The techniques discussed herein include storing a fast-path and a slow-path table in a memory associated with a programmable switch, such as a cache of the programmable switch. An offload controller may control the contents of the fast-path and/or slow-path table and may thereby control behavior of the programmable switch. The programmable may route a received packet to a gateway if the packet generates a hit in the slow-path table. If the received packet generates a hit in the fast-path table, the packet may be forwarded directly to a virtual private cloud (VPC), virtual switch thereof, and/or to a virtual machine (VM).

Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network to forward the ingress traffic to a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of a computing resource hosted in the logically isolated network. The edge routing device may identify the route in the route table to override the destination in the network packet with the network appliance and forward the network packet to the network appliance according to the route.

Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network to forward the ingress traffic to a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of a computing resource hosted in the logically isolated network. The edge routing device may identify the route in the route table to override the destination in the network packet with the network appliance and forward the network packet to the network appliance according to the route.

A management device allocates a first identifier that identifies, from among tenants included in a multi-tenant system, a tenant that uses virtual machines running on the multi-tenant system. The management device performs the following process, for each terminating device, from among tenants in the multi-tenant system, on virtual machines that are running on a second network in which terminating devices are installed. Specifically, the management device allocates a second identifier that identifies a tenant that uses virtual machines running on the multi-tenant system. Furthermore, the management device creates, for each terminating device, conversion information in which the first identifier that is allocated to each of the virtual machines is associated with the second identifier. Then, the management device sets each terminating device such that a packet is encapsulated in accordance with the created conversion information.

Some embodiments provide a method for implementing a logical router in a network. The method receives a definition of a logical router for implementation on a set of network elements. The method defines several routing components for the logical router. Each of the defined routing components includes a separate set of routes and separate set of logical interfaces. The method implements the several routing components in the network. In some embodiments, the several routing components include one distributed routing component and several centralized routing components.

A virtual switch for packet switching includes an ingress traffic steering manager executing on circuitry and coupled to receive packets from multiple virtual machines or containers, multiple data plane providers, each data plane provider having a data path coupled to selectively receive the packets from the ingress traffic steering manager, and wherein the ingress traffic steering manager classifies the received packets and selects available data paths based on the classification of the packets and a set of distribution rules.

Example implementations relate to hard zoning capabilities for devices using Internet small computer system interface (iSCSI) protocol. For example, a method includes creating a virtual local area network (VLAN) at an Ethernet switch between an initiator and target adapter. The method includes assigning an access control list (ACL) to the VLAN. The method includes segregating a device of a plurality of devices connected to the SAN into a zone group. The method also includes controlling access of a zone group based on the ACL and frame filtering.

A method includes receiving tunnel information and end point information in response to a request to a distributed cluster. A common tunnel type supported by a source switch and a destination switch is selected. A packet is encapsulated with the common tunnel type supported by the source switch and the destination switch for a destination virtual machine (VM).

A method in a network element includes processing input packets using a set of two or more functions that are defined over parameters of the input packets. Each function in the set produces respective interim actions applied to the input packets and the entire set produces respective end-to-end actions applied to the input packets. An end-to-end mapping, which maps the parameters of at least some of the input packets directly to the corresponding end-to-end actions, is cached in the network element. The end-to-end mapping is queried with the parameters of a new input packet. Upon finding the parameters of the new input packet in the end-to-end mapping, an end-to-end action mapped to the found parameters is applied to the new input packet, without processing the new input packet using the set of functions.

A method for providing a “just-in-time” distributed capability for classification encoding is described. When a source transport node processes a new flow (a flow for the first time), the source transport node in some embodiments sends a metadata packet “just-in-time” to the destination transport node to propagate the classification encoding to use for the given flow.