Secure cloud fabric to connect subnets in different network domains
First Claim
1. A method for using a wide area network (WAN) virtual network platform to connect first and second network domains that are physically segregated from each other by firewalls and managed by different network administration parties comprising:
- prompting a user to select a first server group within the first network domain, the first server group being associated with a first virtual subnet;
prompting the user to select a second server group within the second network domain, remote from the first network domain;
mapping the first virtual subnet of the first server group to a first virtual forwarding subnet representing the second server group; and
forwarding a first communication from the first network domain to the second network domain, wherein a forwarding path of the first communication is from the first server group to the first virtual forwarding subnet, through the WAN virtual network platform, and to the second server group, andwherein the forwarding a first communication comprises;
creating at a first end point in the first server group of the first network domain a first dynamic routing table having first routing information, the first routing information comprising a first identifier that identifies a virtual network connection over which the first communication will be forwarded; and
transmitting the first routing information to a virtual network switch between the first and second network domains, wherein the virtual network switch consults a second dynamic routing table having second routing information, the second routing information comprising a second identifier,wherein when the second identifier matches the first identifier, the virtual network switch transmits the first communication to the second network domain according to the second routing information.
0 Assignments
0 Petitions
Accused Products
Abstract
A secure virtual network platform connects two or more subnets in different or separate network domains. The secure virtual network can use the under layer physical networks in various domains as an IP forwarding fabric without changing any existing firewalls, security settings, or network topology. A first type of connection across the virtual network involves connecting server groups. A second type of connection across the virtual network involves connecting a server group to a physical network. A third type of connection across the virtual network involves connecting a physical network to another physical network.
66 Citations
6 Claims
-
1. A method for using a wide area network (WAN) virtual network platform to connect first and second network domains that are physically segregated from each other by firewalls and managed by different network administration parties comprising:
-
prompting a user to select a first server group within the first network domain, the first server group being associated with a first virtual subnet; prompting the user to select a second server group within the second network domain, remote from the first network domain; mapping the first virtual subnet of the first server group to a first virtual forwarding subnet representing the second server group; and forwarding a first communication from the first network domain to the second network domain, wherein a forwarding path of the first communication is from the first server group to the first virtual forwarding subnet, through the WAN virtual network platform, and to the second server group, and wherein the forwarding a first communication comprises; creating at a first end point in the first server group of the first network domain a first dynamic routing table having first routing information, the first routing information comprising a first identifier that identifies a virtual network connection over which the first communication will be forwarded; and transmitting the first routing information to a virtual network switch between the first and second network domains, wherein the virtual network switch consults a second dynamic routing table having second routing information, the second routing information comprising a second identifier, wherein when the second identifier matches the first identifier, the virtual network switch transmits the first communication to the second network domain according to the second routing information.
-
-
2. The method of claim 1 wherein the second server group is associated with a second virtual subnet, and the method comprises:
-
mapping the second virtual subnet of the second server group to a second virtual forwarding subnet representing the first server group; and forwarding a second communication from the second network domain to the first network domain, wherein a forwarding path of the second communication is from the second server group to the second virtual forwarding subnet, through the WAN virtual network platform, and to the first server group.
-
-
3. The method of claim 2 wherein a size of the second virtual forwarding subnet is the same as a size of the first virtual subnet.
-
4. The method of claim 2 wherein a size of the first virtual forwarding subnet is the same as a size of the second virtual subnet.
-
5. The method of claim 1 wherein the forwarding a first communication comprises:
-
receiving a request to transmit the first communication to a destination; determining that an Internet Protocol (IP) address of the destination is within a range of IP addresses defined by the first virtual forwarding subnet representing the second server group; after the determination, seeking permission to use the WAN virtual network platform connecting the first and second network domains; and receiving permission to use the WAN virtual network platform.
-
-
6. The method of claim 1 wherein the first and second network domains are connected by the Internet.
Specification