Service node selection by an inline service switch

US 10,225,137 B2
Filed: 08/31/2015
Issued: 03/05/2019
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine readable medium storing a program for sending data messages originating at a source compute node (SCN) to a group of service nodes (SNs), the SCN and the program for execution by at least one processor of a host computer, the program comprising sets of instructions for:

on the egress datapath of the SCN along which data messages originating at the SCN are sent out of the host computer, identifying a data message originating at and transmitted by the SCN and determining whether a service action has to be performed on the data message;

when a service action has to be performed on the data message, identifying a particular SN in the SN group that should receive the data message, said SN group comprising a plurality of SNs for performing the same service action and connected to the host computer by a tunnel;

from a plurality of tunnels between the host computer and the plurality of SNs, identifying a tunnel connecting the host computer to the identified particular SN; and

sending the data message to the particular SN along the identified tunnel that connects the host computer with the particular SN.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide novel inline switches that distribute data messages from source compute nodes (SCNs) to different groups of destination service compute nodes (DSCNs). In some embodiments, the inline switches are deployed in the source compute nodes datapaths (e.g., egress datapath). The inline switches in some embodiments are service switches that (1) receive data messages from the SCNs, (2) identify service nodes in a service-node cluster for processing the data messages based on service policies that the switches implement, and (3) use tunnels to send the received data messages to their identified service nodes. Alternatively, or conjunctively, the inline service switches of some embodiments (1) identify service-nodes cluster for processing the data messages based on service policies that the switches implement, and (2) use tunnels to send the received data messages to the identified service-node clusters. The service-node clusters can perform the same service or can perform different services in some embodiments. This tunnel-based approach for distributing data messages to service nodes/clusters is advantageous for seamlessly implementing in a datacenter a cloud-based XaaS model (where XaaS stands for X as a service, and X stands for anything), in which any number of services are provided by service providers in the cloud.

Citations

27 Claims

1. A non-transitory machine readable medium storing a program for sending data messages originating at a source compute node (SCN) to a group of service nodes (SNs), the SCN and the program for execution by at least one processor of a host computer, the program comprising sets of instructions for:
- on the egress datapath of the SCN along which data messages originating at the SCN are sent out of the host computer, identifying a data message originating at and transmitted by the SCN and determining whether a service action has to be performed on the data message;
  
  when a service action has to be performed on the data message, identifying a particular SN in the SN group that should receive the data message, said SN group comprising a plurality of SNs for performing the same service action and connected to the host computer by a tunnel;
  
  from a plurality of tunnels between the host computer and the plurality of SNs, identifying a tunnel connecting the host computer to the identified particular SN; and
  
  sending the data message to the particular SN along the identified tunnel that connects the host computer with the particular SN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 26, 27)
- - 2. The non-transitory machine readable medium of claim 1, whereinthe data message is associated with a data message flow;
    - andthe set of instructions for sending the data message along the identified tunnel comprises a set of instructions for using a unique tunnel key for the data message'"'"'s flow, because the identified tunnel is used to send other data message flows with other tunnel keys to the particular SN.
  - 3. The non-transitory machine readable medium of claim 2, whereinthe SCN executes on the host computer with a plurality of other SCNs and with a software forwarding element;
    - the identified tunnel is for use by at least two SCNs executing on the host computer to send data messages to the particular SN;
      
      the particular SN uses the tunnel key in a reply data message that the particular SN sends back; and
      
      the program further comprises a set of instructions for using the tunnel key to associate the reply data message to the data message sent to the particular SN.
  - 4. The non-transitory machine readable medium of claim 1, wherein the set of instructions for identifying an SN comprises a set of instructions for performing a load balancing operation that selects an SN from the group of SNs.
  - 5. The non-transitory machine readable medium of claim 4, wherein the load balancing operation is based on a set of load balancing criteria that specifies a particular manner for spreading the data message load for the service across the SNs of the SN group.
  - 6. The non-transitory machine readable medium of claim 1, wherein the set of instructions for determining whether the service action has to be performed on the data message comprises a set of instructions for identifying a service rule in a service rule storage for the data message.
  - 7. The non-transitory machine readable medium of claim 6, wherein the set of instructions for identifying the service rule in the service rule storage comprises a set of instructions for matching a set of header parameters of the data message to a rule identifier of the service rule, each of a plurality of service rules in the service rule storage having a rule identifier specified in terms of a set of data-message header parameters.
  - 8. The non-transitory machine readable medium of claim 7, wherein the header parameters of the data message and the matching rule identifier include a virtual IP (Internet Protocol) address (VIP), said service rule storage storing at least one service rule associated with a set of one or more service actions associated with the VIP.
  - 9. The non-transitory machine readable medium of claim 7, wherein the header parameters of the data message and the matching rule identifier include one or more Layer 3 (L3) or Layer 4 (L4) packet header values, wherein at least two rule identifiers of two rules are defined by two different sets of L3/L4 parameters.
  - 10. The non-transitory machine readable medium of claim 6, whereinthe SN group is a first SN group that performs a first service action, the identified tunnel is a first tunnel, and the service rule specifies at least two service actions for the data message,the program further comprising sets of instructions for:
    - receiving a reply data message from the particular SN through the first tunnel;
      
      identifying an SN in a second SN group comprising a plurality of SNs for performing a second same service action for the identified data message; and
      
      sending a data message to the identified second-group SN along a second tunnel connecting the host computer with the second-group SN for the second group SN to perform the second service action.
  - 11. The non-transitory machine readable medium of claim 10, wherein the data message that is sent to the second SN is one of:
    - the identified data message,a data message that is generated from the identified data message based on the reply data message,the reply data message, anda data message that is generated from the reply data message.
  - 12. The non-transitory machine readable medium of claim 1, wherein the program further comprises sets of instructions for:
    - receiving a reply data message from the particular SN through the identified tunnel; and
      
      based on the reply data message, sending a data message to a destination associated with the identified data message.
  - 13. The non-transitory machine readable medium of claim 12, whereinthe SCN executes on the host computer with a software forwarding element (SFE);
    - andthe set of instructions for sending the data message to the destination comprises a set of instructions for supplying the data message to the SFE in order to have the SFE forward the data message to the destination through a set of intermediate forwarding elements that operate outside of the host computer.
  - 14. The non-transitory machine readable medium of claim 1, the program further comprising a set of instructions for forwarding the identified data message to a destination that is not an SN in the SN group after determining that the service action does not have to be performed on the data message.
  - 15. The non-transitory machine readable medium of claim 1, whereinthe program is an inline switch;
    - andthe inline switch is deployed on the egress datapath of the SCN along which the data messages that are transmitted by the SCN are sent out of the host computer.
  - 16. The non-transitory machine readable medium of claim 1, whereinthe SCN is not configured to send data messages to an SN in the SN group;
    - andthe set of instructions for determining that the service has to be performed on the data message comprises a set of instructions for identifying for the data message a service rule in a service rule storage by matching a set of header parameters of the data message to a rule identifier of the service rule, each of a plurality of service rules in the service rule storage having a rule identifier specified in terms of a set of data message header parameters.
  - 17. The non-transitory machine readable medium of claim 1, whereinthe SN group is a first SN group that performs a first service action, and the tunnel is a first tunnel;
    - andthe program further comprises sets of instructions for;
      
      determining whether a second service action should be performed on the identified data message by an SN of a second SN group; and
      
      when the second service action has to be performed, identifying an SN in the second SN group, identifying a second tunnel from a plurality of tunnels between the host computer and the second-group SNs, and sending the data message along the second tunnel to the identified second-group SN to perform the second service action on the identified data message.
  - 18. The non-transitory machine readable medium of claim 1, wherein the host computer is in a first datacenter, the particular SN is in a second datacenter, and the identified tunnel connects the first datacenter to the second datacenter.
  - 19. The non-transitory machine readable medium of claim 1, wherein the particular SN is a service appliance and the identified tunnel connects the host computer to the service appliance.
  - 26. The non-transitory machine readable medium of claim 1, wherein the host computer is a first host computer, the particular SN is a service machine executing on a second host computer, and the identified tunnel connects the first host computer with the second host computer.
  - 27. The non-transitory machine readable medium of claim 26, wherein a first software forwarding element (SFE) executes on the first host computer, a second SFE executes on the second host computer, and the identified tunnel connects the first SPE with the second SFE.

20. A method for sending data messages originating at a source compute node (SCN) executing on a host computer to a group of service node (SN) clusters, the method comprising:
- on the egress datapath of the SCN along which data messages originating at the SCN are sent out of the host computer;
  
  identifying a data message originating at and transmitted by the SCN and determining whether a service action has to be performed on the data message;
  
  when a service action has to be performed on the data message, identifying a particular SN cluster in the SN duster group that should receive the data message, said SN cluster group comprising a plurality of SN clusters that each include one or more SNs for performing the game service action and connected to the host computer by a tunnel;
  
  from a plurality of tunnels between the host computer and the plurality of SN clusters, identifying a tunnel connecting the host computer to the particular SN cluster; and
  
  sending the data message to the particular SN cluster along the identified tunnel connecting the host computer with the particular SN cluster.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, whereinthe data message is associated with a data message flow;
    - andsending the data message along the identified tunnel comprises using a unique tunnel key for the data message'"'"'s flow, because the tunnel is used to send other data message flows with other tunnel keys to the particular SN cluster.
  - 22. The method of claim 20, wherein identifying the SN cluster comprises performing a load balancing operation that selects an SN cluster from the group of SN clusters based on a set of load balancing criteria that specifies a particular manner for spreading the data message load for the service action across the SN clusters of the SN cluster group.
  - 23. The method of claim 22, wherein the particular SN cluster performs another load balancing operation to identify an SN in the particular SN cluster to perform the service action on the data message.
  - 24. The method of claim 20, wherein determining that the service action has to be performed on the data message comprises identifying a service rule in a service rule storage that has a rule identifier that matches a set of header parameters of the data message.

25. A method for sending data messages originating at a source compute node (SCN) executing on a host computer to a group of service nodes (SNs), the method comprising:
- on the egress datapath of the SCN along which data messages originating at the SCN are sent out of the host computer;
  
  identifying a data message originating at and transmitted by the SCN and determining whether a service action has to be performed on the data message;
  
  when a service action has to be performed on the data message, identifying a particular SN in the SN group that should receive the data message, said SN group comprising a plurality of SNs for performing the same service action and connected to the host computer by a tunnel;
  
  from a plurality of tunnels between the host computer and the plurality of SNs, identifying a tunnel connecting the host computer to the particular SN; and
  
  sending the data message to the particular SN along the identified tunnel connecting the host computer with the particular SN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Jain, Jayant, Sengupta, Anirban, Parthasarathy, Mohan, Sequeira, Allwyn, Maskalik, Serge, Lund, Rick
Primary Examiner(s)
Barot, Bharat

Application Number

US14/841,647
Publication Number

US 20160094632A1
Time in Patent Office

1,282 Days
Field of Search

709202-205, 709223-224, 709227-228
US Class Current
CPC Class Codes

H04L 12/56   Packet switching systems

H04L 41/00   Arrangements for maintenanc...

H04L 41/0803   Configuration setting

H04L 47/125   by balancing the load, e.g....

H04L 47/825   Involving tunnels, e.g. MPLS

H04L 49/60   Software-defined switches

H04L 49/70   Virtual switches

H04L 51/18   Commands or executable codes

H04L 63/0245   Filtering by information in...

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

H04L 67/14   Session management for real...

H04L 67/51   Discovery or management the...

H04L 67/63   Routing a service request d...

H04L 69/16   Implementation or adaptatio...

H04L 69/22   Parsing or analysis of headers

H04W 76/12   Setup of transport tunnels

Service node selection by an inline service switch

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Service node selection by an inline service switch

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links