Network control system for configuring middleboxes

US 10,310,886 B2
Filed: 01/04/2017
Issued: 06/04/2019
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A method for performing middlebox operations on a host computer executing a middlebox element having a plurality of middlebox instances and a plurality of end machines, the method comprising:

receiving a data packet from a managed forwarding element via a software port between the managed forwarding element and the middlebox element having the plurality of middlebox instances, wherein the managed forwarding element executes on the host computer to implement a plurality of logical networks;

based on a tag that the managed forwarding element associated with the data packet, selecting from the plurality of middlebox instances a particular middlebox instance associated with the tag;

using the selected middlebox instance to perform a middlebox operation on the received packet; and

sending the processed data packet to the managed forwarding element.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

310 Citations

18 Claims

1. A method for performing middlebox operations on a host computer executing a middlebox element having a plurality of middlebox instances and a plurality of end machines, the method comprising:
- receiving a data packet from a managed forwarding element via a software port between the managed forwarding element and the middlebox element having the plurality of middlebox instances, wherein the managed forwarding element executes on the host computer to implement a plurality of logical networks;
  
  based on a tag that the managed forwarding element associated with the data packet, selecting from the plurality of middlebox instances a particular middlebox instance associated with the tag;
  
  using the selected middlebox instance to perform a middlebox operation on the received packet; and
  
  sending the processed data packet to the managed forwarding element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the tag identifies the particular middlebox instance, wherein the particular middlebox instance is associated with a particular logical network.
  - 3. The method of claim 2, wherein the managed forwarding element received the data packet from a particular end machine associated with the particular logical network, wherein the managed forwarding element selected the tag based on the particular logical network associated with the data packet.
  - 4. The method of claim 1, wherein the tag is prepended to the data packet by the managed forwarding element.
  - 5. The method of claim 1, wherein selecting the particular middlebox instance comprises mapping the tag to the particular middlebox instance using a binding table.
  - 6. The method of claim 1, wherein sending the processed data packet to the managed forwarding element comprises sending the processed packet with the tag.
  - 7. The method of claim 1, wherein the managed forwarding element sent the data packet to the middlebox element according to a routing policy that routes the data packet based on a data field other than a destination network address of the data packet.
  - 8. The method of claim 7, wherein the data field is an ingress port through which the data packet was received.
  - 9. The method of claim 7, wherein the managed forwarding element receives the processed data packet and subsequently routes the processed data packet based on the destination network address of the processed data packet.

10. A non-transitory machine readable medium storing a program for performing middlebox operations on a host computer executing a middlebox element having a plurality of middlebox instances and a plurality of end machines, the program comprising sets of instructions for:
- receiving a data packet from a managed forwarding element via a software port between the managed forwarding element and the middlebox element having the plurality of middlebox instances, wherein the managed forwarding element executes on the host computer to implement a plurality of logical networks;
  
  based on a tag that the managed forwarding element associated with the data packet, selecting from the plurality of middlebox instances a particular middlebox instance associated with the tag;
  
  using the selected middlebox instance to perform a middlebox operation on the received packet; and
  
  sending the processed data packet to the managed forwarding element.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory machine readable medium of claim 10, wherein the tag identifies the particular middlebox instance, wherein the particular middlebox instance is associated with a particular logical network.
  - 12. The non-transitory machine readable medium of claim 11, wherein the managed forwarding element received the data packet from a particular end machine associated with the particular logical network, wherein the managed forwarding element selected the tag based on the particular logical network associated with the data packet.
  - 13. The non-transitory machine readable medium of claim 10, wherein the tag is prepended to the data packet by the managed forwarding element.
  - 14. The non-transitory machine readable medium of claim 10, wherein the set of instructions for selecting the particular middlebox instance comprises a set of instructions for mapping the tag to the particular middlebox instance using a binding table.
  - 15. The non-transitory machine readable medium of claim 10, wherein the set of instructions for sending the processed data packet to the managed forwarding element comprises a set of instructions for sending the processed packet with the tag.
  - 16. The non-transitory machine readable medium of claim 10, wherein the managed forwarding element sent the data packet to the middlebox element according to a routing policy that routes the data packet based on a data field other than a destination network address of the data packet.
  - 17. The non-transitory machine readable medium of claim 16, wherein the data field is an ingress port through which the data packet was received, wherein the managed forwarding element receives the processed data packet from the middlebox element and subsequently routes the processed data packet based on the destination network address of the processed data packet.
  - 18. The non-transitory machine readable medium of claim 10, wherein the plurality of logical middleboxes are one of firewalls, network address translators, and load balancers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Zhang, Ronghua, Koponen, IV, Teemu, Thakkar, Pankaj, Padmanabhan, Amar, Casado, Martin
Primary Examiner(s)
Elpenord, Candal

Application Number

US15/398,709
Publication Number

US 20170126493A1
Time in Patent Office

881 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Network control system for configuring middleboxes

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

310 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Network control system for configuring middleboxes

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

310 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others