Abstract: Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (ESGs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner internet protocol (IP) address and a same anycast inner media access control (MAC) address. In some embodiments, ESGs of a logical network facilitate communication between machines connected to the logical network and machines on external networks. In some embodiments, the method configures a set of virtual extensible local area network tunnel endpoints (VTEPs) connected to an ESG to use a same anycast VTEP IP address. The method, in some embodiments, configures a distributed logical router (DLR or DR) to send data packets with destinations outside the logical network from sources belonging to the logical network to the anycast VTEP IP address.

Abstract: The present disclosure provides an approach for scaling the number of VNFs in a data center without scaling the number of control sessions between VNFs and a data center gateway. The approach includes opening a session between a VNF and a route server, rather than between the VNF and the gateway, when the VNF needs to send its connectivity information to the gateway. The VNF sends its connectivity information to the route server, and the route server forwards the connectivity information to the gateway. The gateway receives connectivity information of a plurality of VNFs in the data center from the route server rather than from each of the VNFs individually. The connectivity information is then used to send packets, by the gateway to a VNF, for processing. The packets are sent using three layers of networking: an underlay physical network, an overlay logical network, and a second overlay logical network.

Abstract: A method for a hypervisor to implement flow-based local egress in a multisite datacenter is disclosed. The method comprises: determining whether a first data packet of a first data flow has been received. If the first data packet has been received, then the hypervisor determines a MAC address of a first local gateway in a first site of a multisite datacenter that communicated the first data packet, and stores the MAC address of the first local gateway and a 5-tuple for the first data flow. Upon determining that a response for the first data flow has been received, the hypervisor determines whether the response includes the MAC address of the first local gateway. If the response includes a MAC address of another local gateway, then the hypervisor replaces, in the response, the MAC address of another local gateway with the MAC address of the first local gateway.

Abstract: Embodiments described herein involve learning and distributing associations between groups and addresses. Embodiments include receiving, by a first route server associated with a first central control plane (CCP) of a first data center, a definition of a first group. Embodiments include learning, by the first route server, a first association between the first group and one or more addresses based on the definition of the first group. Embodiments include transmitting, by the first route server, the first association to a second route server in a second CCP of a second data center. Embodiments include receiving, by the first route server, from the second route server, a second association between the first group and one or more additional addresses. Embodiments include storing, by the first route server, the first association and the second association in a table and programming, by the first central control plane, the hypervisor based on the table.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: In some embodiments, a method receives a selection of a logical router in the first computing device in a first site of a plurality of sites as a preferred egress point to an external network for the logical router. The logical router is instantiated on computing devices in the plurality of sites and a single site in the sites is the preferred egress point for the logical router. The method stores identification information for the logical router in a routing table that stores identification information for multiple logical routers. The identification information is unique among multiple logical routers. The method advertises via a routing instance in a control plane to other computing devices in other sites the identification information for the logical router to indicate the logical router in the first computing device in the first site is the preferred egress point.

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: Some embodiments provide a method for providing a layer 2 (L2) bump-in-the-wire service at a gateway device (e.g., a layer 3 (L3) gateway device) at the edge of a logical network. The method, in some embodiments, establishes a connection from a first interface of the gateway device to a service node that provides the L2 service. The method also establishes a connection from a second interface of the gateway device to the L2 service node. The method then sends data messages received by the gateway device that require the L2 service to the service node using the first interface. Some embodiments provide a method for applying different policies at the service node for different tenants of a datacenter. Data messages received for a particular tenant that require the L2 service are encapsulated or marked as belonging to the tenant before being sent to the service node. Based on the encapsulation or marking, the service node provides the service according to policies defined for the tenant.

Abstract: One or more Variable Frequency Drives (VFD) are connected to a packet network and the power transistor drive signals normally generated by the VFD to produce a desired Pulse Width Modulated (PWM) motor drive signal are generated by a software controller located in the packet network and transmitted to the VFD. The control of the VFDs can be (1) centralized using some centralized software controller communicating to the VFDs over the packet network, and/or (2) distributed, in which case VFDs can peer with each other over the packet network, to communicate control state.

Abstract: The disclosure provides an approach for reducing multicast traffic within a network by optimizing placement of virtual machines within subnets and within hosts, and by optimizing mapping of overlay multicast groups to underlay multicast groups. In one embodiment, substantially all VMs of a multicast group are migrated to the same subnet of the network. Thereafter or independently, VMs in the same subnet are migrated to the same host, ideally to the subnet proxy endpoint of that subnet. In the same or in another embodiment, if multiple overlay groups map to the same underlay group, one or more of the overlay groups may be remapped to a separate underlay group to improve network performance.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: The disclosure provides an approach for reducing multicast traffic within a network by optimizing placement of virtual machines within subnets and within hosts, and by optimizing mapping of overlay multicast groups to underlay multicast groups. In one embodiment, substantially all VMs of a multicast group are migrated to the same subnet of the network. Thereafter or independently, VMs in the same subnet are migrated to the same host, ideally to the subnet proxy endpoint of that subnet. In the same or in another embodiment, if multiple overlay groups map to the same underlay group, one or more of the overlay groups may be remapped to a separate underlay group to improve network performance.

Abstract: Example methods are provided for a host to perform multicast packet handling a software-defined networking (SDN) environment. One example method may comprise: in response to detecting, from a virtualized computing instance supported by the host, a request to join a first inner multicast group address, obtaining an outer multicast group address that is assigned to the first inner multicast group address and one or more second inner multicast group addresses; and generating and sending a request to join the outer multicast group address to one or more multicast-enabled network devices. In response to detecting an ingress encapsulated multicast packet that includes an outer header addressed to the outer multicast group address and an inner header addressed to the first inner multicast group address, the host may generate and send a decapsulated multicast packet to the virtualized computing instance that has joined the first inner multicast group address.