Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

Abstract: Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner IP address, anycast MAC address, and to associate with a same anycast VTEP IP address. In some embodiments, the modules are operating in an active-active mode and all nodes running modules advertise the anycast VTEP IP addresses with equal local preference. In some embodiments, modules are operating in active-standby mode and the node running the active module advertises the anycast VTEP IP address with higher local preference.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for processing multicast data messages at a first managed forwarding element (MFE) executing on a first host machine that implements a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines. The method replicates multicast data messages received from a source data compute node (DCN), operating on the first host machine, that logically connects to a first logical switch of the multiple logical switches. The method replicates the multicast data message to a set of DCNs in the multicast group in the logical network without routing through a centralized local multicast router.

Abstract: For a network including multiple host machines that each execute a number of network functions some embodiments provide a method for the network functions to advertise the availability of the network function and network addresses (e.g., internet protocol (IP) addresses) associated with the network functions to the other network functions using application programming interfaces (APIs). In some embodiments, non-routing network functions advertise their availability and/or network addresses associated with the network function to a routing network function (e.g., a routing network function that is part of a service router) for the routing network function to advertise to other network elements (e.g. other routing elements or other network functions that need to reach the advertising network function). These advertisements, in some embodiments, are part of participation in a dynamic routing protocol.

Abstract: Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner IP address, anycast MAC address, and to associate with a same anycast VTEP IP address. In some embodiments, the modules are operating in an active-active mode and all nodes running modules advertise the anycast VTEP IP addresses with equal local preference. In some embodiments, modules are operating in active-standby mode and the node running the active module advertises the anycast VTEP IP address with higher local preference.

Abstract: Example methods are provided to handle failure at one or more logical routers according to a non-preemptive mode. The method may include in response to detecting, by a first routing component operating in a standby state, a failure associated with a second routing component operating in an active state, generating a control message that includes a non-preemptive code to instruct the second routing component not to operate in the active state after a recovery from the failure, sending the control message to the second routing component, and performing a state transition from the standby state to the active state. The method may also include in response to detecting, by the first routing component operating in the active state, network traffic during the failure or after the recovery of the second routing component, forwarding the network traffic from the first network to the second network, or from the second network to the first network.

Abstract: Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (ESGs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner internet protocol (IP) address and a same anycast inner media access control (MAC) address. In some embodiments, ESGs of a logical network facilitate communication between machines connected to the logical network and machines on external networks. In some embodiments, the method configures a set of virtual extensible local area network tunnel endpoints (VTEPs) connected to an ESG to use a same anycast VTEP IP address. The method, in some embodiments, configures a distributed logical router (DLR or DR) to send data packets with destinations outside the logical network from sources belonging to the logical network to the anycast VTEP IP address.

Abstract: One or more Variable Frequency Drives (VFD) are connected to a packet network and the power transistor drive signals normally generated by the VFD to produce a desired Pulse Width Modulated (PWM) motor drive signal are generated by a software controller located in the packet network and transmitted to the VFD. The control of the VFDs can be (1) centralized using some centralized software controller communicating to the VFDs over the packet network, and/or (2) distributed, in which case VFDs can peer with each other over the packet network, to communicate control state.

Abstract: Some embodiments provide a method for providing a layer 2 (L2) bump-in-the-wire service at a gateway device (e.g., a layer 3 (L3) gateway device) at the edge of a logical network. The method, in some embodiments, establishes a connection from a first interface of the gateway device to a service node that provides the L2 service. The method also establishes a connection from a second interface of the gateway device to the L2 service node. The method then sends data messages received by the gateway device that require the L2 service to the service node using the first interface. Some embodiments provide a method for applying different policies at the service node for different tenants of a datacenter. Data messages received for a particular tenant that require the L2 service are encapsulated or marked as belonging to the tenant before being sent to the service node. Based on the encapsulation or marking, the service node provides the service according to policies defined for the tenant.

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

Abstract: A method for a hypervisor to implement flow-based local egress in a multisite datacenter is disclosed. The method comprises: determining whether a first data packet of a first data flow has been received. If the first data packet has been received, then the hypervisor determines a MAC address of a first local gateway in a first site of a multisite datacenter that communicated the first data packet, and stores the MAC address of the first local gateway and a 5-tuple for the first data flow. Upon determining that a response for the first data flow has been received, the hypervisor determines whether the response includes the MAC address of the first local gateway. If the response includes a MAC address of another local gateway, then the hypervisor replaces, in the response, the MAC address of another local gateway with the MAC address of the first local gateway.

Abstract: In one embodiment, a network controller identifies a first sign of life for an edge device in a communication network (e.g., when the network controller receives an encapsulated workflow request for the edge device over a control plane of the communication network). The network controller further imports the encapsulated workflow request from the edge device over the control plane, determines configuration parameters for a tenant and a tenant network from the encapsulated workflow request, and transmits the configuration parameters to the edge device to provision the edge device for the tenant according to the configuration parameters.

Abstract: For a set of gateway devices at the edge of a logical network, some embodiments provide a method for ensuring that data messages from an external network requiring a stateful service are received at an active gateway device. The method advertises the availability of a set of internet protocol (IP) addresses from standby gateway devices with a higher cost than the cost advertised by an active gateway device. In some embodiments, the advertisement is made using a border gateway protocol. Data messages may be unexpectedly received on a standby node despite the higher advertised cost. This could happen due to asymmetric network failures. The method determines if a stateful service is needed for the data messages received on standby node. Based on the determination, the method forwards the received data message to the active gateway device for the active gateway device to provide the stateful service.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: The disclosure provides an approach for reducing multicast traffic within a network by optimizing placement of virtual machines within subnets and within hosts, and by optimizing mapping of overlay multicast groups to underlay multicast groups. In one embodiment, substantially all VMs of a multicast group are migrated to the same subnet of the network. Thereafter or independently, VMs in the same subnet are migrated to the same host, ideally to the subnet proxy endpoint of that subnet. In the same or in another embodiment, if multiple overlay groups map to the same underlay group, one or more of the overlay groups may be remapped to a separate underlay group to improve network performance.

Abstract: Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (ESGs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner internet protocol (IP) address and a same anycast inner media access control (MAC) address. In some embodiments, ESGs of a logical network facilitate communication between machines connected to the logical network and machines on external networks. In some embodiments, the method configures a set of virtual extensible local area network tunnel endpoints (VTEPs) connected to an ESG to use a same anycast VTEP IP address. The method, in some embodiments, configures a distributed logical router (DLR or DR) to send data packets with destinations outside the logical network from sources belonging to the logical network to the anycast VTEP IP address.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for configuring a managed forwarding element (MFE) executing on a first host machine to implement a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines to process multicast data messages. The method receives a multicast group report from a data compute node (DCN) that executes on the first host, sends a summarized multicast group report indicating multicast groups joined by DCNs executing on the first host to a set of central controllers, receives data based on an aggregated multicast group report from the set of central controllers, and uses the data based on the aggregated multicast group report to configure the MFE to implement the distributed multicast logical router.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).