One or more embodiments relate generally to virtual network switches. More specifically, one or more embodiments relate to distributed switching including distributing to virtual network switches network rules based on configuration files related to access switches.
Known virtualized computer systems can host multiple virtual computer systems at a single physical computing device such as a personal computer or a computer server. Such virtualized computer systems can include a hypervisor that provides an interface via which the multiple virtual computer systems (also referred to as virtual machines) can share the hardware resources such as a processor, a memory, a hard or solid-state drive, and a network interface.
Some known virtualized computer systems implement a virtual or soft switch between the physical network interface and the multiple virtual computer systems. When any of the multiple virtual computer systems communicate one with another, they can communicate within the single physical computing device via the virtual switch. In other words, network traffic with a source and destination within the single physical computing device do not exit the physical computer system. This can produce advantageous results such as reduced network traffic at the external communications network to which the physical computer device is connected via the physical network interface and reduced network congestion at the physical network interface. Such methods, however, typically fail to provide consistency in security, visibility, management, and/or fault resolution with the external communications network and the network elements (e.g., routers, switches, and management entities) of the external communications network.
For example, known virtual switches within virtualized computer systems fail to implement many of the features, functionalities, and/or mechanisms of the network elements of the external communication network (also referred to as external network elements). For example, known virtual switches typically fail to implement rules, filters, access control lists (“ACLs”), mirroring capabilities, intrusion detection, counters, flow tables, and other features or mechanisms of the external network elements. Thus, network traffic within the virtualized computer system is processed or handled differently than network traffic at the external communications network to which the physical computer system is connected, resulting in inconsistent handling of network traffic and possible security, accounting, and management degradation.