A software-defined network (SDN) system, device and method comprise one or more input ports, a programmable parser, a plurality of programmable lookup and decision engines (LDEs), programmable lookup memories, programmable counters, a programmable rewrite block and one or more output ports. The programmability of the parser, LDEs, lookup memories, counters and rewrite block enable a user to customize each microchip within the system to particular packet environments, data analysis needs, packet processing functions, and other functions as desired. Further, the same microchip is able to be reprogrammed for other purposes and/or optimizations dynamically.

Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.

Some embodiments provide a system that includes a set of network controllers for receiving definitions of first and second logical switching elements. The system includes several managed switching elements. The set of network controllers configure the several managed switching elements to implement the defined first and second logical switching elements. The system includes several network hosts that are each (1) communicatively coupled to one of the several managed switching elements and (2) associated with one of the first and second logical switching elements. Network data communicated between network hosts associated with the first logical switching element are isolated from network data communicated between network hosts associated with the second logical switching element.

In some aspects, the disclosure is directed to methods and systems for providing an architecture for building high performance silicon components that support a rich set of networking and security features. In many implementations, the architecture splits network and security functions into two functional and logical blocks (which may physically be on the same die or integrated circuit in some implementations, or may be split on separate integrated circuits). The network functions may be executed via an integrated network interface card and accelerator subsystem with a high throughput execution pipeline. Security functions may be executed asynchronously from the network processing functions, in many implementations.

In some aspects, the disclosure is directed to methods and systems for providing an architecture for building high performance silicon components that support a rich set of networking and security features. In many implementations, the architecture splits network and security functions into two functional and logical blocks (which may physically be on the same die or integrated circuit in some implementations, or may be split on separate integrated circuits). The network functions may be executed via an integrated network interface card and accelerator subsystem with a high throughput execution pipeline. Security functions may be executed asynchronously from the network processing functions, in many implementations.

Some embodiments provide a method for processing a packet for a pipeline of a hardware switch. The pipeline, in some embodiments, includes several different stages that match against packet header fields and modify packet header fields. The method receives a packet that includes a set of packet headers. The method then populates, for each packet header in the set of packet headers, (i) a first set of registers with packet header field values of the packet header that are used in the pipeline, and (ii) a second set of registers with packet header field values of the packet header that are not used in the pipeline.

In an embodiment an interface unit includes a transmit pipeline configured to transmit egress data, and a receive pipeline configured to receive ingress data. At least one of the transmit pipeline and the receive pipeline being may be configured to provide shared resources to a plurality of ports. The shared resources may include at least one of a data path resource and a control logic resource.

Some embodiments provide a method for processing a packet for a pipeline of a hardware switch. The pipeline, in some embodiments, includes several different stages that match against packet header fields and modify packet header fields. The method receives a packet that includes a set of packet headers. The method then populates, for each packet header in the set of packet headers, (i) a first set of registers with packet header field values of the packet header that are used in the pipeline, and (ii) a second set of registers with packet header field values of the packet header that are not used in the pipeline.

Some embodiments provide a method for processing a packet for a pipeline of a hardware switch. The pipeline, in some embodiments, includes several different stages that match against packet header fields and modify packet header fields. The method receives a packet that includes a set of packet headers. The method then populates, for each packet header in the set of packet headers, (i) a first set of registers with packet header field values of the packet header that are used in the pipeline, and (ii) a second set of registers with packet header field values of the packet header that are not used in the pipeline.

Some embodiments provide a managed network for implementing a logical switching element. The managed network includes several managed edge switching elements that are each for (1) receiving packets for forwarding through the logical switching element and (2) forwarding packets that are known to the managed edge switching element to other managed edge switching elements in the several managed edge switching elements. The managed network includes a set of managed non-edge switching elements for (1) receiving packets from the several managed edge switching elements that are unknown to a particular managed edge switching element in the several managed edge switching elements and (2) forwarding packets to the several managed edge switching elements that are unknown to the several managed edge switching elements.