The present disclosure describes techniques for hardware acceleration for routing programs. In some aspects communications between a routing determination program and a packet router are monitored in a router, both the routing determination program and the packet router being part of a software layer of the router. The communications include the routing determination program providing configuration data to the packet router. Based on the monitored communications, a packet processor is changed to reflect the configuration data, the packet processor being part of a hardware layer of the router. The packet processor performs packet routing operations of receiving packets, determining the next routers in the paths to the target destinations of the packets, and sending the packets to the next routers independent of the software layer.

The embodiments described herein provide mechanism that allows an embedded router software image and an application to run in the user application memory space of a general purpose computer. A connection is established with an operating system device configured to route packets between the application and the software router and route, by the software router, network traffic to and from the application by way of the connection. The application may be connected to other applications in the user application memory space or connected to applications that are external to the general purpose computer.

The apparatus (SW) has a plurality of input/output ports (P1, P2, P3, P4, P5) for receiving and transmitting data packets, and comprises a data packets handling circuitry (DPL) arranged to forward data packets between the input/output ports (P1, P2, P3, P4, P5) and an internal apparatus controller (CPL) arranged to control the data packet handling circuitry (DPL); the apparatus (SW) has a control port (PC) for communication between the internal apparatus controller (CPL) and an external network controller (NWC); the apparatus controller (CPL) is arranged to store (MEM) at least one state transition table (TT) to be used for controlling the forwarding of data packets by the data packets handling circuitry (DPL); the apparatus controller (DPL) is arranged to use said at least one state transition table (TT) for implementing at least one finite state machine (FSM); the apparatus controller (DPL) is arranged to use said at least one state transition table (TT) for handling separately distinct incoming data packets flows through corresponding distinct instances of finite state machine; the apparatus controller (DPL) is arranged to receive said at least one state transition table (TT) through the control port (PC).

Some embodiments provide a method for a network controller that manages a flow-based managed forwarding element (MFE). The method receives multiple service rules for implementation by the MFE. Each service rule matches over a set of network addresses. At least one network address is in the set of network addresses for at least two service rules. The method groups the network addresses into non-overlapping groups of network addresses, each of which addresses that are all matched by only a same set of service rules. The method generates flow entries that match over the groups of network addresses for the MFE to use to implement the service rules.

Methods, apparatus and articles of manufacture (e.g., physical storage media) to perform centralized route determination in communication networks (e.g., such as software defined networks) are disclosed. Example methods for route determination disclosed herein include accessing, with a controller of a software defined network, a first set of constraints specifying whether route splitting is permissible for respective ones of a set of flows in the software defined network. Such disclosed example methods also include accessing, with the controller, a second set of constraints specifying respective bandwidth demands for the respective ones of the set of flows in the software defined network. Such disclosed example methods further include determining, with a linear programming model implemented by the controller, a set of routes based on the first and second sets of constraints, wherein the set of routes is to route the set of flows in the software defined network.

A forwarding flow table request sent by a host device when the host device fails to find a matching forwarding flow table entry for a data packet to be forwarded is received, when a destination MAC address of the data packet is the global virtual MAC address, a forwarding flow table entry is generated according to the global port table; the forwarding flow table entry includes an operation indication of replacing the destination MAC address of the data packet with the matching MAC address found in the global port table; and the forwarding flow table entry is sent to the host device, so that the host device may forward a data packet matching the forwarding flow table entry.

Methods and apparatus for processing data packets in a computer network are described. One general method includes receiving a data packet; examining the data packet to classify the data packet including classifying the data packet as a L2 or L3 packet and including determining at least one zone associated with the packet; processing the packet in accordance with one or more policies associated with the zone; determining forwarding information associated with the data packet; and if one or more policies permit, forwarding the data packet toward an intended destination using the forwarding information.

A hybrid configuration engine and associated method for reducing the complexity and burden of configuring rich coexistence between an on-premise solution and a cloud-based solution is described herein and illustrated in the accompanying figures. The hybrid configuration engine determines the current state of the on-premise solution and the cloud-based solution and learns the desired configuration state. After obtaining the current and desired configuration state information, the hybrid configuration engine determines and automatically performs steps to reach the desired configuration state. Finally, the hybrid configuration engine provides instructions describing the manual steps needed to reach the desired configuration state.

A device receives packets of a traffic flow, and inspects one or more of the packets of the traffic flow. The device determines, based on the inspection of the one or more packets, a service graph of feature peers for the packets of the traffic flow. The feature peers are associated with a network, and the service graph includes an ordered set of the feature peers. The device configures network devices of the network with the service graph, and the network devices forward the packets of the traffic flow to the feature peers based on the service graph and without changing the traffic flow.

The disclosure relates to technology for supporting a virtual switch to change data plane providers on a framework supporting multiple data plane providers. A processing device receives a request to change a first data plane provider, where the virtual switch is configured with a topology on the first data plane provider to use a flow management protocol. The virtual switch includes network interfaces connected to ports to enable communication among entities attached to the network interfaces by forwarding data packets within a first datapath of the first data plane. In response to the change, the network interfaces are disconnected, the first datapath is removed and a second datapath is created. The virtual switch is then configured to operate with the second datapath while retaining the flow management protocol and the topology, such that the entities communicate by forwarding data packets within the second datapath on the second data plane.