An embodiment of the invention includes a packet processing pipeline. The packet processing pipeline includes match and action stages. Each match and action stage in incurs a match delay when match processing occurs and each match and action stage incurs an action delay when action processing occurs. A transport delay occurs between successive match and action stages when data is transferred from a first match and action stage to a second match and action stage.

In some aspects, the disclosure is directed to methods and systems for providing an architecture for building high performance silicon components that support a rich set of networking and security features. In many implementations, the architecture splits network and security functions into two functional and logical blocks (which may physically be on the same die or integrated circuit in some implementations, or may be split on separate integrated circuits). The network functions may be executed via an integrated network interface card and accelerator subsystem with a high throughput execution pipeline. Security functions may be executed asynchronously from the network processing functions, in many implementations.

In some aspects, the disclosure is directed to methods and systems for providing an architecture for building high performance silicon components that support a rich set of networking and security features. In many implementations, the architecture splits network and security functions into two functional and logical blocks (which may physically be on the same die or integrated circuit in some implementations, or may be split on separate integrated circuits). The network functions may be executed via an integrated network interface card and accelerator subsystem with a high throughput execution pipeline. Security functions may be executed asynchronously from the network processing functions, in many implementations.

Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.

Some embodiments of the invention provide a method for configuring multiple hardware offload units of a host computer to perform operations on packets associated with machines (e.g., virtual machines or containers) executing on the host computer and to pass the packets between each other efficiently. For instance, in some embodiments, the method configures a program executing on the host computer to identify a first hardware offload unit that has to perform a first operation on a packet associated with a particular machine and to provide the packet to the first hardware offload unit. The packet in some embodiments is a packet that the particular machine has sent to a destination machine on the network, or is a packet received from a source machine through a network and destined to the particular machine.

Some embodiments of the invention provide a method for configuring multiple hardware offload units of a host computer to perform operations on packets associated with machines (e.g., virtual machines or containers) executing on the host computer and to pass the packets between each other efficiently. For instance, in some embodiments, the method configures a program executing on the host computer to identify a first hardware offload unit that has to perform a first operation on a packet associated with a particular machine and to provide the packet to the first hardware offload unit. The packet in some embodiments is a packet that the particular machine has sent to a destination machine on the network, or is a packet received from a source machine through a network and destined to the particular machine.

A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.

A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.

A system and method for a switching network is disclosed. A plurality of first switching assemblies, second switching assemblies and intermediate switching assemblies with each of the first switching assemblies, second switching assemblies and intermediate switching assemblies having at least two input ports and output ports is provided. Selective one of the two input ports is configured to receive a data to be processed and delivered at a designated one of the output ports. Received data passes through one or more selective first switching assemblies, one or more intermediate switching assemblies and one or more selective second switching assemblies, before the received data is delivered to the designated port. A plurality of additional data is received in one or more of the input ports to be delivered to one or more designated output ports is processed before the received data is delivered to the designated one of the output ports.

A system and method for a switching network is disclosed. A plurality of first switching assemblies, second switching assemblies and intermediate switching assemblies with each of the first switching assemblies, second switching assemblies and intermediate switching assemblies having at least two input ports and output ports is provided. Selective one of the two input ports is configured to receive a data to be processed and delivered at a designated one of the output ports. Received data passes through one or more selective first switching assemblies, one or more intermediate switching assemblies and one or more selective second switching assemblies, before the received data is delivered to the designated port. A plurality of additional data is received in one or more of the input ports to be delivered to one or more designated output ports is processed before the received data is delivered to the designated one of the output ports.