Asymmetric connection with external networks
First Claim
1. A method for managing a network for a network controller the method comprising:
- configuring a first managed forwarding element in the network, operating in a host machine that hosts a virtual machine belonging to a particular logical network and connected to the managed network through the first managed forwarding element, to implement a first logical port of a logical router of the particular logical network, the first logical port used only for egress traffic directed outside of the managed network, the first managed forwarding element implementing the first logical port by connecting directly to a physical network element outside of the managed network in order to send egress traffic directly to the physical network element without the egress traffic passing through any intervening managed forwarding elements in the managed network; and
configuring a second managed forwarding element in the managed network to implement a second logical port of the logical router, the second logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network, wherein the second managed forwarding element receives ingress traffic addressed to the first virtual machine directly from the physical network element and transmits said ingress traffic to the first managed forwarding element.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide a system that allows for the use of direct host return ports (abbreviated “DHR ports”) on managed forwarding elements to bypass gateways in managed networks. The DHR ports provide a direct connection from certain managed forwarding elements in the managed network to remote destinations that are external to the managed network. Managed networks can include both a logical abstraction layer and physical machine layer. At the logical abstraction layer, the DHR port is treated as a port on certain logical forwarding elements. The DHR port transmits the packet to the routing tables of the physical layer machine that hosts the logical forwarding element without any intervening transmission to other logical forwarding elements. The routing tables of the physical layer machine then strip any logical context associated with a packet and forwarding the packet to the remote destination without any intervening forwarding to a physical gateway provider.
-
Citations
21 Claims
-
1. A method for managing a network for a network controller the method comprising:
-
configuring a first managed forwarding element in the network, operating in a host machine that hosts a virtual machine belonging to a particular logical network and connected to the managed network through the first managed forwarding element, to implement a first logical port of a logical router of the particular logical network, the first logical port used only for egress traffic directed outside of the managed network, the first managed forwarding element implementing the first logical port by connecting directly to a physical network element outside of the managed network in order to send egress traffic directly to the physical network element without the egress traffic passing through any intervening managed forwarding elements in the managed network; and configuring a second managed forwarding element in the managed network to implement a second logical port of the logical router, the second logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network, wherein the second managed forwarding element receives ingress traffic addressed to the first virtual machine directly from the physical network element and transmits said ingress traffic to the first managed forwarding element. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory machine readable medium storing a program which when executed by at least one processing unit of a host machine implements a first managed forwarding element to implement a logical network in a managed network, the program comprising sets of instructions for:
-
receiving a first packet from a second managed forwarding element, wherein the second managed forwarding element received the first packet from a particular source through a physical network element outside of the managed network and performed logical processing on the first packet as having received the first packet at a first logical port of a logical router, the first logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network; transmitting the first packet from the first managed forwarding element to a virtual machine hosted at the host machine; receiving a second packet from the virtual machine, wherein the second packet has a destination address of the particular source of the first packet; performing logical processing on the second packet to logically send the packet to a second logical port of the logical router that is used only for egress traffic directed outside of the managed network; and based on the logical processing, transmitting the second packet directly from the first managed forwarding element to the physical network element via a connection, to which the second logical port of the logical router maps, between the host machine and the physical network element that does not include any intervening managed forwarding elements. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. A method for a managed forwarding element that operates in a host machine to implement a logical network within a managed network, the method comprising:
-
at the first managed forwarding element, receiving a first packet from a second managed forwarding element, wherein the second managed forwarding element received the first packet from a particular source through a physical network element outside of the managed network and performed logical processing on the first packet as having received the first packet at a first logical port of a logical router, the first logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network; transmitting the first packet from the first managed forwarding element to a virtual machine hosted at a host machine; at the first managed forwarding element, receiving a second packet from the virtual machine, wherein the second packet has a destination address of the particular source of the first packet; performing logical processing on the second packet to logically send the packet to a second logical port of the logical router that is used only for egress traffic directed outside of the managed network; and based on the logical processing, transmitting the second packet directly from the first managed forwarding element to the physical network element via a connection, to which the second logical port of the logical router maps, between the host machine and the physical network element that does not include any intervening managed forwarding elements. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification