Patent application number | Description | Published |
20120120964 | NETWORK CONTROL APPARATUS AND METHOD FOR POPULATING LOGICAL DATAPATH SETS - For a network control system that receives, from a user, logical datapath sets that logically express desired forwarding behaviors that are to be implemented by a set of managed switching elements, a controller for managing several managed switching elements that forward data in a network that includes the managed switching elements is described. The controller includes a set of modules for detecting a change in one or more managed switching elements and for updating logical datapath set based on the detected change. The logical datapath set is for subsequent translation into a set of physical forwarding behaviors of the managed switching elements. | 05-17-2012 |
20120147898 | NETWORK CONTROL APPARATUS AND METHOD FOR CREATING AND MODIFYING LOGICAL SWITCHING ELEMENTS - A network controller for managing several managed switching elements that forward data in a network that includes the managed switching elements. The network controller is further for creating a logical switching element to be implemented in a set of managed switching elements. The network controller includes a set of modules for receiving input data specifying a logical switching element and for creating, based on the received input data, a set of logical switch constructs for the logical switching element by performing a set of database join operations. At least one of the logical switch constructs is for facilitating non-forwarding behavior of the logical switching element. | 06-14-2012 |
20130044636 | DISTRIBUTED LOGICAL L3 ROUTING - A novel method for configuring first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The method generates a first set of flow entries for configuring the first managed forwarding element to perform logical L2 ingress processing and L3 routing processing. The method generates a second set of flow entries for configuring the second managed forwarding element to performing logical L2 egress processing. | 02-21-2013 |
20130044641 | FEDERATING INTERCONNECTION SWITCHING ELEMENT NETWORK TO TWO OR MORE LEVELS - A network control system for interconnecting several separate networks. The system includes i) several interconnection switching elements, each of which is for connecting one of the separate networks to a common interconnecting network, ii) a first set of network controllers for managing a first set of the interconnection switching elements at a first set of separate networks in order for machines at different networks within the first set to communicate with each other, iii) a second set of network controllers for managing a second set of interconnection switching elements at a second set of separate networks in order for machines at different networks within the second set to communicate with each other, and iv) a third set of network controllers for managing the first and second sets of network controllers in order for machines at networks in the first set to communicate with machines at networks in the second set. | 02-21-2013 |
20130044751 | PACKET PROCESSING IN MANAGED INTERCONNECTION SWITCHING ELEMENTS - Some embodiments provide a novel method for forwarding a packet at a first managed interconnection switching element in a managed network of interconnection switching elements. The method receives a packet from a source machine on a first network segment in a first network. The packet identifies a destination machine located on a second network segment in a second, different network. The method removes a context tag that identifies the first network segment. The method uses the identification of the first network segment to determine a logical switching element that connects at least the first and second network segments. The method encapsulates the packet with a logical context identifier that identifies a logical port of the logical switching element. The logical port corresponds to the second network segment. The method transmits the twice-encapsulated packet towards a second managed interconnection switching element at the second network. | 02-21-2013 |
20130044752 | FLOW GENERATION FROM SECOND LEVEL CONTROLLER TO FIRST LEVEL CONTROLLER TO MANAGED SWITCHING ELEMENT - A network control system that includes a first set of network controllers for (i) receiving a logical control plane definition of a logical switching element that couples to both a first set of network hosts in a first domain and a second set of network hosts in a second domain, (ii) translating the logical control plane definition of the logical switching element into a first set of flow entries in a first logical forwarding plane, and (iii) translating the first set of flow entries into a second set of flow entries in a second logical forwarding plane. The network control system includes a second set of network controllers in the first domain for (i) receiving a portion of the second set of flow entries and (ii) translating the portion of the second set of flow entries into a third set of flow entries in a physical control plane. | 02-21-2013 |
20130044761 | HIERARCHICAL CONTROLLER CLUSTERS FOR INTERCONNECTING TWO OR MORE LOGICAL DATAPATH SETS - Some embodiments provide a novel network control system for managing a set of switching elements in a network. The network control system includes a first set of network controllers for managing a first set of switching elements that enable communication between a first set of machines. The network control system includes a second set of network controllers for managing a second set of switching elements that enable communication between a second set of machines. The second set of switching elements is separate from the first set of switching elements and the second set of machines is separate from the first set of machines. The network control system includes a third set of network controllers for managing the first and second sets of network controllers in order to enable communication between machines in the first set of machines and machines in the second set of machines. | 02-21-2013 |
20130044762 | Packet processing in managed interconnection switching elements - Some embodiments provide a novel network control system for interconnecting several separate networks. The system includes a set of interconnection switching elements. Each interconnection switching element in the set is for connecting one of the separate networks to a common interconnecting network. The system includes a set of network controllers for managing the interconnection switching elements in order for the interconnection switching elements to send packets from a first machine at a first one of the networks to a second machine at a second one of the networks. | 02-21-2013 |
20130044763 | PACKET PROCESSING IN FEDERATED NETWORK - Some embodiments provide a novel method for forwarding a packet at a managed switching element in a first domain. The method receives a packet from a local machine. The method encapsulates the packet with a first context identifier that identifies a first logical port of a first logical switching element that couples to machines in both the first domain and a second domain. The first logical port maps to a destination address of the packet. Based on a mapping of the first logical port to a second logical port of a second logical switching element that couples to machines in only the first domain, the method encapsulates the packet with a second context identifier that identifies the second logical port. The method transmits the twice-encapsulated packet out of a port of the managed switching element based on the second context identifier. | 02-21-2013 |
20130044764 | GENERATING FLOWS FOR MANAGED INTERCONNECTION SWITCHES - A network controller for managing a set of interconnection switching elements that connect segmented networks to a shared physical interconnection network. The network controller includes i) an interface for receiving a logical control plane definition of a logical switching element that couples to a set of network segments at different segmented networks; ii) a control application for translating the logical control plane definition of the logical switching element into a first set of flow entries in a logical forwarding plane; and iii) a virtualization application for translating the first set of flow entries into a second set of flow entries in a physical control plane. The flow entries in the physical control plane are for subsequent conversion by the managed interconnection switching elements into a third set of flow entries in a physical forwarding plane that directs the forwarding of network data by the managed interconnection switching elements. | 02-21-2013 |
20130058208 | FAULT TOLERANT MANAGED SWITCHING ELEMENT ARCHITECTURE - In a hierarchical switching architecture that includes at least one lower level managed switching element that connects to several higher level managed switching elements, some embodiments provide a method of identifying a higher level managed switching element to which the lower level managed switching element forwards a packet for further processing. The method computes a distribution metric based on a set of attributes of the packet. The method performs a lookup on a hierarchy traversal table that specifies (1) a set of primary higher level managed switching elements and (2) a set of secondary higher level managed switching element. The lookup is for determining a higher level managed switching element specified in the hierarchical traversal table to forward the packet for further processing. The method forwards the packet to the determined higher level managed switching element. | 03-07-2013 |
20130058215 | NETWORK VIRTUALIZATION APPARATUS AND METHOD WITH A TABLE MAPPING ENGINE - Some embodiments provide a virtualizer for managing a plurality of managed switching elements that forward data through a network. The virtualizer comprises a first set of tables for storing input logical forwarding plane data and a second set of tables for storing output physical control plane data. It also includes a table mapping engine for mapping the input logical forwarding plane data in the first set of tables to output physical control plane data in the second set of tables by performing a set of database join operations on the input logical forwarding plane data in the first set of tables. In some embodiments, the physical control plane data is subsequently translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130058225 | DISTRIBUTED NETWORK CONTROL APPARATUS AND METHOD - Some embodiments provide a distributed control system for controlling managed switching elements of a network. The distributed control system comprises a first controller for converting a first set of input logical control plane data to a first set of output logical forwarding plane data. It also includes a second controller for converting a second set of input logical control plane data to a second set of output logical forwarding plane data. The logical forwarding plane data is translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130058226 | NETWORK VIRTUALIZATION APPARATUS - Some embodiments provide a network virtualization apparatus for managing a plurality of managed switching elements that forward data in a network. The network virtualization apparatus comprises a controller for converting logical control plane data to logical forwarding plane data. It also includes a virtualizer for converting the logical forwarding plane data to physical control plane data. In some embodiments, the physical control plane data is subsequently translated into physical forwarding plane data that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130058228 | NETWORK VIRTUALIZATION APPARATUS AND METHOD - Some embodiments provide a network virtualizer for managing several managed switching elements that forward data in a network. The virtualizer includes an interface for receiving input logical forwarding plane data. It also includes a converter for converting the input logical forwarding plane data to output physical control plane data. In some embodiments, the physical control plane data is translation into physical forwarding plane data that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130058229 | METHOD AND APPARATUS FOR ROBUST PACKET DISTRIBUTION AMONG HIERARCHICAL MANAGED SWITCHING ELEMENTS - For a network that includes several managed edge switching elements and several managed non-edge switching elements that are for implementing a logical switching element, some embodiments provide a method of distributing packet processing across the several managed non-edge switching elements. The method receives a packet for processing through the logical switching element. Based on a determination that the packet needs to be processed by a managed non-edge switching element, the method determines a particular managed non-edge switching element of the several managed non-edge switching elements to forward the packet. The method forwards the packet to the particular managed non-edge switching element for the particular managed non-edge switching element to process the packet. | 03-07-2013 |
20130058250 | HIERARCHICAL MANAGED SWITCH ARCHITECTURE - Some embodiments provide a method for managing several managed switching elements in a network. The method determines configurations for the several managed switching elements to implement a first logical data path set. Based on the determined configurations, the method configures a first set of the several managed switching elements to implement the first logical data path set. The method configures a second set of the several managed switching elements to implement a second logical data path set. | 03-07-2013 |
20130058251 | MANAGING A NETWORK BY CONTROLLING EDGE SWITCHING ELEMENTS; USING STANDARD INTERIOR SWITCHES - Some embodiments provide a network system that includes several non-edge switching elements that are each for forwarding network data to other non-edge switching elements. The network system includes several edge switching elements that are each for (1) coupling to a set of network hosts and (2) forwarding network data to the non-edge switching elements and to the set of network hosts. Each of the non-edge switching elements of the several non-edge switching elements is further for forwarding network data to the several edge switching elements. The network system includes a set of network controllers for (1) receiving a definition of a logical switching element that couples to the sets of network hosts and (2) managing the several edge switching elements by configuring the several edge switching elements to forward network data between the sets of network hosts based on the definition of the logical switching element. | 03-07-2013 |
20130058252 | MESH ARCHITECTURES FOR MANAGED SWITCHING ELEMENTS - Some embodiments provide a network architecture that includes several lower level managed switching elements for forwarding network data to several of network hosts. The network architecture includes a set of higher level managed switching elements. The several lower level managed switching elements and the set of higher level managed switching elements implement several logical datapath sets. Communication channels are established among the several lower level managed switching elements and the set of higher level managed switching elements based on a mesh topology. | 03-07-2013 |
20130058331 | DEPLOYMENT OF HIERARCHICAL MANAGED SWITCHING ELEMENTS - Some embodiments provide a method that identifies several higher level switching elements for facilitating lower level switching elements to forward packets among network hosts. The method establishes a set of tunnels among the lower level switching elements and the higher level switching elements. At least one tunnel is established between a lower level switching element and a higher level switching element. For each higher level switching element in the several higher level switching elements, the method identifies a first set of forwarding data that specifies forwarding of packets between the higher level switching element and the several lower level switching elements. For each lower level switching element in the several lower level switching elements, the method identifies a second set of forwarding data that specifies forwarding of packets between the lower level switching element, the several of network hosts, and the several higher level switching elements. | 03-07-2013 |
20130058334 | PACKET PROCESSING IN A NETWORK WITH HIERARCHICAL MANAGED SWITCHING ELEMENTS - Some embodiments provide a managed network for implementing a logical switching element. The managed network includes several managed edge switching elements that are each for (1) receiving packets for forwarding through the logical switching element and (2) forwarding packets that are known to the managed edge switching element to other managed edge switching elements in the several managed edge switching elements. The managed network includes a set of managed non-edge switching elements for (1) receiving packets from the several managed edge switching elements that are unknown to a particular managed edge switching element in the several managed edge switching elements and (2) forwarding packets to the several managed edge switching elements that are unknown to the several managed edge switching elements. | 03-07-2013 |
20130058335 | PACKET PROCESSING FOR LOGICAL DATAPATH SETS - Some embodiments provide a method that processes network data through a network. The method receives a packet destined for a network host associated with a logical datapath set implemented by a set of managed edge switching elements and a set of managed non-edge switching elements in the network. The method determines whether the packet is a known packet. When the packet is a known packet, the method forwards the packet to a managed switching element in the set of managed edge switching elements for forwarding to the network host. When the packet is not a known packet, the method forwards the packet to a managed switching element in the set of managed non-edge switching elements for further processing. | 03-07-2013 |
20130058339 | NETWORK CONTROL APPARATUS AND METHOD - Some embodiments provide a controller for managing several managed switching elements that forward data in a network. The controller includes an interface for receiving input logical control plane data. It also includes a converter for converting the input logical control plane data to output logical forwarding plane data. The logical forwarding plane data for subsequent translation into a set of physical forwarding behaviors that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130058340 | NETWORK CONTROL APPARATUS AND METHOD WITH TABLE MAPPING ENGINE - Some embodiments provide a controller for managing a plurality of managed switching elements that forward data through a network. The controller comprising a first set of tables for storing input logical control plane data, and a second set of tables for storing output logical forwarding plane data. It also includes a table mapping engine for mapping the input logical control plane data in the first set of tables to output logical forwarding plane data in the second set of tables by performing a set of database join operations on the input logical control plane data in the first set of tables. The logical forwarding plane data is subsequently translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130058341 | NETWORK CONTROL APPARATUS AND METHOD WITH PORT SECURITY CONTROLS - Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses. To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions. | 03-07-2013 |
20130058342 | LOGICAL PACKET PROCESSING PIPELINE THAT RETAINS STATE INFORMATION TO EFFECTUATE EFFICIENT PROCESSING OF PACKETS - Some embodiments provide a method of processing a packet through a logical switching element implemented by several managed switching elements. The method receives a packet for processing through a logical processing pipeline of the logical switching element. The method processes the packet through the logical processing pipeline. The method stores state information in the packet for indicating that the packet has been processed through the logical processing pipeline in order to prevent other managed switching elements from processing the packet through the logical processing pipeline. The method forwards the processed packet to a managed switching element of the several managed switching elements. | 03-07-2013 |
20130058343 | USE OF RICH CONTEXT TAGS IN LOGICAL DATA PROCESSING - For a logical switching element implemented across several managed switching elements, some embodiments provide a method that receives a packet for processing through a logical processing pipeline of the logical switching element. The method processes the packet through a first set of stages of the logical processing pipeline of the logical switching element. The method generates a set of context tag values for indicating that the packet has been processed through the first set of stages of the logical processing pipeline. The method forwards the packet to a managed switching elements of the several managed switching elements for the managed switching element to further process the packet based on the context tag of the packet. | 03-07-2013 |
20130058344 | ONE-HOP PACKET PROCESSING IN A NETWORK WITH MANAGED SWITCHING ELEMENTS - For a logical switching element implemented across several managed switching elements, some embodiments provide a method that receives a packet for processing through the logical switching element. The method performs a set of logical forwarding operations for determining a particular destination at the logical switching element to forward the packet. Based on the particular destination at the logical switching element, the method performs a set of physical forwarding operations for determining a destination at a managed switching element of the several managed switching elements that corresponds to the particular destination at the logical switching element. The method forwards the packet to the destination at the managed switching element. | 03-07-2013 |
20130058348 | DISTRIBUTED NETWORK CONTROL SYSTEM WITH ONE MASTER CONTROLLER PER MANAGED SWITCHING ELEMENT - A network control system for managing several switching elements. The network control system includes first and second controllers for generating data for managing first and second sets of switching elements. The first controller is further for serving as a master controller of the first set of switching elements. The second controller is further for serving as a master controller of the second set of switching elements. The master controller for a particular set of switching elements is the only controller that is allowed to propagate data to the particular set of switching elements data for managing the particular set of switching elements. | 03-07-2013 |
20130058353 | CONTROL SYSTEM THAT MANAGES EDGE ONLY SWITCHING ELEMENTS BUT NOT INTERIOR SWITCHES - Some embodiments provide a control system for managing a network that includes several switching elements managed by the control system and several switching elements not managed by the control system. The system includes a network information base (NIB) data structure that stores data for managing the several managed switching elements. The system includes an application interface for receiving data to store in the NIB from at least one application for controlling the managed switching elements. The system includes a switch interface for passing data from the NIB to at least one managed switching element. The managed switching elements include switching elements in an edge of the network. | 03-07-2013 |
20130058354 | MANAGED SWITCHING ELEMENTS USED AS EXTENDERS - Some embodiments provide a network system that includes a first network and a second network. The first network includes several unmanaged switching elements. The second network includes several managed switching elements. The network system includes a particular managed switching element for communicating network data between the first and second networks. | 03-07-2013 |
20130058356 | METHOD AND APPARATUS FOR USING A NETWORK INFORMATION BASE TO CONTROL A PLURALITY OF SHARED NETWORK INFRASTRUCTURE SWITCHING ELEMENTS - Some embodiments provide a program for managing several switching elements. The program receives, at a network information base (NIB) data structure that stores data for managing the several switching elements, a request to modify data stored in at least one particular switching element. The program modifies at least a first set of data tuples stored in the NIB for managing the particular switching element. The program sends a request to the particular switching element to modify at least a second set of data tuples for managing the particular switching element's operation. | 03-07-2013 |
20130058357 | DISTRIBUTED NETWORK VIRTUALIZATION APPARATUS AND METHOD - Some embodiments provide a distributed control system for controlling managed switching elements of a network. The distributed control system comprises a first network virtualizer for converting a first set of input logical forwarding plane data to a first set of output physical control plane data. It also includes a second network virtualizer for converting a second set of input logical forwarding plane data to a second set of output physical control plane data. In some embodiments, the physical control plane data is translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements. | 03-07-2013 |
20130060736 | METHOD AND APPARATUS FOR REPLICATING NETWORK INFORMATION BASE IN A DISTRIBUTED NETWORK CONTROL SYSTEM WITH MULTIPLE CONTROLLER INSTANCES - A network control system that includes several controllers for managing several switching elements. Each controller includes a network information base (NIB) storage that stores data regarding the switching elements and a secondary storage for facilitating replication of at least a portion of data across the NIB storages of the different controllers. In some embodiments, the primary purpose for one or more of the secondary storage structures is to back up the data in the NIB. In these or other embodiments, one or more of the secondary storage structures serve a purpose other than backing up the data in the NIB. In some embodiments, the NIB is stored in system memory while the system operates for fast access of the NIB records. In some embodiments, one or more of the secondary storage structures are stored on disks which can be slower to access. | 03-07-2013 |
20130060737 | SECONDARY STORAGE ARCHITECTURE FOR A NETWORK CONTROL SYSTEM THAT UTILIZES A PRIMARY NETWORK INFORMATION BASE - Some embodiments provide a system for managing several switching elements. The system includes a network information base (NIB) data structure for serving as a primary storage structure for storing data for managing the several switching elements. The system includes a secondary storage structure for storing a copy of a set of data stored in the primary storage structure for managing the several the switching elements. | 03-07-2013 |
20130060738 | DISTRIBUTED NETWORK CONTROL SYSTEM WITH A DISTRIBUTED HASH TABLE - A network control system that includes several controllers for managing several switching elements and a distributed hash table (DHT) formed across the controllers for storing data regarding the switching elements that is accessible by the controllers. Each hash table serves as a DHT instance. In some embodiments, the DHT instances of all controller instances collectively store one set of records that is indexed based on hashed indices for quick access. These records are distributed across the different controller instances to minimize the size of the records within each instance and to allow for the size of the DHT to be increased by adding other DHT instances. According to this scheme, each DHT record is not stored in each controller instance. In fact, in some embodiments, each DHT record is stored in at most one controller instance. | 03-07-2013 |
20130060817 | METHOD AND APPARATUS FOR INTERACTING WITH A NETWORK INFORMATION BASE IN A DISTRIBUTED NETWORK CONTROL SYSTEM WITH MULTIPLE CONTROLLER INSTANCES - A control system including several controllers for managing several switching elements. A first controller registers a second controller for receiving a notification when a data tuple changes in a network information base (NIB) storage of the first controller that stores data for managing a set of switching elements. The first controller changes the data tuple in the NIB. The first controller sends the notification to the second controller of the change to the data tuple in the NIB. The first and second controllers operate on two different computing devices. Each controller receives logical control plane data for specifying logical datapath sets and converts the logical control plane data to physical control plane data for enabling the switching elements to implement the logical datapath sets. | 03-07-2013 |
20130060818 | PROCESSING REQUESTS IN A NETWORK CONTROL SYSTEM WITH MULTIPLE CONTROLLER INSTANCES - A control system that includes several controllers for managing several switching elements. A first controller receives a request to modify a data tuple stored in a network information base (NIB) storage of the first controller that stores data for managing a set of switching elements. The first controller determines whether the received request to modify should be processed by the first controller. When the received request should be modified by the first controller, the first controller modifies the set of data in the NIB storage. The first controller updates a request list that is propagated between the controllers to disseminate requests to modify different data tuples that are stored in the NIB storages of the different controllers. | 03-07-2013 |
20130060819 | DISTRIBUTED NETWORK CONTROL SYSTEM WITH ONE MASTER CONTROLLER PER LOGICAL DATAPATH SET - A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements. | 03-07-2013 |
20130060922 | USE OF NETWORK INFORMATION BASE STRUCTURE TO ESTABLISH COMMUNICATION BETWEEN APPLICATIONS - Some embodiments provide a program for managing several switching elements. The program receives, at a network information base (NIB) data structure that stores data for managing the several switching elements, a request to notify a first application that uses the NIB when a set of data stored in the NIB is changed. The program changes, in response to an instruction from a second application, the set of data in the NIB. The program sends a notification to the first application of the change to the set of data in the NIB. | 03-07-2013 |
20130060929 | DISTRIBUTED CONTROL PLATFORM FOR LARGE-SCALE PRODUCTION NETWORKS - Some embodiments provide a program that monitors several network controllers in a network. Each network controller manages a logical data path set that is implemented across several managed switching elements. The program detects that a first network controller in the several network controllers has failed. The program selects a second network controller in the several network controllers to manage the logical data path set managed by the first network controller. | 03-07-2013 |
20130060940 | NETWORK VIRTUALIZATION - Some embodiments of the invention provide a robust scaling-out of network functionality by providing a software layer, called the network hypervisor, that sits between the network forwarding functions (i.e., the forwarding plane) and the network control interfaces (i.e., the control plane). The network hypervisor of some embodiments provides a logical abstraction of the network's forwarding functionality, so that network operators make their control decisions in terms of this abstraction, independent of the details of the underlying networking hardware. The network hypervisor of some embodiments may then “compile” commands placed against this abstraction into configurations of the underlying hardware. Accordingly, in some embodiments, there are two design challenges: (1) the choice of the network abstraction, and (2) the technology needed to compile the logical “abstract” controls into low-level configurations. | 03-07-2013 |
20130103817 | CHASSIS CONTROLLER - A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance. | 04-25-2013 |
20130103818 | PHYSICAL CONTROLLER - A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. | 04-25-2013 |
20130114466 | NETWORK VIRTUALIZATION APPARATUS AND METHOD WITH SCHEDULING CAPABILITIES - Some embodiments provide a controller for managing several managed switching elements that forward data in a network. The controller includes an interface for receiving input logical control plane data in terms of input events data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) scheduling supplying of the input event data into a converter based on the groups so that the converter processes a group of input events data together. The controller includes the converter for converting the input logical control plane data to output logical forwarding plane data. The controller includes a network information base (NIB) data structure module for storing the output logical forwarding plane data. The logical forwarding plane data is for subsequent translation into physical control plane data. | 05-09-2013 |
20130117428 | PHYSICAL CONTROLLERS FOR CONVERTING UNIVERSAL FLOWS - Some embodiments provide a network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. Each controller instance includes a network information base (NIB) storage for storing data and exchanging data with the other controller instance. | 05-09-2013 |
20130117429 | CHASSIS CONTROLLERS FOR CONVERTING UNIVERSAL FLOWS - A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes (1) a first controller for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data, (2) a second controller for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element, and (3) a third controller for receiving UPCP data generated by the first controller instance, identifying the second controller as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller. Each controller includes a network information base (NIB) storage for exchanging data with another controller instance. | 05-09-2013 |
20130121209 | WAN OPTIMIZER FOR LOGICAL NETWORKS - Some embodiments provide a non-transitory machine readable medium of a controller of a network control system for configuring a wide area network (WAN) optimizer instance to implement a WAN optimizer for a logical network. The controller receives a configuration for the WAN optimizer to optimize network data from the logical network for transmission to another WAN optimizer. The controller identifies several other controllers in the network control system on which to implement the logical network. The controller distributes the configuration for implementation on the WAN optimizer. | 05-16-2013 |
20130125120 | MIGRATING MIDDLEBOX STATE FOR DISTRIBUTED MIDDLEBOXES - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module. | 05-16-2013 |
20130125230 | FIREWALLS IN LOGICAL NETWORKS - Some embodiments provide a method for configuring a logical firewall in a hosting system that includes a set of nodes. The logical firewall is part of a logical network that includes a set of logical forwarding elements. The method receives a configuration for the firewall that specifies packet processing rules for the firewall. The method identifies several of the nodes on which to implement the logical forwarding elements. The method distributes the firewall configuration for implementation on the identified nodes. At a node, the firewall of some embodiments receives a packet, from a managed switching element within the node, through a software port between the managed switching element and the distributed firewall application. The firewall determines whether to allow the packet based on the received configuration. When the packet is allowed, the firewall the packet back to the managed switching element through the software port. | 05-16-2013 |
20130128891 | CONNECTION IDENTIFIER ASSIGNMENT AND SOURCE NETWORK ADDRESS TRANSLATION - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet. | 05-23-2013 |
20130132531 | ARCHITECTURE OF NETWORKS WITH MIDDLEBOXES - Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. Each of several nodes includes (i) a virtual machine for implementing an end machine of the logical network, (ii) a managed switching element for implementing the set of logical forwarding elements of the logical network, and (iii) a middlebox element for implementing the first logical middlebox of the logical network. The system includes a physical middlebox appliance for implementing the second logical middlebox. | 05-23-2013 |
20130132532 | LOAD BALANCING AND DESTINATION NETWORK ADDRESS TRANSLATION MIDDLEBOXES - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures a first middlebox instance to obtain status of a set of servers and disseminate the obtained status to a second middlebox instance. The controller configures the second middlebox instance to use the status to select a server from the set of servers. | 05-23-2013 |
20130132533 | CONTROL PLANE INTERFACE FOR LOGICAL MIDDLEBOX SERVICES - Some embodiments provide a non-transitory machine readable medium of a first middlebox element of several middlebox elements to implement a middlebox instance in a distributed manner in several hosts. The non-transitory machine readable medium stores a set of instructions for receiving (1) configuration data for configuring the middlebox instance to implement a middlebox in a logical network and (2) a particular identifier associated with the middlebox in the logical network. The non-transitory machine readable medium stores a set of instructions for generating (1) a set of rules to process packets for the middlebox in the logical network and (2) an internal identifier associated with the set of rules. The non-transitory machine readable medium stores a set of instructions for associating the particular identifier with the internal identifier for later processing of packets having the particular identifier. | 05-23-2013 |
20130132536 | NETWORK CONTROL SYSTEM FOR CONFIGURING MIDDLEBOXES - Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes. | 05-23-2013 |
20130142048 | FLOW TEMPLATING IN LOGICAL L3 ROUTING - For a network controller for managing hosts in a network, a method for configuring a host to handle flow entries and template flow entries is described. The method generates a template flow entry to be populated in order to create a flow entry for a particular managed forwarding element. The method sends the template flow entry to the particular forwarding element in a host. The method configures a flow entry generating flow entry generating module in a host to create the flow entry by populating the template flow entry. The method configures the particular managed forwarding element to (1) send the template flow entry to the flow entry generating flow entry generating module (2) forward packets using the flow entry created by the flow entry generating flow entry generating module. | 06-06-2013 |
20130142203 | MULTI-DOMAIN INTERCONNECT - A network system that includes a first set of network hosts in a first domain and a second set of network hosts in a second domain. Within each of the domains, the system includes several edge switching elements (SEs) that each couple to the network hosts and forward network data to and from the set of network hosts. Within the first domain, the system includes (i) an interior SE that couples to a particular edge SE in order to receive network data for forwarding from the edge SE when the edge SE does not recognize a destination location of the network data and (ii) an interconnection SE that couples to the interior SE, the edge SE, and the second domain through an external network. When the edge SE receives network data with a destination address in the second domain, it forwards the network data directly to the interconnection SE. | 06-06-2013 |
20130148505 | LOAD BALANCING IN A LOGICAL PIPELINE - A non-transitory machine readable medium storing a program that configures a managed forwarding element to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, (3) a load balancing processing to select a second managed forwarding element from a plurality of managed forwarding elements to which to forward packets and (4) a logical ingress L2 processing for a second logical L2 domain on the packets. The program generates a second set of flow entries for configuring the second managed forwarding element to perform a second logical L2 processing for a second logical L2 domain on the packets. | 06-13-2013 |
20130148541 | DISTRIBUTED LOGICAL L3 ROUTING - A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, and (3) a second logical L2 processing for a second logical L2 domain. The program generates a second set of flow entries for configuring the second managed forwarding element to determine whether the first managed forwarding element has performed the first logical L2 processing, the logical L3 processing, and the second logical L2 processing. | 06-13-2013 |
20130148542 | HANDLING NAT IN LOGICAL L3 ROUTING - A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, (3) a network address translation (NAT) processing on packets to be sent to the second managed forwarding element, and (4) a logical ingress L2 processing for a second logical L2 domain on the packets. The program generates a second set of flow entries for configuring the second managed forwarding element to perform a logical egress L2 processing for the second logical L2 domain on the packets. | 06-13-2013 |
20130148543 | HANDLING REVERSE NAT IN LOGICAL L3 ROUTING - A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to (1) perform a network address translation (NAT) processing on a first packet and (2) send, to a second managed switching element. The first packet and information indicate that the NAT processing has been performed on the first packet. The program generates a second set of flow entries for configuring the second managed forwarding element to (1) skip performing a logical L3 processing on a second packet to be sent to the first managed forwarding element in response to receiving the first packet and (2) send the second packet to the first managed switching element. | 06-13-2013 |
20130148656 | Logical L3 Daemon - For a network controller for managing hosts in a network, a method for configuring a host to resolve network addresses is described. The method configures an address resolution module in a host to resolve a network address. The method configures a managed forwarding element in the host to (1) avoid sending a request to resolve the network address to another host by using the address resolution module to resolve the network address and (2) forward packets using the resolved network address. | 06-13-2013 |
20130151661 | HANDLING NAT MIGRATION IN LOGICAL L3 ROUTING - For a network controller for managing managed forwarding elements running in hosts in a network, a method for configuring a host to facilitate migration of a virtual machine (VM) from a first host to a second host is described. The method configure, in the first host, a first managed forwarding element to perform (1) a logical L3 routing processing and (2) a network address translation (NAT) processing for a VM running in the first host. The method configures the first host to automatically send NAT information to the second host when the VM migrates to the second host so that a second managed forwarding element running in the second host can perform a NAT processing for the migrated VM based on the NAT information. | 06-13-2013 |
20130151676 | LOGICAL L3 ROUTING WITH DHCP - For a network controller for managing a set of hosts, a method for configuring a host to provide a Dynamic Host Configuration Protocol (DHCP) service is described. The method configures a DHCP module in a first host to provide a DHCP service. The method configures a managed forwarding element in the first host to ( | 06-13-2013 |
20130208623 | UNIVERSAL PHYSICAL CONTROL PLANE - A controller for generating universal physical control plane (UPCP) data for configuring a set of managed forwarding elements that forward data in a network is described. The controller includes a control module for converting logical control plane (LCP) data to logical forwarding plane (LFP) data. The controller includes a virtualization module for converting the LFP data to UPCP data. The UPCP data is for subsequent conversion into customized physical control plane (CPCP) data for each of the managed forwarding elements. The CPCP data directs the forwarding of data by the managed forwarding element. | 08-15-2013 |
20130211549 | SCHEDULING DISTRIBUTION OF LOGICAL CONTROL PLANE DATA - A controller for distributing logical control plane data to other controllers is described. The controller includes an interface for receiving user inputs to define logical datapath sets. The controller includes a translator for translating the user inputs to output logical control plane data. The logical control plane data is for subsequent translation into logical forwarding plane data by several other controllers. The controller includes a scheduler for (1) storing the output logical control plane data in a plurality of storage structures, each storage structure corresponding to one of the other controllers and (2) sending the output logical control plane data to the other controllers from the corresponding storage structure. | 08-15-2013 |
20130212148 | DISTRIBUTED NETWORK CONTROL SYSTEM - For a controller of a distributed network control system comprising several controllers for managing forwarding elements that forward data in a network, a method for managing the forwarding elements is described. The method changes a set of data tuples stored in a relational database of the first controller that stores data tuples containing data for managing a set of forwarding elements. The method sends the changed data tuples to at least one of other controllers of the network control system. The other controller receiving the changed data tuples processes the changed data tuples and sends the processed data tuples to at least one of the managed forwarding elements. | 08-15-2013 |
20130212235 | MAINTAINING QUALITY OF SERVICE IN SHARED FORWARDING ELEMENTS MANAGED BY A NETWORK CONTROL SYSTEM - A non-transitory machine readable medium storing a program that manages a plurality managed forwarding elements that forward data through a network is described. The program receives user inputs that define forwarding performance constraints of a set of managed forwarding elements. Based on the inputs, the program generates a set of universal flow entries for configuring the set of managed forwarding elements to apply the forwarding performance constraints to data traffic that the managed forwarding elements forward. The set of universal flow entries is for subsequent conversion into a set of customized flow entries for the managed forwarding elements. | 08-15-2013 |
20130212243 | SCHEDULING DISTRIBUTION OF LOGICAL FORWARDING PLANE DATA - A controller for managing several managed switching elements that forward data in a network is described. The controller includes an interface for receiving input logical control plane data in terms of input events data. The controller includes a converter for converting the input logical control plane data to output logical forwarding plane data by processing the input events data. The logical forwarding plane data is for subsequent translation into physical control plane data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) supplying the input events data into the converter in a manner that each different group of input events data is processed separately by the converter. | 08-15-2013 |
20130212244 | COMMUNICATION CHANNEL FOR DISTRIBUTED NETWORK CONTROL SYSTEM - For a particular controller for managing managed forwarding elements that forward data in a network, a method for computing forwarding state using a set of inputs from a first controller and a second controller that is a back up controller for the first controller is described. The method receives a first subset of the set of inputs from the first controller. After failure of the first controller, the method receives a second subset of the set of inputs from the second controller. At least one input of the second subset of the set of inputs is duplicative of an input in the first subset. The method computes forwarding state using the first and second subsets of the inputs but without using the duplicative input. | 08-15-2013 |
20130212245 | NESTING TRANSACTION UPDATES TO MINIMIZE COMMUNICATION - For a controller for managing a network including managed forwarding elements that forward data in the network, a method for configuring a set of managed forwarding elements is described. The method generates a first set of flow entries for configuring the set of managed forwarding elements to forward packets as non-first-hop forwarding elements for a logical datapath set. The method generates a second set of flow entries for configuring the set of managed forwarding elements to forward packets as first-hop forwarding elements for the logical datapath set. The method sends the first set of flow entries to the set of managed forwarding elements prior to sending the second set of flow entries to the set of managed forwarding elements. | 08-15-2013 |
20130212246 | PULL-BASED STATE DISSEMINATION BETWEEN MANAGED FORWARDING ELEMENTS - For a controller that manages managed forwarding elements that forward data in a network, a method for configuring the managed forwarding elements is described. The method computes forwarding state and pushes the computed forwarding state to the managed switching elements. The forwarding state defines forwarding behaviors of the managed switching elements. The method configures the managed switching elements to exchange forwarding state with each other. The method configures the managed switching elements by configuring a first managed forwarding element to send a forwarding state information request to a second managed forwarding element and by configuring the second managed forwarding element to (1) respond to the forwarding state information request by looking up a forwarding state information repository and (2) update the forwarding state information repository with forwarding states information received from a third managed forwarding element. | 08-15-2013 |
20130219037 | SCHEDULING DISTRIBUTION OF PHYSICAL CONTROL PLANE DATA - A controller for managing several managed switching elements that forward data in a network is described. The controller includes an interface for receiving input logical forwarding plane data in terms of input events data. The controller includes a converter for converting the input logical forwarding plane data to output physical control plane data by processing the input events data. The physical control plane data is for subsequent translation into physical forwarding plane data. The controller includes an input scheduler for (1) categorizing the input events data into different groups based on certain criteria and (2) supplying the input events data into the converter in a manner that each different group of input events data is processed separately by the converter. | 08-22-2013 |
20130219078 | TUNNEL CREATION - A non-transitory machine readable medium storing a program that configures managed forwarding elements to establish tunnels between the managed forwarding elements is described. From a particular managed forwarding element, the program receives information regarding coupling of a network element to the first managed forwarding element. Upon receiving the information, the program generates a set of universal flow entries for configuring another managed forwarding element to establish a tunnel to the particular managed forwarding element. | 08-22-2013 |
20140247753 | USING TRANSACTIONS TO COMPUTE AND PROPAGATE NETWORK FORWARDING STATE - For a controller for managing a network comprising several managed forwarding elements that forward data in the network, a method for configuring a managed forwarding element is described. The method generates a first set of flow entries for defining forwarding behaviors of the managed forwarding element based on a current network policy for a logical network implemented in the several managed forwarding elements. The method sends the first set of flow entries to the managed forwarding element in order for the managed forwarding element to forward data that the managed forwarding element directly receives from an end machine based on the current network policy. The method generates a second set of flow entries for modifying forwarding behaviors of the managed forwarding element based on a new network policy for the logical network. The method sends the second set of flow entries to the managed forwarding element in order for the managed forwarding element to forward the data based on the new network policy. | 09-04-2014 |
20140348161 | EXCHANGE OF NETWORK STATE INFORMATION BETWEEN FORWARDING ELEMENTS - Some embodiments provide a network control system that includes a network controller and a set of hosts on which a set of managed forwarding elements operate. The network controller computes forwarding state information and pushes the computed forwarding state information to a set of managed forwarding elements to define forwarding behaviors of the managed forwarding elements. The managed forwarding elements receive the forwarding state information from the network controller and directly exchange with each other updates to the forwarding state information. The updates are exchanged between the managed forwarding elements without a network controller relaying the updates. | 11-27-2014 |
20140351432 | USING TRANSACTIONS TO MINIMIZE CHURN IN A DISTRIBUTED NETWORK CONTROL SYSTEM - A particular network controller receives a first set of inputs from the first controller and a second set of inputs from the second controller. The particular controller then starts to compute a set of outputs using the first set of inputs. After a failure of the first controller, the particular controller receives a third set of inputs from the second controller. The third set of inputs and the first or second set of inputs makes up a group of inputs for being processed together and separately from another group of inputs. The particular controller then receives an indicator from the second controller, which indicates that all inputs of the group of inputs have arrived at the particular controller. After receiving the indicator and after computing the set of outputs completely, the particular controller sends the set of outputs to a fourth controller or to a managed forwarding element. | 11-27-2014 |
20150016279 | Using Headerspace Analysis to Identify Classes of Packets - Some embodiments provide a method that uses headerspace analysis. The method receives several flow entries for distribution to a set of forwarding elements that implement a logical network. The method models each of the flow entries as a function that operates on a representation of a packet header. The method uses the modeled functions to identify a set of paths from a packet source to a packet destination. For each particular path of the identified paths, the method uses inverses of the modeled functions to determine a set of packet headers. Packets sent from the packet source with any packet header in the set of packet headers follow the particular path through the flow entries. | 01-15-2015 |
20150016286 | Tracing Network Packets by a Cluster of Network Controllers - Some embodiments provide a method for a first network controller that manages a set of logical forwarding elements implemented in several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method sends the packet to a second network controller that manages a managed forwarding element associated with the particular source. The method receives a first set of messages regarding operations performed on the packet from a set of network controllers that receives a second set of messages regarding operations performed on the packet from a set of managed forwarding elements that process the packet. | 01-15-2015 |
20150016287 | Tracing Network Packets Through Logical and Physical Networks - Some embodiments provide a method for a network controller that manages a plurality of managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method inserts the packet into a managed forwarding element associated with the particular source such that the managed forwarding element processes the packet as though the packet was received from the particular source. The method receives, from a set of managed forwarding elements, a set of messages regarding logical processing operations and physical forwarding operations that each managed forwarding element in the set of managed forwarding elements performs on the packet. | 01-15-2015 |
20150016298 | Tracing Logical Network Packets Through Physical Network - Some embodiments provide a method for a network controller that manages several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical switching element. The method generates the packet at the network controller according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method inserts the packet into a managed forwarding element associated with the particular source. The method receives a set of messages from a set of managed forwarding elements that process the packet regarding operations performed on the packet. | 01-15-2015 |
20150016460 | Using Headerspace Analysis to Identify Flow Entry Reachability - Some embodiments provide a method for using headerspace analysis. The method receives several flow entries for distribution to a forwarding element in a network. Each flow entry includes a set of conditions to be matched by a packet header and a set of actions to perform on a packet that matches the set of conditions. The method models each of the flow entries as a function that operates on a representation of a packet header. The method determines a set of packet headers of packets to be received by the forwarding element. The method determines a set of the flow entries that are not matched by a packet header of any packet to be received by the forwarding element by applying the functions to representations of the identified set of packet headers. | 01-15-2015 |
20150078385 | Generating Flows Using Common Match Techniques - Some embodiments provide a method for a forwarding element that forwards packets. The method receives a packet and performs a hash lookup operation on one or more hash tables to find a matching rule for a packet. The method consults a common match data set to generate a wildcard mask. The method generates a flow based on the matching rule and the wildcard mask. The flow is used to process other packets that match each bit which is un-wildcarded. | 03-19-2015 |
20150081861 | CONNECTION IDENTIFIER ASSIGNMENT AND SOURCE NETWORK ADDRESS TRANSLATION - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet. | 03-19-2015 |
20150092778 | Tracking Prefixes of Values Associated with Different Rules to Generate Flows - Some embodiments provide a method for a forwarding element that forwards packets. The method receives a packet. The method consults a tree structure to generate a wildcard mask. The consulting includes traversing the tree structure by tracing a set of bits from the packet header and un-wildcarding the corresponding set of bits from the wildcard mask. The method identifies a matching rule for the packet. The method generates a flow based on the matching rule and the wildcard mask. The flow is used to process each other packet that matches each un-wildcarded bit of the flow. | 04-02-2015 |
20150098360 | CONNECTION IDENTIFIER ASSIGNMENT AND SOURCE NETWORK ADDRESS TRANSLATION - A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet. | 04-09-2015 |
20150117445 | Packet Conflict Resolution - Some embodiments provide a method for a first managed forwarding element that implements a logical network. The method receives a packet from a second managed forwarding element. The first packet has an initial set of characteristics defining a first connection between a source machine connected to the second managed forwarding element and a destination machine connected to the first managed forwarding element. The method determines whether a second connection exists with the initial set of characteristics between a different machine connected to a third managed forwarding element and the destination machine. When a second connection exists with the initial set of characteristics, the method modifies at least one characteristic of the packet such that the modified packet does not have the same set of characteristics. The method delivers the modified packet to the destination machine. | 04-30-2015 |
20150117454 | Dynamic Generation of Flow Entries for Last-Hop Processing - Some embodiments provide a method for a first managed forwarding element that implements logical forwarding elements of a logical network. The method receives a first packet from a second managed forwarding element. The first packet includes context information that indicates a logical network destination that maps to a physical destination connected to the first managed forwarding element. At the first managed forwarding element, the method dynamically generates a flow entry for processing subsequent packets received by the first managed forwarding element from the physical destination and sent to a source of the first packet. The method processes a second packet received by the first managed forwarding element from the physical destination with the dynamically generated flow entry. The dynamically generated flow entry specifies to send the second packet to the second managed forwarding element before logically forwarding the second packet through the logical network. | 04-30-2015 |
20150124651 | NETWORK CONTROL SYSTEM FOR CONFIGURING MIDDLEBOXES - Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes. | 05-07-2015 |
20150142938 | ARCHITECTURE OF NETWORKS WITH MIDDLEBOXES - Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. Each of several nodes includes (i) a virtual machine for implementing an end machine of the logical network, (ii) a managed switching element for implementing the set of logical forwarding elements of the logical network, and (iii) a middlebox element for implementing the first logical middlebox of the logical network. The system includes a physical middlebox appliance for implementing the second logical middlebox. | 05-21-2015 |
20150163142 | DETECTING AN ELEPHANT FLOW BASED ON THE SIZE OF A PACKET - Some embodiments provide a forwarding element that inspects the size of each of several packets in a data flow to determine whether the data flow is an elephant flow. The forwarding element inspects the size because, in order for the packet to be of a certain size, the data flow had to already have gone through a slow start in which smaller packets are transferred and by definition be an elephant flow. When the forwarding element receives a packet in a data flow, the forwarding element identifies the size of the packet. The forwarding element then determines if the size of the packet is greater than a threshold size. If the size is greater, the forwarding element specifies that the packet's data flow is an elephant flow. | 06-11-2015 |
20150163144 | DETECTING AND HANDLING ELEPHANT FLOWS - Some embodiments provide a forwarding element that detects and handles elephant flows. In detecting, the forwarding element of some embodiments monitors statistics or measurements relating to a data flow. In handling, the forwarding element marks each packet associated with a detected elephant flow in some manner to differentiate it from a packet associated with a mouse flow. Alternatively, the forwarding element of break elephant flows into a number mouse flow by facilitating in sending packets associated with the detected elephant flow along different paths. | 06-11-2015 |
20150163145 | REPORTING ELEPHANT FLOWS TO A NETWORK CONTROLLER - Some embodiments provide a system that detects whether a flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiment detect elephants based on one or more of the following: statistics associated with a flow, packet segment size, and invoked system calls. Also, some embodiments use one or more various methods to handle elephant flows. Examples of such methods include marking each packet belonging to an elephant with a particular marking, breaking the elephants into mice, reporting the elephant to a network controller, and selectively choosing a route for each packet belonging to the elephant. | 06-11-2015 |
20150180801 | Method and Apparatus for Implementing and Managing Virtual Switches - In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g, GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities. | 06-25-2015 |
20150222598 | FIREWALLS IN LOGICAL NETWORKS - Some embodiments provide a method for configuring a logical firewall in a hosting system that includes a set of nodes. The logical firewall is part of a logical network that includes a set of logical forwarding elements. The method receives a configuration for the firewall that specifies packet processing rules for the firewall. The method identifies several of the nodes on which to implement the logical forwarding elements. The method distributes the firewall configuration for implementation on the identified nodes. At a node, the firewall of some embodiments receives a a packet, from a managed switching element within the node, through a software port between the managed switching element and the distributed firewall application. The firewall determines whether to allow the packet based on the received configuration. When the packet is allowed, the firewall the packet back to the managed switching element through the software port. | 08-06-2015 |
20150263897 | STATIC ROUTES FOR LOGICAL ROUTERS - Some embodiments provide a method for a network controller. The method receives configuration data, for a logical router managed by the network controller, that specifies at least one logical port for the logical router. The method automatically generates connected routes for the logical router based on network address ranges specified for the logical ports of the logical router. The method receives a manually input static route for the logical router. The method generates data tuples, for distribution to several managed network elements, based on the connected and static routes for the logical router in order for the several managed network elements to implement the logical router. | 09-17-2015 |
20150263952 | LOGICAL ROUTER PROCESSING BY NETWORK CONTROLLER - Some embodiments provide a network controller for managing a logical network implemented across several managed network elements. The logical network includes at least one logical router. The network controller includes an input interface for receiving configuration state for the logical router. The network controller includes a table mapping engine for generating data tuples for distribution to the managed network elements in order for the managed network elements to implement the logical router. The network controller includes a route processing engine for receiving a set of input routes from the table mapping engine based on the configuration state for the logical router, performing a recursive route traversal process to generate a set of output routes, and returning the set of output routes to the table mapping engine. The table mapping engine uses the set of output routes to generate the data tuples for distribution to the plurality of managed network elements. | 09-17-2015 |
20150281098 | Flow Cache Hierarchy - Some embodiments provide a managed forwarding element (MFE that includes a set of flow tables including a first set of flow entries for processing packets received by the MFE. The MFE includes an aggregate cache including a second set of flow entries for processing packets received by the MFE. Each of the flow entries of the second set is for processing packets of multiple data flows. At least a subset of packet header fields of the packets of the multiple data flows have a same set of packet header field values, and a same set of operations is applied to said packets. The MFE includes an exact-match cache including a third set of flow entries for processing packets received by the MFE. Each of the flow entries of the third set is for processing packets for a single data flow having a unique set of packet header field values. | 10-01-2015 |
20150281125 | CACHING OF SERVICE DECISIONS - Some embodiments provide a method for processing a packet received by a managed forwarding element. The method performs a series of packet classification operations based on header values of the received packet. The packet classifications operations determine a next destination of the received packet. When the series of packet classification operations specifies to send the packet to a network service that performs payload transformations on the packet, the method (1) assigns a service operation identifier to the packet that identifies the service operations for the network service to perform on the packet, (2) sends the packet to the network service with the service operation identifier, and (3) stores a cache entry for processing subsequent packets without the series of packet classification operations. The cache entry includes the assigned service operation identifier. The network service uses the assigned service operation identifier to process packets without performing its own classification operations. | 10-01-2015 |