Cloud provider classification for different service deployment schemes

US 10,367,735 B2
Filed: 08/22/2017
Issued: 07/30/2019
Est. Priority Date: 08/22/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a cloud provider to provide one or more services that are cloud-based to tenants of the cloud provider over a network, wherein each service is configured according to a respective one of multiple service deployment schemes;

maintaining, for each service, hierarchical classification information, including;

a scheme type to identify the respective service deployment scheme;

a three-tuple cloud identifier including a cloud identifier to identify the cloud provider, a service identifier to identify the service, and a tenant identifier to identify a tenant permitted access to the service; and

one or more scheme-specific service identifiers to identify components of the service; and

distributing the classification information within the cloud provider, including to the one or more services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of that service based on the classification information, wherein each IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud provider provides services to tenants over a network. Each cloud-based service is configured according to a respective service deployment scheme. The cloud provider maintains, for each service, classification information, including: a scheme type; a three-tuple cloud identifier including a cloud identifier, a service identifier, and a tenant identifier; and one or more scheme-specific service identifiers. The cloud provider distributes the classification information within the cloud provider, including to the services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of the service based on the classification information. The IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.

17 Citations

View as Search Results

20 Claims

1. A method comprising:
- at a cloud provider to provide one or more services that are cloud-based to tenants of the cloud provider over a network, wherein each service is configured according to a respective one of multiple service deployment schemes;
  
  maintaining, for each service, hierarchical classification information, including;
  
  a scheme type to identify the respective service deployment scheme;
  
  a three-tuple cloud identifier including a cloud identifier to identify the cloud provider, a service identifier to identify the service, and a tenant identifier to identify a tenant permitted access to the service; and
  
  one or more scheme-specific service identifiers to identify components of the service; and
  
  distributing the classification information within the cloud provider, including to the one or more services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of that service based on the classification information, wherein each IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the multiple service deployment schemes include a micro-services deployment scheme in which a service includes one or more service applications and multiple micro-services under each service application, and for which the hierarchical classification information includes:
    - a scheme type to identify the micro-services deployment scheme;
      
      a three-tuple cloud identifier; and
      
      respective identifiers for each service application and each micro-service under each service application.
  - 3. The method of claim 1, wherein the multiple service deployment schemes include a service-function-chaining (SFC) deployment scheme in which a service provides service-function-chaining of service functions to be applied to IP packets along a service function path, and for which the hierarchical classification information includes:
    - a scheme type to identify the service-function-chain deployment scheme;
      
      a three-tuple cloud identifier; and
      
      a service path identifier to identify the service function path, a service index, and identifiers of at least one of a service application and a micro-service under a service application.
  - 4. The method of claim 1, wherein:
    - the maintaining includes updating the classification information each time a new service is added or an existing service is removed from the cloud provider and each time a new tenant is added or an existing tenant is removed.
  - 5. The method of claim 1, wherein:
    - the cloud provider includes servers to host the services and network devices to provide connectivity between the services and the network; and
      
      the distributing includes distributing the classification information to the network devices to enable the network devices to route IP packets between the respective service and the respective tenant based on the classification information distributed to the network devices and included in the IP packets.
  - 6. The method of claim 5, further comprising, at one of the network devices:
    - receiving from the respective service an outbound IP packet destined for the respective tenant, and receiving from the respective tenant an inbound IP packet destined for the respective service, each IP packet including the scheme type, the three-tuple cloud identifier, and the one or more scheme-specific service identifiers; and
      
      forwarding the outbound IP packet to the respective tenant and the inbound IP packet to the respective service.
  - 7. The method of claim 6, further comprising, at the one of the network devices:
    - parsing the classification information in the inbound IP packet to retrieve the one or more scheme-specific service identifiers from the classification information,wherein the forwarding the inbound packet to the respective service includes forwarding the inbound packet based on the retrieved one or more scheme-specific service identifiers.
  - 8. The method of claim 7, wherein each IP packet is an IP packet formatted according to IPv4 or IPv6.
  - 9. The method of claim 1, further comprising, at the respective service:
    - receiving an IP packet from the respective tenant;
      
      parsing the classification information in the IP packet to retrieve at least the scheme type and the one or more scheme-specific service identifiers; and
      
      sending information from the IP packet to the components of the service as identified by the one or more scheme-specific service identifiers retrieved from the IP packet.
  - 10. The method of claim 1, wherein the cloud-identifier includes an identifier of a geographical region of the cloud provider, and a unique cloud provider identifier.
  - 11. The method of claim 10, wherein the service-identifier includes a cloud provider data center identifier, and an identifier of the services in the data center.
  - 12. The method of claim 1, wherein each IP packet includes, in addition to source and destination IP addresses corresponding to the respective tenant and the respective service, an IP packet header field that includes the classification information.

13. An apparatus comprising:
- a network interface unit to communicate with devices in a cloud provider configured to provide one or more services that are cloud-based to tenants of the cloud provider over a network, wherein each service is configured according to a respective one of multiple service deployment schemes; and
  
  a processor coupled to the network interface unit and configured to;
  
  maintain, for each service, hierarchical classification information, including;
  
  a scheme type to identify the respective service deployment scheme;
  
  a three-tuple cloud identifier including a cloud identifier to identify the cloud provider, a service identifier to identify the service, and a tenant identifier to identify a tenant permitted access to the service; and
  
  one or more scheme-specific service identifiers to identify components of the service; and
  
  distribute the classification information within the cloud provider, including to the one or more services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of that service based on the classification information, wherein each IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The apparatus of claim 13, wherein the multiple service deployment schemes include a micro-services deployment scheme in which a service includes one or more service applications and multiple micro-services under each service application, and for which the hierarchical classification information includes:
    - a scheme type to identify the micro-services deployment scheme;
      
      a three-tuple cloud identifier; and
      
      respective identifiers for each service application and each micro-service under each service application.
  - 15. The apparatus of claim 13, wherein the multiple service deployment schemes include a service-function-chaining (SFC) deployment scheme in which a service provides service-function-chaining of service functions to be applied to IP packets along a service function path, and for which the hierarchical classification information includes:
    - a scheme type to identify the service-function-chain deployment scheme;
      
      a three-tuple cloud identifier; and
      
      a service path identifier to identify the service function path, a service index, and identifiers of at least one of a service application and a micro-service under a service application.
  - 16. The apparatus of claim 13, wherein the processor is configured to maintain by:
    - updating the classification information each time a new service is added or an existing service is removed from the cloud provider and each time a new tenant is added or an existing tenant is removed.
  - 17. The apparatus of claim 13, wherein:
    - the cloud provider includes servers to host the services and network devices to provide connectivity between the services and the network; and
      
      the processor is configured to distribute by distributing the classification information to the network devices to enable the network devices to route IP packets between the respective service and the respective tenant based on the classification information distributed to the network devices and included in the IP packets.

18. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a management system in a cloud provider configured to provide one or more services that are cloud-based to tenants of the cloud provider over a network, wherein each service is configured according to a respective one of multiple service deployment schemes, cause the processor to:
- maintain, for each service, hierarchical classification information, including;
  
  a scheme type to identify the respective service deployment scheme;
  
  a three-tuple cloud identifier including a cloud identifier to identify the cloud provider, a service identifier to identify the service, and a tenant identifier to identify a tenant permitted access to the service; and
  
  one or more scheme-specific service identifiers to identify components of the service; and
  
  distribute the classification information within the cloud provider, including to the one or more services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of that service based on the classification information, wherein each IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer readable storage media of claim 18, wherein the instructions to cause the processor to maintain include instructions to cause the processor to:
    - update the classification information each time a new service is added or an existing service is removed from the cloud provider and each time a new tenant is added or an existing tenant is removed.
  - 20. The non-transitory computer readable storage media of claim 18, wherein:
    - the cloud provider includes servers to host the services and network devices to provide connectivity between the services and the network; and
      
      the instructions to cause the processor to distribute include instructions to cause the processor to distribute the classification information to the network devices to enable the network devices to route IP packets between the respective service and the respective tenant based on the classification information distributed to the network devices and included in the IP packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Jeuk, Sebastian, Salgueiro, Gonzalo
Primary Examiner(s)
Smarth, Gerald A

Application Number

US15/683,108
Publication Number

US 20190068495A1
Time in Patent Office

707 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/618   Details of network addresses

H04L 41/50   Network service management,...

H04L 41/5041   characterised by the time r...

H04L 41/5096   wherein the managed service...

H04L 45/02   Topology update or discovery

H04L 45/74   Address processing for routing

H04L 61/45   Network directories; Name-t...

H04L 61/5007   Internet protocol [IP] addr...

H04L 67/10   in which an application is ...

Cloud provider classification for different service deployment schemes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Cloud provider classification for different service deployment schemes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others