In general, this disclosure describes a programmable network platform for dynamically programming a cloud exchange to provide a layer three (L3) routing instance as a service to customers of the cloud exchange. In one example, a cloud exchange comprises an L3 network located within a data center and configured with an L3 routing instance for an enterprise; and for the L3 routing instance, respective first and second attachment circuits for first and second cloud service provider networks co-located within the data center, wherein the L3 routing instance stores a route to a subnet of the second cloud service provider network to cause the L3 routing instance to forward packets, received from the first cloud service provider network via the first attachment circuit, to the second cloud service provider network via the second attachment circuit.

A communication system includes multiple Point-of-Presence (POP) interfaces distributed in a Wide-Area Network (WAN), and one or more processors coupled to the POP interfaces. The processors are configured to assign to an initiator in the communication system a client Internet Protocol (IP) address, including embedding in the client IP address an affiliation of the initiator with a group of initiators, to assign to a responder in the communication system a service IP address, including embedding in the service IP address an affiliation of the service with a group of responders, and to route traffic between the initiator and the responder, over the WAN via one or more of the POP interfaces, in a stateless manner, based on the affiliation of the initiator and the affiliation of the service, as embedded in the client and service IP addresses.

A communication system includes multiple Point-of-Presence (POP) interfaces distributed in a Wide-Area Network (WAN), and one or more processors coupled to the POP interfaces. The processors are configured to assign to an initiator in the communication system a client Internet Protocol (IP) address, including embedding in the client IP address an affiliation of the initiator with a group of initiators, to assign to a responder in the communication system a service IP address, including embedding in the service IP address an affiliation of the service with a group of responders, and to route traffic between the initiator and the responder, over the WAN via one or more of the POP interfaces, in a stateless manner, based on the affiliation of the initiator and the affiliation of the service, as embedded in the client and service IP addresses.

Disclosed are a network control device and an operation method of the network control device for dynamically constructing an end-to-end virtual dedicated network slice based on a software-defined network (SDN) over the entire wired and wireless network section of a private network and a public network.

Disclosed are a network control device and an operation method of the network control device for dynamically constructing an end-to-end virtual dedicated network slice based on a software-defined network (SDN) over the entire wired and wireless network section of a private network and a public network.

Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.

Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.

Packet routers route data packets based on existing topology files. The packet routers hash the existing topology files into content-addressed objects and exchange the content-addressed objects. One of the routers modifies its topology file into a new topology file, hashes the new topology file into a new content-addressed object, and transfers the new content-addressed object to the other packet routers. The packet routers exchange the content-addressed objects, and in response, exchange the topology files. The routers establish a consensus on the new topology file based on the existing topology files. The one packet router routes additional data packets based on the new topology file in response to the consensus. In some examples, the content-addressed objects comprise Inter-Planetary File System (IPFS) objects.

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.