Abstract: Systems and methods for geometric based flow programming are disclosed herein. The method can include receiving at least one compiled rule at a first Network Virtualization Device (“NVD”), each of the at least one compiled rules can be applicable to a class of packets received by the first NVD for delivery to a Virtualized Network Interface Card (“VNIC”). The method can include receiving a first packet at the first NVD for delivery to a first VNIC, determining with the first NVD that a first rule of the at least one compiled rule is applicable to the first packet, and processing with the first NVD the first packet according to the first rule.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.

Abstract: Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Abstract: Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances.

Abstract: Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.

Abstract: Techniques for loop prevention while allowing multipath in a virtual L2 network are described. In an example, a network virtualization device can generate a first L2 bridge protocol data unit by applying a first loop detection protocol specific to only the first port and the first host machine. The network virtualization device can transmit, to the first compute instance via the first port, a first frame that includes the first L2 BPDU. The network virtualization device can receive, from the first compute instance via the first port, a second frame. The network virtualization device can determine that the second frame comprises the first L2 BPDU. The network virtualization device can determine that a loop exists between the network virtualization device and the first compute instance based on the first loop detection protocol and the first L2 BPDU of the second frame.

Abstract: Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances.

Abstract: Techniques for managing the distribution of configuration information that supports the flow of packets in a cloud environment are described. In an example, a virtual network interface card (VNIC) hosted on a network virtualization device NVD receives a first packet from a compute instance associated with the VNIC. The VNIC determines that flow information to send the first packet on a virtual network is unavailable from a memory of the NVD. The VNIC sends, via the NVD, the first packet to a network interface service, where the network interface service maintains configuration information to send packets on the substrate network and is configured to send the first packet on the substrate network based on the configuration information. The NVD receives the flow information from the network interface service, where the flow information is a subset of the configuration information. The NVD stores the flow information in the memory.

Abstract: Techniques for loop prevention while allowing multipath in a virtual Layer 2 (L2) network are described. In an example, a network interface card (NIC) supports the virtual L2 network. The NIC is configured to receive, via a first port of the NIC, an L2 frame that includes a source media access control (MAC) address and a destination MAC address. Based on a loop prevention rule, the NIC transmits the L2 frame via its ports except the first port. In an additional example, the NIC is further configured to send an L2 frame to a host via the first port of the NIC. The L2 frame can be a bridge protocol data unit (BPDU). Upon receiving a BPDU from the host via the first port, the NIC determines that the BPDU is looped back and disables the first port.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.

Abstract: Techniques for managing the distribution of configuration information that supports the flow of packets in a cloud environment are described. In an example, a virtual network interface card (VNIC) hosted on a network virtualization device NVD receives a first packet from a compute instance associated with the VNIC. The VNIC determines that flow information to send the first packet on a virtual network is unavailable from a memory of the NVD. The VNIC sends, via the NVD, the first packet to a network interface service, where the network interface service maintains configuration information to send packets on the substrate network and is configured to send the first packet on the substrate network based on the configuration information. The NVD receives the flow information from the network interface service, where the flow information is a subset of the configuration information. The NVD stores the flow information in the memory.

Abstract: Techniques are disclosed for a smart network interface card (smartNIC) performing a unified logging process. In one example, an accelerator of the smartNIC receives a packet that is a candidate for rejection, whereby the accelerator is configured to log traffic for authorized flows that are forwarded by the accelerator to another device. The accelerator transmits the packet to a programming data plane of the smartNIC for further processing. The programming data plane determines that the packet should not be forwarded by the smartNIC, and modifies the packet to include an instruction that instructs the accelerator to log the packet. The programming data plane then transmits the modified packet to the accelerator. Upon receiving the modified packet, the accelerator logs the packet to the unified log based on the instruction.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.

Abstract: Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances.

Abstract: Techniques for managing the distribution of configuration information that supports the flow of packets in a cloud environment are described. In an example, a virtual network interface card (VNIC) hosted on a network virtualization device NVD receives a first packet from a compute instance associated with the VNIC. The VNIC determines that flow information to send the first packet on a virtual network is unavailable from a memory of the NVD. The VNIC sends, via the NVD, the first packet to a network interface service, where the network interface service maintains configuration information to send packets on the substrate network and is configured to send the first packet on the substrate network based on the configuration information. The NVD receives the flow information from the network interface service, where the flow information is a subset of the configuration information. The NVD stores the flow information in the memory.

Abstract: Techniques for managing the distribution of configuration information that supports the flow of packets in a cloud environment are described. In an example, a virtual network interface card (VNIC) hosted on a network virtualization device NVD receives a first packet from a compute instance associated with the VNIC. The VNIC determines that flow information to send the first packet on a virtual network is unavailable from a memory of the NVD. The VNIC sends, via the NVD, the first packet to a network interface service, where the network interface service maintains configuration information to send packets on the substrate network and is configured to send the first packet on the substrate network based on the configuration information. The NVD receives the flow information from the network interface service, where the flow information is a subset of the configuration information. The NVD stores the flow information in the memory.

Abstract: Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.