Abstract: In various example embodiments, a system, a method, and a machine readable medium to manage multicast traffic are disclosed. The system includes a controller server for receiving first multicast group member information and for providing centralized control of a network. The first multicast group member information is received from a first end-host computer and received at the controller server responsive to a first packet forwarding system identifying the first end-host computer is joining a first multicast group on a first virtual network. The controller server generates a first multicast tree and communicates a first network configuration message to at least one packet forwarding system of the first plurality of packet forwarding systems. The first network configuration message includes a packet flow table entry enabling configuration of a flow table to enable communication of multicast traffic for the first multicast group over a portion of the first multicast tree.

Abstract: In various example embodiments, a system, a method, and a machine readable medium to manage multicast traffic are disclosed. The system includes a controller server for receiving first multicast group member information and for providing centralized control of a network. The first multicast group member information is received from a first end-host computer and received at the controller server responsive to a first packet forwarding system identifying the first end-host computer is joining a first multicast group on a first virtual network. The controller server generates a first multicast tree and communicates a first network configuration message to at least one packet forwarding system of the first plurality of packet forwarding systems. The first network configuration message includes a packet flow table entry enabling configuration of a flow table to enable communication of multicast traffic for the first multicast group over a portion of the first multicast tree.

Abstract: A network of switches having ports coupled to other switches or end hosts may be controlled by a controller. The controller may identify whether any switch ports have failed. In response to identifying that a port has failed at a first switch, the controller may modify link aggregation group mappings of the other switches to handle failover. The controller may modify the link aggregation group mapping of each other switch to include a first mapping that includes ports coupled to the first switch and a second mapping that does not include any ports coupled to the first switch. The controller may configure forwarding tables at the switches to forward network packets using the first or second mappings based on network topology information maintained by the controller.

Abstract: In various example embodiments, a system and method for optimizing management of a multicast tree are disclosed. The system receives first multicast group member information, from over a network and via a first packet forwarding system, at a controller server that provides for control of a network comprised of a first virtual local area network including a first packet forwarding system, the first multicast group member information being received by the first packet forwarding system and describing a first end-host computer as joining a first multicast group on the first virtual local area network. The system generates a multicast tree, at the controller server, and communicates a network configuration message to at least one packet forwarding system of a first plurality of packet forwarding systems to enable communication of the multicast traffic for the first multicast group over a portion of the multicast tree.

Abstract: A controller implemented on computing equipment may be used to control switches in a network. End hosts may be coupled to the switches. The controller may generate a virtual network topology of virtual switches, virtual routers, and virtual system routers that are distributed over underlying switches in the network. The controller may form virtual switches from respective groups of end hosts, virtual routers from groups of virtual switches that include virtual interfaces that are coupled to virtual switches, and a virtual system router from groups of virtual routers that includes virtual system router interfaces that are coupled to the virtual routers. The controller may control the virtual network topology by generating respective flow table entries based on identified network policies for each of the virtual routers, virtual system routers, and virtual switches. The controller may control the virtual system routers to route packets between the virtual routers.

Abstract: In various example embodiments, a system and method for optimizing management of a multicast tree are disclosed. The system receives first multicast group member information, from over a network and via a first packet forwarding system, at a controller server that provides for control of a network comprised of a first virtual local area network including a first packet forwarding system, the first multicast group member information being received by the first packet forwarding system and describing a first end-host computer as joining a first multicast group on the first virtual local area network. The system generates a multicast tree, at the controller server, and communicates a network configuration message to at least one packet forwarding system of a first plurality of packet forwarding systems to enable communication of the multicast traffic for the first multicast group over a portion of the multicast tree.

Abstract: A controller may control switches such as physical and software switches in a network. The controller may generate virtual switches from groups of end hosts in forming a virtual network topology. The controller may receive one or more network policy rules that govern network traffic through the switches. For a given network policy rule, the controller may perform a test in determining whether the network satisfies the network policy rule. The test may be performed based on a testing rule identifying test parameters and expected test results. The controller may perform tests in determining whether the network satisfies the testing rule and the corresponding network policy rule. The tests may be performed via simulation at the controller or by injecting a tagged test packet into the network.

Abstract: A controller implemented on computing equipment may control switches in a network. The controller may provide flow tables that implement network policies to the switches to control packet forwarding through the network. The controller may provide debug table entries to the switches for use in a debug table that is separate from the flow table. The debug table entries may match incoming network packets and increment corresponding counters on the switches. The controller may retrieve count information from the counters for performing debugging operations on the network. For example, the controller may identify conflicts between fields of a selected flow table entry, determine whether elephant packet flows are present between switches, determine whether desired load balancing is being performed, determine whether a network path has changed, determine whether packet loss has occurred, and/or determine whether network packets are taking undesired paths based on the retrieved count information.

Abstract: First and second controllers implemented on computing equipment may be used to control switches in a network. The switches may forward network packets between end hosts. The second controller may identify first and second redundant partitions of switches in the network that are each coupled to all of the end hosts. The first controller may instruct the first partition to install software while the second partition forwards network traffic and may instruct the second partition to install software while the first partition forwards network traffic. The first controller may install the software while the second controller is active and the second controller may install the software while the first controller is active. In this way, the switches and controllers may be provided with an uninterrupted software upgrade and packets may be forwarded between end hosts during the software upgrade without introducing packet loss or other noticeable reductions in network performance.

Abstract: A controller implemented on computing equipment may be used to control switches in a network. End hosts and service devices may be coupled to the switches in the network. The controller may generate a virtual network topology of virtual switches and virtual routers. The controller may control the virtual routers and/or virtual switches to perform service insertion. The controller may perform service insertion by controlling the virtual routers and/or virtual switches to redirect network traffic through one or more selected service devices. The controller may determine which network traffic is to be redirected to which service devices based on a service insertion policy that identifies network traffic and services to be performed on the network traffic.

Abstract: A controller may be used to control client switches in a network that includes non-client, switches. The controller may form client domains from groups of client switches that are separated by intervening non-client domains formed from non-client switches. The controller may determine a network domain topology from the client domains and non-client domains. The controller may determine a spanning tree that interconnects the nodes of the network domain topology. The controller may control client switches of the client domains to allow only network traffic between the client domains and the non-client domains along the spanning tree. The controller may use the network domain topology to generate inter-domain forwarding maps. The inter-domain forwarding maps may be used to determine network forwarding paths between end hosts in the network.

Abstract: A controller may be used to control client switches in a network that includes non-client switches. The controller may form client domains from groups of client switches that are separated by intervening non-client domains formed from non-client switches. The controller may determine a network domain topology from the client domains and non-client domains. The controller may determine a spanning tree that interconnects the nodes of the network domain topology. The controller may control client switches of the client domains to allow only network traffic between the client domains and the non-client domains along the spanning tree. The controller may use the network domain topology to generate inter-domain forwarding maps. The inter-domain forwarding maps may be used to determine network forwarding paths between end hosts in the network.

Abstract: A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may configure the switches in the network to identify broadcast network packets and to forward the broadcast network packets to the controller. The controller may identify which broadcast domain is associated with a received broadcast network packet based on information such as source information retrieved from the broadcast network packet. The controller may identify switches that are coupled to the end hosts of a broadcast domain associated with the received broadcast network packet. The controller may forward the broadcast network packet to the identified switches through network control paths and may direct the identified switches to forward the broadcast network packet to end hosts of the associated broadcast domain.

Abstract: A network of switches having ports coupled to other switches or end hosts may be controlled by a controller. The controller may identify whether any switch ports have failed. In response to identifying that a port has failed at a first switch, the controller may modify link aggregation group mappings of the other switches to handle failover. The controller may modify the link aggregation group mapping of each other switch to include a first mapping that includes ports coupled to the first switch and a second mapping that does not include any ports coupled to the first switch. The controller may configure forwarding tables at the switches to forward network packets using the first or second mappings based on network topology information maintained by the controller.

Abstract: First and second controllers implemented on computing equipment may be used to control switches in a network. The switches may forward network packets between end hosts. The second controller may identify first and second redundant partitions of switches in the network that are each coupled to all of the end hosts. The first controller may instruct the first partition to install software while the second partition forwards network traffic and may instruct the second partition to install software while the first partition forwards network traffic. The first controller may install the software while the second controller is active and the second controller may install the software while the first controller is active. In this way, the switches and controllers may be provided with an uninterrupted software upgrade and packets may be forwarded between end hosts during the software upgrade without introducing packet loss or other noticeable reductions in network performance.

Abstract: A controller implemented on computing equipment may control switches in a network. The controller may provide flow tables that implement network policies to the switches to control packet forwarding through the network. The controller may provide debug table entries to the switches for use in a debug table that is separate from the flow table. The debug table entries may match incoming network packets and increment corresponding counters on the switches. The controller may retrieve count information from the counters for performing debugging operations on the network. For example, the controller may identify conflicts between fields of a selected flow table entry, determine whether elephant packet flows are present between switches, determine whether desired load balancing is being performed, determine whether a network path has changed, determine whether packet loss has occurred, and/or determine whether network packets are taking undesired paths based on the retrieved count information.

Abstract: A controller implemented on computing equipment may be used to control switches in a network. End hosts may be coupled to the switches. The controller may generate a virtual network topology of virtual switches, virtual routers, and virtual system routers that are distributed over underlying switches in the network. The controller may form virtual switches from respective groups of end hosts, virtual routers from groups of virtual switches that include virtual interfaces that are coupled to virtual switches, and a virtual system router from groups of virtual routers that includes virtual system router interfaces that are coupled to the virtual routers. The controller may control the virtual network topology by generating respective flow table entries based on identified network policies for each of the virtual routers, virtual system routers, and virtual switches. The controller may control the virtual system routers to route packets between the virtual routers.

Abstract: A controller implemented on computing equipment may be used to control switches in a network. End hosts and service devices may be coupled to the switches in the network. The controller may generate a virtual network topology of virtual switches and virtual routers. The controller may control the virtual routers and/or virtual switches to perform service insertion. The controller may perform service insertion by controlling the virtual routers and/or virtual switches to redirect network traffic through one or more selected service devices. The controller may determine which network traffic is to be redirected to which service devices based on a service insertion policy that identifies network traffic and services to be performed on the network traffic.

Abstract: A controller may control switches such as physical and software switches in a network. The controller may generate virtual switches from groups of end hosts in forming a virtual network topology. The controller may receive one or more network policy rules that govern network traffic through the switches. For a given network policy rule, the controller may perform a test in determining whether the network satisfies the network policy rule. The test may be performed based on a testing rule identifying test parameters and expected test results. The controller may perform tests in determining whether the network satisfies the testing rule and the corresponding network policy rule. The tests may be performed via simulation at the controller or by injecting a tagged test packet into the network.

Abstract: A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may use network topology information to determine which of the switches are coupled in a forwarding tree formed from network paths between the end hosts of a broadcast domain. The controller may be used to configure the switches with an identifier that identifies which broadcast domain is associated with each subset of end hosts. The controller may configure switches of a given forwarding tree that are coupled to end hosts of an associated broadcast domain to modify broadcast network packets received from the end hosts with the identifier and to forward the modified broadcast network packets along the forwarding tree exclusively to end hosts of the associated broadcast domain.