Authorization for advertised routes among logical routers

US 10,075,363 B2
Filed: 10/28/2015
Issued: 09/11/2018
Est. Priority Date: 08/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a set of logical routers in a logical network, the method comprising:

receiving (i) a configuration for a first logical router comprising an advertised route and (ii) a configuration for a second logical router comprising a set of allowable routes for the second logical router to include in its routing table, wherein the first logical router connects to the second logical router;

determining whether the set of allowable routes for the second logical router includes the advertised route as an allowed route from the first logical router;

only when the advertised route is an allowed route from the first logical router, adding the advertised route to a routing table for at least one component of the second logical router; and

distributing data regarding the routing table to a plurality of physical machines that implement the second logical router.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for configuring a set of logical routers in a logical network. The method receives a configuration of an advertised route for a first logical router and a set of allowable routes for a second logical router to which the first logical router connects. The method determines whether the set of allowable routes for the second logical router includes the advertised route as an allowed route from the first logical router. Only when the advertised route is an allowed route from the first logical router, the method adds the advertised route to a routing table for at least one component of the second logical router.

295 Citations

20 Claims

1. A method for configuring a set of logical routers in a logical network, the method comprising:
- receiving (i) a configuration for a first logical router comprising an advertised route and (ii) a configuration for a second logical router comprising a set of allowable routes for the second logical router to include in its routing table, wherein the first logical router connects to the second logical router;
  
  determining whether the set of allowable routes for the second logical router includes the advertised route as an allowed route from the first logical router;
  
  only when the advertised route is an allowed route from the first logical router, adding the advertised route to a routing table for at least one component of the second logical router; and
  
  distributing data regarding the routing table to a plurality of physical machines that implement the second logical router.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first logical router connects to the second logical router via a particular logical interface of the second logical router.
  - 3. The method of claim 2, wherein determining whether the advertised route is an allowed route from the first logical router comprises determining whether the advertised route is allowed for the particular interface.
  - 4. The method of claim 1, wherein distributing data regarding the routing table to plurality of physical machines that implement the second logical router comprises providing the data to local controllers operating on the plurality of physical machines.
  - 5. The method of claim 1, wherein at least a subset of the plurality of physical machines further implement the first logical router.
  - 6. The method of claim 1, wherein the second logical router comprises (i) a distributed routing component implemented by a plurality of physical machines and (ii) one or more centralized routing components each implemented by a single physical machine, wherein the centralized routing components provide connectivity to an external network to the first logical router.
  - 7. The method of claim 6, wherein each of the routing components of the second logical router has a corresponding routing table, wherein adding the advertised route to the routing table for at least one component comprises:
    - adding a route to the corresponding routing table for the distributed routing component, said added route for the distributed routing component having a next hop address corresponding to an interface of the first logical router; and
      
      adding a route to the corresponding routing table for each of the centralized routing components, said added routes for the centralized routing components each having a next hop address corresponding to an interface of the distributed routing component internal to the second logical router.
  - 8. The method of claim 6, wherein each of the centralized routing components advertises the advertised route to at least one external physical router.
  - 9. The method of claim 1, wherein the advertised route is a route for a particular subnet, the method further comprising adding, to a routing table for at least one component of the first logical router, a first route specifying to drop packets addressed to the network addresses in the particular subnet.
  - 10. The method of claim 9 further comprising, when a logical switch for the particular subnet is configured to connect to the first logical router via a particular interface of the first logical router, adding to the routing table for the at least one component of the first logical router a second route for the particular subnet that specifies to logically output packets addressed to the network addresses in the particular subnet to the particular logical interface of the first logical router, wherein the second route has a higher priority than the first route.
  - 11. The method of claim 1, wherein the set of allowable routes specifies, for a particular route, a prefix for the route and a set of allowable prefix ranges of the specified prefix.

12. A machine readable medium storing a program which when executed by at least one process unit implements a logical router in a logical network, the program comprising sets of instructions for:
- receiving (i) a configuration for a first logical router comprising an advertised route and (ii) a configuration for a second logical router comprising a set of allowable routes for the second logical router to include in its routing table, wherein the first logical router connects to the second logical router;
  
  determining whether the set of allowable routes for the second logical router includes the advertised route as an allowed route from the first logical router;
  
  only when the advertised route is an allowed route from the first logical router, adding the advertised route to a routing table for at least one component of the second logical router; and
  
  distributing data regarding the routing table to a plurality of physical machines that implement the second logical router.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The machine readable medium of claim 12, wherein the first logical router connects to the second logical router via a particular logical interface of the second logical router.
  - 14. The machine readable medium of claim 13, wherein the set of instructions for determining whether the advertised route is an allowed route from the first logical router comprises a set of instructions for determining whether the advertised route is allowed for the particular interface.
  - 15. The machine readable medium of claim 12, wherein at least a subset of the plurality of physical machines further implement the first logical router.
  - 16. The machine readable medium of claim 12, wherein the second logical router comprises (i) a distributed routing component implemented by a plurality of physical machines and (ii) one or more centralized routing components each implemented by a single physical machine.
  - 17. The machine readable medium of claim 16, wherein each of the routing components of the second logical router has a corresponding routing table, wherein the set of instructions for adding the advertised route to the routing table for at least one component comprises sets of instructions for:
    - adding a route to the corresponding routing table for the distributed routing component, said added route for the distributed routing component having a next hop address corresponding to an interface of the first logical router; and
      
      adding a route to the corresponding routing table for each of the centralized routing components, said added routes for the centralized routing components each having a next hop address corresponding to an interface of the distributed routing component internal to the second logical router.
  - 18. The machine readable medium of claim 16, wherein each of the centralized routing components advertises the advertised route to at least one external physical router.
  - 19. The machine readable medium of claim 12, wherein the advertised route is a route for a particular subnet, the program further comprising sets of instructions for:
    - adding, to a routing table for at least one component of the first logical router, a first route specifying to drop packets addressed to the network addresses in the particular subnet; and
      
      when a logical switch for the particular subnet is configured to connect to the first logical router via a particular interface of the first logical router, adding to the routing table for the at least one component of the first logical router a second route for the particular subnet that specifies to logically output packets addressed to the network addresses in the particular subnet to the particular logical interface of the first logical router, wherein the second route has a higher priority than the first route.
  - 20. The machine readable medium of claim 12, wherein the program further comprises a set of instructions for adding a null route to the routing table for at least one component of the second logical router when the advertised route is not an allowed route from the first logical router.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Goliya, Abhishek, Masurekar, Uday, Agarwal, Minjal
Primary Examiner(s)
Shivers, Ashley

Application Number

US14/925,015
Publication Number

US 20170063633A1
Time in Patent Office

1,049 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0886   Fully automatic configuration

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/12   Discovery or management of ...

H04L 41/342   between virtual entities, e...

H04L 45/02   Topology update or discovery

H04L 45/021   Ensuring consistency of rou...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/586   of virtual routers

H04L 45/72   Routing based on the source...

Authorization for advertised routes among logical routers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

295 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization for advertised routes among logical routers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

295 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links