Multiple gateway operation on single operating system

US 10,075,304 B2
Filed: 10/30/2015
Issued: 09/11/2018
Est. Priority Date: 10/30/2015
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

one or more processors; and

one or more computer-readable storage media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computing system to create and/or operate a multi-gateway virtual machine that operates multiple gateways on the multi-gateway virtual machine, each of the multiple gateways operating for a respective virtual network such that the multi-gateway virtual machine operates gateways for a plurality of virtual networks, execution of the computer-executable instructions causing the computing system to perform a method comprising the following for each of at least some packets that are received at the multi-gateway virtual machine;

an act of the multi-gateway virtual machine accessing a corresponding encapsulated packet that includes a virtual network identifier corresponding to one of the plurality of virtual networks for which there is a corresponding gateway operating on the multi-gateway virtual machine, wherein the packet is subject to a policy associated with the one virtual network, the policy requiring satisfaction of a performance isolation control for the one virtual network;

an act of the multi-gateway virtual machine decapsulating the encapsulated packet;

an act of the multi-gateway virtual machine identifying the one virtual network based on the virtual network identifier; and

an act of the multi-gateway virtual machine delivering the decapsulated packet to the corresponding gateway running for the identified one virtual network, wherein delivering the decapsulated packet is performed after determining that the one virtual network'"'"'s performance isolation control is satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-gateway virtual machine that operates multiple gateways. Each gateway acts as an interface between a virtual network and entities outside of the virtual network. Each virtual network has its own address space, which may be overlapping with the address space of other virtual networks, even if the gateways of those virtual networks are operating on the same virtual machine. Accordingly, the principles described herein relate to a virtual machine that can operate thereon multiple gateways, and thus to a multi-gateway virtual machine that services multiple virtual networks.

32 Citations

20 Claims

1. A computing system comprising:
- one or more processors; and
  
  one or more computer-readable storage media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computing system to create and/or operate a multi-gateway virtual machine that operates multiple gateways on the multi-gateway virtual machine, each of the multiple gateways operating for a respective virtual network such that the multi-gateway virtual machine operates gateways for a plurality of virtual networks, execution of the computer-executable instructions causing the computing system to perform a method comprising the following for each of at least some packets that are received at the multi-gateway virtual machine;
  
  an act of the multi-gateway virtual machine accessing a corresponding encapsulated packet that includes a virtual network identifier corresponding to one of the plurality of virtual networks for which there is a corresponding gateway operating on the multi-gateway virtual machine, wherein the packet is subject to a policy associated with the one virtual network, the policy requiring satisfaction of a performance isolation control for the one virtual network;
  
  an act of the multi-gateway virtual machine decapsulating the encapsulated packet;
  
  an act of the multi-gateway virtual machine identifying the one virtual network based on the virtual network identifier; and
  
  an act of the multi-gateway virtual machine delivering the decapsulated packet to the corresponding gateway running for the identified one virtual network, wherein delivering the decapsulated packet is performed after determining that the one virtual network'"'"'s performance isolation control is satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing system in accordance with claim 1, wherein the computing system instantiates and/or operates multiple instances of the multi-gateway virtual machine.
  - 3. The computing system in accordance with claim 2, wherein each of the multiple instances of the multi-gateway virtual machine corresponds to a same set of virtual networks.
  - 4. The computing system in accordance with claim 1, wherein the computing system instantiates and/or operates one instance of the multi-gateway virtual machine.
  - 5. The computing system in accordance with claim 1, the method further comprising the following for the encapsulated packet accessed at the multi-gateway virtual machine:
    - an act of formulating the encapsulated packet, the act of formulating the encapsulated packet comprising;
      
      an act of accessing a received packet;
      
      an act of identifying a destination virtual network for the received packet;
      
      an act of encapsulating the received packet so as to be deliverable to the multi-gateway virtual machine and so as to include the virtual network identifier corresponding the destination virtual network; and
      
      an act of providing the encapsulated packet to the multi-gateway virtual machine.
  - 6. The computing system in accordance with claim 5, the act of identifying the destination virtual network for the received packet comprising:
    - an act of identifying a source of the received packet, wherein the act of identifying the destination virtual network is based on the identified source of the received packet.
  - 7. The computing system in accordance with claim 5, the act of providing the encapsulated packet to the multi-gateway virtual machine comprising:
    - an act of sending the encapsulated packet to the multi-gateway virtual machine.
  - 8. The computing system in accordance with claim 5, wherein there are multiple instances of the multi-gateway virtual machine, each of the multiple instances of the multi-gateway virtual machine being configured to deliver packets to the destination virtual network, the method further comprising:
    - an act of selecting one of the multiple instances of the multi-gateway virtual machine to provide the encapsulated packet to.
  - 9. The computing system in accordance with claim 1, wherein the multi-gateway virtual machine further includes a compartment module, the compartment module being configured such that it includes an established relationship with each of the multiple gateways, wherein the compartment module is also configured to remove the virtual network identifier during the decapsulating of the encapsulated packet that is destined for the one virtual network, the one virtual network having been identified by the virtual network identifier, and wherein the compartment module is further configured to perform the act of the multi-gateway virtual machine delivering the decapsulated packet to the corresponding gateway running for the identified one virtual network.

10. A computing system comprising:
- one or more processors; and
  
  one or more computer-readable storage media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computing system to create and/or operate a multi-gateway virtual machine that operates multiple gateways on the multi-gateway virtual machine, each of the multiple gateways operating for a respective virtual network such that the multi-gateway virtual machine operates gateways for a plurality of virtual networks, execution of the computer-executable Instructions causing the computing system to perform a method comprising the following for each of at least some packets that are sent by the multi-gateway virtual machine;
  
  an act of the multi-gateway virtual machine accessing a packet received from a gateway that is running for a corresponding virtual network, the corresponding virtual network having associated therewith a policy that requires satisfactions of a performance isolation control;
  
  an act of the multi-gateway virtual machine identifying the corresponding virtual network;
  
  an act of the multi-gateway virtual machine encapsulating the packet so as to include a virtual network identifier of the corresponding virtual network; and
  
  an act of the multi-gateway virtual machine dispatching the encapsulated packet.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computing system in accordance with claim 10, wherein the computing system instantiates and/or operates multiple instances of the multi-gateway virtual machine.
  - 12. The computing system in accordance with claim 11, each of at least some of the multiple instances of the multi-gateway virtual machine corresponds to a same set of virtual networks.
  - 13. The computing system in accordance with claim 12, the computing system configured to select one of the multiple instances of the multi-gateway virtual machine to perform the method.
  - 14. The computing system in accordance with claim 13, the selection being performed so as to improve load balancing of the multiple instances of the multi-gateway virtual machine.
  - 15. The computing system in accordance with claim 10, wherein the computing system instantiates and/or operates one instance of the multi-gateway virtual machine.
  - 16. The computing system in accordance with claim 10, the method further comprising the following for the encapsulated packet dispatched by the multi-gateway virtual machine:
    - an act of accessing the dispatched encapsulated packet;
      
      an act of identifying the corresponding virtual network, which is the source of the dispatched packet;
      
      an act of decapsulating the dispatched encapsulated packet to discover a destination network address within an address space of the corresponding virtual network; and
      
      an act of delivering the decapsulated packet to a destination entity using the virtual network identifier and the destination network address within the address space of the corresponding virtual network.
  - 17. The computing system in accordance with claim 10, wherein the multi-gateway virtual machine further includes a compartment module, the compartment module being configured such that it includes an established relationship with each of the multiple gateways, the method further comprising:
    - an act of causing the compartment module to insert the virtual network identifier into the packet during the act of the multi-gateway virtual machine encapsulating the packet.

18. A method for operating multiple gateways on a multi-gateway virtual machine, each of the multiple gateways operating for a corresponding virtual network, the method comprising the following for each of at least some packets that are sent by the multi-gateway virtual machine:
- an act of the multi-gateway virtual machine accessing a packet received from a gateway that is running for a corresponding virtual network, the corresponding virtual network having associated therewith a policy that requires satisfaction of a performance isolation control;
  
  an act of the multi-gateway virtual machine identifying the corresponding virtual network;
  
  an act of the multi-gateway virtual machine encapsulating the packet so as to include a virtual network identifier of the corresponding virtual network; and
  
  an act of the multi-gateway virtual machine dispatching the encapsulated packet.
- View Dependent Claims (19, 20)
- - 19. The method in accordance with claim 18, the method further comprising the following for the encapsulated packet dispatched by the multi-gateway virtual machine:
    - an act of accessing the dispatched encapsulated packet;
      
      an act of identifying the corresponding virtual network, which is the source of the dispatched packet;
      
      an act of decapsulating the dispatched encapsulated packet to discover the destination network address within an address space of the corresponding virtual network; and
      
      an act of delivering the decapsulated packet to a destination entity using the virtual network identifier and the destination network address within the address space of the corresponding virtual network.
  - 20. The computing system in accordance with claim 18, wherein the multi-gateway virtual machine further includes a compartment module, the compartment module being configured such that it includes an established relationship with each of the multiple gateways, the method further comprising:
    - an act of causing the compartment module to insert the virtual network identifier into the packet during the act of the multi-gateway virtual machine encapsulating the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Patel, Parveen Kumar, Cai, Yiqun, Raj, Himanshu
Primary Examiner(s)
Daniel, Jr., Willie J

Application Number

US14/929,049
Publication Number

US 20170126430A1
Time in Patent Office

1,047 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4625   Single bridge functionality...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 49/70   Virtual switches

H04L 61/103   across network layers, e.g....

H04L 61/5038   for local use, e.g. in LAN ...

Multiple gateway operation on single operating system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple gateway operation on single operating system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links