An SDN architecture and a method for forwarding message based on the SDN architecture are provided. The SDN architecture includes controllers and a forwarding device, and the SDN further includes: a monitoring controller, which is connected between the multiple controllers and the forwarding device and configured to receive or monitor control plane messages of the multiple controllers, and determine a flow table to be sent to the forwarding device according to a local strategy and the control plane messages of the multiple controllers.

A controller generates a Software Defined Network (SDN) entry for a Virtual eXtensible Local Area Network (VXLAN) Tunnel End Point (VTEP). A Match field in the generated SDN entry contains a VXLAN Network Identifier (VNI) corresponding to the SDN entry. The controller sends the generated SDN entry to the VTEP.

This disclosure describes techniques for improving speed of network convergence after node failure. In one example, a method includes storing, by SDN controller, an underlay routing table having routes for an underlay network of a data center and an overlay routing table having a set of routes for a virtual network of an overlay network for the data center, wherein the underlay network includes physical network switches, gateway routers, and a set of virtual routers executing on respective compute nodes of the data center; installing, within the underlay routing table, a route to a destination address assigned to a particular one of the virtual routers as an indicator of a reachability status to the particular virtual router in the underlay network. The SDN controller controls, based on presence or absence of the route within the underlay routing table, advertisement of the routes for the virtual network of the overlay network.

Grouping virtualized computing instances in cloud environments can be achieved utilizing groups of network endpoints, such as hardware devices, virtualized computing instances, etc. The network endpoint group (NEG) provides a logical grouping for providers of backend services that may be arranged on the network endpoints, and may be organized based on the backend service to be provided by the computing environments that operate as network endpoints. For example, the NEGs may be implemented for load balancing applications. The network endpoint groups, and the network endpoints included therein, may be managed using a framework of tools, libraries and application programming interfaces.

A content caching system enables an NDN network to place content closer to each end user(s) and to provide an explicit path for the target end user(s) to that content for better performance just in advance of users' anticipated request(s). The apparatus includes NDN routers and SDN controller employing a content commander, at least a content placement agent and at least one content analysis agent.

A control system including several controllers for managing several switching elements. A first controller registers a second controller for receiving a notification when a data tuple changes in a network information base (NIB) storage of the first controller that stores data for managing a set of switching elements. The first controller changes the data tuple in the NIB. The first controller sends the notification to the second controller of the change to the data tuple in the NIB. The first and second controllers operate on two different computing devices. Each controller receives logical control plane data for specifying logical datapath sets and converts the logical control plane data to physical control plane data for enabling the switching elements to implement the logical datapath sets.

Some embodiments of the invention provide a a method of processing packets associated with a logical switching element implemented by multiple physical switching elements executing on multiple host computers on which multiple machines execute. At a first physical switching element of a first host computer, the method receives a packet from a first machine associated with the logical switching element. For the packet, the method identifies a logical ingress port of the logical switch that is associated with the packet. For the packet, the method also uses the logical ingress port to identify a logical egress port of the logical switch that is associated with the packet. For the packet, the method also uses the logical egress port to identify a physical egress port of the first host computer to use to send the packet along to a second machine associated with the logical egress port. From the identified physical egress port, the method forwards the packet with an encapsulating header that stores the logical egress port.

Some embodiments provide a method for a computing device that implements a first logical network gateway in a first datacenter to process data messages between data compute nodes (DCNs) belonging to the logical network and operating in the first datacenter and DCNs belonging to the logical network and operating in a second datacenter. From a host computer in the first datacenter, the method receives a logical network data message encapsulated with a first tunnel header including a first virtual network identifier corresponding to a logical forwarding element of the logical network. The method removes the first tunnel header and encapsulates the logical network data message with a second tunnel header include a second virtual network identifier corresponding to the logical forwarding element. The method transmits the logical network data message encapsulated with the second tunnel header to a second logical network gateway in the second datacenter.

Disclosed is an OpenFlow based distributed antenna system (DAS) policy routing method. The DAS policy routing method includes: extracting, by a DAS unit, a match field from header information of a received frame; and comparing, by the DAS unit, the extracted match field with a matching rule of a forwarding table to route according to a matching traffic transmission policy and output a frame to an output port of the DAS unit.

Systems and methods for automatically configuring security groups during data protection operations including disaster recovery operations. In preparation for recovering a source site to a target site, security information at the source site is collected and classified. The classified security information is stored as a disaster recovery plan at least for security aspects of the disaster recovery process. The disaster recovery plan can be implemented at the target site such that security risks are minimized and connectivity errors are minimized during the recovery process.