The disclosure relates to technology for supporting multiple flow management protocols in a virtual network switch and changing a flow management protocol without changing switch topology configurations at run time. A data plane provider is detected via a pluggable software module (or plugin or plugin module) that identifies and controls the data plane provider with network interfaces and enables flow management protocols. A switch topology is then constructed by creating a virtual switch object, adding ports to the virtual switch object. A datapath is then created using the switch topology and the first flow management protocol on the data plane provider. Network interfaces are connect to each ports respectively to enable communication among the entities attached to each network interface according to the first flow management protocol. The datapath can be later changed to use the second flow management protocol and retain the same topology at run time.

Methods and systems for network communication are provided. A method includes maintaining a first segment of a routing data structure at a first switching module of a network adapter for routing a frame between virtual machines executed by a computing device operationally coupled to the network adapter; maintaining a second segment of the routing data structure at a second switching module for routing a frame received at a port of the network adapter to an external destination; receiving a frame from the computing device and using the first segment by the first switching module to route the frame to a destination virtual machine; and receiving a frame at a port of the network adapter and using the second segment of the routing structure by the second switching module to the route the frame to its destination without providing the frame to the computing device.

An edge switch receives a VM classification policy and an executing policy corresponding to each VM class distributed by a policy controller. The executing policy comprises information of each service node for processing a message and an executing sequence of the each service node. The edge switch receives a message sent by a VM connected to the edge switch, determines a VM class corresponding to the message according to the VM classification policy and determines an executing policy corresponding to the VM class. The edge switch encapsulates the message according to information of each service node to be executed by a VM of the VM class and an executing sequence, and sends the message, so that the message is sequentially sent to the each service node to be executed by the VM of the VM class to execute a service policy.

A method to assign a service flow classification for a client device that is performed at a network interface device includes accessing a configuration file having an interface mask, and correlating interface mask bit values with at least one port of the network interface. The network interface device associates the client device with the at least one port of the network interface device and assigns a service flow classification based on the interface mask bit values for an access request received by the network interface device from the client device. The network interface device then communicates with a virtual local area network mapping device using the service flow classification. The virtual local area network mapping device maps the service flow into a VLAN for the service flow of the client device.

A method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

A parsing apparatus includes an interface, a first parser, a second parser and a controller. The interface is configured to receive packets belonging to a plurality of predefined packet types. The first parser is configured to identify any of the packet types. The second parser is configured to identify only a partial subset of the packet types. The controller is configured to receive a packet via the interface, to attempt identifying a packet type of the received packet using the second parser, and in response to detecting that identifying the packet type using the second parser fails, to revert to identify the packet type of the received packet using the first parser.

Example methods and systems for virtual tunnel virtualized computing instance (VTEP) learning based on transport protocol information are described. In one example, a computer system may learn first mapping information and second mapping information. The first mapping information may associate (a) a first VTEP with (b) first transport protocol information and inner address information associated with a first virtualized computing instance. The second mapping information may associate (a) a second VTEP with (b) second transport protocol information and inner address information associated with a second virtualized computing instance. The computer system may detect an egress packet that is addressed to the inner address information. In response to determination that the egress packet specifies the first transport protocol information, a first encapsulated packet may be generated and sent towards the first VTEP. Otherwise, a second encapsulated packet may be generated and sent towards the second VTEP.

Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an L2 frame destined for the second client device. The first router generates an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers, a first portion of metadata comprising L2 addresses for the first and second client devices, and a second portion of metadata comprising L3 addresses for the first and second client devices, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the metadata and forwards the L2 frame to the second client device.

Novel tools and techniques might provide for implementing interconnection gateway and/or hub functionalities between two or more network functions virtualization (“NFV”) entities that are located in different networks. In some embodiments, a NFV interconnection gateway (“NFVIG”) might receive a set of network interconnection information from each of two or more sets of NFV entities, each set of NFV entities being located within a network separate from the networks in which the other sets of NFV entities are located. The NFVIG might be located in one of these networks. The NFVIG might abstract each set of network interconnection information, and might establish one or more links between the two or more sets of NFV entities, based at least in part on the abstracted sets of network interconnection information. The NFVIG might provide access to one or more virtualized network functions (“VNFs”) via the one or more links.

One embodiment of the present invention provides a switch. The switch includes a storage device, one or more line cards, and a control card. A respective line card includes one or more ports and forwarding hardware. The control card determines routing and forwarding tables for the switch, and comprises processing circuitry and a management module. The management module manage a tunnel or virtual network at the switch. During operation, the control card determine an event associated with layer-2 operations of the switch. The control card refrains from notifying the management module regarding the event and notifies a first line card in the one or more line cards regarding the event. The first line card then updates a layer-3 forwarding entry in the corresponding forwarding hardware based on the notification.