Configuring and operating a XaaS model in a datacenter

US 10,129,077 B2
Filed: 08/31/2015
Issued: 11/13/2018
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method of implementing a service model in a datacenter comprising a plurality of host computers executing a plurality of source compute nodes (SCNs), the method comprising:

providing a particular host computer with parameters for establishing first and second tunnels between the particular host computer and first and second service nodes of first and second service providers external to the datacenter; and

providing the particular host computer with a service-action set that includes first and second service actions to be respectively performed by the first and second service nodes on at least one data message flow of one SCN executing on the particular host computer,each service action in the service-action set defined by referencing an identifier that identifies one service provider for performing the service action,each tunnel for use in relaying each data message of said data message flow to a service node of a service provider to perform a service action on the data message,wherein after performing the first service action on each data message of said data message flow, the first service node of the first service provider sends a response data message back to the particular host computer along the first tunnel and the data message is sent to the second service node of the second service provider along the second tunnel for the second service node to perform the second service action on the data message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide novel inline switches that distribute data messages from source compute nodes (SCNs) to different groups of destination service compute nodes (DSCNs). In some embodiments, the inline switches are deployed in the source compute nodes datapaths (e.g., egress datapath). The inline switches in some embodiments are service switches that (1) receive data messages from the SCNs, (2) identify service nodes in a service-node cluster for processing the data messages based on service policies that the switches implement, and (3) use tunnels to send the received data messages to their identified service nodes. Alternatively, or conjunctively, the inline service switches of some embodiments (1) identify service-nodes cluster for processing the data messages based on service policies that the switches implement, and (2) use tunnels to send the received data messages to the identified service-node clusters. The service-node clusters can perform the same service or can perform different services in some embodiments. This tunnel-based approach for distributing data messages to service nodes/clusters is advantageous for seamlessly implementing in a datacenter a cloud-based XaaS model (where XaaS stands for X as a service, and X stands for anything), in which any number of services are provided by service providers in the cloud.

231 Citations

23 Claims

1. A method of implementing a service model in a datacenter comprising a plurality of host computers executing a plurality of source compute nodes (SCNs), the method comprising:
- providing a particular host computer with parameters for establishing first and second tunnels between the particular host computer and first and second service nodes of first and second service providers external to the datacenter; and
  
  providing the particular host computer with a service-action set that includes first and second service actions to be respectively performed by the first and second service nodes on at least one data message flow of one SCN executing on the particular host computer,each service action in the service-action set defined by referencing an identifier that identifies one service provider for performing the service action,each tunnel for use in relaying each data message of said data message flow to a service node of a service provider to perform a service action on the data message,wherein after performing the first service action on each data message of said data message flow, the first service node of the first service provider sends a response data message back to the particular host computer along the first tunnel and the data message is sent to the second service node of the second service provider along the second tunnel for the second service node to perform the second service action on the data message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the provided service-action set is provided with a flow identifier that identifies the data message flow to which the first and second service actions of the provided service-action set have to be applied.
  - 3. The method of claim 2, wherein providing the service-action set comprises providing a service-action rule that comprises the service-action set and the flow identifier of the data message flow.
  - 4. The method of claim 2, wherein providing the service-action set comprises providing a service-action policy from which the particular host computer generates a service-action rule, said service-action rule comprising the service-action set and the flow identifier of the data message flow.
  - 5. The method of claim 2, wherein the service-action set'"'"'s provided flow identifier is for use by a service-processing module that executes on the particular host computer and that compares header values of SCN-associated data message flows with the flow identifier in order to identify data message flows on which the service-action set has to be performed.
  - 6. The method of claim 5, wherein the service-processing module is a filter deployed on an egress datapath of the SCN in order to intercept and examine data messages that the SCN transmits.
  - 7. The method of claim 5, wherein the service-processing module is a filter deployed on an ingress datapath of the SCN in order to intercept and examine data messages that are received for SCN before these messages are supplied to the SCN.
  - 8. The method of claim 1, wherein the provided tunnel-establishing parameters comprise tunnel header packet parameters.
  - 9. The method of claim 8, wherein the provided tunnel-establishing parameters further comprise tunnel keys for allowing multiple different data message flows to use one tunnel from the particular host computer to a particular service provider.
  - 10. The method of claim 8, wherein the provided tunnel-establishing parameters further comprise parameters for generating tunnel keys for allowing multiple different data message flows to use one tunnel from the particular host computer to a particular service provider.
  - 11. The method of claim 1, wherein the service-provider identifier identifies the service provider by identifying a tunnel to a service node of the service provider.
  - 12. The method of claim 1, whereinproviding the tunnel-establishing parameters comprises providing parameters to establish a plurality of tunnels to a plurality of service nodes of a first service provider, andproviding the service-action set comprises providing a service-action identifier that identifies the first service provider for a service action through a plurality of tunnel identifiers that identify the plurality of tunnels to the plurality of service nodes of the first service provider.
  - 13. The method of claim 1, whereinproviding the tunnel-establishing parameters comprises providing parameters to establish a plurality of tunnels to a plurality of service nodes of the first service provider (SP),the method further comprising providing a set of load balancing criteria for selecting tunnels in the plurality of first SP tunnels for data message flows distributed to the first SP, said selection of tunnels distributing data message flows among the plurality of service nodes of the first SP in a load balanced way based on the load balancing criteria set.
  - 14. The method of claim 1, whereinproviding the tunnel-establishing parameters comprises providing parameters to establish at least two tunnels to two service nodes of two service providers that perform the same service action,the method further comprising providing a set of selection criteria for selecting one of the two provided tunnels to the first and second service providers for a data message flow.
  - 15. The method of claim 14, wherein the selection criteria set comprises dynamically assessed criteria.
  - 16. The method of claim 1, wherein different service providers are different service vendors that operate in different datacenters that connect to the datacenter of the particular host computer through a public network.
  - 17. The method of claim 1, whereinthe data message sent to the first service node is a first data message and the response data message is a second data message, andthe response second data message is a modified version of the first data message, said modification accounting for the processing of the first data message by the first service node.

18. A non-transitory machine readable medium storing a program for implementing a service model in a datacenter comprising a plurality of host computers executing a plurality of source computer nodes (SCNs), the program comprising sets of instructions for:
- providing a particular host computer with parameters for establishing first and second tunnels between the particular host computer and first and second service nodes of first and second service providers external to the datacenter; and
  
  providing the particular host computer with a service-action set that includes first and second service actions to be respectively performed by the first and second service nodes on at least one data message flow of one SCN executing on the particular host computer,each service action in the service-action set defined by referencing an identifier that identifies one service provider for performing the service action,each tunnel for use in relaying each data message of said data message flow to a service node of a service provider to perform a service action on the data message,wherein after performing the first service action on each data message of said data message flow, the first service node of the first service provider sends a response data message back to the particular host computer along the first tunnel and the data message is sent to the second service node of the second service provider along the second tunnel for the second service node to perform the second service action on the data message.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The machine readable medium of claim 18, whereinthe provided service-action set is provided with a flow identifier that identifies the data message flow to which the first and second service actions of the provided service-action set have to be applied,the set of instructions for providing the service-action set comprises a set of instructions for providing a service-action policy from which the particular host computer generates a service-action rule, said service-action rule comprising the service-action set and the flow identifier of the data message flow.
  - 20. The machine readable medium of claim 19, wherein the service-action set'"'"'s provided flow identifier is for use by a service-processing module that executes on the particular host computer and that compares header values of SCN-associated data message flows with the flow identifier in order to identify data message flows on which the service-action set has to be performed.
  - 21. The machine readable medium of claim 18, whereinthe provided tunnel-establishing parameters comprise tunnel header packet parameters and tunnel keys for allowing multiple different data message flows to use one tunnel from the particular host computer to a particular service provider.
  - 22. The machine readable medium of claim 18, wherein the service-action identifier identifies the service provider by identifying one or more tunnels, each tunnel from the particular host computer to a service node of the service provider.
  - 23. The machine readable medium of claim 18, whereinthe set of instructions for providing the tunnel-establishing parameters comprises a set of instructions providing parameters to establish a plurality of tunnels to a plurality of service nodes of the first service provider (SP),the program further comprising a set of instructions for providing a set of load balancing criteria for selecting tunnels in the plurality of first SP tunnels for the data message flows distributed to the first SP, said selection of tunnels distributing data message flows among the plurality of service nodes of the first SP in a load balanced way based on the load balancing criteria set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Jain, Jayant, Sengupta, Anirban, Lund, Rick, Koganty, Raju, Hong, Xinhua, Parthasarathy, Mohan
Primary Examiner(s)
Tran, Nam T

Application Number

US14/841,648
Publication Number

US 20160094633A1
Time in Patent Office

1,170 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/56   Packet switching systems

H04L 41/00   Arrangements for maintenanc...

H04L 41/0803   Configuration setting

H04L 47/125   by balancing the load, e.g....

H04L 47/825   Involving tunnels, e.g. MPLS

H04L 49/60   Software-defined switches

H04L 49/70   Virtual switches

H04L 51/18   Commands or executable codes

H04L 63/0245   Filtering by information in...

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

H04L 67/14   Session management for real...

H04L 67/51   Discovery or management the...

H04L 67/63   Routing a service request d...

H04L 69/16   Implementation or adaptatio...

H04L 69/22   Parsing or analysis of headers

H04W 76/12   Setup of transport tunnels

Configuring and operating a XaaS model in a datacenter

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

231 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Configuring and operating a XaaS model in a datacenter

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

231 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links