Packet forwarding methods, apparatuses, devices, and systems are disclosed. An example packet forwarding system includes a target virtual machine, a virtual switch and a network card device, wherein: the target virtual machine is configured to send a first packet to the virtual switch; the virtual switch is configured to add input port information to the first packet to obtain a second packet after receiving the first packet sent by the target virtual machine, and forward the second packet to the network card device; and the network card device is configured to determine a corresponding first forwarding rule based on the input port information included in the second packet in response to receiving the second packet sent by the virtual switch, and perform forwarding processing on the second packet based on the first forwarding rule.

In general, techniques are described for facilitating balanced cell handling by fabric cores of a fabric plane for an internal device switch fabric. In some examples, a routing system includes a plurality of fabric endpoints and a switching fabric comprising a fabric plane to switch cells among the fabric endpoints. The fabric plane includes two fabric cores and one or more inter-core links connecting the fabric cores. Each fabric core selects an output port of the fabric core to which to route a received cell of the cells based on (i) an input port of the fabric core on which the received cell was received and (ii) a destination fabric endpoint for the received cell, at least a portion of the selected output ports being connected to the inter-core links, and switches the received cell to the selected output port.

Techniques for providing a backup network path using a standby wide area network (WAN) link with reducing monitoring. Packet loss and latency metrics are monitored for network paths in an adaptive private network (APN) connecting a first user and a second user according to control traffic operating at a first control bandwidth for each network path. A determination is made that a first network path uses a standby WAN link, has packet loss and latency metrics indicative of a good quality state, and has at least one characteristic that identifies the first network path as a backup network path. The control traffic is then reduced for the backup network path to a second control bandwidth substantially less than the first control bandwidth. The backup network path is made active when the number of active network paths is less than or equal to a minimum number.

Some embodiments of the invention provide a method for migrating a machine on a first host computer to a second host computer. At the first host computer, the method gathers a set of service insertion data used by a first service insertion module executing on the first host computer to identify a particular chain of multiple services that a set of multiple service nodes have to perform on a particular data message flow associated with the machine. To the second host computer, the method sends a set of machine configuration data and the set of service insertion data. The second host computer (1) uses the machine configuration data to deploy the machine on the second host computer and (2) uses the gathered set of service insertion data to configure a second service insertion module executing on the second host computer to identify the particular chain of two or more services.

Some embodiments of the invention provide a new networking data path framework that employs one or more dedicated kernel threads to process network traffic on a host computer executing multiple machines (such as virtual machines or containers). This new framework is referred to as an Enhanced Networking Stack (ENS) in this document. In some embodiments, the dedicated kernel threads execute on dedicated CPU cores (e.g., one kernel thread per CPU core) to proactively poll physical NICs (PNICs) of the host computer and virtual NICs (VNICs) of the machines (e.g., VMs), and to perform packet processing operations on packets received by the host and packets transmitted by the machines. In some embodiments, each PNIC or VNIC is associated with one dedicated kernel thread, in order to avoid synchronization issues between the kernel threads. In the discussion below, these kernel threads are referred to as fast-path packet processing threads or as logical cores, or Lcores, and the physical and virtual NICs that are polled by the Lcores are referred to as polled network devices. In some embodiments, one Lcore can process multiple polled network devices. This is beneficial because in some embodiments one CPU core is dedicated to each Lcore (i.e., because one Lcore monopolizes the entire computing power of one CPU core), and it would be wasteful to dedicate one Lcore to just one polled network device, which might be underutilized.

A novel multi-stage folded Clos network and a linecard for use in a network is disclosed. The Clos network can consist of three stages, an access stage, a lower stage, and an upper stage. The access stage and the upper stage can include a plurality of switches or conventional access points. The lower stage can include a plurality of linecards. Each linecard can be made of two switch chips, each of which are connected to the ports of the linecard, and contain the same number of ports. Each switch chip can forward information in only one direction and one is used to send direction from the access stage to the upper stage, and the other from the upper stage to the access stage. The lower stage can consist of a number of sub-stages, each sub-stage can be entirely of either conventional switches or linecards. Accordingly, compared to a conventional Clos network, the provided network can increase the throughput by any power of 2 by replacing the conventional switches used in the lower stage or sub-stages with linecards.

A router includes a memory configured to store a plurality of label spaces for each label space type used in a communication system. The plurality of label spaces store labels that identify virtual links between nodes of the communication system. The router also includes a processor configured to allocate a plurality of label space identifiers to the plurality of label spaces and to route packets based on labels and label space identifiers included in the packets. The router further includes a transceiver configured to transmit or receive the packets including the labels and the label space identifiers.

A network node having a receiver for receiving input packets, a local node memory where one or more parameters for coding are stored, an encoder for creating coded packets from the input packets using linear network coding, and a transmitter to transmit the coded packets. Each coefficient of the linear network coding is a parameter of the one or more parameters or a pre-determined function of the one or more parameters. A related method and a network are also presented.

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

A switch architecture enables ports to stash packets in unused buffers on other ports, exploiting excess internal bandwidth that may exist, for example, in a tiled switch. This architecture leverages unused port buffer memory to improve features such as congestion handling and error recovery.