Managed forwarding element executing in separate namespace of public cloud data compute node than workload application
First Claim
1. For a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, a method comprising:
- identifying a virtual machine, that operates on a host machine in the datacenter, to attach to the logical network, the virtual machine having a network interface with a network address provided by a management system of the datacenter, wherein a workload application executes in a first namespace of the virtual machine; and
distributing configuration data for configuring a managed forwarding element executing in a second namespace of the virtual machine (i) to receive data packets sent from the workload application via an interface pairing between the first and second namespaces and (ii) to perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have the provided network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the same provided network address as a source address for the encapsulation when sent from the virtual machine.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter having forwarding elements to which the network controller does not have access. The method identifies a data compute node (DCN) operating on a host machine in the datacenter, to attach to the logical network. The DCN has a network interface with an address provided by a datacenter management system. A workload application executes in a first namespace of the DCN. The method distributes configuration data for configuring a managed forwarding element (MFE) executing in a second namespace of the DCN to receive data packets sent from the application via an interface pairing between the first and second namespaces. The data packets sent by the application have the provided address as a source address when received by the MFE and are encapsulated by the MFE using the provided address as a source address.
-
Citations
20 Claims
-
1. For a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, a method comprising:
-
identifying a virtual machine, that operates on a host machine in the datacenter, to attach to the logical network, the virtual machine having a network interface with a network address provided by a management system of the datacenter, wherein a workload application executes in a first namespace of the virtual machine; and distributing configuration data for configuring a managed forwarding element executing in a second namespace of the virtual machine (i) to receive data packets sent from the workload application via an interface pairing between the first and second namespaces and (ii) to perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have the provided network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the same provided network address as a source address for the encapsulation when sent from the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, the program comprising sets of instructions for:
-
identifying a virtual machine, that operates on a host machine in the datacenter, to attach to the logical network, the virtual machine having a network interface with a network address provided by a management system of the datacenter, wherein a workload application executes in a first namespace of the virtual machine; and distributing configuration data for configuring a managed forwarding element executing in a second namespace of the virtual machine (i) to receive data packets sent from the workload application via an interface pairing between the first and second namespaces and (ii) to perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have the provided network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the same provided network address as a source address for the encapsulation when sent from the virtual machine. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification