Packet communication between logical networks and public cloud service providers native networks using a single network interface and a single routing table

US 10,491,516 B2
Filed: 08/24/2017
Issued: 11/26/2019
Est. Priority Date: 08/24/2017
Status: Active Grant

First Claim

Patent Images

1. A method of communicating packets by a data compute node (DCN) hosted on a host machine of a public cloud underlay network, the DCN executing (i) a set of tenant applications connected to a third party provided overlay network, (ii) a set of network manager applications, and (iii) a managed forwarding element (MFE) comprising an overlay network virtual adapter and an underlay network virtual adapter, the method comprising:

receiving a packet from an application executing on a virtual machine (VW);

when the packet is received from a network manager application and is addressed to an underlay network destination address, sending the packet to the underlay network destination address through a physical network interface card (NIC) of the host without network address translation or encapsulation;

when the packet is received from a tenant application and is addressed to an underlay network destination address, (i) performing source network address translation (SNAT) on the packet to replace a source Internet protocol (IP) address of the packet with an underlay network IP address of the DCN and (ii) sending the packet to the underlay network destination address; and

when the packet is received from a tenant application and is addressed to an overlay destination address, (i) encapsulating the packet with a header of the overlay network and (ii) sending the encapsulated packet to the overlay network destination address through the underlay virtual adapter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data compute node executes (i) a set of tenant applications connected to a third party overlay network, (ii) a set of network manager applications, and (iii) a managed forwarding element that includes a pair of overlay and underlay network virtual adapters. A packet that is received from a network manager application and addressed to an underlay network destination is sent to the underlay network destination address through a physical NIC of the host without network address translation or encapsulation. A packet that is received from a tenant application and addressed to an underlay network destination is subject to SNAT and is sent to the underlay network destination address. A packet that is received from a tenant application and is addressed an overlay destination address is encapsulated with the header of the overlay network and is sent to the overlay network destination address through the underlay virtual adapter.

147 Citations

20 Claims

1. A method of communicating packets by a data compute node (DCN) hosted on a host machine of a public cloud underlay network, the DCN executing (i) a set of tenant applications connected to a third party provided overlay network, (ii) a set of network manager applications, and (iii) a managed forwarding element (MFE) comprising an overlay network virtual adapter and an underlay network virtual adapter, the method comprising:
- receiving a packet from an application executing on a virtual machine (VW);
  
  when the packet is received from a network manager application and is addressed to an underlay network destination address, sending the packet to the underlay network destination address through a physical network interface card (NIC) of the host without network address translation or encapsulation;
  
  when the packet is received from a tenant application and is addressed to an underlay network destination address, (i) performing source network address translation (SNAT) on the packet to replace a source Internet protocol (IP) address of the packet with an underlay network IP address of the DCN and (ii) sending the packet to the underlay network destination address; and
  
  when the packet is received from a tenant application and is addressed to an overlay destination address, (i) encapsulating the packet with a header of the overlay network and (ii) sending the encapsulated packet to the overlay network destination address through the underlay virtual adapter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising replacing a source port number of the packet with a number that uniquely identifies the source IP address in the third party overlay network when the packet is received from a tenant application and is addressed to an underlay network destination address.
  - 3. The method of claim 2 further comprising:
    - receiving a response packet addressed to a tenant application from a source address in the underlay network, the response packet using the port number that uniquely identifies the source IP address in the third party overlay network as a destination port number;
      
      using the destination port number to identify the IP address of a destination in the third party overlay network; and
      
      performing destination network address translation (DNAT) by replacing the destination IP address of the response packet with the identified IP address.
  - 4. The method of claim 3 further comprising forwarding the response packet from the MFE through the overlay network virtual adapter to the identified destination IP address in the third party overly network.
  - 5. The method of claim 3 further comprising decapsulating the response packet by removing a header of the overlay network from the response packet prior to identifying the IP address of the third party overlay network.
  - 6. The method of claim 3 further comprising using the destination port number in the response packet to identify a destination port number in the third party overlay network.
  - 7. The method of claim 1, wherein the underlay network virtual adapter is a virtual tunnel endpoint (VTEP) and the underlay network virtual adapter is a virtual interface (VIF).
  - 8. The method of claim 1, wherein the MFE comprises (i) a transport bridge connected to the underlay network virtual adapter and (ii) an integration bridge connected to the second logical interface and to the transport bridge.
  - 9. The method of claim 1, wherein the network manager application configures the overlay network virtual adapter and the underlay network virtual adapter on the MFE.
  - 10. The method of claim 1, wherein the host machine executes a virtualization software, wherein the DCN executes a guest operating system that has no access to the virtualization software of the host machine and does not provide multiple namespaces.

11. A non-transitory computer readable medium storing a program for communicating packets by a data compute node (DCN) hosted on a host machine of a public cloud underlay network, the DCN executing (i) a set of tenant applications connected to a third party provided overlay network, (ii) a set of network manager applications, and (iii) a managed forwarding element (MFE) comprising an overlay network virtual adapter and an underlay network virtual adapter, the program executable by a processing unit, the program comprising sets of instructions for:
- receiving a packet from an application executing on a virtual machine (VM);
  
  when the packet is received from a network manager application and is addressed to an underlay network destination address, sending the packet to the underlay network destination address through a physical network interface card (NIC) of the host without network address translation or encapsulation;
  
  when the packet is received from a tenant application and is addressed to an underlay network destination address, (i) performing source network address translation (SNAT) on the packet to replace a source Internet protocol (IP) address of the packet with an underlay network IP address of the DCN and (ii) sending the packet to the underlay network destination address; and
  
  when the packet is received from a tenant application and is addressed to an overlay destination address, (i) encapsulating the packet with a header of the overlay network and (ii) sending the encapsulated packet to the overlay network destination address through the underlay virtual adapter.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The non-transitory computer readable medium of claim 11, wherein the program further comprises a set of instructions for replacing a source port number of the packet with a number that uniquely identifies the source IP address in the third party overlay network when the packet is received from a tenant application and is addressed to an underlay network destination address.
  - 13. The non-transitory computer readable medium of claim 12, the program further comprising sets of instructions for:
    - receiving a response packet addressed to a tenant application from a source address in the underlay network, the response packet using the port number that uniquely identifies the source IP address in the third party overlay network as a destination port number;
      
      using the destination port number to identify the IP address of a destination in the third party overlay network; and
      
      performing destination network address translation (DNAT) by replacing the destination IP address of the response packet with the identified IP address.
  - 14. The non-transitory computer readable medium of claim 13, the program further comprising sets of instructions for forwarding the response packet from the MFE through the overlay network virtual adapter to the identified destination IP address in the third party overly network.
  - 15. The non-transitory computer readable medium of claim 13, the program further comprising a set of instructions for decapsulating the response packet by removing a header of the overlay network from the response packet prior to identifying the IP address of the third party overlay network.
  - 16. The non-transitory computer readable medium of claim 13, the program further comprising a set of instructions for using the destination port number in the response packet to identify a destination port number in the third party overlay network.
  - 17. The non-transitory computer readable medium of claim 11, wherein the underlay network virtual adapter is a virtual tunnel endpoint (VTEP) and the underlay network virtual adapter is a virtual interface (VIF).
  - 18. The non-transitory computer readable medium of claim 11, wherein the MFE comprises (i) a transport bridge connected to the underlay network virtual adapter and (ii) an integration bridge connected to the second logical interface and to the transport bridge.
  - 19. The non-transitory computer readable medium of claim 11, wherein the network manager application configures the overlay network virtual adapter and the underlay network virtual adapter on the MFE.
  - 20. The non-transitory computer readable medium of claim 11, wherein the host machine executes a virtualization software, wherein the DCN executes a guest operating system that has no access to the virtualization software of the host machine and does not provide multiple namespaces.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Ram, Shashank, Venugopal, Sairam, Lin, Yin, Kumar, Anand, Raju, Nithin Bangalore, Hira, Mukesh, Chandrashekhar, Ganesan, Agarwal, Vivek
Primary Examiner(s)
Thompson, Jr., Otis L

Application Number

US15/686,098
Publication Number

US 20190068493A1
Time in Patent Office

824 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 9/5077   Logical partitioning of res...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/22   Alternate routing

H04L 45/586   of virtual routers

H04L 45/74   Address processing for routing

H04L 61/106   across networks, e.g. mappi...

H04L 61/2521   Translation architectures o...

Packet communication between logical networks and public cloud service providers native networks using a single network interface and a single routing table

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

147 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Packet communication between logical networks and public cloud service providers native networks using a single network interface and a single routing table

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links