Abstract: The technology disclosed herein enables remote gateways to quickly re-learn MAC addresses of workloads for a gateway that has taken over for another gateway. In a particular embodiment, a method provides determining that a backup gateway should begin handling communications exchanged with one or more workloads of an active gateway for a logical network. The method further provides transferring a control message to one or more remote gateways in communication with the backup gateway. The control message instructs the remote gateways to change MAC addresses learned from, and associated with, the active gateway to being associated with the backup gateway. The method also provides, in the backup gateway, receiving network communications directed to one or more of the workloads from one or more of the remote gateways.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

Abstract: For a network including multiple host machines that each execute a number of network functions some embodiments provide a method for the network functions to advertise the availability of the network function and network addresses (e.g., internet protocol (IP) addresses) associated with the network functions to the other network functions using application programming interfaces (APIs). In some embodiments, non-routing network functions advertise their availability and/or network addresses associated with the network function to a routing network function (e.g., a routing network function that is part of a service router) for the routing network function to advertise to other network elements (e.g. other routing elements or other network functions that need to reach the advertising network function). These advertisements, in some embodiments, are part of participation in a dynamic routing protocol.

Abstract: In one embodiment, when an ingress provider edge (PE) device of a computer network domain receives a frame at the ingress PE device destined to a destination media access control (MAC) address, it can determine whether the frame was received on a root or leaf Ethernet ingress segment, and also whether the destination MAC address is located via a root or leaf Ethernet segment. Accordingly, the ingress PE device may either drop or forward the frame based on the ingress Ethernet segment and destination MAC address Ethernet segment being either a root or a leaf, respectively.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

Abstract: A method is provided in one example embodiment and includes receiving a request to create a path through a network, wherein the path originates on a first network device and terminates on the second network device; identifying a first controller associated with the first network device, wherein the first controller proxies control plane functions for the first network device; identifying a second controller associated with the second network device, wherein the second controller proxies control plane functions for the second network device; and computing the path using the first controller as a source and the second controller as a destination. The first controller installs the computed path on the first network device and the second controller installs the computed path on the second network device.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for configuring a managed forwarding element (MFE) executing on a first host machine to implement a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines to process multicast data messages. The method receives a multicast group report from a data compute node (DCN) that executes on the first host, sends a summarized multicast group report indicating multicast groups joined by DCNs executing on the first host to a set of central controllers, receives data based on an aggregated multicast group report from the set of central controllers, and uses the data based on the aggregated multicast group report to configure the MFE to implement the distributed multicast logical router.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for configuring a managed forwarding element (MFE) executing on a first host machine to implement a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines to process multicast data messages. The method receives a multicast group report from a data compute node (DCN) that executes on the first host, sends a summarized multicast group report indicating multicast groups joined by DCNs executing on the first host to a set of central controllers, receives data based on an aggregated multicast group report from the set of central controllers, and uses the data based on the aggregated multicast group report to configure the MFE to implement the distributed multicast logical router.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method for processing multicast data messages at a first managed forwarding element (MFE) executing on a first host machine that implements a distributed multicast logical router and multiple logical switches logically connected to the logical router in conjunction with a set of additional MFEs executing on additional host machines. The method replicates multicast data messages received from a source data compute node (DCN), operating on the first host machine, that logically connects to a first logical switch of the multiple logical switches. The method replicates the multicast data message to a set of DCNs in the multicast group in the logical network without routing through a centralized local multicast router.

Abstract: Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

Abstract: For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

Abstract: The technology disclosed herein enables a dynamic chain of virtual service functions for processing network traffic in a virtual computing environment. In a particular embodiment, a method includes providing a service chain policy to a virtual routing element connecting the respective service functions and determining an initial classification of a network packet entering the dynamic service chain. The initial classification indicates at least a first service function in a sequence of the service functions for processing the network packet. The method further includes providing a service chain policy to a virtual routing element connecting the respective service functions.

Abstract: A data system transfers data packets over Service Function Chains (SFCs). A classifier receives the packets and determines SFC Identifiers (IDs) and metadata. The classifier inserts the SFC IDs and metadata in Virtual Local Area Network (VLAN) ID data fields of the packets. The classifier transfers the classified packets to a forwarder. The forwarder identifies the SFC IDs and metadata from the VLAN ID data fields. The forwarder selects network functions based on the SFC IDs and metadata. The forwarder transfers the packets having the SFC IDs and metadata in the VLAN ID data fields to the selected network functions. The selected network functions identify the SFC IDs and metadata from the VLAN ID data fields. The network functions process the packets based on the SFC IDs, metadata, and configured policies to perform functions like network address translation, firewall, deep packet inspection, and others.

Abstract: Some embodiments provide a method for determining a router identifier for a centralized routing component of a logical router. The method determines that a dynamic routing protocol is enabled for the centralized routing component. When a router identifier was previously stored for the centralized routing component, the method assigns the stored router identifier as the router identifier for the centralized routing component only when the stored router identifier matches one of a set of valid addresses for the centralized routing component. When the centralized routing component does not have a previously stored router identifier that matches one of the set of valid addresses, the method assigns one of the set of valid addresses as the router identifier for the centralized routing component according to a hierarchy among the set of valid addresses.

Abstract: Example methods are provided to handle failure at one or more logical routers according to a non-preemptive mode. The method may include in response to detecting, by a first routing component operating in a standby state, a failure associated with a second routing component operating in an active state, generating a control message that includes a non-preemptive code to instruct the second routing component not to operate in the active state after a recovery from the failure, sending the control message to the second routing component, and performing a state transition from the standby state to the active state. The method may also include in response to detecting, by the first routing component operating in the active state, network traffic during the failure or after the recovery of the second routing component, forwarding the network traffic from the first network to the second network, or from the second network to the first network.

Abstract: A data system transfers data packets over Service Function Chains (SFCs). A classifier receives the packets and determines SFC Identifiers (IDs) and metadata. The classifier inserts the SFC IDs and metadata in Virtual Local Area Network (VLAN) ID data fields of the packets. The classifier transfers the classified packets to a forwarder. The forwarder identifies the SFC IDs and metadata from the VLAN ID data fields. The forwarder selects network functions based on the SFC IDs and metadata. The forwarder transfers the packets having the SFC IDs and metadata in the VLAN ID data fields to the selected network functions. The selected network functions identify the SFC IDs and metadata from the VLAN ID data fields. The network functions process the packets based on the SFC IDs, metadata, and configured policies to perform functions like network address translation, firewall, deep packet inspection, and others.

Abstract: A method and system are disclosed for distributing (advertising) segment identifiers in network functions virtualization and/or software defined networking environments. An exemplary method includes receiving a route advertisement that includes a prefix with a forwarding address for a first network element and receiving a segment identifier (SID) advertisement that includes a prefix SID for the prefix. The route advertisement may be received from a second network element proxying control plane functions for the first network element. Reachability information for the first network element is updated based on the route advertisement and the SID advertisement.

Abstract: An example method for instantiating a network using a network function virtualization infrastructure (NVFI) pod in a network environment is provided and includes receiving a request to instantiate a logical network topology in the NFVI pod that includes a pre-selected set of interconnected pre-configured hardware resources, the abstract network topology including a virtual network function (VNF) forwarding graph (FG), distilling the VNF FG into various interconnected VNFs, deploying various VNFs of the VNF FG to a plurality of virtual machines, and instantiating the network topology on appropriate hardware resources in the NFVI pod. In specific embodiments, the pre-selected set of interconnected pre-configured hardware resources includes a plurality of compute servers, a plurality of controller servers, a set of network resources, and a plurality of storage resources. It may also include a high performance virtual switch operating in a user space of respective memory elements of a plurality of servers.

Abstract: Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (ESGs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner interne protocol (IP) address and a same anycast inner media access control (MAC) address. In some embodiments, ESGs of a logical network facilitate communication between machines connected to the logical network and machines on external networks. In some embodiments, the method configures a set of virtual extensible local area network tunnel endpoints (VTEPs) connected to an ESG to use a same anycast VTEP IP address. The method, in some embodiments, configures a distributed logical router (DLR or DR) to send data packets with destinations outside the logical network from sources belonging to the logical network to the anycast VTEP IP address.