Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network.

Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN.

Abstract: A hybrid cloud computing system is managed by determining communication affinity between a cluster of virtual machines, where one virtual machine in the cluster executes in a virtualized computing system, and another virtual machine in the cluster executes in a cloud computing environment, and where the virtualized computing system is managed by a tenant that accesses the cloud computing environment. After determining a target location in the hybrid cloud computing system to host the cluster of virtual machines based on the determined communication affinity, at least one of the cluster of virtual machines is migrated to the target location.

Abstract: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). As the AppliedTo tuples of the firewall rules can refer to dynamically modifiable constructs, the application of the AppliedTo firewall rules (i.e., rules that are specified to include an AppliedTo tuple) can be dynamically adjusted for different locations within a network by dynamically adjusting the membership of these modifiable constructs.

Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN.

Abstract: Techniques for creating layer 2 (L2) extension networks are disclosed. One embodiment permits an L2 extension network to be created by deploying, configuring, and connecting a pair of virtual appliances in the data center and the cloud so that the appliances communicate via secure tunnels and bridge networks in the data center and the cloud. A pair of virtual appliances are first deployed in the data center and the cloud, and secure tunnels are then created between the virtual appliances. Thereafter, a stretched network is created by connecting a network interface in each of the virtual appliances to a respective local network, configuring virtual switch ports to which the virtual appliances are connected as sink ports that receive traffic with non-local destinations, and configuring each of the virtual appliances to bridge the network interface therein that is connected to the local network and tunnels between the pair of virtual appliances.

Abstract: Techniques for executing jobs in a hybrid cloud computing system. A job defines multiple states and tasks for transitioning between states. Jobs are passed between systems that execute different tasks via a message bus, so that the different tasks may be executed. A job manager controls execution flow of jobs based on a job descriptor that describes the job.

Abstract: A method of transferring data between local and remote computing systems includes the step of transferring data between the local and remote computing systems via a local buffer in the local computing system and a series of steps carried out during transferring of data from the local to the remote computing system. The steps include receiving a statistic from the remote computing system, computing an average transfer rate of the data transfer between the local and remote computing systems based on the statistic, determining whether or not a throttle condition is in effect based on the computed average transfer rate, and upon determining that the throttle condition is in effect, throttling the transferring of data into the local buffer.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

Abstract: Some embodiments provide novel inline switches that distribute data messages from source compute nodes (SCNs) to different groups of destination service compute nodes (DSCNs). In some embodiments, the inline switches are deployed in the source compute nodes datapaths (e.g., egress datapath). The inline switches in some embodiments are service switches that (1) receive data messages from the SCNs, (2) identify service nodes in a service-node cluster for processing the data messages based on service policies that the switches implement, and (3) use tunnels to send the received data messages to their identified service nodes. Alternatively, or conjunctively, the inline service switches of some embodiments (1) identify service-nodes cluster for processing the data messages based on service policies that the switches implement, and (2) use tunnels to send the received data messages to the identified service-node clusters.

Abstract: A hybrid computing system includes an on-premise data center and a cloud computing system. To connect between an organization's multiple data centers, a gateway may instead utilize the connections between the private data center and the cloud computing system rather than a direct connection to the other of the organizations' data centers.

Abstract: Techniques are disclosed for deploying and maintaining appliances in a hybrid cloud computing system which includes an on-premise data center and a public cloud computing system configured to provide a common platform for managing and executing virtual workloads. Appliances to be deployed may include those required (or useful) for hybrid operations, including a cloud gateway appliance, a wide area network (WAN) optimizer, a layer 2 (L2) concentrator, and a mobility agent that handles virtual machine (VM) migration traffic. Such appliances are deployed first on the on-premise data center, and remote jobs are then sent to the public cloud to deploy the same appliances thereon. After deployment, the appliances deployed on the on-premise data center and corresponding appliances on the public cloud share configuration states and may further be wired together to communicate via secure encrypted tunnels.

Abstract: One or more embodiments provide techniques for migrating virtual machines (VMs) from a private data center to a cloud data center. A hybrid cloud manager determines a scope of migration from the private data center to the cloud data center. The hybrid cloud manager groups each VM included in the scope of migration into one or more clusters. The hybrid cloud manager defines one or more migration phases. Each migration phase comprises a subset of the one or more clusters. The hybrid cloud manager generates a migration schedule based on at least the one or more migration phases. The hybrid cloud manager migrates the VMs from the private data center to the cloud data center in accordance with the migration schedule.

Abstract: One or more embodiments provide techniques for migrating a virtual machine (VM) from a private data center to a cloud data center. A hybridity manager receives a request at the cloud data center to replicate a VM from the private data center on the cloud data center. The hybridity manager identifies a source network associated with the VM. The hybridity manager identifies whether there exists a stretched network associated with the source network of the VM. Responsive to determining that there is a stretched network associated with the source network of the VM, the hybridity manager replicates the VM on the stretched network without reconfiguring internet-protocol (IP) settings of the VM.

Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN.

Abstract: An example provides a method of creating an instance of a virtual machine in a cloud computing system that includes: accepting a network connection at a server resource in the cloud computing system from a first client resource in a first virtualized computing system to transfer a first virtual machine; receiving first signatures for guest files of the first virtual machine from the first client resource; checking the first signatures against a content library in the cloud computing system to identify first duplicate files of the guest files that match first base files stored in the content library, and to identify first unique files of the guest files; instructing the first client resource such that a response to the instructing will send the first unique files to the exclusion of the first duplicate files; and generating an instance of the first virtual machine in the cloud computing system having the first base files and the first unique files.

Abstract: A method of transferring a virtual machine between a virtualized computing system and a cloud computing system includes determining that a virtual machine is to be transferred from a virtualized computing system to a cloud computing system and determining a connection between a first resource in the virtualized computing system and a second resource in the cloud computing system. Files that enable implementation of the virtual machine at the virtualized computing system and identified, as are file portions of the files for transfer from the virtualized computing system to the cloud computing system. At least one compliance check is executed on each of the file portions using at least one compliance checker. Each of the file portions that fails a compliance check is blocked from being maintained in the cloud computing system.

Abstract: A cloud computing system retrieves routing entries associated with a particular tenant of the cloud computing system and a subset of a routing table of the entire cloud computing system. The routing entries are loaded into a networking switch, which is configured to route network packets using the loaded subset of routing entries, using a general-purpose processor rather than a costly dedicated ASIC.

Abstract: A method of transferring a virtual machine between a virtualized computing system and a cloud computing system includes determining that a virtual machine is to be transferred from a virtualized computing system to a cloud computing system and determining a connection between a first resource in the virtualized computing system and a second resource in the cloud computing system. Files that enable implementation of the virtual machine at the virtualized computing system and identified, as are file portions of the files for transfer from the virtualized computing system to the cloud computing system. At least one compliance check is executed on each of the file portions using at least one compliance checker. Each of the file portions that fails a compliance check is blocked from being maintained in the cloud computing system.