Distributed logical L3 routing

US 10,027,584 B2
Filed: 09/02/2016
Issued: 07/17/2018
Est. Priority Date: 08/17/2011
Status: Active Grant

First Claim

Patent Images

1. For a first managed forwarding element that implements a plurality of logical networks, a method comprising:

receiving a packet from a first machine operating on a same physical host machine as the first managed forwarding element;

performing (i) layer 2 (“

L2”

) processing for a first logical switch, to which the first machine logically couples, to identify a logical egress port of the first logical switch from which to logically forward the packet to a logical router, (ii) layer 3 (“

L3”

) processing for the logical router to identify a logical egress port of the logical router from which to logically forward the packet to a second logical switch to which a second machine associated with a destination IP address of the packet belongs, the destination IP address contained in an IP subnet associated with the logical egress port and the second logical switch, and (iii) L2 processing for the second logical switch; and

based on the L2 processing for the second logical switch, forwarding the packet to a second managed forwarding element operating on a same physical host machine as the second machine.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For a network controller for managing hosts in a network, a method for configuring a host to resolve network addresses is described. The method configures an address resolution module in a host to resolve a network address. The method configures a managed forwarding element in the host to (1) avoid sending a request to resolve the network address to another host by using the address resolution module to resolve the network address and (2) forward packets using the resolved network address.

Citations

18 Claims

1. For a first managed forwarding element that implements a plurality of logical networks, a method comprising:
- receiving a packet from a first machine operating on a same physical host machine as the first managed forwarding element;
  
  performing (i) layer 2 (“
  
  L2”
  
  ) processing for a first logical switch, to which the first machine logically couples, to identify a logical egress port of the first logical switch from which to logically forward the packet to a logical router, (ii) layer 3 (“
  
  L3”
  
  ) processing for the logical router to identify a logical egress port of the logical router from which to logically forward the packet to a second logical switch to which a second machine associated with a destination IP address of the packet belongs, the destination IP address contained in an IP subnet associated with the logical egress port and the second logical switch, and (iii) L2 processing for the second logical switch; and
  
  based on the L2 processing for the second logical switch, forwarding the packet to a second managed forwarding element operating on a same physical host machine as the second machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein forwarding the packet to the second managed forwarding element comprises encapsulating the packet in a tunnel that connects the first and second managed forwarding elements.
  - 3. The method of claim 1, wherein performing the L2 processing for the second logical switch comprises (i) performing a set of ingress access control list (ACL) operations for the second logical switch and (ii) identifying a logical egress port of the second logical switch that corresponds to the destination address of the packet.
  - 4. The method of claim 3, wherein performing the L2 processing for the second logical switch further comprises performing a set of egress ACL operations for the second logical switch.
  - 5. The method of claim 3, wherein forwarding the packet to the second managed forwarding element comprises mapping the logical egress port to the second managed forwarding element.
  - 6. The method of claim 1, wherein performing the L2 processing for the first logical switch comprises (i) mapping the packet to the first logical switch, (ii) performing a set of ingress access control list (ACL) operations for the first logical switch, (iii) identifying a logical egress port of the first logical switch that corresponds to the logical router, and (iv) performing a set of egress ACL operations for the first logical switch.
  - 7. The method of claim 6, wherein the identified logical egress port has a media access control (MAC) address corresponding to a logical port of the logical router.
  - 8. The method of claim 1, wherein performing the L3 processing comprises (i) performing a set of ingress access control list (ACL) operations for the logical router, (ii) identifying a logical egress port of logical router that corresponds to the second logical switch, and (iii) performing a set of egress ACL operations for the first logical switch.
  - 9. The method of claim 1, wherein the second managed forwarding element performs a set of egress access control list (ACL) operations for the second logical switch and delivers the packet to the second machine based on context information stored in the packet by the first managed forwarding element.

10. A non-transitory machine readable medium storing a first managed forwarding element which when executed by at least one processing unit of a host machine implements a plurality of logical networks, the managed forwarding element comprising sets of instructions for:
- receiving a packet from a first machine operating on a same physical host machine as the first managed forwarding element;
  
  performing (i) layer 2 (“
  
  L2”
  
  ) processing for a first logical switch, to which the first machine logically couples, to identify a logical egress port of the first logical switch from which to logically forward the packet to a logical router, (ii) layer 3 (“
  
  L3”
  
  ) processing for the logical router to identify a logical egress port of the logical router from which to logically forward the packet to a second logical switch to which a second machine associated with a destination IP address of the packet belongs, the destination IP address contained in an IP subnet associated with the logical egress port and the second logical switch, and (iii) L2 processing for the second logical switch; and
  
  based on the L2 processing for the second logical switch, forwarding the packet to a second managed forwarding element operating on a same physical host machine as the second machine.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory machine readable medium of claim 10, wherein the set of instructions for forwarding the packet to the second managed forwarding element comprises a set of instructions for encapsulating the packet in a tunnel that connects the first and second managed forwarding elements.
  - 12. The non-transitory machine readable medium of claim 10, wherein the set of instructions for performing the L2 processing for the second logical switch comprises sets of instructions for:
    - performing a set of ingress access control list (ACL) operations for the second logical switch; and
      
      identifying a logical egress port of the second logical switch that corresponds to the destination address of the packet.
  - 13. The non-transitory machine readable medium of claim 12, wherein the set of instructions for performing the L2 processing for the second logical switch further comprises performing a set of egress ACL operations for the second logical switch.
  - 14. The non-transitory machine readable medium of claim 12, wherein the set of instructions for forwarding the packet to the second managed forwarding element comprises mapping the logical egress port to the second managed forwarding element.
  - 15. The non-transitory machine readable medium of claim 10, wherein the set of instructions for performing the L2 processing for the first logical switch comprises sets of instructions for:
    - mapping the packet to the first logical switch;
      
      performing a set of ingress access control list (ACL) operations for the first logical switch;
      
      identifying a logical egress port of the first logical switch that corresponds to the logical router; and
      
      performing a set of egress ACL operations for the first logical switch.
  - 16. The non-transitory machine readable medium of claim 15, wherein the identified logical egress port has a media access control (MAC) address corresponding to a logical port of the logical router.
  - 17. The non-transitory machine readable medium of claim 10, wherein the set of instructions for performing the L3 processing comprises sets of instructions for:
    - performing a set of ingress access control list (ACL) operations for the logical router;
      
      identifying a logical egress port of logical router that corresponds to the second logical switch; and
      
      performing a set of egress ACL operations for the first logical switch.
  - 18. The non-transitory machine readable medium of claim 10, wherein the second managed forwarding element performs a set of egress access control list (ACL) operations for the second logical switch and delivers the packet to the second machine based on context information stored in the packet by the first managed forwarding element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Zhang, Ronghua, Koponen, Teemu, Thakkar, Pankaj
Primary Examiner(s)
Chu, Wutchung

Application Number

US15/256,441
Publication Number

US 20160373355A1
Time in Patent Office

683 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0803   Configuration setting

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/54   Organization of routing tables

H04L 45/74   Address processing for routing

H04L 47/12   Avoiding congestion; Recove...

H04L 47/125   by balancing the load, e.g....

H04L 61/103   across network layers, e.g....

H04L 61/256   NAT traversal

H04L 61/2592   using tunnelling or encapsu...

Distributed logical L3 routing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed logical L3 routing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links