Abstract: Some embodiments of the invention provide a method for detecting and remediating anomalies in an SD-WAN that includes a controller, an enterprise datacenter, and multiple branch sites each having at least one edge node that includes a set of packet processing stages. At the controller, the method receives from a particular node of a particular branch site a flow notification indicating detection of an anomaly on the particular node. Based on the anomaly, the method dynamically generates trace monitoring rules that specify one or more flows to be traced and provides the trace monitoring rules to the particular node and at least one other node of another branch site. From the particular node and the at least one other node, the method receives trace monitoring results collected in response to the provided trace monitoring rules, and analyzes the results to identify any anomalies and dynamic actions to correct the anomalies.

Abstract: Some embodiments of the invention provide a method for detecting and remediating anomalies in an SD-WAN that includes a controller, at least one enterprise datacenter, and multiple branch sites each having at least one edge node that includes a set of packet processing stages. At a particular node in the SD-WAN, the method receives, from the controller, trace monitoring rules specified for a particular packet flow. The method determines that a first packet received at the particular node belongs to the particular packet flow and matches at least one of the trace monitoring rules. Based on the determination, the method specifies the first packet as a packet that should be trace monitored by each packet processing stage of the particular node. As the first packet is processed by the set of packet processing stages, the method generates trace monitoring results to be provided to the controller for analysis.

Abstract: Some embodiments provide a method for a software-defined wide area network (SD-WAN) connecting first and second sites, with the first site including an edge node and the second site including multiple forwarding hub nodes. At the edge node of the first site, the method receives a packet of a particular flow including a flow attribute. The method uses the flow attribute to identify a hub-selection rule from multiple hub-selection rules, each hub-selection rule identifying at least one forwarding hub node at the second site for receiving one or more flows from the first site, and at least one hub-selection rule identifying at least one forwarding hub node that is not identified by another hub-selection rule. The method uses the identified hub-selection rule to identify a forwarding hub node for the particular flow. The method then sends the packet from the edge node at the first site to the identified forwarding hub node at the second site.

Abstract: Some embodiments provide a method for a software-defined wide area network (SD-WAN) connecting first and second sites, with the first site including an edge node and the second site including multiple forwarding hub nodes. At the edge node of the first site, the method receives a packet of a particular flow including a flow attribute. The method uses the flow attribute to identify a hub-selection rule from multiple hub-selection rules, each hub-selection rule identifying at least one forwarding hub node at the second site for receiving one or more flows from the first site, and at least one hub-selection rule identifying at least one forwarding hub node that is not identified by another hub-selection rule. The method uses the identified hub-selection rule to identify a forwarding hub node for the particular flow. The method then sends the packet from the edge node at the first site to the identified forwarding hub node at the second site.

Abstract: Some embodiments provide a method for a software-defined wide area network (SD-WAN) connecting first and second sites, with the first site including an edge node and the second site including multiple forwarding hub nodes. At the edge node of the first site, the method receives a packet of a particular flow including a flow attribute. The method uses the flow attribute to identify a hub-selection rule from multiple hub-selection rules, each hub-selection rule identifying at least one forwarding hub node at the second site for receiving one or more flows from the first site, and at least one hub-selection rule identifying at least one forwarding hub node that is not identified by another hub-selection rule. The method uses the identified hub-selection rule to identify a forwarding hub node for the particular flow. The method then sends the packet from the edge node at the first site to the identified forwarding hub node at the second site.

Abstract: Some embodiments provide a method for maintaining a virtual network that spans at least one cloud datacenter separate from multi-machine edge nodes of an entity. This method configures a gateway in the cloud datacenter to establish secure connections with several edge devices at several multi-machine edge nodes (e.g., branch offices, datacenters, etc.) in order to establish the virtual network. The method configures the gateway to assess quality of connection links with different edge devices, and to terminate a secure connection with a particular edge device for a duration of time after the assessed quality of the connection link to the particular edge device is worse than a threshold value. In some embodiments, the gateway is configured to distribute routes to edge devices at the edge nodes, and to forgo distributing any route to the particular edge device along the connection link for the duration of time when the assessed quality of the connection link is worse than (e.g., less than) a threshold value.

Abstract: Some embodiments provide a method for performing deep packet inspection (DPI) for an SD-WAN (software defined, wide area network) established for an entity by a plurality of edge nodes and a set of one or more cloud gateways. At a particular edge node, the method uses local and remote deep packet inspectors to perform DPI for a packet flow. Specifically, the method initially uses the local deep packet inspector to perform a first DPI operation on a set of packets of a first packet flow to generate a set of DPI parameters for the first packet flow. The method then forwards a copy of the set of packets to the remote deep packet inspector to perform a second DPI operation to generate a second set of DPI parameters. In some embodiments, the remote deep packet inspector is accessible by a controller cluster that configures the edge nodes and the gateways.

Abstract: Some embodiments provide a method for performing deep packet inspection (DPI) for an SD-WAN (software defined, wide area network) established for an entity by a plurality of edge nodes and a set of one or more cloud gateways. At a particular edge node, the method uses local and remote deep packet inspectors to perform DPI for a packet flow. Specifically, the method initially uses the local deep packet inspector to perform a first DPI operation on a set of packets of a first packet flow to generate a set of DPI parameters for the first packet flow. The method then forwards a copy of the set of packets to the remote deep packet inspector to perform a second DPI operation to generate a second set of DPI parameters. In some embodiments, the remote deep packet inspector is accessible by a controller cluster that configures the edge nodes and the gateways.

Abstract: Described herein are systems, methods, and software to manage communication path configurations between edge gateways in a computing environment. In at least one implementation, a controller monitors network characteristics associated with routes from a first edge gateway to a second edge gateway and determines whether a first route configuration for the first edge gateway to communicate with the second edge gateway fails to satisfy criteria based on the network characteristics. If the first route configuration fails to satisfy the criteria, the controller determines a second route configuration and applies the second route configuration for the first edge gateway to communicate with the second edge gateway.

Abstract: Some embodiments provide a method for maintaining a virtual network that spans at least one cloud datacenter separate from multi-machine edge nodes of an entity. This method configures a gateway in the cloud datacenter to establish secure connections with several edge devices at several multi-machine edge nodes (e.g., branch offices, datacenters, etc.) in order to establish the virtual network. The method configures the gateway to assess quality of connection links with different edge devices, and to terminate a secure connection with a particular edge device for a duration of time after the assessed quality of the connection link to the particular edge device is worse than a threshold value. In some embodiments, the gateway is configured to distribute routes to edge devices at the edge nodes, and to forgo distributing any route to the particular edge device along the connection link for the duration of time when the assessed quality of the connection link is worse than (e.g., less than) a threshold value.

Abstract: Some embodiments provide a method for maintaining a virtual network that spans at least one cloud datacenter separate from multi-machine edge nodes of an entity. This method configures a gateway in the cloud datacenter to establish secure connections with several edge devices at several multi-machine edge nodes (e.g., branch offices, datacenters, etc.) in order to establish the virtual network. The method configures the gateway to assess quality of connection links with different edge devices, and to terminate a secure connection with a particular edge device for a duration of time after the assessed quality of the connection link to the particular edge device is worse than a threshold value. In some embodiments, the gateway is configured to distribute routes to edge devices at the edge nodes, and to forgo distributing any route to the particular edge device along the connection link for the duration of time when the assessed quality of the connection link is worse than (e.g., less than) a threshold value.

Abstract: A first server may receive, from a client device, an indication of a request for a content file via a network address; identify that the network address is a dynamic network address; establish a communication session with a second; receive a portion of the content file from the second server; determine an index parameter based on receiving the portion of the content file; determine whether the content file is being stored by the first server based on a cache index and based on the index parameter or based on information associated with the request for the content file; receive a remaining portion of the content file based on determining that the content file is not being stored by the first server; and provide the content file to the client device.

Abstract: A first server may receive, from a client device, an indication of a request for a content file via a network address; identify that the network address is a dynamic network address; establish a communication session with a second; receive a portion of the content file from the second server; determine an index parameter based on receiving the portion of the content file; determine whether the content file is being stored by the first server based on a cache index and based on the index parameter or based on information associated with the request for the content file; receive a remaining portion of the content file based on determining that the content file is not being stored by the first server; and provide the content file to the client device.

Abstract: A first server may receive, from a client device, an indication of a request for a content file via a network address; identify that the network address is a dynamic network address; establish a communication session with a second; receive a portion of the content file from the second server; determine an index parameter based on receiving the portion of the content file; determine whether the content file is being stored by the first server based on a cache index and based on the index parameter or based on information associated with the request for the content file; receive a remaining portion of the content file based on determining that the content file is not being stored by the first server; and provide the content file to the client device.