Abstract: A LRE (logical routing element) that have LIFs that are active in all host machines spanned by the LRE as well as LIFs that are active in only a subset of those spanned host machines is provided. A host machine having an active LIF for a particular L2 segment would perform the L3 routing operations for network traffic related to that L2 segment. A host machine having an inactive LIF for the particular L2 segment would not perform L3 routing operations for the network traffic of the L2 segment.

Abstract: Some embodiments provide a method of operating several logical networks over a network virtualization infrastructure. The method defines a managed physical switching element (MPSE) that includes several ports for forwarding packets to and from a plurality of virtual machines. Each port is associated with a unique media access control (MAC) address. The metho defines several managed physical routing elements (MPREs) for the several different logical networks. Each MPRE is for receiving data packets from a same port of the MPSE. Each MPRE is defined for a different logical network and for routing data packets between different segments of the logical network. The method provides the defined MPSE and the defined plurality of MPREs to a plurality of host machines as configuration data.

Abstract: Virtualization software that includes a VDRB (virtual distributed router/bridge) module for performing L3 routing and/or bridging operations is provided. At least some of the VDRBs are configured as VDBs (virtual distributed bridge) for performing bridging operations between different network segments in a distributed manner. The bridging tasks of a network are partitioned among several VDBs of the network based on MAC addresses. MAC addresses of VMs or other types of network nodes belonging to an overlay logical network are partitioned into several shards, each shard of MAC addresses assigned to a VDB in the network. Each VDB assigned a shard of MAC addresses performs bridging when it receives a packet bearing a MAC address belonging to its assigned shard. A VDB does not perform bridging on packets that do not have MAC address that falls within the VDB's shard of MAC addresses.

Abstract: A logical routing element (LRE) having multiple designated instances for routing packets from physical hosts (PH) to a logical network is provided. A PH in a network segment with multiple designated instances can choose among the multiple designated instances for sending network traffic to other network nodes in the logical network according to a load balancing algorithm. Each logical interface (LIF) of an LRE is defined to be addressable by multiple identifiers or addresses, and each LIF identifier or address is assigned to a different designated instance.

Abstract: Some embodiments provide a method of operating several logical networks over a network virtualization infrastructure. The method defines a managed physical switching element (MPSE) that includes several ports for forwarding packets to and from a plurality of virtual machines. Each port is associated with a unique media access control (MAC) address. The method defines several managed physical routing elements (MPREs) for the several different logical networks. Each MPRE is for receiving data packets from a same port of the MPSE. Each MPRE is defined for a different logical network and for routing data packets between different segments of the logical network. The method provides the defined MPSE and the defined plurality of MPREs to a plurality of host machines as configuration data.

Abstract: Some embodiments provide a system that includes a first set of virtual machines belonging to a first overlay network and a second set of virtual machines belonging to a second overlay network. The first and second sets of virtual machines operate in several host machines, each of which includes a managed physical routing element (MPRE) for routing data packet between virtual machines in different overlay networks. A particular MPRE is configured as a bridge for routing packets between virtual machines that are in different overlay networks but in a same IP (internet protocol) subnet.

Abstract: A logical routing element (LRE) having multiple designated instances for routing packets from physical hosts (PH) to a logical network is provided. A PH in a network segment with multiple designated instances can choose among the multiple designated instances for sending network traffic to other network nodes in the logical network according to a load balancing algorithm. Each logical interface (LIF) of an LRE is defined to be addressable by multiple identifiers or addresses, and each LIF identifier or address is assigned to a different designated instance.

Abstract: Some embodiments provide a system that includes several host machines for hosting several virtual machines and a physical network for interconnecting the host machines. Each host machine includes a managed physical switching element (MPSE) including several ports for performing link layer forwarding of packets to and from a set of virtual machines running on the host machine. Each port is associated with a unique media access control (MAC) address. Each host machine includes a managed routing element (MPRE) for receiving a data packet from a port of the MPSE and performing network layer routing in order to forward the received data packet from a first virtual machine of a first network segment to a second virtual machine of a second network segment.

Abstract: Virtualization software that includes a VDRB (virtual distributed router/bridge) module for performing L3 routing and/or bridging operations is provided. At least some of the VDRBs are configured as VDBs (virtual distributed bridge) for performing bridging operations between different network segments in a distributed manner. The bridging tasks of a network are partitioned among several VDBs of the network based on MAC addresses. MAC addresses of VMs or other types of network nodes belonging to an overlay logical network are partitioned into several shards, each shard of MAC addresses assigned to a VDB in the network. Each VDB assigned a shard of MAC addresses performs bridging when it receives a packet bearing a MAC address belonging to its assigned shard. A VDB does not perform bridging on packets that do not have MAC address that falls within the VDB's shard of MAC addresses.

Abstract: A novel method for fully utilizing the multicast or broadcast capability of a physical network is provided. The method identifies segments of the network within which broadcast traffic, multicast traffic, or traffic to unknown recipients (BUM traffic) is allowed or enabled. The identified segment encompasses parts of the network that the BUM traffic is able reach while excluding parts of the network nodes that the BUM traffic is unable to reach. Each identified segment includes network nodes that are interconnected by physical network hardware that supports BUM traffic. The method identifies multiple BUM traffic segments in a given network that each supports its own BUM traffic. The different BUM traffic segments are interconnected by physical network hardware that does not support BUM network traffic. Each identified segment is assigned an identifier that uniquely distinguishes the identified segment from other identified segments.

Abstract: Some embodiments provide a method for a computing device serving as a host machine in a logical network. The method executes several virtual machines that are in several different segments of the logical network. The method operates a managed physical routing element (MPRE) for routing data packets between different segments of the logical network. The MPRE includes several logical interfaces, each of which is for receiving data packets from a different segment of the logical network. Each of the logical interfaces is addressable by a network layer address. The method intercepts an Address Resolution Protocol (ARP) broadcast message when the destination address matches the network address of one of the logical interfaces. The method formulates an ARP reply to the ARP broadcast message.

Abstract: Some embodiments use proxies on host devices to suppress broadcast traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some of these embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. The proxy monitors the VM's traffic, and intercepts broadcast packets when it knows how to deal with them. The proxy connects to a set of one or more controllers that provides a directory service that collects and maintains global information of the network. By connecting to the controller cluster, the proxy can obtain information that it can use to resolve broadcast requests. In some embodiments, the connection between the proxy and the controller cluster is encrypted and authenticated, to enhance the security.

Abstract: A LRE (logical routing element) that have LIFs that are active in all host machines spanned by the LRE as well as LIFs that are active in only a subset of those spanned host machines is provided. A host machine having an active LIF for a particular L2 segment would perform the L3 routing operations for network traffic related to that L2 segment. A host machine having an inactive LIF for the particular L2 segment would not perform L3 routing operations for the network traffic of the L2 segment.

Abstract: A LRE (logical routing element) that have LIFs that are active in all host machines spanned by the LRE as well as LIFs that are active in only a subset of those spanned host machines is provided. A host machine having an active LIF for a particular L2 segment would perform the L3 routing operations for network traffic related to that L2 segment. A host machine having an inactive LIF for the particular L2 segment would not perform L3 routing operations for the network traffic of the L2 segment.

Abstract: A LRE (logical routing element) that have LIFs that are active in all host machines spanned by the LRE as well as LIFs that are active in only a subset of those spanned host machines is provided. A host machine having an active LIF for a particular L2 segment would perform the L3 routing operations for network traffic related to that L2 segment. A host machine having an inactive LIF for the particular L2 segment would not perform L3 routing operations for the network traffic of the L2 segment.

Abstract: Some embodiments use proxies on host devices to suppress broadcast traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some of these embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. The proxy monitors the VM's traffic, and intercepts broadcast packets when it knows how to deal with them. The proxy connects to a set of one or more controllers that provides a directory service that collects and maintains global information of the network. By connecting to the controller cluster, the proxy can obtain information that it can use to resolve broadcast requests. In some embodiments, the connection between the proxy and the controller cluster is encrypted and authenticated, to enhance the security.

Abstract: A logical routing element (LRE) having multiple designated instances for routing packets from physical hosts (PH) to a logical network is provided. A PH in a network segment with multiple designated instances can choose among the multiple designated instances for sending network traffic to other network nodes in the logical network according to a load balancing algorithm. Each logical interface (LIF) of an LRE is defined to be addressable by multiple identifiers or addresses, and each LIF identifier or address is assigned to a different designated instance.

Abstract: Virtualization software that includes a VDRB (virtual distributed router/bridge) module for performing L3 routing and/or bridging operations is provided. At least some of the VDRBs are configured as VDBs (virtual distributed bridge) for performing bridging operations between different network segments in a distributed manner. The bridging tasks of a network are partitioned among several VDBs of the network based on MAC addresses. MAC addresses of VMs or other types of network nodes belonging to an overlay logical network are partitioned into several shards, each shard of MAC addresses assigned to a VDB in the network. Each VDB assigned a shard of MAC addresses performs bridging when it receives a packet bearing a MAC address belonging to its assigned shard. A VDB does not perform bridging on packets that do not have MAC address that falls within the VDB's shard of MAC addresses.

Abstract: Virtualization software that includes a VDRB (virtual distributed router/bridge) module for performing L3 routing and/or bridging operations is provided. At least some of the VDRBs are configured as VDBs (virtual distributed bridge) for performing bridging operations between different network segments in a distributed manner. The bridging tasks of a network are partitioned among several VDBs of the network based on MAC addresses. MAC addresses of VMs or other types of network nodes belonging to an overlay logical network are partitioned into several shards, each shard of MAC addresses assigned to a VDB in the network. Each VDB assigned a shard of MAC addresses performs bridging when it receives a packet bearing a MAC address belonging to its assigned shard. A VDB does not perform bridging on packets that do not have MAC address that falls within the VDB's shard of MAC addresses.

Abstract: Virtualization software that includes a VDRB (virtual distributed router/bridge) module for performing L3 routing and/or bridging operations is provided. At least some of the VDRBs are configured as VDBs (virtual distributed bridge) for performing bridging operations between different network segments in a distributed manner. The bridging tasks of a network are partitioned among several VDBs of the network based on MAC addresses. MAC addresses of VMs or other types of network nodes belonging to an overlay logical network are partitioned into several shards, each shard of MAC addresses assigned to a VDB in the network. Each VDB assigned a shard of MAC addresses performs bridging when it receives a packet bearing a MAC address belonging to its assigned shard. A VDB does not perform bridging on packets that do not have MAC address that falls within the VDB's shard of MAC addresses.