Controller driven reconfiguration of a multi-layered application or service model

US 10,516,568 B2
Filed: 08/31/2015
Issued: 12/24/2019
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method of reconfiguring a multi-layer server deployment model in a datacenter comprising a plurality of host computers executing a plurality of servers, the method comprising:

at a controller first computer,providing a first service chain comprising at least two service operations with a flow identifier to a host second computer, said host second computer using the first service chain and the flow identifier to configure a filter that (i) executes on the host second computer, (ii) identifies data messages along an egress datapath of a first server executing on the host second computer, and (iii) directs identified data messages to a first plurality of servers identified by the first service chain for performing the service operations of the first service chain when the data messages have a set of header values that match the flow identifier;

modifying the first service chain to produce a second service chain comprising at least three service operations by adding a service operation to the first service chain; and

providing the second service chain with the flow identifier to the host second computer to reconfigure the filter to distribute data messages that match the flow identifier to a second plurality of servers identified by the second service chain for performing the service operations of the second service chain instead of the first plurality of servers;

the first service chain including a first service operation to be performed on matching data messages and a second service operation to be performed on matching data messages immediately after the first service operation, andthe second service chain including the first and second service operations and the added service operation, wherein the added service operation is to be performed on matching data messages before the second service operation but after the first service operation and after receiving a data message reply from a set of one or more servers that has performed the first service operation on the matching data messages.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide novel inline switches that distribute data messages from source compute nodes (SCNs) to different groups of destination service compute nodes (DSCNs). In some embodiments, the inline switches are deployed in the source compute nodes datapaths (e.g., egress datapath). The inline switches in some embodiments are service switches that (1) receive data messages from the SCNs, (2) identify service nodes in a service-node cluster for processing the data messages based on service policies that the switches implement, and (3) use tunnels to send the received data messages to their identified service nodes. Alternatively, or conjunctively, the inline service switches of some embodiments (1) identify service-nodes cluster for processing the data messages based on service policies that the switches implement, and (2) use tunnels to send the received data messages to the identified service-node clusters. The service-node clusters can perform the same service or can perform different services in some embodiments. This tunnel-based approach for distributing data messages to service nodes/clusters is advantageous for seamlessly implementing in a datacenter a cloud-based XaaS model (where XaaS stands for X as a service, and X stands for anything), in which any number of services are provided by service providers in the cloud.

353 Citations

16 Claims

1. A method of reconfiguring a multi-layer server deployment model in a datacenter comprising a plurality of host computers executing a plurality of servers, the method comprising:
- at a controller first computer,providing a first service chain comprising at least two service operations with a flow identifier to a host second computer, said host second computer using the first service chain and the flow identifier to configure a filter that (i) executes on the host second computer, (ii) identifies data messages along an egress datapath of a first server executing on the host second computer, and (iii) directs identified data messages to a first plurality of servers identified by the first service chain for performing the service operations of the first service chain when the data messages have a set of header values that match the flow identifier;
  
  modifying the first service chain to produce a second service chain comprising at least three service operations by adding a service operation to the first service chain; and
  
  providing the second service chain with the flow identifier to the host second computer to reconfigure the filter to distribute data messages that match the flow identifier to a second plurality of servers identified by the second service chain for performing the service operations of the second service chain instead of the first plurality of servers;
  
  the first service chain including a first service operation to be performed on matching data messages and a second service operation to be performed on matching data messages immediately after the first service operation, andthe second service chain including the first and second service operations and the added service operation, wherein the added service operation is to be performed on matching data messages before the second service operation but after the first service operation and after receiving a data message reply from a set of one or more servers that has performed the first service operation on the matching data messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein providing the first and second service chains comprises providing first and second distribution rules to the host second computer, each distribution rule comprising the flow identifier as the rule'"'"'s identifier, wherein the first rule comprises a set of identifiers identifying the first plurality of servers and the second rule comprises a set of identifiers identifying the second plurality of servers.
  - 3. The method of claim 2, wherein each distribution rule comprises a service type identifier and a set of server identifiers for each service operation in its corresponding service chain, the server identifiers identifying a set of servers for performing the service operation.
  - 4. The method of claim 1, whereinthe flow identifier comprises a virtual Internet Protocol (VIP) address, andby reconfiguring the filter to direct data messages that match the VIP address to the second plurality of servers according to the second service chain instead of the first plurality of servers according to the first service chain, the first server does not need to be reconfigured in order to send data messages that match the VIP address to different destinations.
  - 5. The method of claim 1, wherein at least one service operation of each of the first and second service chains is a middlebox service operation, and the first and second pluralities of servers each comprise a set of one or more middlebox servers.
  - 6. The method of claim 1, wherein the first server is a virtual machine or container.
  - 7. The method of claim 1, whereinthe flow identifier comprises Layer 3 data message header parameters, andby reconfiguring the filter to distribute data messages that match the Layer 3 data message header parameters to the second plurality of servers identified by the second service chain instead of the first plurality of servers, the first server does not need to be reconfigured in order to send data messages that match the set of Layer 3 data message header parameters to different destinations.

8. A non-transitory machine readable medium storing a program for execution by a set of processing units of a host first computer, the program comprising sets of instructions for:
- receiving, from a controller second computer, a first service chain comprising at least three service operations with a flow identifier;
  
  using the first service chain and the flow identifier to configure a filter that (i) executes on the host first computer, (ii) identifies data messages along an egress datapath of a first server executing on the host first computer, and (iii) directs identified data messages to a first plurality of servers identified by the first service chain for performing the service operations of the first service chain when the data messages have a set of header values that match the flow identifier;
  
  receiving, from the controller second computer, a second service chain comprising at least two service operations and produced by removing a particular service operation from the first service chain; and
  
  using the second service chain and the flow identifier to reconfigure the filter to distribute data messages that match the flow identifier to a second plurality of servers identified by the second service chain for performing the service operations of the second service chain instead of the first plurality of servers;
  
  the second service chain including a first service operation to be performed on matching data messages and a second service operation to be performed on matching data messages immediately after the first service operation, andthe first service chain including the first and second service operations and the particular service operation, wherein the particular service operation is to be performed on matching data messages before the second service operation but after the first service operation and after receiving a data message reply from a set of one or more servers that has performed the first service operation on the matching data messages.
- View Dependent Claims (9, 10, 11)
- - 9. The machine readable medium of claim 8, wherein the sets of instructions for receiving the first and second service chains comprise sets of instructions for receiving first and second distribution rules, each distribution rule comprising the flow identifier as the rule'"'"'s identifier, the first distribution rule comprising a set of identifiers identifying the first plurality of servers and the second distribution rule comprising a set of identifiers identifying the second plurality of servers.
  - 10. The machine readable medium of claim 8, wherein the first plurality of servers comprises the second plurality of servers and a set of servers for performing the particular service operation.
  - 11. The machine readable medium of claim 8, wherein at least one service operation of each of the first and second service chains is a middlebox service operation, and the first and second pluralities of servers each comprise a set of middlebox servers.

12. A non-transitory machine readable medium storing a controller program for execution on a first computer and for reconfiguring a multi-layer service node deployment model in a datacenter comprising a plurality of host computers executing a plurality of servers, the controller program comprising sets of instructions for:
- providing a first service chain comprising at least two service operations with a flow identifier to a host second computer, said host second computer using the first service chain and the flow identifier to configure a filter that (i) executes on the host second computer, (ii) identifies data messages along an egress datapath of a first server executing on the host second computer, and (iii) directs identified data messages to a first plurality of service nodes identified by the first service chain for performing the service operations of the first service chain when the data messages have a set of header values that match the flow identifier;
  
  modifying the first service chain to produce a second service chain comprising at least three service operations by adding a service operation to the first service chain; and
  
  providing the second service chain with the flow identifier to the host second computer to reconfigure the filter to distribute data messages that match the flow identifier to a second plurality of service nodes identified by the second service chain for performing the service operations of the second service chain instead of the first plurality of service nodes;
  
  the first service chain including a first service operation to be performed on matching data messages and a second service operation to be performed on matching data messages immediately after the first service operation, andthe second service chain including the first and second service operations and the added service operation, wherein the added service operation is to be performed on matching data messages before the second service operation but after the first service operation and after receiving a data message reply from a set of one or more service nodes that has performed the first service operation on the matching data messages.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The machine readable medium of claim 12, whereinthe sets of instructions for providing the first and second service chains comprise sets of instructions for providing first and second distribution rules to the host second computer, each distribution rule comprising the flow identifier as the rule'"'"'s identifier, wherein the first rule comprises a set of identifiers identifying the first plurality of service nodes and the second rule comprises a set of identifiers identifying the second plurality of service nodes.
  - 14. The machine readable medium of claim 13, wherein the first plurality of service nodes is provided by a first service provider, while the second plurality of service nodes is provided by a second service provider that is different than the first service provider.
  - 15. The machine readable medium of claim 12, wherein the service nodes in each plurality of service nodes perform a middlebox service operation.
  - 16. The machine readable medium of claim 12, whereinthe flow identifier comprises a virtual Internet Protocol (VIP) address,by reconfiguring the filter to distribute data messages that match the VIP address to the second plurality of service nodes identified by the second service chain instead of the first plurality of service nodes, the first server does not need to be reconfigured in order to send data messages that match the VIP address to different destinations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Jain, Jayant, Sengupta, Anirban, Lund, Rick, Koganty, Raju, Hong, Xinhua
Primary Examiner(s)
Edwards, James A

Application Number

US14/841,659
Publication Number

US 20160094384A1
Time in Patent Office

1,576 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 12/56   Packet switching systems

H04L 41/00   Arrangements for maintenanc...

H04L 41/0803   Configuration setting

H04L 47/125   by balancing the load, e.g....

H04L 47/825   Involving tunnels, e.g. MPLS

H04L 49/60   Software-defined switches

H04L 49/70   Virtual switches

H04L 51/18   Commands or executable codes

H04L 63/0245   Filtering by information in...

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

H04L 67/14   Session management for real...

H04L 67/51   Discovery or management the...

H04L 67/63   Routing a service request d...

H04L 69/16   Implementation or adaptatio...

H04L 69/22   Parsing or analysis of headers

H04W 76/12   Setup of transport tunnels

Controller driven reconfiguration of a multi-layered application or service model

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

353 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Controller driven reconfiguration of a multi-layered application or service model

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

353 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links