A first forwarding VM may execute in a first availability zone and have a first IP address. Similarly, a second forwarding VM may execute in a second availability zone and have a second IP address. The first and second IP addresses may be recorded with a cloud DNS web service of a cloud provider such that both receive requests from applications directed to a particular DNS name acting as a single endpoint. A service cluster may include a master VM node and a standby VM node. An IPtable in each forwarding VM may forward a request having a port value to a cluster port value associated with the master VM node. Upon a failure of the master VM node, the current standby VM node may be promoted to execute in master mode and the IPtables may be updated to now forward requests having the port value to a cluster port value associated with the newly promoted master VM node (which was previously the standby VM node).

Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a network external to the logical network and (ii) use a second routing table for exchanging routes with other edge computing devices that implement the logical router.

Cut-through frame transfer or store-and-forward frame transfer of a frame in an network switch is disclosed. A frame is received from an input port of the switch. A time period in a cycle time when the frame is received and a stream identification of the frame is determined. One of the cut-through frame transfer and the store-and-forward frame transfer of the frame is performed based on the time period in the cycle time when the frame was received and the stream identification.

Some embodiments provide a method for performing services for data messages associated with a machine executing on a particular host computer. On the particular host computer, the method configures (1) a first distributed forwarding element (DFE) to forward data messages sent by the machine based on network addresses specified by machine, and (2) a second DFE to forward data messages sent by the machine to a set of one or more other host computers on which a set of one or more service nodes before the data messages are returned to the particular host computer to be forwarded by the first DFE based on the network addresses specified by the machine. Each DFE is implemented by at least one software forwarding element executing (SFE) on the particular host computer and at least one other SFE executing on at least one other host computer.

Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a network external to the logical network and (ii) use a second routing table for exchanging routes with other edge computing devices that implement the logical router.

Disclosed are systems, methods, and non-transitory computer-readable media for protocol independent data unit forwarding. A packet forwarding system receives a data unit comprising a header byte string via an input port. The packet forwarding system parses the data unit based on a header type determined based on the input port, yielding a parsing output describing the header byte string of the data unit. The packet forwarding system updates a metadata item associated with the data unit based on the parsing output and determines a packet forwarding instruction for forwarding the data unit to a destination based on the metadata item associated with the data unit. The packet forwarding system forwards the data unit to the destination based on the packet forwarding instruction and the metadata item associated with the data unit.

A method and apparatus of a network element that processes control plane data in a network element is described. In an exemplary embodiment, the network element receives control plane data and determines a class of the control plane data. In addition, the network element marks the control plane data based on at least on an existence of an indication of whether the network element had previously processed other data in the same class as the class of the control plane data. Furthermore, the network element queues the control plane data.

Techniques are disclosed for scalable virtualization of tenants and subtenants on a virtualized computing infrastructure. In one example, a first controller for the virtualized computing infrastructure configures underlay network segments in the virtualized computing infrastructure by configuring respective Virtual Extensible Local Area Network (VXLAN) segments of a plurality of VXLAN segments of a VXLAN in a switch fabric comprising network switches. Each VXLAN segment provides underlay network connectivity among a different subset of host computing devices of the virtualized computing infrastructure to enable orchestration of multiple tenants in the VXLAN. A second controller for a first subset of the host computing devices has underlay network connectivity through operation of a first VXLAN segment. The second controller configures overlay networks in the first subset of the host computing devices to enable orchestration of multiple subtenants in the first subset of the host computing devices.

Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.

Distributed machine learning systems and other distributed computing systems are improved by embedding compute logic at the network switch level to perform collective actions, such as reduction operations, on gradients or other data processed by the nodes of the system. The switch is configured to recognize data units that carry data associated with a collective action that needs to be performed by the distributed system, referred to herein as “compute data,” and process that data using a compute subsystem within the switch. The compute subsystem includes a compute engine that is configured to perform various operations on the compute data, such as “reduction” operations, and forward the results back to the compute nodes. The reduction operations may include, for instance, summation, averaging, bitwise operations, and so forth. In this manner, the network switch may take over some or all of the processing of the distributed system during the collective phase.