A network device includes a port, a transmission pipeline and a time-stamping circuit. The port is configured for connecting to a network. The transmission pipeline includes multiple pipeline stages and is configured to process packets and to send the packets to the network via the port. The time-stamping circuit is configured to temporarily suspend at least some processing of at least a given packet in the transmission pipeline, to verify whether a pipeline stage having a variable processing delay, located downstream from the time-stamping circuit, meets an emptiness condition, and, only when the pipeline stage meets the emptiness condition, to time-stamp the given packet and resume the processing of the given packet.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

Improved network traffic flow processing techniques are described. In a network device providing multiple processing planes, each processing plane comprising multiple processing units, techniques are described that take advantage of flow affinity/locality principles such that the same processing component of a processing plane, which previously performed processing for a network flow, is used for performing subsequent processing for the same network flow. This enables faster processing of network traffic flows by the network device. In certain implementations, the techniques described herein can be implemented in a network virtualization device (NVD) that is configured to perform network virtualization functions.

A network appliance can continue operation at a degraded level during an upgrade that requires less free pipeline memory than other upgrade techniques. The network appliance has a control plane and has a data plane with a packet processing pipeline circuit. Before the upgrade, the control plane has configured the packet processing pipeline circuit to process a network flow. The packet processing pipeline may be halted in order to perform a pipeline upgrade during which the packet processing pipeline circuit's pipeline memory is cleared. The packet processing pipeline circuit is restarted after the pipeline upgrade after which the control plane can reconfigure the packet processing pipeline circuit to process the network flow. The packet processing pipeline circuit can therefore process the network flow after the pipeline upgrade.

Some embodiments provide a network forwarding IC with packet processing pipelines, at least one of which includes a parser, a set of match-action stages, and a deparser. The parser is configured to receive a packet and generate a PHV including a first number of data containers storing data for the packet. A first match-action stage is configured to receive the PHV from the parser and expand the PHV to a second, larger number of data containers storing data for the packet. Each of a set of intermediate match-action stage is configured to receive the expanded PHV from a previous stage and provide the expanded PHV to a subsequent stage. A final match-action stage is configured to receive the expanded PHV and reduce the PHV to the first number of data containers. The deparser is configured to receive the reduced PHV from the final match-action stage and reconstruct the packet.

A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

A circuit for use in frame filtering is disclosed. The circuit includes a plurality of comparator units. Each comparator unit configured, in response to receiving at least a part of a data frame, to perform a determination whether data in a portion of the at least part of the data frame matches respective reference data and to provide a result to a comparator unit output based on the determination. The circuit includes a crossbar switch having crossbar inputs coupled to respective comparator unit outputs and configured to provide sets of crossbar switch outputs via configurable interconnects; and a set of result-combining logic units, each result-combining logic unit coupled to a respective set of crossbar switch outputs, and configured to provide a respective logic unit output.

A network device includes a port, a transmission pipeline and a time-stamping circuit. The port is configured for connecting to a network. The transmission pipeline includes multiple pipeline stages and is configured to process packets and to send the packets to the network via the port. The time-stamping circuit is configured to temporarily suspend at least some processing of at least a given packet in the transmission pipeline, to verify whether a pipeline stage having a variable processing delay, located downstream from the time-stamping circuit, meets an emptiness condition, and, only when the pipeline stage meets the emptiness condition, to time-stamp the given packet and resume the processing of the given packet.

A network load balancer, a request message distribution method, a program product, and a system provided by the present disclosure relate to cloud computing technology. The network load balancer includes: a network port and N intermediate chips; the N intermediate chips are connected in sequence; the network port is connected to a first intermediate chip among the N intermediate chips; N is a positive integer greater than or equal to 1; the network port is configured to receive a request message and forward the request message to the first intermediate chip; each of the intermediate chips is configured to forward the request message to a next intermediate chip connected to a current intermediate chip if connection information matching the request message is not found; and transmit the request message to a background server according to the connection information if the connection information matching the request message is found.