with a path between the source virtualized computing instance and destination virtualized computing instance. The method may further comprise emulating a desired network condition specified by the network emulation rule by performing an emulation action on the one or more packets.

Abstract: Some embodiments provide a method for a controller for mapping and sharing up to date configuration information for a logical network comprising managed forwarding elements having multiple tunnel endpoints. The method identifies a data compute node for operation on a host machine that includes a managed forwarding element (MFE) having multiple tunnel endpoints. The data compute node belongs to a particular logical network. The method identifies multiple other data compute nodes belonging to the particular logical network. The method distributes to the MFE (i) a mapping of each data compute node of the other data compute nodes to an identifier for a group of tunnel endpoints associated with the data compute node and (ii) a mapping of each of the identifiers to a list of tunnel endpoints. The MFE uses the mappings to encapsulate packets sent from the data compute node for transmission to other MFEs.

Abstract: A method of creating containers in a physical host that includes a managed forwarding element (MFE) configured to forward packets to and from a set of data compute nodes (DCNs) hosted by the physical host. The method creates a container DCN in the host. The container DCN includes a virtual network interface card (VNIC) configured to exchange packets with the MFE. The method creates a plurality of containers in the container DCN. The method, for each container in the container DCN, creates a corresponding port on the MFE. The method sends packets addressed to each of the plurality of containers from the corresponding MFE port to the VNIC of the container DCN.

Abstract: Some embodiments provide a local network controller that manages a first managed forwarding element (MFE) operating to forward traffic on a host machine for several logical networks and configures the first MFE to forward traffic for a set of containers operating within a container virtual machine (VM) that connects to the first MFE. The local network controller receives, from a centralized network controller, logical network configuration information for a logical network to which the set of containers logically connect. The local network controller receives, from the container VM, a mapping of a tag value used by a second MFE operating on the container VM to a logical forwarding element of the logical network to which the set of containers connect. The local network controller configures the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the tag value.

Abstract: Certain embodiments described herein are generally directed to media access control (MAC) address learning for packets sent between end points (EPs) in a network (e.g., overlay network). For example, in some embodiments, VTEPs may be used to provide packet forwarding services, load balancing services, gateway services, etc., to EPs in the network. In certain embodiments, the VTEPs may be assigned unique labels, which are used by the VTEPs to map MAC addresses of packets to destination addresses for the packets.

Abstract: Certain embodiments described herein are generally directed to consistent processing of transport node network configuration data in a physical sharding architecture. For example, in some embodiments a first central control plane (CCP) node of a plurality of CCP nodes determines a sharding table, which is shared by the plurality of CCP nodes. In certain embodiments, the first CCP node determines a connection establishment between a first transport node and the first CCP node. In some embodiments, if the first CCP node determines, based on the sharding table, that it is a physical master of the first transport node, the first CCP node receives network configuration data from the first transport node, stores at least a portion of the network configuration data, and transmits a data update comprising at least a portion of the network configuration data to a shared data store accessible by the plurality of CCP nodes.

Abstract: A method of communicating packets in a physical host that includes a managed forwarding element (MFE) configured to communicate packets to a set of containers in a data compute node (DCN) hosted by the physical host. The method receives a packet from a particular container in the container DCN. The packet includes a tag that includes an identification of the particular container. The method uses the identification of the particular container included in the tag to identify a port of the MFE that correspond to the particular container. The method removes the tag from the packet. The method forwards the un-tagged packet to the port of the MFE that corresponds to the particular container.