Abstract: Techniques are described for detecting failure of one or more virtual computing environments and causing a migration of workloads. In some examples, a computing system includes a storage medium and processing circuitry having access to the storage medium. The processing circuitry is configured to communicate with a plurality of virtual computing environments (VCEs), including a first VCE and a second VCE, wherein each of the plurality of VCEs is operated by a different public cloud provider. The processing circuitry is further configured to deploy a group of workloads to the first VCE, detect a failure of at least a portion of the first VCE, and output, to the first VCE and responsive to detecting the failure, an instruction to transfer a set of workloads of the group of workloads to the second VCE to thereby cause a migration of the set of workloads to the second VCE.

Abstract: In general, techniques are described for enhancing communication between kernel modules operating in different network stacks within the kernel space of the same network device. An IPVLAN driver is configured to establish an endpoint in a first and second kernel module, wherein each kernel module executes in a different networking stack in the same kernel space. The endpoint in the first kernel module is associated with an interface of the first module. Selected packets are transferred from the second kernel module to the first kernel module via the interface of the first module.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual networks to the operating environments of the virtual machines. A virtual router of the set of virtual routers is configured to prepare tunnel packets by forwarding packets received from virtual machines to an IPSec kernel executing in a host operating network stack, receiving the ESP packets back from the IPSec kernel and forwarding the ESP packets across the virtual networks.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual networks to the operating environments of the virtual machines. A virtual router of the set of virtual routers is configured to prepare tunnel packets by forwarding packets received from virtual machines to an IPSec kernel executing in a host operating network stack, receiving the ESP packets back from the IPSec kernel and forwarding the ESP packets across the virtual networks.

Abstract: In one example, a method may include obtaining, by a computing device, a high-level topology description for a virtual computing environment to be provisioned in a plurality of computing infrastructures. Each of the computing infrastructures may be implemented using a different computing architecture and deployed by a different provider. The example method may further include transforming, by a rules engine executing on the computing device, the high-level topology description to respective templates for the computing infrastructures that each describes a topology for a virtual computing environment in a format that conforms to a schema that can be processed by a corresponding one of the computing infrastructures to implement the virtual computing environment in the corresponding one of the computing infrastructures, and outputting the templates for configuring the computing infrastructures.

Abstract: Techniques are described for detecting failure of one or more virtual computing environments and causing a migration of workloads. In some examples, a computing system includes a storage medium and processing circuitry having access to the storage medium. The processing circuitry is configured to communicate with a plurality of virtual computing environments (VCEs), including a first VCE and a second VCE, wherein each of the plurality of VCEs is operated by a different public cloud provider. The processing circuitry is further configured to deploy a group of workloads to the first VCE, detect a failure of at least a portion of the first VCE, and output, to the first VCE and responsive to detecting the failure, an instruction to transfer a set of workloads of the group of workloads to the second VCE to thereby cause a migration of the set of workloads to the second VCE.

Abstract: Techniques are described for detecting failure of one or more virtual computing environments and causing a migration of workloads. In some examples, a computing system includes a storage medium and processing circuitry having access to the storage medium. The processing circuitry is configured to communicate with a plurality of virtual computing environments (VCEs), including a first VCE and a second VCE, wherein each of the plurality of VCEs is operated by a different public cloud provider. The processing circuitry is further configured to deploy a group of workloads to the first VCE, detect a failure of at least a portion of the first VCE, and output, to the first VCE and responsive to detecting the failure, an instruction to transfer a set of workloads of the group of workloads to the second VCE to thereby cause a migration of the set of workloads to the second VCE.

Abstract: In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.

Abstract: Techniques are described for detecting failure of one or more virtual computing environments and causing a migration of workloads. In some examples, a computing system includes a storage medium and processing circuitry having access to the storage medium. The processing circuitry is configured to communicate with a plurality of virtual computing environments (VCEs), including a first VCE and a second VCE, wherein each of the plurality of VCEs is operated by a different public cloud provider. The processing circuitry is further configured to deploy a group of workloads to the first VCE, detect a failure of at least a portion of the first VCE, and output, to the first VCE and responsive to detecting the failure, an instruction to transfer a set of workloads of the group of workloads to the second VCE to thereby cause a migration of the set of workloads to the second VCE.

Abstract: In general, techniques are described for enhancing communication between kernel modules operating in different network stacks within the kernel space of the same network device. An IPVLAN driver is configured to establish an endpoint in a first and second kernel module, wherein each kernel module executes in a different networking stack in the same kernel space. The endpoint in the first kernel module is associated with an interface of the first module. Selected packets are transferred from the second kernel module to the first kernel module via the interface of the first module.

Abstract: In one example, a method may include obtaining, by a computing device, a high-level topology description for a virtual computing environment to be provisioned in a plurality of computing infrastructures. Each of the computing infrastructures may be implemented using a different computing architecture and deployed by a different provider. The example method may further include transforming, by a rules engine executing on the computing device, the high-level topology description to respective templates for the computing infrastructures that each describes a topology for a virtual computing environment in a format that conforms to a schema that can be processed by a corresponding one of the computing infrastructures to implement the virtual computing environment in the corresponding one of the computing infrastructures, and outputting the templates for configuring the computing infrastructures.

Abstract: In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual networks to the operating environments of the virtual machines. A virtual router of the set of virtual routers is configured to prepare tunnel packets by forwarding packets received from virtual machines to an IPSec kernel executing in a host operating network stack, receiving the ESP packets back from the IPSec kernel and forwarding the ESP packets across the virtual networks.