VLAN to secure communication between virtual machines and in a multi-tenant public data center

US 10,021,016 B2
Filed: 02/01/2016
Issued: 07/10/2018
Est. Priority Date: 12/16/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a first network controller of a private network of a private datacenter comprising a first set of virtual machines (VMs);

in response to a command to create a second set of one or more VMs in a public datacenter, commanding a second network controller of the public datacenter to create the second set of VMs in the public datacenter, wherein the first network controller configures a set of forwarding elements in the private network for communicating with the second set of VMs;

communicating with the second network controller of the public datacenter to determine whether the second network controller is a type that includes application programming interfaces (APIs) to set up a virtual local area network (VLAN) for the second set of VMs; and

after determining that the second network controller is a type that includes APIs to set up the VLAN for the second set of VMs, using the APIs to command the second network controller to set up the VLAN in the public datacenter for the second set of VMs, such that the second set of VMs communicate securely with each other through the VLAN without forwarding their communications to each other through the private network, the second set of VMs communicating with each other through the private network when the second controller is not a type that includes APIs to set up the VLAN.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for creating a set of virtual machines on a public datacenter. The method, from a first network controller of a private network, commands a second network controller of the public datacenter to create the virtual machines. The method, from the first network controller of the private network, communicates with the second network controller of the public datacenter to determine a type of the second network controller. When the first network controller includes instructions for using application programming interfaces (APIs) of the type of the second network controller, the method uses the APIs to set up a VLAN for the set of virtual machines in order to allow the virtual machines of the set of virtual machines to communicate securely with each other without sending the communications through the private network. In some embodiments, the VLAN is a private VLAN (PVLAN).

27 Citations

15 Claims

1. A method comprising:
- at a first network controller of a private network of a private datacenter comprising a first set of virtual machines (VMs);
  
  in response to a command to create a second set of one or more VMs in a public datacenter, commanding a second network controller of the public datacenter to create the second set of VMs in the public datacenter, wherein the first network controller configures a set of forwarding elements in the private network for communicating with the second set of VMs;
  
  communicating with the second network controller of the public datacenter to determine whether the second network controller is a type that includes application programming interfaces (APIs) to set up a virtual local area network (VLAN) for the second set of VMs; and
  
  after determining that the second network controller is a type that includes APIs to set up the VLAN for the second set of VMs, using the APIs to command the second network controller to set up the VLAN in the public datacenter for the second set of VMs, such that the second set of VMs communicate securely with each other through the VLAN without forwarding their communications to each other through the private network, the second set of VMs communicating with each other through the private network when the second controller is not a type that includes APIs to set up the VLAN.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein determining whether the second network controller is a type that includes the APIs to set up the VLAN comprises:
    - sending a query from the first network controller to the second network controller; and
      
      receiving an identifying message from the second network controller at the first network controller.
  - 3. The method of claim 1, wherein the VLAN is a private VLAN (PVLAN).
  - 4. The method of claim 3, wherein the PVLAN comprises a primary VLAN and a plurality of secondary VLANs.
  - 5. The method of claim 1, wherein prior to the first network controller commanding the second network controller to create the second set of VMs, the second set of VMs are implemented on the private network, wherein creating the second set of VMs in the public datacenter moves the second set of VMs from the private network to the public datacenter.
  - 6. The method of claim 1, wherein the first network controller commands the second network controller of the public datacenter to create the second set of one or more VMs in response to a set of commands received from a cloud management platform to create the second set of VMs.
  - 7. The method of claim 6, wherein the set of commands received from the cloud management platform are generated in response to one of a dynamic scheduling algorithm and a command received from a network administrator.

8. A non-transitory machine readable medium storing a program for execution by at least one processing unit of a network controller computer of a private network of a private datacenter comprising a first set of virtual machines (VMs), the program comprising sets of instructions for:
- in response to a command to create a second set of one or more VMs in a public datacenter, commanding a network controller that manages a network of the public datacenter to create the second set of VMs in the public datacenter;
  
  configuring a set of forwarding elements in the private network for communicating with the second set of VMs;
  
  identifying whether the type of the public datacenter network controller is one of a pre-selected set of network controller types that include application programming interfaces (APIs) to set up a virtual local area network (VLAN) for the second set of virtual machines (VMs); and
  
  after identifying that the type of the public datacenter network controller is one of the pre-selected set of network controller types, using the APIs to command the public datacenter network controller to set up the VLAN for the second set of VMs, wherein a set of host machines of the public datacenter implement the VLAN to send data communications between the second set of VMs through the VLAN without forwarding their data communications to each other through the private network,wherein when the type of the public datacenter network controller is not one of the pre-selected set of network controller types, all data communications between the second set of VMs passes through the private network.
- View Dependent Claims (9, 10, 11)
- - 9. The non-transitory machine readable medium of claim 8, wherein the pre-selected set of network controller types comprises a set of network controller types with APIs for which the program has instructions to utilize.
  - 10. The non-transitory machine readable medium of claim 8, wherein the VLAN is a private VLAN (PVLAN) that comprises a primary VLAN and a plurality of secondary VLANs.
  - 11. The non-transitory machine readable medium of claim 8, wherein the set of instructions for identifying whether the network controller that manages the network of the public datacenter is a type of one of a pre-selected set of network controller types that include the APIs to set up the VLAN comprises sets of instructions for:
    - sending a query to the network controller in the public datacenter; and
      
      receiving an identifying message from the public datacenter network controller.

12. A non-transitory machine readable medium storing a first network controller for execution by at least one processing unit of a network controller computer in a private network of a private datacenter comprising a first set of virtual machines (VMs), the first network controller comprising sets of instructions for:
- in response to a command to create a second set of one or more VMs in a public datacenter, commanding a second network controller of the public datacenter to create the second set of VMs in the public datacenter;
  
  configuring a set of forwarding elements in the private network for communicating with the second set of VMs;
  
  communicating with the second network controller of the public datacenter to determine whether the second network controller is a type that includes application programming interfaces (APIs) to set up a virtual local area network (VLAN) for the second set of VMs; and
  
  after determining that the second network controller is a type that includes APIs to set up the VLAN for the second set of VMs, using the APIs to command the second network controller to set up the VLAN in the public datacenter for the second set of VMs, such that the second set of VMs communicate securely with each other through the VLAN without forwarding their communications to each other through the private network, the second set of VMs communicating with each other through the private network when the second controller is not a type that includes APIs to set up the VLAN.
- View Dependent Claims (13, 14, 15)
- - 13. The non-transitory machine readable medium of claim 12, wherein the set of instructions for determining whether the second network controller is a type that includes the APIs to set up the VLAN comprises sets of instructions for:
    - sending a query from the first network controller to the second network controller; and
      
      receiving an identifying message from the second network controller at the first network controller.
  - 14. The non-transitory machine readable medium of claim 12, wherein prior to the first network controller commanding the second network controller to create the second set of VMs, the second set of VMs are implemented on the private network, wherein creating the second set of VMs in the public datacenter moves the second set of VMs from the private network to the public datacenter.
  - 15. The non-transitory machine readable medium of claim 12, wherein the first network controller commands the second network controller of the public datacenter to create the second set of one or more VMs in response to a set of commands received from a cloud management platform to create the second set of VMs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Raman, Chidambareswaran
Primary Examiner(s)
Srivastava, Vivek
Assistant Examiner(s)
Khan, Atta

Application Number

US15/012,671
Publication Number

US 20160149796A1
Time in Patent Office

890 Days
Field of Search

709204
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/541   via adapters, e.g. between ...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/586   of virtual routers

H04L 65/403   Arrangements for multi-part...

VLAN to secure communication between virtual machines and in a multi-tenant public data center

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

VLAN to secure communication between virtual machines and in a multi-tenant public data center

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links