Multiple virtual network interface support for virtual execution elements

US 10,728,145 B2
Filed: 08/30/2018
Issued: 07/28/2020
Est. Priority Date: 08/30/2018
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

processing circuitry coupled to a memory device;

a network module configured for execution by the processing circuitry;

a virtual router configured for execution by the processing circuitry;

a virtual router agent for the virtual router, the virtual router agent configured for execution by the processing circuitry;

an orchestration agent configured for execution by the processing circuitry, wherein the orchestration agent is an agent of an orchestrator for a computing infrastructure that includes the computing device, wherein the orchestration agent is configured to;

instantiate a virtual execution element; and

invoke the network module,wherein the network module is configured to request, from the virtual router agent, based at least on an identifier for the virtual execution element, identifiers of virtual network interfaces for the virtual execution element,wherein the virtual router agent is configured to receive, from a network controller for the computing infrastructure, in association with the identifier for the virtual execution element, an identifier of a first virtual network interface for a first virtual network and an identifier of a second virtual network interface for a second virtual network,wherein the network module is configured to;

receive, from the virtual router agent in response to the request, the identifier of the first virtual network interface for the first virtual network and an identifier of the second virtual network interface for the second virtual network; and

attach the first virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the first virtual network; and

attach the second virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the second virtual network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for creating multiple virtual network interfaces usable by a logically-related group of one or more containers (“pod”) for communicating on respective virtual networks of a network infrastructure. In some examples, a control flow for pod network interface configuration on a host includes obtaining, by a CNI instance, a list of multiple virtual network interfaces from an agent of a network controller that is executing on the host. The single CNI instance processes the list of multiple virtual network interfaces to create corresponding virtual network interfaces for the pod and, for each of the virtual network interfaces, to attach the virtual network interface to the pod and to the virtual router or bridge for the host. In this way, the single CNI enables packetized communications by containers of the pod over multiple networks using the multiple virtual network interfaces configured for the pod.

61 Citations

View as Search Results

19 Claims

1. A computing device comprising:
- processing circuitry coupled to a memory device;
  
  a network module configured for execution by the processing circuitry;
  
  a virtual router configured for execution by the processing circuitry;
  
  a virtual router agent for the virtual router, the virtual router agent configured for execution by the processing circuitry;
  
  an orchestration agent configured for execution by the processing circuitry, wherein the orchestration agent is an agent of an orchestrator for a computing infrastructure that includes the computing device, wherein the orchestration agent is configured to;
  
  instantiate a virtual execution element; and
  
  invoke the network module,wherein the network module is configured to request, from the virtual router agent, based at least on an identifier for the virtual execution element, identifiers of virtual network interfaces for the virtual execution element,wherein the virtual router agent is configured to receive, from a network controller for the computing infrastructure, in association with the identifier for the virtual execution element, an identifier of a first virtual network interface for a first virtual network and an identifier of a second virtual network interface for a second virtual network,wherein the network module is configured to;
  
  receive, from the virtual router agent in response to the request, the identifier of the first virtual network interface for the first virtual network and an identifier of the second virtual network interface for the second virtual network; and
  
  attach the first virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the first virtual network; and
  
  attach the second virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the second virtual network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing device of claim 1,wherein the virtual router comprises a first virtual routing and forwarding instance for the first virtual network and a second virtual routing and forwarding instance for the second virtual network,wherein the network module is configured to attach the first virtual network interface to the first virtual routing and forwarding instance to cause the virtual router to forward packets destined for a virtual network address of the first virtual network interface to the virtual execution element, andwherein the network module is configured to attach the second virtual network interface to the second virtual routing and forwarding instance to cause the virtual router to forward packets destined for a virtual network address of the second virtual network interface to the virtual execution element.
  - 3. The computing device of claim 1,wherein the virtual router agent is configured to provide the identifier of the first virtual network interface and the identifier of the second virtual network interface to the network module.
  - 4. The computing device of claim 1,wherein virtual router agent stores the identifier of the first virtual network interface and the identifier of the second virtual network interface in association with an identifier for the virtual execution element, andwherein the network module is configured to receive the identifier for the virtual execution element from the orchestration agent.
  - 5. The computing device of claim 1, wherein, to attach the first virtual network interface to the virtual execution element, the network module is configured to insert the first virtual network interface into a network namespace of the virtual execution element.
  - 6. The computing device of claim 1,wherein the first virtual network interface comprises a veth pair, andwherein, to attach the first virtual network interface to the virtual execution element, the network module is configured to attach one end of the veth pair to the virtual execution element.
  - 7. The computing device of claim 1, wherein the virtual execution element comprises one or more containers.
  - 8. The computing device of claim 1, wherein the virtual execution element comprises a Kubernetes pod and the orchestration agent comprises a Kubernetes kubelet.

9. A controller comprising one or more computing devices interconnected by a physical network, wherein each of the computing devices comprises processing circuitry coupled to a memory device, wherein the controller further comprises:
- an orchestrator for a virtualized computing infrastructure, wherein the orchestrator is configured for execution by the processing circuitry, wherein the orchestrator is configured to;
  
  send, to a network controller manager for a network controller, a request to create, for a virtual execution element to be instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for a first virtual network and a second virtual network; and
  
  the network controller, wherein the network controller is configured for execution by the processing circuitry;
  
  the network controller manager for the network controller, wherein the network controller manager is configured for execution by the processing circuitry, wherein the network controller manger is configured to;
  
  allocate a virtual network address for a first virtual network interface for the first virtual network;
  
  allocate a virtual network address for a second virtual network interface for the second virtual network;
  
  direct the network controller to configure the first virtual network interface with the virtual network address for the first virtual network interface; and
  
  direct the network controller to configure the second virtual network interface with the virtual network address for the second virtual network interface,wherein the network controller is configured to;
  
  send, to the computing device, interface configuration data to configure, for the virtual execution element, the first virtual network interface for the first virtual network and the second virtual network interface for the second virtual network, wherein the interface configuration data includes an identifier of the first virtual network interface for the first virtual network and an identifier of the second virtual network interface for the second virtual network.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The controller of claim 9, wherein the network controller is configured to:
    - send, to a virtual router agent for a virtual router of the computing device, the identifier of the first virtual network interface for the first virtual network and the identifier of the second virtual network interface for the second virtual network.
  - 11. The controller of claim 9, wherein the network controller is configured to:
    - send, to the virtual router agent, in association with an identifier for the virtual execution element, the identifier of the first virtual network interface for the first virtual network and the identifier of the second virtual network interface for the second virtual network.
  - 12. The controller of claim 11, wherein the orchestrator is configured to:
    - send, to an orchestration agent of the computing device, the identifier for the virtual execution element to cause the orchestration agent to instantiate the virtual execution element and query, based on the identifier for the virtual execution element, the virtual router agent for virtual network interfaces for the virtual execution element.
  - 13. The controller of claim 9,wherein the virtual execution element executes a network function, andwherein the orchestrator is further configured to:
    - configure a service chain of one or more virtual execution elements, including the virtual execution element, to cause network packets received at the first virtual network interface to be processed by the network function and output via the second virtual network interface.

14. A method comprising:
- sending, by an orchestrator for a virtualized computing infrastructure to a network controller for the virtualized computing infrastructure, a request to create, for a virtual execution element to be instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for a first virtual network and a second virtual network;
  
  sending, by the network controller to a virtual router agent for a virtual router of the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network, wherein the interface configuration data includes, in association with an identifier for the virtual execution element, an identifier of the first virtual network interface for the first virtual network and an identifier of the second virtual network interface for the second virtual network; and
  
  sending, by the orchestrator to an orchestration agent of the computing device, the identifier for the virtual execution element to cause the orchestration agent to instantiate the virtual execution element and invoke a network module to query, based on the identifier for the virtual execution element, the virtual router agent for virtual network interfaces for the virtual execution element to obtain the identifier of the first virtual network interface for the first virtual network and the identifier of the second virtual network interface for the second virtual network.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, further comprising:
    - instantiating, by the computing device, the virtual execution element;
      
      attaching, by the network module, the first virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the first virtual network; and
      
      attaching, by the network module, the second virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the second virtual network.
  - 16. The method of claim 14, wherein the virtual router comprises a first virtual routing and forwarding instance for the first virtual network and a second virtual routing and forwarding instance for the second virtual network, the method further comprising:
    - attaching, by the network module, the first virtual network interface to the first virtual network interface to the first virtual routing and forwarding instance to cause the virtual router to forward packets destined for a virtual network address of the first virtual network interface to the virtual execution element, andattaching, by the network module, the second virtual network interface to the second virtual routing and forwarding instance to cause the virtual router to forward packets destined for a virtual network address of the second virtual network interface to the virtual execution element.
  - 17. The method of claim 14, further comprising:
    - receiving, by the virtual router agent, the identifier of the first virtual network interface and the identifier of the second virtual network interface from the network controller; and
      
      providing, by the virtual router agent to the network module, the identifier of the first virtual network interface and the identifier of the second virtual network interface.
  - 18. The method of claim 17,storing, by the virtual router agent, the identifier of the first virtual network interface and the identifier of the second virtual network interface in association with an identifier for the virtual execution element,receiving, by the network module, the identifier for the virtual execution element from the orchestration agent.
  - 19. The method of claim 14, wherein the virtual execution element comprises one or more containers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Rao, Vinay Chandrakant, Nayakbomman, Madhukar, Venkatapathy, Venkatraman, Mariappan, Yuvaraja, Bakiaraj, Dinesh, Vaidya, Sachchidanand
Primary Examiner(s)
Hussain, Tauqir
Assistant Examiner(s)
Grijalva Lobos, Boris D

Application Number

US16/118,107
Publication Number

US 20200073692A1
Time in Patent Office

698 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45595   Network integration; Enabli...

G06F 9/44526   Plug-ins; Add-ons

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5077   Logical partitioning of res...

H04L 12/4633   Interconnection of networks...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 41/0803   Configuration setting

H04L 41/0809   Plug-and-play configuration

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/22   comprising specially adapte...

H04L 45/586   of virtual routers

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5038   for local use, e.g. in LAN ...

Multiple virtual network interface support for virtual execution elements

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple virtual network interface support for virtual execution elements

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links