An aspect of the present invention provides an input/output switch including: a plurality of virtual switches formed by asymmetrically divided switches with symmetrically aligned ports; and ports on a side of end points and ports on a side of an intermediate switch allocated for each of the virtual switches, in which some of the ports of the virtual switches on the side of the end points act as ports that form a path that returns traffic among the virtual switches.

A switching system comprises a controlling switch and a plurality of port extenders. One of the port extenders includes: at least one upstream port; multiple downstream ports; and a forwarding engine. A forwarding database is populated with entries indicating associations between i) respective network addresses corresponding to devices coupled to downstream ports, and ii) respective local downstream ports. The forwarding database excludes entries corresponding to network addresses corresponding to devices coupled to the at least one upstream port. The forwarding engine is configured to: for a first packet received via one of the local downstream ports, and having a destination network address in the forwarding database, forward the first packet to a different local downstream port indicated by the forwarding database. For a second packet received via one of the local downstream ports, and having a destination network address not in the forwarding database, forward the second packet to the at least one upstream port.

Systems and methods for providing bandwidth congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, and a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes. The method can provide, at a host channel adapter, an end node ingress bandwidth quota associated with an end node attached to the host channel adapter. The method can receive, at the end node of the host channel adapter, ingress bandwidth, the ingress bandwidth exceeding the ingress bandwidth quota of the end node.

Methods and systems include managing bandwidth in Fibre Channel over Internet Protocol (FCIP) communication channels. A method includes monitoring traffic demand at an FCIP communication channel and, in response to an anticipated period of throughput demand on the FCIP communication channel, reallocating physical throughput bandwidth of the FCIP communication channel by configuring bandwidth of one or more tunnels of the FCIP communication channel.

A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.

A method for deep packet inspection (DPI) in a software defined network (SDN). The method includes configuring a plurality of network nodes operable in the SDN with at least one probe instruction; receiving from a network node a first packet of a flow, the first packet matches the at least one probe instruction and includes a first sequence number; receiving from a network node a second packet of the flow, the second packet matches the at least one probe instruction and includes a second sequence number, the second packet is a response of the first packet; computing a mask value respective of at least the first and second sequence numbers indicating which bytes to be mirrored from subsequent packets belonging to the same flow; generating at least one mirror instruction based on at least the mask value; and configuring the plurality of network nodes with at least one mirror instruction.

A network system includes a communication apparatus, and a control apparatus configured to control the communication apparatus. The communication apparatus includes a memory configured to store program instructions, and a processor configured to execute the instructions to receive an address of a destination virtual machine from the control apparatus, receive a packet from a source virtual machine, identify, based on the address of the destination virtual machine corresponding to the received packet, an identifier of an edge node connected to the destination virtual machine, and add the identifier of the edge node to the received packet.

Systems and methods for supporting dual-port virtual router in a high performance computing environment. In accordance with an embodiment, a dual port router abstraction can provide a simple way for enabling subnet-to-subnet router functionality to be defined based on a switch hardware implementation. A virtual dual-port router can logically be connected outside a corresponding switch port. This virtual dual-port router can provide an InfiniBand specification compliant view to a standard management entity, such as a Subnet Manager. In accordance with an embodiment, a dual-ported router model implies that different subnets can be connected in a way where each subnet fully controls the forwarding of packets as well as address mappings in the ingress path to the subnet.

Some embodiments provide a novel way to insert a service (e.g., a third party service) in the path of a data message flow, between two machines (e.g., two VMs, two containers, etc.) in a public cloud environment. For a particular tenant of the public cloud, some embodiments create an overlay logical network with a logical overlay address space. To perform a service on data messages of a flow between two machines, the logical overlay network passes to the public cloud's underlay network the data messages with their destination address (e.g., destination IP addresses) defined in the logical overlay network. The underlay network (e.g., an underlay default downlink gateway) is configured to pass data messages with such destination addresses (e.g., with logical overlay destination addresses) to a set of one or more service machines. The underlay network (e.g., an underlay default uplink gateway) is also configured to pass to the particular tenant's public cloud gateway the processed data messages that are received from the service machine set and that are addressed to logical overlay destination addresses. The tenant's public cloud gateway is configured to forward such data messages to a logical forwarding element of the logical network, which then handles the forwarding of the data messages to the correct destination machine.

Systems and methods for InfiniBand fabric optimizations to minimize SA access and startup failover times. A system can comprise one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, a plurality of host channel adapters, a plurality of hosts, and a subnet manager, the subnet manager running on one of the one or more switches and the plurality of host channel adapters. The subnet manager can be configured to determine that the plurality of hosts and the plurality of switches support a same set of capabilities. On such determination, the subnet manager can configure an SMA flag, the flag indicating that a condition can be set for each of the host channel adapter ports.