Nicira, Inc. Patent applications |
Patent application number | Title | Published |
20150350087 | CONSISTENT HASHING FOR NETWORK TRAFFIC DISPATCHING - A method is provided that uses a consistent hashing technique to dispatch incoming packets in a stable system prior to adding of a node. The method uses a hash table and assigns hash buckets in the table to each network node. A set of fields in each incoming packet is hashed and is used to identify the corresponding hash bucket. The packets are then dispatched to the network nodes based on the nodes' hash buckets. During an observation period, the method identifies the ongoing sessions by creating a bit vector table that is used to identify the old and new sessions during a re-dispatching period. The method uses the consistent hashing method and the probabilistic method dispatch the incoming packets such that each packet that belongs to an old session is dispatched to the same old node that has been processing the other packets of the session. | 12-03-2015 |
20150341223 | AUTOMATIC PLACEMENT OF CLIENTS IN A DISTRIBUTED COMPUTER SYSTEM BASED ON AT LEAST PHYSICAL NETWORK TOPOLOGY INFORMATION - A management server and method for performing automatic placement of clients in a distributed computer system selects final client placement locations to place the clients from candidate client placement locations, where the placement requirements of the clients can be satisfied, based on at least physical network topology information of the distributed computer system. | 11-26-2015 |
20150281274 | AUTO DETECTING LEGITIMATE IP ADDRESSES USING SPOOFGUARD AGENTS - A method of blocking spoofed packets. The method receives an address allocation message from an address provisioning server that provisions addresses for virtual machines. The address allocation message includes a source address. The method stores the source address of the address allocation message. The method forwards the address allocation message to a virtual machine. The method receives, from the virtual machine, a packet with a second source address. When the second source address is the same as the first source address, the method allows the packet to be forwarded. When the second source address is not the same as the first source address, the method blocks the second packet. An additional method determines the first source address from an initial packet sent from the virtual machine instead of the address allocation method. | 10-01-2015 |
20150281171 | DISTRIBUTED NETWORK ADDRESS TRANSLATION FOR EFFICIENT CLOUD SERVICE ACCESS - A method for coordinating distributed network address translation (NAT) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (VMs) that are accessed by VMs of the tenant logical networks. The method defines a group of replacement IP address and port number pairs. Each pair is used to uniquely identify a VM across all tenant logical networks. The method sends to at least one host that is hosting a VM of a particular tenant logical network, a set of replacement IP address and port number pairs. Each replacement IP address and port number pair can be used by the host to replace a source IP address and a source port number in a packet that is destined from the particular VM to a VM of the particular service logical network. | 10-01-2015 |
20150281060 | PROCEDURES FOR EFFICIENT CLOUD SERVICE ACCESS IN A SYSTEM WITH MULTIPLE TENANT LOGICAL NETWORKS - A method of providing efficient access to cloud services in a network that includes a several tenant logical networks and a set of service logical networks. The method receives, from a particular tenant VM, a first packet that specifies a destination address associated with a service VM of a service logical network. The method, based on the destination address of the first packet, replaces the source network address and source port number of the first packet with one of a set of network address and port number pairs allocated for accessing service VMs. The method receives from the particular VM a second packet that specifies a destination address outside the tenant logical network but not associated with any service VM. The method, without modifying the source address and port number of the second packet, forwards the second packet to a network element outside the host for network NAT processing. | 10-01-2015 |
20150281059 | HOST ARCHITECTURE FOR EFFICIENT CLOUD SERVICE ACCESS - A method for a host machine that hosts at least one tenant virtual machine (VM) of a particular tenant logical network that accesses service VMs of a particular service logical network. The method, prior to a packet being received at a PFE on the host, intercepts the packet that sent by the tenant VM to one of the service VMs based on a set of forwarding rules. The packet includes a source IP address and a source port number of the tenant VM. The method, prior to the packet leaving the PFE in the host, replaces the source IP address and source port number with a replacement IP address and port number pair from a set of replacement IP address and port number pairs allocated to the host for accessing service VMs. The method sends the modified packet to the PFE to forward the modified packet to the service VM. | 10-01-2015 |
20150281036 | PACKET TRACING IN A SOFTWARE-DEFINED NETWORKING ENVIRONMENT - An example method to perform packet tracing in a Software-Defined Networking (SDN) environment is provided. The SDN environment comprises an SDN controller device and a plurality of forwarding devices configurable by the SDN controller device. The method may comprise the SDN controller device configuring the plurality of forwarding devices to generate trace information of packets associated with a communication flow in the SDN environment, and the SDN controller device receiving, from the plurality of forwarding devices, trace information comprising header information and payload information of packets associated with the communication flow. Based on the trace information, the SDN controller device may generate aggregated trace information that identifies forwarding devices that processed a particular packet associated with the communication flow, or packets associated with the communication flow that are processed by a particular forwarding device, or both. | 10-01-2015 |
20150271303 | MULTIPLE LEVELS OF LOGICAL ROUTERS - Some embodiments provide a managed network for implementing a logical network for a tenant. The managed network includes a first set of host machines and a second set of host machines. The first set of host machines is for hosting virtual machines (VMs) for the logical network. Each of the first set of host machines operates a managed forwarding element that implements a first logical router for the tenant logical network and a second logical router to which the first logical router connects. The implementation of the second logical router is for processing packets entering and exiting the tenant logical network. The second set of host machines is for hosting L3 gateways for the second logical router. The L3 gateways connect the tenant logical network to at least one external network. | 09-24-2015 |
20150271011 | DYNAMIC ROUTING FOR LOGICAL ROUTERS - Some embodiments provide a method for a network controller that manages a first logical router of a logical network that is implemented across several managed network elements. The method receives input data specifying a first route for a second logical router. Based on a connection between the first logical router and a second logical router in the logical network, the method dynamically generates a second route for the first logical router based on the first route. The method distributes data to implement the first logical router, including the second route, to a set of the managed network elements. | 09-24-2015 |
20150263952 | LOGICAL ROUTER PROCESSING BY NETWORK CONTROLLER - Some embodiments provide a network controller for managing a logical network implemented across several managed network elements. The logical network includes at least one logical router. The network controller includes an input interface for receiving configuration state for the logical router. The network controller includes a table mapping engine for generating data tuples for distribution to the managed network elements in order for the managed network elements to implement the logical router. The network controller includes a route processing engine for receiving a set of input routes from the table mapping engine based on the configuration state for the logical router, performing a recursive route traversal process to generate a set of output routes, and returning the set of output routes to the table mapping engine. The table mapping engine uses the set of output routes to generate the data tuples for distribution to the plurality of managed network elements. | 09-17-2015 |
20150263946 | ROUTE ADVERTISEMENT BY MANAGED GATEWAYS - Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router. | 09-17-2015 |
20150263899 | MANAGED GATEWAYS PEERING WITH EXTERNAL ROUTER TO ATTRACT INGRESS PACKETS - Some embodiments provide a network system. The network system includes a first set of host machines hosting virtual machines that connect to each other through a logical network. The network system includes a second set of host machines hosting virtualized containers that operate as gateways to process packets entering the logical network from external sources. Each of the virtualized containers advertises itself to an external router as a next hop for packets entering the logical network such that the external router uses equal-cost multi-path forwarding to distribute the packets across the virtualized containers on the second set of host machines. | 09-17-2015 |
20150263897 | STATIC ROUTES FOR LOGICAL ROUTERS - Some embodiments provide a method for a network controller. The method receives configuration data, for a logical router managed by the network controller, that specifies at least one logical port for the logical router. The method automatically generates connected routes for the logical router based on network address ranges specified for the logical ports of the logical router. The method receives a manually input static route for the logical router. The method generates data tuples, for distribution to several managed network elements, based on the connected and static routes for the logical router in order for the several managed network elements to implement the logical router. | 09-17-2015 |
20150256448 | METHOD AND SYSTEM FOR PATH DISCOVERY - Methods and systems for discovering a path of network traffic that travels from a source host to a destination host are disclosed. A method involves, at the source host, generating probe packets that have the same load balancing parameters as packets of an application that generates application packets for transmission from the source host to the destination host and a path discovery signature comprised of bits from at least one of the network layer header and the transport layer header. The method also involves transmitting the probe packets from the source host to the destination host. In some embodiments, the steps of the method are performed when program instructions contained in a computer-readable storage medium are executed by one or more processors. | 09-10-2015 |
20150117454 | Dynamic Generation of Flow Entries for Last-Hop Processing - Some embodiments provide a method for a first managed forwarding element that implements logical forwarding elements of a logical network. The method receives a first packet from a second managed forwarding element. The first packet includes context information that indicates a logical network destination that maps to a physical destination connected to the first managed forwarding element. At the first managed forwarding element, the method dynamically generates a flow entry for processing subsequent packets received by the first managed forwarding element from the physical destination and sent to a source of the first packet. The method processes a second packet received by the first managed forwarding element from the physical destination with the dynamically generated flow entry. The dynamically generated flow entry specifies to send the second packet to the second managed forwarding element before logically forwarding the second packet through the logical network. | 04-30-2015 |
20150117445 | Packet Conflict Resolution - Some embodiments provide a method for a first managed forwarding element that implements a logical network. The method receives a packet from a second managed forwarding element. The first packet has an initial set of characteristics defining a first connection between a source machine connected to the second managed forwarding element and a destination machine connected to the first managed forwarding element. The method determines whether a second connection exists with the initial set of characteristics between a different machine connected to a third managed forwarding element and the destination machine. When a second connection exists with the initial set of characteristics, the method modifies at least one characteristic of the packet such that the modified packet does not have the same set of characteristics. The method delivers the modified packet to the destination machine. | 04-30-2015 |
20150103838 | ASYMMETRIC CONNECTION WITH EXTERNAL NETWORKS - Some embodiments provide a system that allows for the use of direct host return ports (abbreviated “DHR ports”) on managed forwarding elements to bypass gateways in managed networks. The DHR ports provide a direct connection from certain managed forwarding elements in the managed network to remote destinations that are external to the managed network. Managed networks can include both a logical abstraction layer and physical machine layer. At the logical abstraction layer, the DHR port is treated as a port on certain logical forwarding elements. The DHR port transmits the packet to the routing tables of the physical layer machine that hosts the logical forwarding element without any intervening transmission to other logical forwarding elements. The routing tables of the physical layer machine then strip any logical context associated with a packet and forwarding the packet to the remote destination without any intervening forwarding to a physical gateway provider. | 04-16-2015 |
20150100704 | Managing Software and Hardware Forwarding Elements to Define Virtual Networks - Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network. | 04-09-2015 |
20150100675 | Database Protocol for Exchanging Forwarding State with Hardware Switches - Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network. | 04-09-2015 |
20150100560 | Network Controller for Managing Software and Hardware Forwarding Elements - Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network. | 04-09-2015 |
20150089048 | ADJUSTING CONNECTION VALIDATING CONTROL SIGNALS IN RESPONSE TO CHANGES IN NETWORK TRAFFIC - Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. The method monitors data traffic fluctuations on the network connections to determine when connection validating control signals may not be needed. The method reduces unnecessary connection validating control signals in order to optimize the usage of network resources. | 03-26-2015 |
20150085655 | ADJUSTING CONNECTION VALIDATING CONTROL SIGNALS IN RESPONSE TO CHANGES IN NETWORK TRAFFIC - Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. The method monitors data traffic fluctuations on the network connections to determine when connection validating control signals may not be needed. The method reduces unnecessary connection validating control signals in order to optimize the usage of network resources. | 03-26-2015 |
20150082322 | Data Upgrade Framework for Distributed Systems - Techniques for facilitating data upgrades in a distributed system are provided. In one embodiment, a first instance of a distributed application executing on a first node of a distributed system can receive a message from a second instance of the distributed application executing on a second node of the distributed system. The first instance of the distributed application can then determine, via logic included in application code generated by an interface definition language (IDL) compiler, whether the message can be natively understood. If the message cannot be natively understood, the first instance of the distributed application can invoke a translation service for translating the message. | 03-19-2015 |
20150081833 | Dynamically Generating Flows with Wildcard Fields - Some embodiments of the invention provide a switching element that receives a packet and processes the packet by dynamically generating a flow entry with a set of wildcard fields. The switching element then caches the flow entry and processes any subsequent packets that have header values that match the flow entry's non-wildcard match fields. In generating the flow, the switching element initially wildcards some of all of match fields and generates a new flow entry by un-wildcarding each match field that was consulted or examined to generate the flow entry. | 03-19-2015 |
20150063364 | Multiple Active L3 Gateways for Logical Networks - Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. The method selects several host machines to host a L3 gateway that implements the connection to the external network for the logical router from a set of host machines designated for hosting logical routers. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the L3 gateway to the selected host machines. The data tuples specify for the managed forwarding elements to distribute the data packets across the selected host machines. | 03-05-2015 |
20150063360 | High Availability L3 Gateways for Logical Networks - Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that includes a logical router. The method selects at least two host machines to implement a routing table for the logical router from several host machines designated for hosting logical routers. The selected host machines include a designated master host machine for the routing table. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the routing table to the selected host machines. The data tuples specify an order for the selected host machines with the designated master host machine as the first host machine in the specified order. | 03-05-2015 |
20150052522 | Generation of DHCP Configuration Files - Some embodiments provide a method for an application operating on a host machine. The method receives a configuration of a Dynamic Host Configuration Protocol (DHCP) service for implementation within a virtualized container on the host machine. The configuration includes several database table entries. The method converts the several database table entries into a configuration file for use by a process that operates in the virtualized container. the method initializes the process in the virtualized container. The process in the virtualized container reads the configuration file in order to perform DHCP services for machines connected to at least one logical forwarding element of a logical network. | 02-19-2015 |
20150052262 | Providing Services for Logical Networks - Some embodiments provide a method for a network controller that manages several logical networks. The method receives a specification of a logical network that includes at least one logical forwarding element attached to a logical service (e.g., DHCP). The method selects at least one host machine to host the specified logical service from several host machines designated for hosting logical services. The method generates logical service configuration information for distribution to the selected host machine. In some embodiments, the method selects a master host machine and a backup host machine for hosting logical service. In some embodiments, a particular one of the designated host machines hosts at least two DHCP services for two different logical networks as separate processes operating on the particular host machine. | 02-19-2015 |
20150049632 | Hitless Upgrade for Network Control Applications - A method for upgrading a set of controller nodes in a controller cluster that manages a plurality of forwarding elements in a way that minimizes dataplane outages. The method of some embodiments upgrades the control applications of a subset of the controller nodes before upgrading a decisive controller node. Once the decisive controller node is upgraded, the method switches the controller cluster to use a new version of the control applications. | 02-19-2015 |
20150016469 | Maintaining Data Stored with a Packet - Some embodiments provide a method for a managed forwarding element that operates on a host machine to process packets for at least one logical network. The method receives a packet that includes a particular piece of data to maintain with the packet. The particular piece of data is not stored in a payload of the packet and is not protocol-specific data. The method stores the particular piece of data in a register while processing the packet. The method identifies a next destination of the packet that operates on the host machine. The method generates an object to represent the packet for the identified destination. The particular piece of data is stored in a field of the generated object. | 01-15-2015 |
20150016298 | Tracing Logical Network Packets Through Physical Network - Some embodiments provide a method for a network controller that manages several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical switching element. The method generates the packet at the network controller according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method inserts the packet into a managed forwarding element associated with the particular source. The method receives a set of messages from a set of managed forwarding elements that process the packet regarding operations performed on the packet. | 01-15-2015 |
20150016287 | Tracing Network Packets Through Logical and Physical Networks - Some embodiments provide a method for a network controller that manages a plurality of managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method inserts the packet into a managed forwarding element associated with the particular source such that the managed forwarding element processes the packet as though the packet was received from the particular source. The method receives, from a set of managed forwarding elements, a set of messages regarding logical processing operations and physical forwarding operations that each managed forwarding element in the set of managed forwarding elements performs on the packet. | 01-15-2015 |
20150016286 | Tracing Network Packets by a Cluster of Network Controllers - Some embodiments provide a method for a first network controller that manages a set of logical forwarding elements implemented in several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method sends the packet to a second network controller that manages a managed forwarding element associated with the particular source. The method receives a first set of messages regarding operations performed on the packet from a set of network controllers that receives a second set of messages regarding operations performed on the packet from a set of managed forwarding elements that process the packet. | 01-15-2015 |
20150009995 | Encapsulating Data Packets Using an Adaptive Tunnelling Protocol - Some embodiments of the invention provide a novel method of tunneling data packets. The method establishes a tunnel between a first forwarding element and a second forwarding element. For each data packet directed to the second forwarding element from the first forwarding element, the method encapsulates the data packet with a header that includes a tunnel option. The method then sends the data packet from the first forwarding element to the second forwarding element through the established tunnel. In some embodiments, the data packet is encapsulated using a protocol that is adapted to change with different control plane implementations and the implementations' varying needs for metadata. | 01-08-2015 |
20150009804 | UNIFIED REPLICATION MECHANISM FOR FAULT-TOLERANCE OF STATE - A network control system that achieves high availability for forwarding state computation within a controller cluster by replicating different levels of table state between controllers of the controller cluster. To build a highly available controller cluster, the tables for storing the forwarding state are replicated across the controllers. In order to reduce network traffic between the controllers, fewer tables are replicated to slave controllers, which then recompute the forwarding state of the master controller in order to have a replicate copy of the master controller's forwarding state for possible failover. In other embodiments, more tables are replicated to minimize the recomputations and processor load on the slave controller. The network control system of some embodiments performs continuous snapshotting to minimize downtime associated with reaching a fixed point and replicating the state. | 01-08-2015 |
20150009800 | UNIFIED REPLICATION MECHANISM FOR FAULT-TOLERANCE OF STATE - A network control system that achieves high availability for forwarding state computation within a controller cluster by replicating different levels of table state between controllers of the controller cluster. To build a highly available controller cluster, the tables for storing the forwarding state are replicated across the controllers. In order to take responsibility for a slice, the slave controller of some embodiments performs merging of replicated state on a slice-by-slice basis. The merging is performed in a manner to prevent disruptions to the network state while the slave controller is updated. | 01-08-2015 |
20130219078 | TUNNEL CREATION - A non-transitory machine readable medium storing a program that configures managed forwarding elements to establish tunnels between the managed forwarding elements is described. From a particular managed forwarding element, the program receives information regarding coupling of a network element to the first managed forwarding element. Upon receiving the information, the program generates a set of universal flow entries for configuring another managed forwarding element to establish a tunnel to the particular managed forwarding element. | 08-22-2013 |
20130219037 | SCHEDULING DISTRIBUTION OF PHYSICAL CONTROL PLANE DATA - A controller for managing several managed switching elements that forward data in a network is described. The controller includes an interface for receiving input logical forwarding plane data in terms of input events data. The controller includes a converter for converting the input logical forwarding plane data to output physical control plane data by processing the input events data. The physical control plane data is for subsequent translation into physical forwarding plane data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) supplying the input events data into the converter in a manner that each different group of input events data is processed separately by the converter. | 08-22-2013 |
20130212246 | PULL-BASED STATE DISSEMINATION BETWEEN MANAGED FORWARDING ELEMENTS - For a controller that manages managed forwarding elements that forward data in a network, a method for configuring the managed forwarding elements is described. The method computes forwarding state and pushes the computed forwarding state to the managed switching elements. The forwarding state defines forwarding behaviors of the managed switching elements. The method configures the managed switching elements to exchange forwarding state with each other. The method configures the managed switching elements by configuring a first managed forwarding element to send a forwarding state information request to a second managed forwarding element and by configuring the second managed forwarding element to (1) respond to the forwarding state information request by looking up a forwarding state information repository and (2) update the forwarding state information repository with forwarding states information received from a third managed forwarding element. | 08-15-2013 |
20130212245 | NESTING TRANSACTION UPDATES TO MINIMIZE COMMUNICATION - For a controller for managing a network including managed forwarding elements that forward data in the network, a method for configuring a set of managed forwarding elements is described. The method generates a first set of flow entries for configuring the set of managed forwarding elements to forward packets as non-first-hop forwarding elements for a logical datapath set. The method generates a second set of flow entries for configuring the set of managed forwarding elements to forward packets as first-hop forwarding elements for the logical datapath set. The method sends the first set of flow entries to the set of managed forwarding elements prior to sending the second set of flow entries to the set of managed forwarding elements. | 08-15-2013 |
20130212244 | COMMUNICATION CHANNEL FOR DISTRIBUTED NETWORK CONTROL SYSTEM - For a particular controller for managing managed forwarding elements that forward data in a network, a method for computing forwarding state using a set of inputs from a first controller and a second controller that is a back up controller for the first controller is described. The method receives a first subset of the set of inputs from the first controller. After failure of the first controller, the method receives a second subset of the set of inputs from the second controller. At least one input of the second subset of the set of inputs is duplicative of an input in the first subset. The method computes forwarding state using the first and second subsets of the inputs but without using the duplicative input. | 08-15-2013 |
20130212243 | SCHEDULING DISTRIBUTION OF LOGICAL FORWARDING PLANE DATA - A controller for managing several managed switching elements that forward data in a network is described. The controller includes an interface for receiving input logical control plane data in terms of input events data. The controller includes a converter for converting the input logical control plane data to output logical forwarding plane data by processing the input events data. The logical forwarding plane data is for subsequent translation into physical control plane data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) supplying the input events data into the converter in a manner that each different group of input events data is processed separately by the converter. | 08-15-2013 |
20130212235 | MAINTAINING QUALITY OF SERVICE IN SHARED FORWARDING ELEMENTS MANAGED BY A NETWORK CONTROL SYSTEM - A non-transitory machine readable medium storing a program that manages a plurality managed forwarding elements that forward data through a network is described. The program receives user inputs that define forwarding performance constraints of a set of managed forwarding elements. Based on the inputs, the program generates a set of universal flow entries for configuring the set of managed forwarding elements to apply the forwarding performance constraints to data traffic that the managed forwarding elements forward. The set of universal flow entries is for subsequent conversion into a set of customized flow entries for the managed forwarding elements. | 08-15-2013 |
20130212148 | DISTRIBUTED NETWORK CONTROL SYSTEM - For a controller of a distributed network control system comprising several controllers for managing forwarding elements that forward data in a network, a method for managing the forwarding elements is described. The method changes a set of data tuples stored in a relational database of the first controller that stores data tuples containing data for managing a set of forwarding elements. The method sends the changed data tuples to at least one of other controllers of the network control system. The other controller receiving the changed data tuples processes the changed data tuples and sends the processed data tuples to at least one of the managed forwarding elements. | 08-15-2013 |
20130211549 | SCHEDULING DISTRIBUTION OF LOGICAL CONTROL PLANE DATA - A controller for distributing logical control plane data to other controllers is described. The controller includes an interface for receiving user inputs to define logical datapath sets. The controller includes a translator for translating the user inputs to output logical control plane data. The logical control plane data is for subsequent translation into logical forwarding plane data by several other controllers. The controller includes a scheduler for (1) storing the output logical control plane data in a plurality of storage structures, each storage structure corresponding to one of the other controllers and (2) sending the output logical control plane data to the other controllers from the corresponding storage structure. | 08-15-2013 |
20130208623 | UNIVERSAL PHYSICAL CONTROL PLANE - A controller for generating universal physical control plane (UPCP) data for configuring a set of managed forwarding elements that forward data in a network is described. The controller includes a control module for converting logical control plane (LCP) data to logical forwarding plane (LFP) data. The controller includes a virtualization module for converting the LFP data to UPCP data. The UPCP data is for subsequent conversion into customized physical control plane (CPCP) data for each of the managed forwarding elements. The CPCP data directs the forwarding of data by the managed forwarding element. | 08-15-2013 |
20130151676 | LOGICAL L3 ROUTING WITH DHCP - For a network controller for managing a set of hosts, a method for configuring a host to provide a Dynamic Host Configuration Protocol (DHCP) service is described. The method configures a DHCP module in a first host to provide a DHCP service. The method configures a managed forwarding element in the first host to ( | 06-13-2013 |
20130151661 | HANDLING NAT MIGRATION IN LOGICAL L3 ROUTING - For a network controller for managing managed forwarding elements running in hosts in a network, a method for configuring a host to facilitate migration of a virtual machine (VM) from a first host to a second host is described. The method configure, in the first host, a first managed forwarding element to perform (1) a logical L3 routing processing and (2) a network address translation (NAT) processing for a VM running in the first host. The method configures the first host to automatically send NAT information to the second host when the VM migrates to the second host so that a second managed forwarding element running in the second host can perform a NAT processing for the migrated VM based on the NAT information. | 06-13-2013 |
20130148656 | Logical L3 Daemon - For a network controller for managing hosts in a network, a method for configuring a host to resolve network addresses is described. The method configures an address resolution module in a host to resolve a network address. The method configures a managed forwarding element in the host to (1) avoid sending a request to resolve the network address to another host by using the address resolution module to resolve the network address and (2) forward packets using the resolved network address. | 06-13-2013 |
20130148543 | HANDLING REVERSE NAT IN LOGICAL L3 ROUTING - A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to (1) perform a network address translation (NAT) processing on a first packet and (2) send, to a second managed switching element. The first packet and information indicate that the NAT processing has been performed on the first packet. The program generates a second set of flow entries for configuring the second managed forwarding element to (1) skip performing a logical L3 processing on a second packet to be sent to the first managed forwarding element in response to receiving the first packet and (2) send the second packet to the first managed switching element. | 06-13-2013 |
20130148542 | HANDLING NAT IN LOGICAL L3 ROUTING - A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, (3) a network address translation (NAT) processing on packets to be sent to the second managed forwarding element, and (4) a logical ingress L2 processing for a second logical L2 domain on the packets. The program generates a second set of flow entries for configuring the second managed forwarding element to perform a logical egress L2 processing for the second logical L2 domain on the packets. | 06-13-2013 |
20130148541 | DISTRIBUTED LOGICAL L3 ROUTING - A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, and (3) a second logical L2 processing for a second logical L2 domain. The program generates a second set of flow entries for configuring the second managed forwarding element to determine whether the first managed forwarding element has performed the first logical L2 processing, the logical L3 processing, and the second logical L2 processing. | 06-13-2013 |
20130148505 | LOAD BALANCING IN A LOGICAL PIPELINE - A non-transitory machine readable medium storing a program that configures a managed forwarding element to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, (3) a load balancing processing to select a second managed forwarding element from a plurality of managed forwarding elements to which to forward packets and (4) a logical ingress L2 processing for a second logical L2 domain on the packets. The program generates a second set of flow entries for configuring the second managed forwarding element to perform a second logical L2 processing for a second logical L2 domain on the packets. | 06-13-2013 |
20130142203 | MULTI-DOMAIN INTERCONNECT - A network system that includes a first set of network hosts in a first domain and a second set of network hosts in a second domain. Within each of the domains, the system includes several edge switching elements (SEs) that each couple to the network hosts and forward network data to and from the set of network hosts. Within the first domain, the system includes (i) an interior SE that couples to a particular edge SE in order to receive network data for forwarding from the edge SE when the edge SE does not recognize a destination location of the network data and (ii) an interconnection SE that couples to the interior SE, the edge SE, and the second domain through an external network. When the edge SE receives network data with a destination address in the second domain, it forwards the network data directly to the interconnection SE. | 06-06-2013 |
20130142048 | FLOW TEMPLATING IN LOGICAL L3 ROUTING - For a network controller for managing hosts in a network, a method for configuring a host to handle flow entries and template flow entries is described. The method generates a template flow entry to be populated in order to create a flow entry for a particular managed forwarding element. The method sends the template flow entry to the particular forwarding element in a host. The method configures a flow entry generating flow entry generating module in a host to create the flow entry by populating the template flow entry. The method configures the particular managed forwarding element to (1) send the template flow entry to the flow entry generating flow entry generating module (2) forward packets using the flow entry created by the flow entry generating flow entry generating module. | 06-06-2013 |
20130132536 | NETWORK CONTROL SYSTEM FOR CONFIGURING MIDDLEBOXES - Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes. | 05-23-2013 |
20130132533 | CONTROL PLANE INTERFACE FOR LOGICAL MIDDLEBOX SERVICES - Some embodiments provide a non-transitory machine readable medium of a first middlebox element of several middlebox elements to implement a middlebox instance in a distributed manner in several hosts. The non-transitory machine readable medium stores a set of instructions for receiving (1) configuration data for configuring the middlebox instance to implement a middlebox in a logical network and (2) a particular identifier associated with the middlebox in the logical network. The non-transitory machine readable medium stores a set of instructions for generating (1) a set of rules to process packets for the middlebox in the logical network and (2) an internal identifier associated with the set of rules. The non-transitory machine readable medium stores a set of instructions for associating the particular identifier with the internal identifier for later processing of packets having the particular identifier. | 05-23-2013 |
20130132532 | LOAD BALANCING AND DESTINATION NETWORK ADDRESS TRANSLATION MIDDLEBOXES - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures a first middlebox instance to obtain status of a set of servers and disseminate the obtained status to a second middlebox instance. The controller configures the second middlebox instance to use the status to select a server from the set of servers. | 05-23-2013 |
20130132531 | ARCHITECTURE OF NETWORKS WITH MIDDLEBOXES - Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. Each of several nodes includes (i) a virtual machine for implementing an end machine of the logical network, (ii) a managed switching element for implementing the set of logical forwarding elements of the logical network, and (iii) a middlebox element for implementing the first logical middlebox of the logical network. The system includes a physical middlebox appliance for implementing the second logical middlebox. | 05-23-2013 |
20130128891 | CONNECTION IDENTIFIER ASSIGNMENT AND SOURCE NETWORK ADDRESS TRANSLATION - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet. | 05-23-2013 |
20130125230 | FIREWALLS IN LOGICAL NETWORKS - Some embodiments provide a method for configuring a logical firewall in a hosting system that includes a set of nodes. The logical firewall is part of a logical network that includes a set of logical forwarding elements. The method receives a configuration for the firewall that specifies packet processing rules for the firewall. The method identifies several of the nodes on which to implement the logical forwarding elements. The method distributes the firewall configuration for implementation on the identified nodes. At a node, the firewall of some embodiments receives a packet, from a managed switching element within the node, through a software port between the managed switching element and the distributed firewall application. The firewall determines whether to allow the packet based on the received configuration. When the packet is allowed, the firewall the packet back to the managed switching element through the software port. | 05-16-2013 |
20130125120 | MIGRATING MIDDLEBOX STATE FOR DISTRIBUTED MIDDLEBOXES - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module. | 05-16-2013 |
20130121209 | WAN OPTIMIZER FOR LOGICAL NETWORKS - Some embodiments provide a non-transitory machine readable medium of a controller of a network control system for configuring a wide area network (WAN) optimizer instance to implement a WAN optimizer for a logical network. The controller receives a configuration for the WAN optimizer to optimize network data from the logical network for transmission to another WAN optimizer. The controller identifies several other controllers in the network control system on which to implement the logical network. The controller distributes the configuration for implementation on the WAN optimizer. | 05-16-2013 |
20130117429 | CHASSIS CONTROLLERS FOR CONVERTING UNIVERSAL FLOWS - A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes (1) a first controller for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data, (2) a second controller for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element, and (3) a third controller for receiving UPCP data generated by the first controller instance, identifying the second controller as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller. Each controller includes a network information base (NIB) storage for exchanging data with another controller instance. | 05-09-2013 |
20130117428 | PHYSICAL CONTROLLERS FOR CONVERTING UNIVERSAL FLOWS - Some embodiments provide a network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. Each controller instance includes a network information base (NIB) storage for storing data and exchanging data with the other controller instance. | 05-09-2013 |
20130114466 | NETWORK VIRTUALIZATION APPARATUS AND METHOD WITH SCHEDULING CAPABILITIES - Some embodiments provide a controller for managing several managed switching elements that forward data in a network. The controller includes an interface for receiving input logical control plane data in terms of input events data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) scheduling supplying of the input event data into a converter based on the groups so that the converter processes a group of input events data together. The controller includes the converter for converting the input logical control plane data to output logical forwarding plane data. The controller includes a network information base (NIB) data structure module for storing the output logical forwarding plane data. The logical forwarding plane data is for subsequent translation into physical control plane data. | 05-09-2013 |