Methods and techniques for flooding packets on a per-virtual-network basis are described. Some embodiments provide a method (e.g., a switch) which determines an internal virtual network identifier based on one or more fields in a packet's header. Next, the method performs a forwarding lookup operation based on the internal virtual network identifier. If the forwarding lookup operation succeeds, the method can process and forward the packet accordingly. However, if the forwarding lookup operation fails, the method can determine a set of egress ports based on the internal virtual network identifier. Next, for each egress port in the set of egress ports, the method can flood the packet if a virtual network identifier in the packet's header is associated with the egress port. Flooding packets on a per-virtual-network basis can substantially reduce the amount of resources required to flood the packet when a forwarding lookup operation fails.

One embodiment of the present invention provides a network device that facilitates configuration orchestration. During operation, the system interprets a configuration command and stores a data structure representing a set of business logic. The business logic can be triggered by the configuration command, a local condition, or both. Furthermore, the system configures the switch according to an outcome of the business logic.

One embodiment of the present invention provides a switch. The switch includes a fabric switch module and a border module. The fabric switch module maintains a membership in a first fabric switch. The fabric switch includes a plurality of switches and operates as a single logical switch. The border module determines that the egress switch identifier in a first encapsulation header of a first packet is associated with a switch outside of the fabric switch. The first packet is forwardable in the first fabric switch based on the first encapsulation header. In response to the determination, the border module changes the ingress switch identifier in the first encapsulation header of the first packet to a first virtual switch identifier associated with a first virtual switch. This first virtual switch externally represents the first fabric switch.

An autonomous network and a corresponding routing method include determining routing paths by a controller, and providing the determined routing paths to a data packet processor located remotely from the controller. The data packet processor routes outgoing data packets, based on information from the controller, through a plurality of switches remotely from the data packet processor. Each switch includes a plurality of network interfaces. For an outgoing data packet, the data packet processor determines a network interface over which to transmit the data packet, and adds an indication of the determined network interface in a header of the data packet. The data packet processor forwards the modified data packet to the switch including the determined network interface. The switch identifies the network interface based on the indication, and transmits the outgoing data packet over the identified network interface.

A system and method can support partition-aware routing in a multi-tenant cluster environment. An exemplary method can support one or more tenants within the multi-tenant cluster environment. The method can associate each of the one or more tenants with a partition of a plurality of partitions. The method can then associate each of the plurality of partitions with one or more nodes of a plurality of nodes, each of the plurality of nodes being associated with a leaf switch of a plurality of switches, the plurality of switches comprising a plurality of leaf switches and a plurality of root switches. Finally, the method can generate one or more linear forwarding tables, the one or more linear forwarding tables providing isolation between the plurality of partitions, wherein each of the plurality of nodes is associated with a partitioning order.

Systems, methods, and computer-readable media are provided for enforcing policy for upstream (e.g., traffic from an endpoint to the physical network layer or hardware fabric of a data center) flood traffic (e.g., broadcast, unknown unicast, or multicast traffic) originating from a virtual endpoint via a network fabric. In one embodiment, upstream flood traffic can be transmitted using a special multicast group to which only elements of the data center fabric (e.g., physical switches, routers) are subscribed. That is, upstream flood traffic is assigned to the special multicast group, resulting in unintended endpoints not receiving the flood traffic. However, the hardware fabric receives the flood traffic and will then enforce applicable policies to route the packets to intended endpoints.

A system and method for selecting packets to be forwarded from redundant multicast streams. A primary multicast stream and a secondary multicast stream are received, wherein the primary multicast stream and the secondary multicast stream are redundant multicast streams received over disjoint multicast forwarding paths. A hardware-based analyzer in a forwarding plane of the network device is applied to detect when a quality of one of the primary multicast stream or the secondary multicast stream has fallen below a threshold. In response to detecting that a quality of one of the primary multicast stream or the secondary multicast stream has fallen below a threshold, selecting, via a thread executing in a forwarding component of the network device, a different one of the primary multicast stream or the secondary multicast stream having a quality that meets the threshold, wherein selecting includes dynamically rewriting next hop operations associated with the selected stream. Packets received on the selected one of the primary multicast stream or the secondary multicast stream are forwarded and packets of the multicast stream received on the other one of the primary multicast stream or the secondary multicast stream for which the quality has fallen below the threshold are discarded.

Method of and a compiler for controlling a network based on a logical network model. The compiler determines physical and/or virtual resources, comprising of physical nodes and physical links, against which the logical model can be compiled. The network has known physical nodes, unknown physical nodes and logical nodes. The known physical nodes are “physical nodes” which are existing or still to be setup (virtual) nodes in the network. The known physical nodes are interconnected by physical links in accordance with a physical network layout. The logical network model has logical nodes indicated with a logical node name which refers to at least one known physical node or one unknown physical node in the network. The method uses a depth-mapping relation defining how the logical nodes are mapped to the known physical nodes and the unknown physical nodes. The term “unknown physical node” is used to define an imaginary physical node to which logical nodes can be mapped through depth-mappings and which are to be substituted by a physical node of the network of which the physical node name is stored. The method includes creating logical links between the logical nodes in dependence on the paths between the known physical nodes and/or the unknown physical nodes and on the depth-mapping relation. Known physical nodes are determined for unknown physical nodes and known physical paths are determined for unknown physical paths between unknown physical nodes by performing a search. The method uses edge-relationships between logical link, logical path, physical link, physical path and depth-mapping relations. Logical paths in the logical network are transformed into a physical path comprising of physical links between the physical nodes through recursive calculation and forwarding instructions are created for the physical nodes, in dependence on the edge-relationships and point-of-attachment names between physical links and physical nodes.

The objective of the invention is to enable sharing, between layers in a network in which the layers are used to perform communications, resource information and information required for using paths. A network control system includes: a lower layer information storage unit, a lower layer control information conversion unit, an upper layer information storage unit, an upper layer control information conversion unit, an integrated layer information storage unit and a layer integration unit. The layer integration unit integrates, as virtual links, the information of flows, which are representative of communications among terminals in the lower layer, with the network information of the upper layer, thereby constituting the network information of the integrated layer. Further, the layer integration unit performs reciprocal exchanges of network information among the integrated layer information storage unit, the lower layer information storage unit and the upper layer information storage unit, said reciprocal exchanges including a process of giving, as the attribute information of the ports of the upper layer, label information required for using the virtual link provided by the lower layer.

Methods and systems of a disaggregated optical transport network (OTN) switching system that include using plug-in universal (PIU) modules each having multiple ports for OTN to Ethernet transceiving and an Ethernet fabric as a switching core are disclosed. An OTN over Ethernet module in each of the PIU modules may enable various OTN functionality to be realized using the Ethernet fabric which may include multiple Ethernet switches. An ith port of the multiple ports of each PIU module may be connected to the ith Ethernet switch of each of the Ethernet switches. A PIU module may be associated with a respective sequential order of the Ethernet switches. The PIU module may transmit an Ethernet packet from an ith port of the PIU module corresponding to the ith Ethernet switch, where the ith port is selected based on the respective sequential order of the Ethernet switches.