Managed forwarding element executing in public cloud data compute node with different internal and external network addresses
First Claim
1. A method for a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, the method comprising:
- identifying a data compute node, that operates on a host machine in the datacenter, to attach to the logical network, the data compute node having a network interface with a first network address provided by a management system of the datacenter, wherein the data compute node executes (i) a workload application and (ii) a managed forwarding element, wherein the host machine executes a forwarding element, to which the network controller does not have access, outside of the data compute node; and
distributing configuration data for configuring the managed forwarding element to receive data packets sent from the workload application on the data compute node and perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have a second network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the first network address provided by the management system of the datacenter before being transmitted from the data compute node to the forwarding element executing on the host machine to which the network controller does not have access.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access. The method identifies a data compute node (DCN), that operates on a host machine in the datacenter, to attach to the logical network. The DCN has a network interface with a first network address provided by a management system of the datacenter, and executes (i) a workload application and (ii) a managed forwarding element (MFE). The method distributes configuration data for configuring the MFE to receive data packets sent from the workload application on the DCN and perform network security and forwarding processing on the data packets. The data packets sent by the workload application have a second network address as a source address when received by the MFE and are encapsulated by the MFE using the first network address.
118 Citations
21 Claims
-
1. A method for a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, the method comprising:
-
identifying a data compute node, that operates on a host machine in the datacenter, to attach to the logical network, the data compute node having a network interface with a first network address provided by a management system of the datacenter, wherein the data compute node executes (i) a workload application and (ii) a managed forwarding element, wherein the host machine executes a forwarding element, to which the network controller does not have access, outside of the data compute node; and distributing configuration data for configuring the managed forwarding element to receive data packets sent from the workload application on the data compute node and perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have a second network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the first network address provided by the management system of the datacenter before being transmitted from the data compute node to the forwarding element executing on the host machine to which the network controller does not have access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, the program comprising sets of instructions for:
-
identifying a data compute node, that operates on a host machine in the datacenter, to attach to the logical network, the data compute node having a network interface with a first network address provided by a management system of the datacenter, wherein the data compute node executes (i) a workload application and (ii) a managed forwarding element, wherein the host machine executes a forwarding element, to which the network controller does not have access, outside of the data compute node; and distributing configuration data for configuring the managed forwarding element to receive data packets sent from the workload application on the data compute node and perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have a second network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the first network address provided by the management system of the datacenter before being transmitted from the data compute node to the forwarding element executing on the host machine to which the network controller does not have access. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification