Address grouping for distributed service rules
First Claim
1. For a network controller that manages a flow-based managed forwarding element (MFE), a method comprising:
- receiving a plurality of service rules for implementation by the MFE, wherein each service rule matches over a set of network addresses, wherein at least one network address is in the set of network addresses for at least two service rules;
grouping the network addresses into non-overlapping groups of network addresses, wherein each group of network addresses comprises addresses that are all matched by only a same set of service rules; and
generating flow entries that match over the groups of network addresses for the MFE to use to implement the service rules,wherein said receiving, grouping, and generating is performed by the network controller, which is executed by a set of hardware processing units on a computer.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for a network controller that manages a flow-based managed forwarding element (MFE). The method receives multiple service rules for implementation by the MFE. Each service rule matches over a set of network addresses. At least one network address is in the set of network addresses for at least two service rules. The method groups the network addresses into non-overlapping groups of network addresses, each of which addresses that are all matched by only a same set of service rules. The method generates flow entries that match over the groups of network addresses for the MFE to use to implement the service rules.
179 Citations
23 Claims
-
1. For a network controller that manages a flow-based managed forwarding element (MFE), a method comprising:
-
receiving a plurality of service rules for implementation by the MFE, wherein each service rule matches over a set of network addresses, wherein at least one network address is in the set of network addresses for at least two service rules; grouping the network addresses into non-overlapping groups of network addresses, wherein each group of network addresses comprises addresses that are all matched by only a same set of service rules; and generating flow entries that match over the groups of network addresses for the MFE to use to implement the service rules, wherein said receiving, grouping, and generating is performed by the network controller, which is executed by a set of hardware processing units on a computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory machine readable medium storing a network controller application which when executed by at least one processing unit manages a flow-based managed forwarding element (MFE), the network controller application comprising sets of instructions for:
-
receiving a plurality of service rules for implementation by the MFE, wherein each service rule matches over a set of network addresses, wherein at least one network address is in the set of network addresses for at least two service rules; grouping the network addresses into non-overlapping groups of network addresses, wherein each group of network addresses comprises addresses that are all matched by only a same set of service rules; and generating flow entries that match over the groups of network addresses for the MFE to use to implement the service rules. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification