Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

Abstract: Example methods and network devices for tunnel-based routing calculation. One example method may comprise establishing a tunnel between a first tunnel interface and a second tunnel interface; establishing a first session for routing information exchange between a first tunnel endpoint and an underlay network device; establishing a second session for routing information exchange between the first tunnel interface and the second tunnel interface over the tunnel. In response to receiving first routing information over the first session, the underlay network device may be configured to be a next hop to reach the second tunnel endpoint by updating a routing table to include a first entry. Further, the underlay network device may be retained as the next hop by updating the routing table to include a second entry to override second routing information that advertises, over the second session, the second tunnel interface as the next hop.

Abstract: Some embodiments provide a method for a host computer that executes a set of data compute nodes (DCNs), for identifying a designated router for a multicast group. The method receives a membership request message to join the multicast group from a particular DCN of the set of DCNs, the membership request message including an address associated with the multicast group. The method identifies a logical router gateway from a set of logical router gateways as the designated router for the multicast group, based at least in part on the address associated with the multicast group, where different logical router gateways from the set of logical router gateways are assigned as designated routers for different multicast groups with different associated addresses. The method forwards the membership request message to the identified logical router gateway.

Abstract: Some embodiments of the invention provide a method for implementing a logical network with one or more logical forwarding elements (LFEs), each with multiple logical ports. Each LFE in some embodiments is implemented by several physical forwarding elements (PFEs) operating on several devices. On a host computer executing a particular machine connected to a PFE implementing a particular LFE, the method identifies an address discovery message associating a particular network address (e.g., a layer 2 (L2) address or media access control (MAC) address) of the particular machine with a another network address (e.g., a layer 3 (L3) or an Internet Protocol (IP) address) of the particular machine.

Abstract: Example methods and network devices for tunnel-based routing calculation. One example method may comprise establishing a tunnel between a first tunnel interface and a second tunnel interface; establishing a first session for routing information exchange between a first tunnel endpoint and an underlay network device; establishing a second session for routing information exchange between the first tunnel interface and the second tunnel interface over the tunnel. In response to receiving first routing information over the first session, the underlay network device may be configured to be a next hop to reach the second tunnel endpoint by updating a routing table to include a first entry. In response to receiving second routing information from the second tunnel interface over the second session, the underlay network device may be retained as the next hop based on an excluded address specified in the second routing information.

Abstract: In some embodiments, a method for selecting an egress point for accessing an external network associated with a distributed logical router that is distributed across at least a first computing device and a second computing device is provided. The method receives, by an instance of the logical router at the first computing device, first identification information and a first preference value. The method compares the first preference value to a second preference value. The second preference value is associated with second identification information corresponding to a current computing device that is identified as a current preferred egress point for the logical router. The method determines whether to set the egress point connected to the instance of the logical router in the second computing device as a new preferred egress point for the logical router.

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: Embodiments described herein involve learning and distributing associations between groups and addresses. Embodiments include receiving, by a first route server associated with a first central control plane (CCP) of a first data center, a definition of a first group. Embodiments include learning, by the first route server, a first association between the first group and one or more addresses based on the definition of the first group. Embodiments include transmitting, by the first route server, the first association to a second route server in a second CCP of a second data center. Embodiments include receiving, by the first route server, from the second route server, a second association between the first group and one or more additional addresses. Embodiments include storing, by the first route server, the first association and the second association in a table and programming, by the first central control plane, the hypervisor based on the table.

Abstract: Example methods and network devices for tunnel-based routing calculation. One example method may comprise establishing a tunnel between a first tunnel interface and a second tunnel interface; establishing a first session for routing information exchange between a first tunnel endpoint and an underlay network device; establishing a second session for routing information exchange between the first tunnel interface and the second tunnel interface over the tunnel. In response to receiving first routing information over the first session, the underlay network device may be configured to be a next hop to reach the second tunnel endpoint by updating a routing table to include a first entry. In response to receiving second routing information from the second tunnel interface over the second session, the underlay network device may be retained as the next hop based on an excluded address specified in the second routing information.

Abstract: Example methods and network devices for tunnel-based routing calculation. One example method may comprise establishing a tunnel between a first tunnel interface and a second tunnel interface; establishing a first session for routing information exchange between a first tunnel endpoint and an underlay network device; establishing a second session for routing information exchange between the first tunnel interface and the second tunnel interface over the tunnel. In response to receiving first routing information over the first session, the underlay network device may be configured to be a next hop to reach the second tunnel endpoint by updating a routing table to include a first entry. Further, the underlay network device may be retained as the next hop by updating the routing table to include a second entry to override second routing information that advertises, over the second session, the second tunnel interface as the next hop.

Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: Example methods are provided for a host to perform multicast packet handling a software-defined networking (SDN) environment. One example method may comprise: in response to detecting, from a virtualized computing instance supported by the host, a request to join a first inner multicast group address, obtaining an outer multicast group address that is assigned to the first inner multicast group address and one or more second inner multicast group addresses; and generating and sending a request to join the outer multicast group address to one or more multicast-enabled network devices. In response to detecting an ingress encapsulated multicast packet that includes an outer header addressed to the outer multicast group address and an inner header addressed to the first inner multicast group address, the host may generate and send a decapsulated multicast packet to the virtualized computing instance that has joined the first inner multicast group address.

Abstract: In some embodiments, a method receives a selection of a logical router in the first computing device in a first site of a plurality of sites as a preferred egress point to an external network for the logical router. The logical router is instantiated on computing devices in the plurality of sites and a single site in the sites is the preferred egress point for the logical router. The method stores identification information for the logical router in a routing table that stores identification information for multiple logical routers. The identification information is unique among multiple logical routers. The method advertises via a routing instance in a control plane to other computing devices in other sites the identification information for the logical router to indicate the logical router in the first computing device in the first site is the preferred egress point.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for configuring a managed forwarding element (MFE) executing on a first host machine to implement a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines to process multicast data messages. The method receives a multicast group report from a data compute node (DCN) that executes on the first host, sends a summarized multicast group report indicating multicast groups joined by DCNs executing on the first host to a set of central controllers, receives data based on an aggregated multicast group report from the set of central controllers, and uses the data based on the aggregated multicast group report to configure the MFE to implement the distributed multicast logical router.

Abstract: Embodiments described herein involve appliance migration. Embodiments include connecting, by a second appliance that is configured to perform a service, to a first uplink and a first downlink of a first appliance that is configured to perform the service. Embodiments include connecting, by the second appliance, to a first endpoint and a second endpoint to which the first appliance is connected. Embodiments include determining, by the second appliance, existing flows processed by the first appliance. Embodiments include processing, by the second appliance, a plurality of packets received via the first endpoint by: forwarding, by the second appliance, first packets of the plurality of packets that correspond to the existing flows to the first appliance; and performing, by the second appliance, the service for second packets of the plurality of packets that do not correspond to the existing flows.

Abstract: Embodiments described herein involve appliance migration. Embodiments include connecting, by a second appliance that is configured to perform a service, to a first uplink and a first downlink of a first appliance that is configured to perform the service. Embodiments include connecting, by the second appliance, to a first endpoint and a second endpoint to which the first appliance is connected. Embodiments include determining, by the second appliance, existing flows processed by the first appliance. Embodiments include processing, by the second appliance, a plurality of packets received via the first endpoint by: forwarding, by the second appliance, first packets of the plurality of packets that correspond to the existing flows to the first appliance; and performing, by the second appliance, the service for second packets of the plurality of packets that do not correspond to the existing flows.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).