A virtual network comprising virtual machines executing at a computing environment remote from the virtualized computing service provider is implemented. A control plane management functions is configured to provide and implement the virtual machines of the virtual network and executed at the virtualized computing service provider. Data plane management functions are configured to manage data traffic to and from the virtual machines of the virtual network and executed at the remote computing environment. A secure network connection between the virtualized computing service provider and the remote computing environment is established. The control plane management functions cause instantiation of the virtual machines of the virtual network at the remote computing environment. Using the control plane management functions executing at the virtualized computing service provider, operation of the virtual machines of the virtual network is managed. Using the data plane management functions executing at the remote computing environment, operation of data plane operations at the virtual machines executing at the remote computing environment is allowed.

A network device is configured to associate a tenant of a plurality of tenants with a virtual routing and forwarding (VRF) instance of a plurality of VRF instances. The network device receives a packet comprising metadata specifying a tenant identifier for the tenant. The network device identifies, based on the tenant identifier specified by the metadata, the VRF instance associated with the tenant. The network device retrieves one or more routes from a routing information base (RIB) of the VRF instance associated with the tenant and forwards the packet toward a destination via the one or more routes.

A packet forwarding method includes obtaining, by a network device, a first tunnel identifier of a first packet. When the first tunnel identifier is a first value, and forwarding, by the network device, the first packet based on a first routing group in a virtual routing and forwarding (VRF) table. The first routing group consists of one or more local routes, and each next-hop outbound interface of the one or more local routes is a local outbound interface. The network device forwards the packet based on a local routing group including only a local route in the VRF table such that the packet is forwarded to a local virtual machine for processing, and is not forwarded to another tunnel endpoint device during packet forwarding.

A dynamic open access software-defined network can be configured to enable an end user premises device to function like a controller so that there is no need to employ a controller within the network. As a result, a dynamic open access software-defined network can be efficiently and effectively scaled. An end user premises device can be configured with a virtual switch that implements a flow receiver for receiving flows directly from a flow communicator of a management server without utilizing a controller or the Openflow protocol. The virtual switch may also be configured to store flows in a configuration file that is persisted across reboots on the end user premises device to thereby enable the end user premises device to rebuild a flow table without communicating with an external component.

A computing node is configure to implement an intra-node network boot and installation protocol (protocol) for booting and installing an operating system (OS) on a virtual machine hosted on the computing node without communicating over a physical network. The protocol includes hosting a dynamic host configuration protocol (DHCP) server instance and/or a network boot server instance on a controller virtual machine of the computing node to emulate DIICP protocol and network boot server protocol communications. In some examples, the protocol further utilizes one or more virtual extensible local area networks (LANs) (VXLANs) and a virtual switch hosted at a hypervisor running on the computing node.

A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.

Technologies directed to determining a role of a network device, configuring the network device according to the role, and provisioning the network device to a network are described. In one method, the hardware configuration information and external connection information are stored by the network device. The network device determines a role using the hardware configuration information and the external connection information without any manual intervention or manual configuration. The role can be any one of a Router Node, a Storage Node, a Base Station Node, a Relay Node, a Gateway Node, or a Customer Premises Equipment (CPE) Node. After recognizing the role, the network device can be configured and provisioned to the network without any manual intervention or manual configuration.

Systems, methods, and computer-readable media for requesting a cellular IP address by initiating a call with a modem, establishing data packet network connectivity with the cellular IP address, assigning the cellular IP address to a virtual L2-bridge interface, wherein the virtual L2-bridge interface includes a MAC address, mapping a MAC address of a virtual machine with the MAC address of the virtual L2-bridge interface, detecting a change in the cellular IP address, and updating the virtual L2-bridge interface with a different cellular IP address while maintaining the data packet network connectivity.

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

Some embodiments provide a system for implementing a logical network that spans multiple datacenters. The system includes, at each of the datacenters, a set of host computers that execute (i) data compute nodes (DCNs) belonging to the logical network and (ii) managed forwarding elements (MFEs) that implement the logical network to process data messages for the DCNs executing on the host computers. The system also includes, at each of the datacenters, a set of computing devices implementing logical network gateways for logical forwarding elements (LFEs) of the logical network. The logical network gateways are connected to the logical network gateways for the LFEs at the other datacenters. The MFEs executing on the host computers in a first datacenter communicate with the MFEs executing on the host computers in a second datacenter via the logical network gateways of the first and second datacenters.