To efficiently distribute data to a plurality of distribution destinations. According to the present disclosure, a system controller is provided controlling an IP switch that distributes data received from a device on a transmission side to a device on a reception side, the system controller building a plurality of virtual networks in the IP switch and causing data received by any of the virtual networks to be transmitted to respective distribution destinations connected to the virtual networks. With this configuration, data can be efficiently distributed to a plurality of distribution destinations.

To efficiently distribute data to a plurality of distribution destinations. According to the present disclosure, a system controller is provided controlling an IP switch that distributes data received from a device on a transmission side to a device on a reception side, the system controller building a plurality of virtual networks in the IP switch and causing data received by any of the virtual networks to be transmitted to respective distribution destinations connected to the virtual networks. With this configuration, data can be efficiently distributed to a plurality of distribution destinations.

Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.

Techniques are provided for domain name system multipathing distributed applications. In an example, a client computer queries a multipath-aware domain name system service with a domain name for a plurality of application servers, where there are a plurality of network paths available between the client computer and the application servers. The multipath-aware domain name system service can select a network path to be used, then determine a server that leads to that network path being used (by determining a hash used in network routing for each server of the plurality of servers). The multipath-aware domain name system service can respond to the client computer with an IP address for a selected application server, which results in communications between the client computer and the selected application server occurring over the selected network path.

Techniques are provided for domain name system multipathing distributed applications. In an example, a client computer queries a multipath-aware domain name system service with a domain name for a plurality of application servers, where there are a plurality of network paths available between the client computer and the application servers. The multipath-aware domain name system service can select a network path to be used, then determine a server that leads to that network path being used (by determining a hash used in network routing for each server of the plurality of servers). The multipath-aware domain name system service can respond to the client computer with an IP address for a selected application server, which results in communications between the client computer and the selected application server occurring over the selected network path.

Some embodiments provide policy-driven methods for deploying edge forwarding elements in a public or private SDDC for tenants or applications. For instance, the method of some embodiments allows administrators to create different traffic groups for different applications and/or tenants, deploys edge forwarding elements for the different traffic groups, and configures forwarding elements in the SDDC to direct data message flows of the applications and/or tenants through the edge forwarding elements deployed for them. The policy-driven method of some embodiments also dynamically deploys edge forwarding elements in the SDDC for applications and/or tenants after detecting the need for the edge forwarding elements based on monitored traffic flow conditions.

A method and system for implementing L3VPN based on a two-dimensional routing protocol. The method includes the following steps of: activating an L3VPN network to obtain a route destined to each user site; sending, by a user in a source user site, a packet to a user in a target user site, and sending the packet to an entry of a first edge routing device; performing encapsulation by the first edge routing device based on a public network IP address of the packet; and forwarding, by means of matching of two-dimensional routing, the encapsulated packet to an exit of the first edge routing device for decapsulation, and forwarding the same to the target user site via an entry of a second edge routing device.

A method and system for implementing L3VPN based on a two-dimensional routing protocol. The method includes the following steps of: activating an L3VPN network to obtain a route destined to each user site; sending, by a user in a source user site, a packet to a user in a target user site, and sending the packet to an entry of a first edge routing device; performing encapsulation by the first edge routing device based on a public network IP address of the packet; and forwarding, by means of matching of two-dimensional routing, the encapsulated packet to an exit of the first edge routing device for decapsulation, and forwarding the same to the target user site via an entry of a second edge routing device.

Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.