Network appliances can use packet processing pipeline circuits to implement network rules for processing network packet flows by configuring the pipeline's processing stages to execute specific policies for specific network packets in accordance with the network rules. Trace reports that indicate network rules implemented at specific processing stages can be more informative than those indicating policies implemented by the processing stages. A method implemented by a network appliance can store network rules for processing network flows by the processing stages of a packet processing pipeline circuit. The method can produce a trace report in response to to receiving a trace directive for one of the network flows wherein one of the processing stages has applied a network rule to a network packet in one of the network flows. The trace report can indicate the network rule in association with the processing stage and the network flow.

A network control system that includes several controllers for managing several switching elements. Each controller includes a network information base (NIB) storage that stores data regarding the switching elements and a secondary storage for facilitating replication of at least a portion of data across the NIB storages of the different controllers. In some embodiments, the primary purpose for one or more of the secondary storage structures is to back up the data in the NIB. In these or other embodiments, one or more of the secondary storage structures serve a purpose other than backing up the data in the NIB. In some embodiments, the NIB is stored in system memory while the system operates for fast access of the NIB records. In some embodiments, one or more of the secondary storage structures are stored on disks which can be slower to access.

A network control system that includes several controllers for managing several switching elements. Each controller includes a network information base (NIB) storage that stores data regarding the switching elements and a secondary storage for facilitating replication of at least a portion of data across the NIB storages of the different controllers. In some embodiments, the primary purpose for one or more of the secondary storage structures is to back up the data in the NIB. In these or other embodiments, one or more of the secondary storage structures serve a purpose other than backing up the data in the NIB. In some embodiments, the NIB is stored in system memory while the system operates for fast access of the NIB records. In some embodiments, one or more of the secondary storage structures are stored on disks which can be slower to access.

A network control system that includes several controllers for managing several switching elements. In some embodiments, each switching element implements at least one logical switching element and has a master controller. In some embodiments, at least one controller is a master of at least two switching elements. The network control system accepts definitions of the logical switching elements and, in some embodiments, each logical switching element has a master controller. In some embodiments, at least one controller is a master for at least two logical switching elements.

A novel and efficient method is described that creates a monolithic high capacity Packet Engine (PE) by connecting N lower capacity Packet Engines (PEs) via a novel Chip-to-Chip (C2C) interface. The C2C interface is used to perform functions, such as memory bit slicing and to communicate shared information, and enqueue/dequeue operations between individual PEs.

A software-defined network (SDN) system, device and method comprise one or more input ports, a programmable parser, a plurality of programmable lookup and decision engines (LDEs), programmable lookup memories, programmable counters, a programmable rewrite block and one or more output ports. The programmability of the parser, LDEs, lookup memories, counters and rewrite block enable a user to customize each microchip within the system to particular packet environments, data analysis needs, packet processing functions, and other functions as desired. Further, the same microchip is able to be reprogrammed for other purposes and/or optimizations dynamically.

A command processing system facilitates pipeline configuration. Each stage of a packet processing pipeline may access certain memory locations for processing of a data packet as it passes through each stage. The command processing system facilitates changing the memory locations in an atomic manner.

A control system including several controllers for managing several switching elements. A first controller registers a second controller for receiving a notification when a data tuple changes in a network information base (NIB) storage of the first controller that stores data for managing a set of switching elements. The first controller changes the data tuple in the NIB. The first controller sends the notification to the second controller of the change to the data tuple in the NIB. The first and second controllers operate on two different computing devices. Each controller receives logical control plane data for specifying logical datapath sets and converts the logical control plane data to physical control plane data for enabling the switching elements to implement the logical datapath sets.

A control system including several controllers for managing several switching elements. A first controller registers a second controller for receiving a notification when a data tuple changes in a network information base (NIB) storage of the first controller that stores data for managing a set of switching elements. The first controller changes the data tuple in the NIB. The first controller sends the notification to the second controller of the change to the data tuple in the NIB. The first and second controllers operate on two different computing devices. Each controller receives logical control plane data for specifying logical datapath sets and converts the logical control plane data to physical control plane data for enabling the switching elements to implement the logical datapath sets.

Some embodiments of the invention provide a a method of processing packets associated with a logical switching element implemented by multiple physical switching elements executing on multiple host computers on which multiple machines execute. At a first physical switching element of a first host computer, the method receives a packet from a first machine associated with the logical switching element. For the packet, the method identifies a logical ingress port of the logical switch that is associated with the packet. For the packet, the method also uses the logical ingress port to identify a logical egress port of the logical switch that is associated with the packet. For the packet, the method also uses the logical egress port to identify a physical egress port of the first host computer to use to send the packet along to a second machine associated with the logical egress port. From the identified physical egress port, the method forwards the packet with an encapsulating header that stores the logical egress port.