Techniques are disclosed relating to an I/O agent circuit. The I/O agent circuit may include one or more queues and a transaction pipeline. The I/O agent circuit may issue, to the transaction pipeline from a queue of the one or more queues, a transaction of a series of transactions enqueued in a particular order. The I/O agent circuit may generate, at the transaction pipeline, a determination to return the transaction to the queue based on a detection of one or more conditions being satisfied. Based on the determination, the I/O agent circuit may reject, at the transaction pipeline, up to a threshold number of transactions that issued from the queue after the transaction issued. The I/O agent circuit may insert the transaction at a head of the queue such that the transaction is enqueued at the queue sequentially first for the series of transactions according to the particular order.

Network appliances can use packet processing pipeline circuits to implement network rules for processing network packet flows by configuring the pipeline's processing stages to execute specific policies for specific network packets in accordance with the network rules. Trace reports that indicate network rules implemented at specific processing stages can be more informative than those indicating policies implemented by the processing stages. A method implemented by a network appliance can store network rules for processing network flows by the processing stages of a packet processing pipeline circuit. The method can produce a trace report in response to to receiving a trace directive for one of the network flows wherein one of the processing stages has applied a network rule to a network packet in one of the network flows. The trace report can indicate the network rule in association with the processing stage and the network flow.

A network control system that includes several controllers for managing several switching elements. Each controller includes a network information base (NIB) storage that stores data regarding the switching elements and a secondary storage for facilitating replication of at least a portion of data across the NIB storages of the different controllers. In some embodiments, the primary purpose for one or more of the secondary storage structures is to back up the data in the NIB. In these or other embodiments, one or more of the secondary storage structures serve a purpose other than backing up the data in the NIB. In some embodiments, the NIB is stored in system memory while the system operates for fast access of the NIB records. In some embodiments, one or more of the secondary storage structures are stored on disks which can be slower to access.

An orchestrator can send trace directives to network appliances that indicate a network flow to trace. The network appliances can include packet processing pipelines that each include numerous processing stages. The network appliances implement network rules for processing network flows by configuring the pipeline's processing stages to execute specific policies for specific network packets in accordance with the network rules. The processing stages can also be configured to produce metadata indicating the policies implemented at each stage to process certain network packets in network flows indicated by trace directives. The metadata can be used to produce a trace report that indicates a network packet of the network flow, a first network rule that was applied to the network packet by a one of the first appliance processing stages, and the one of the first appliance processing stages that applied the first network rule to the network packet.

Techniques for implementing multi-table OpenFlow using a parallel hardware table lookup architecture are provided. In certain embodiments, these techniques include receiving, at a network device from a software-defined networking (SDN) controller, flow entries for installation into flow tables of the network device, where the flow entries are structured in a manner that assumes the flow tables can be looked-up serially by a packet processor of the network device, but where the flow tables are implemented using hardware lookup tables (e.g., TCAMs) that can only be looked-up in parallel by the packet processor. The techniques further include converting, by the network device, the received flow entries into a format that enables the packet processor to process ingress network traffic correctly using the flow entries, despite the packet processor's parallel lookup architecture, and installing the converted flow entries into the flow tables/hardware lookup tables.

Some embodiments of the invention provide a forwarding element that can be configured through in-band data-plane messages from a remote controller that is a physically separate machine from the forwarding element. The forwarding element of some embodiments has data plane circuits that include several configurable message-processing stages, several storage queues, and a data-plane configurator. A set of one or more message-processing stages of the data plane are configured (1) to process configuration messages received by the data plane from the remote controller and (2) to store the configuration messages in a set of one or more storage queues. The data-plane configurator receives the configuration messages stored in the set of storage queues and configures one or more of the configurable message-processing stages based on configuration data in the configuration messages.

Systems and methods are described for customizable data streams in a streaming data processing system. Routing criteria for the customizable data streams are defined by a user, an automated process, or any other process. The routing criteria can be defined using graphical controls. The streaming data processing system uses the routing criteria to determine data that should be used to populate a particular data stream. Further, processing pipelines are customized such that a particular processing pipeline can obtain data from a particular user defined data stream and write data to a particular user defined data stream. Data is routed through the user defined data streams and customized processing pipelines based on a data route. A data route for a set of data may include multiple user defined data streams and multiple processing pipelines. The data route can include a loop of processing pipelines and data streams.

A system administrator can specify NAT mappings to perform NAT translations in a switch. The administrator can specify an ACL to filter packets to be translated. Filter rules generated from the ACL are stored in a first memory store in a switch and NAT rules generated from the NAT mappings are stored in a second memory store separate from the first memory store. When a packet matches one of the filter rules a tag that identifies the ACL is associated with the packet. When the tagged packet matches one of the NAT rules, the packet is translated according to the matched NAT rule.

An egress packet modifier includes a script parser and a pipeline of processing stages. Rather than performing egress modifications using a processor that fetches and decodes and executes instructions in a classic processor fashion, and rather than storing a packet in memory and reading it out and modifying it and writing it back, the packet modifier pipeline processes the packet by passing parts of the packet through the pipeline. A processor identifies particular egress modifications to be performed by placing a script code at the beginning of the packet. The script parser then uses the code to identify a specific script of opcodes, where each opcode defines a modification. As a part passes through a stage, the stage can carry out the modification of such an opcode. As realized using current semiconductor fabrication process, the packet modifier can modify 200M packets/second at a sustained rate of up to 100 gigabits/second.

Some embodiments of the invention provide a network forwarding element that can be dynamically reconfigured to adjust its data message processing to stay within a desired operating temperature or power consumption range. In some embodiments, the network forwarding element includes (1) a data-plane forwarding circuit (“data plane”) to process data tuples associated with data messages received by the IC, and (2) a control-plane circuit (“control plane”) for configuring the data plane forwarding circuit. The data plane includes several data processing stages to process the data tuples. The data plane also includes an idle-signal injecting circuit that receives from the control plane configuration data that the control plane generates based on the IC's temperature. Based on the received configuration data, the idle-signal injecting circuit generates idle control signals for the data processing stages. Each stage that receives an idle control signal enters an idle state during which the majority of the components of that stage do not perform any operations, which reduces the power consumed and temperature generated by that stage during its idle state.