Abstract: Some embodiments provide a method that identifies several higher level switching elements for facilitating lower level switching elements to forward packets among network hosts. The method establishes a set of tunnels among the lower level switching elements and the higher level switching elements. At least one tunnel is established between a lower level switching element and a higher level switching element. For each higher level switching element in the several higher level switching elements, the method identifies a first set of forwarding data that specifies forwarding of packets between the higher level switching element and the several lower level switching elements. For each lower level switching element in the several lower level switching elements, the method identifies a second set of forwarding data that specifies forwarding of packets between the lower level switching element, the several of network hosts, and the several higher level switching elements.

Abstract: A non-transitory machine readable medium storing a program that manages a plurality managed forwarding elements that forward data through a network is described. The program receives user inputs that define forwarding performance constraints of a set of managed forwarding elements. Based on the inputs, the program generates a set of universal flow entries for configuring the set of managed forwarding elements to apply the forwarding performance constraints to data traffic that the managed forwarding elements forward. The set of universal flow entries is for subsequent conversion into a set of customized flow entries for the managed forwarding elements.

Abstract: Some embodiments provide a novel method for forwarding a packet at a first managed interconnection switching element in a managed network of interconnection switching elements. The method receives a packet from a source machine on a first network segment in a first network. The packet identifies a destination machine located on a second network segment in a second, different network. The method removes a context tag that identifies the first network segment. The method uses the identification of the first network segment to determine a logical switching element that connects at least the first and second network segments. The method encapsulates the packet with a logical context identifier that identifies a logical port of the logical switching element. The logical port corresponds to the second network segment. The method transmits the twice-encapsulated packet towards a second managed interconnection switching element at the second network.

Abstract: Some embodiments provide a method for a first managed forwarding element that implements a logical network. The method receives a packet from a second managed forwarding element. The first packet has an initial set of characteristics defining a first connection between a source machine connected to the second managed forwarding element and a destination machine connected to the first managed forwarding element. The method determines whether a second connection exists with the initial set of characteristics between a different machine connected to a third managed forwarding element and the destination machine. When a second connection exists with the initial set of characteristics, the method modifies at least one characteristic of the packet such that the modified packet does not have the same set of characteristics. The method delivers the modified packet to the destination machine.

Abstract: Some embodiments provide a controller for managing several managed switching elements that forward data in a network. The controller includes an interface for receiving input logical control plane data in terms of input events data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) scheduling supplying of the input event data into a converter based on the groups so that the converter processes a group of input events data together. The controller includes the converter for converting the input logical control plane data to output logical forwarding plane data. The controller includes a network information base (NIB) data structure module for storing the output logical forwarding plane data. The logical forwarding plane data is for subsequent translation into physical control plane data.

Abstract: Some embodiments provide a method for a network controller that manages a plurality of managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method inserts the packet into a managed forwarding element associated with the particular source such that the managed forwarding element processes the packet as though the packet was received from the particular source. The method receives, from a set of managed forwarding elements, a set of messages regarding logical processing operations and physical forwarding operations that each managed forwarding element in the set of managed forwarding elements performs on the packet.

Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.

Abstract: A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to (1) perform a network address translation (NAT) processing on a first packet and (2) send, to a second managed switching element. The first packet and information indicate that the NAT processing has been performed on the first packet. The program generates a second set of flow entries for configuring the second managed forwarding element to (1) skip performing a logical L3 processing on a second packet to be sent to the first managed forwarding element in response to receiving the first packet and (2) send the second packet to the first managed switching element.

Abstract: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.

Abstract: A network control system that includes several controllers for managing several switching elements. Each controller includes a network information base (NIB) storage that stores data regarding the switching elements and a secondary storage for facilitating replication of at least a portion of data across the NIB storages of the different controllers. In some embodiments, the primary purpose for one or more of the secondary storage structures is to back up the data in the NIB. In these or other embodiments, one or more of the secondary storage structures serve a purpose other than backing up the data in the NIB. In some embodiments, the NIB is stored in system memory while the system operates for fast access of the NIB records. In some embodiments, one or more of the secondary storage structures are stored on disks which can be slower to access.

Abstract: Some embodiments provide a non-transitory machine readable medium of a controller of a network control system for configuring a wide area network (WAN) optimizer instance to implement a WAN optimizer for a logical network. The controller receives a configuration for the WAN optimizer to optimize network data from the logical network for transmission to another WAN optimizer. The controller identifies several other controllers in the network control system on which to implement the logical network. The controller distributes the configuration for implementation on the WAN optimizer.

Abstract: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element.

Abstract: Some embodiments provide a managed forwarding element (MFE that includes a set of flow tables including a first set of flow entries for processing packets received by the MFE. The MFE includes an aggregate cache including a second set of flow entries for processing packets received by the MFE. Each of the flow entries of the second set is for processing packets of multiple data flows. At least a subset of packet header fields of the packets of the multiple data flows have a same set of packet header field values, and a same set of operations is applied to said packets. The MFE includes an exact-match cache including a third set of flow entries for processing packets received by the MFE. Each of the flow entries of the third set is for processing packets for a single data flow having a unique set of packet header field values.

Abstract: Some embodiments provide a method for processing a packet received by a managed forwarding element. The method performs a series of packet classification operations based on header values of the received packet. The packet classifications operations determine a next destination of the received packet. When the series of packet classification operations specifies to send the packet to a network service that performs payload transformations on the packet, the method (1) assigns a service operation identifier to the packet that identifies the service operations for the network service to perform on the packet, (2) sends the packet to the network service with the service operation identifier, and (3) stores a cache entry for processing subsequent packets without the series of packet classification operations. The cache entry includes the assigned service operation identifier. The network service uses the assigned service operation identifier to process packets without performing its own classification operations.

Abstract: Some embodiments provide a network controller for managing a logical network implemented across several managed network elements. The logical network includes at least one logical router. The network controller includes an input interface for receiving configuration state for the logical router. The network controller includes a table mapping engine for generating data tuples for distribution to the managed network elements in order for the managed network elements to implement the logical router. The network controller includes a route processing engine for receiving a set of input routes from the table mapping engine based on the configuration state for the logical router, performing a recursive route traversal process to generate a set of output routes, and returning the set of output routes to the table mapping engine. The table mapping engine uses the set of output routes to generate the data tuples for distribution to the plurality of managed network elements.

Abstract: Some embodiments provide a method for a network controller. The method receives configuration data, for a logical router managed by the network controller, that specifies at least one logical port for the logical router. The method automatically generates connected routes for the logical router based on network address ranges specified for the logical ports of the logical router. The method receives a manually input static route for the logical router. The method generates data tuples, for distribution to several managed network elements, based on the connected and static routes for the logical router in order for the several managed network elements to implement the logical router.

Abstract: Some embodiments provide a network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. Each controller instance includes a network information base (NIB) storage for storing data and exchanging data with the other controller instance.

Abstract: A network control system for interconnecting several separate networks. The system includes i) several interconnection switching elements, each of which is for connecting one of the separate networks to a common interconnecting network, ii) a first set of network controllers for managing a first set of the interconnection switching elements at a first set of separate networks in order for machines at different networks within the first set to communicate with each other, iii) a second set of network controllers for managing a second set of interconnection switching elements at a second set of separate networks in order for machines at different networks within the second set to communicate with each other, and iv) a third set of network controllers for managing the first and second sets of network controllers in order for machines at networks in the first set to communicate with machines at networks in the second set.

Abstract: Some embodiments provide a method for a first managed forwarding element that implements logical forwarding elements of a logical network. The method receives a first packet from a second managed forwarding element. The first packet includes context information that indicates a logical network destination that maps to a physical destination connected to the first managed forwarding element. At the first managed forwarding element, the method dynamically generates a flow entry for processing subsequent packets received by the first managed forwarding element from the physical destination and sent to a source of the first packet. The method processes a second packet received by the first managed forwarding element from the physical destination with the dynamically generated flow entry. The dynamically generated flow entry specifies to send the second packet to the second managed forwarding element before logically forwarding the second packet through the logical network.

Abstract: Some embodiments provide a network system that includes a first network and a second network. The first network includes several unmanaged switching elements. The second network includes several managed switching elements. The network system includes a particular managed switching element for communicating network data between the first and second networks.