Systems, methods, and devices for improved routing operations in a network computing environment. A system includes a network topology comprising a plurality of spine nodes and a plurality of leaf nodes, wherein a link between a first spine node and a first leaf node is inactive. The first spine node includes one or more processors configurable to execute instructions stored in non-transitory computer readable storage media. The instructions include receiving a packet to be transmitted to the first leaf node. The instructions include identifying an alternative spine node at a same level in the network topology. The instructions include attaching a tunnel label to the packet, wherein the tunnel label indicates the packet should be transmitted to the alternative spine node.

Method, systems, and devices for providing a multi-function router. A router may receive, process, and forward data packets between a physical network interface and a logical network interface. The router may also run a virtualized machine that uses the logical network interface mapped statically or dynamically to the physical network interface.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

This application discloses a packet processing method that is applied to an EVPN, where the EVPN includes a first network device and a second network device. The method includes: receiving, by the first network device, a VXLAN packet sent by the second network device, where the VXLAN packet includes a path identifier and a service packet, the path identifier indicates a path from the first network device to a VNF device through an IPU, and the service packet includes a destination IP address; determining, by the first network device based on the path identifier, first routing information; and forwarding, by the first network device, the service packet to the VNF device via the IPU based on the first routing information and the destination IP address.

This disclosure describes techniques for improving speed of network convergence after node failure. In one example, a method includes storing, by SDN controller, an underlay routing table having routes for an underlay network of a data center and an overlay routing table having a set of routes for a virtual network of an overlay network for the data center, wherein the underlay network includes physical network switches, gateway routers, and a set of virtual routers executing on respective compute nodes of the data center; installing, within the underlay routing table, a route to a destination address assigned to a particular one of the virtual routers as an indicator of a reachability status to the particular virtual router in the underlay network. The SDN controller controls, based on presence or absence of the route within the underlay routing table, advertisement of the routes for the virtual network of the overlay network.

A computer device forms a scope controller for a cloud network, including: memory configured to store a computer-readable instruction; and at least one processor configured to execute the instruction, wherein the cloud network may include: hypervisors classified as a plurality of scopes including a first scope; and virtual machines generated by the hypervisors, wherein the at least one processor is configured to: switch, using a virtual switch of the scope controller, a packet communicated between virtual machines generated by hypervisors classified as the first scope, and a packet received from an outside of the first scope, and route, using a virtual router of the scope controller, a packet communicated between the scope controller and a router for connecting to an outside of the cloud network, and a packet communicated between the scope controller and a different scope controller assigned to a different scope other than the first scope.

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

An example operation may include a system, comprising one or more of receiving a virtual network function component instance (VNFCI) status notification resumption message with an active state when a peer VNFCI operational state is active, retrieving a timestamp of a VNFCI state change to an active state from an element VNFCI state database, retrieving a timestamp of a peer VNFCI state change to active from an element VNFCI state database, sending one or more of: a request to a virtual network function manager (VNFM) to determine if the VNFCI network is isolating while an operating state was active, and a request to the VNFM to determine if the peer VNFCI network is isolating while an operating state was active, sending a state change request with standby state to the peer VNFCI when the VNFCI is not network isolated and the peer VNFCI is network isolated, and a VNFM response is received regarding the VNFCI, a timeout response from the VNFM, and a VNFM response is received regarding the peer VNFCI, and sending a state change request with standby to the VNFCI with one or more of: the VNFCI network isolate and peer VNFCI is not network isolated, and the VNFCI is network isolated or the peer VNFCI is not network isolated, and the VNFCI is not network isolated and the peer VNFCI is network isolated and the VNFCI is in preferred standby.

A dynamic open access software-defined network can be configured to enable an end user premises device to function like a controller so that there is no need to employ a controller within the network. As a result, a dynamic open access software-defined network can be efficiently and effectively scaled. An end user premises device can be configured with a virtual switch that implements a flow receiver for receiving flows directly from a flow communicator of a management server without utilizing a controller or the Openflow protocol. The virtual switch may also be configured to store flows in a configuration file that is persisted across reboots on the end user premises device to thereby enable the end user premises device to rebuild a flow table without communicating with an external component.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.