Network Traffic Processing Pipeline for Virtual Machines in a Network Device

US 20110004876A1
Filed: 07/01/2009
Published: 01/06/2011
Est. Priority Date: 07/01/2009
Status: Active Grant

First Claim

Patent Images

1. A network device adapted to process network traffic, the network device comprising:

a first network connection adapted to communicate first network traffic;

a second network connection adapted to communicate second network traffic;

a plurality of hosted virtual machines each adapted to execute at least one virtual machine application;

a virtual machine data interface connected with the plurality of hosted virtual machines;

a first network traffic tap adapted to direct at least a first portion of the first network traffic between the first network connection and the virtual machine data interface; and

a second network traffic tap adapted to direct at least a first portion of the second network traffic between the second network connection and the virtual machine data interface;

wherein the virtual machine data interface is adapted to direct the first portions of the first and second network traffic between the first and second network traffic taps and the plurality of hosted virtual machines.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network devices include hosted virtual machines and virtual machine applications. Hosted virtual machines and their applications implement additional functions and services in network devices. Network devices include data taps for directing network traffic to hosted virtual machines and allowing hosted virtual machines to inject network traffic. Network devices include unidirectional data flow specifications, referred to as hyperswitches. Each hyperswitch is associated with a hosted virtual machine and receives network traffic received by the network device from a single direction. Each hyperswitch processes network traffic according to rules and rule criteria. A hosted virtual machine can be associated with multiple hyperswitches, thereby independently specifying the data flow of network traffic to and from the hosted virtual machine from multiple networks. The network device architecture also enables the communication of additional information between the network device and one or more virtual machine applications using an extended non-standard network protocol.

91 Citations

View as Search Results

18 Claims

1. A network device adapted to process network traffic, the network device comprising:
- a first network connection adapted to communicate first network traffic;
  
  a second network connection adapted to communicate second network traffic;
  
  a plurality of hosted virtual machines each adapted to execute at least one virtual machine application;
  
  a virtual machine data interface connected with the plurality of hosted virtual machines;
  
  a first network traffic tap adapted to direct at least a first portion of the first network traffic between the first network connection and the virtual machine data interface; and
  
  a second network traffic tap adapted to direct at least a first portion of the second network traffic between the second network connection and the virtual machine data interface;
  
  wherein the virtual machine data interface is adapted to direct the first portions of the first and second network traffic between the first and second network traffic taps and the plurality of hosted virtual machines.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The network device of claim 1, comprising:
    - a network traffic processing module connected with the first network connection and the second network connection and adapted to perform a sequence of operations on processed network traffic, wherein the processed network traffic includes at least a second portion of at least one of the first and second network traffic.
  - 3. The network device of claim 2, comprising:
    - at least one intra-module network traffic tap adapted to direct at least a first portion of the processed network traffic within the sequence of operations between the network traffic processing module and the virtual machine data interface;
      
      wherein the virtual machine data interface is adapted to direct the first portion of the processed network traffic between the intra-module network traffic tap and the plurality of hosted virtual machines.
  - 4. The network device of claim 3, wherein the first portion of the processed network traffic includes network traffic generated by the plurality of hosted virtual machines.
  - 5. The network device of claim 1, wherein:
    - the plurality of hosted virtual machines includes a first hosted virtual machine and a first virtual machine application adapted to perform a sequence of operations on processed network traffic, wherein the processed network traffic includes at least a second portion of at least one of the first and second network traffic.
  - 6. The network device of claim 5, comprising:
    - at least one intra-module network traffic tap adapted to direct at least a first portion of the processed network traffic within the sequence of operations between the first hosted virtual machine and the virtual machine data interface;
      
      wherein the virtual machine data interface is adapted to direct the first portion of the processed network traffic between the plurality of hosted virtual machines and the first and second network traffic taps.
  - 7. The network device of claim 1, wherein:
    - the plurality of hosted virtual machines includes a first hosted virtual machine including a first virtual network interface adapted to communicate the first portions of the first and second network traffic with a first virtual machine application.
  - 8. The network device of claim 1, wherein the virtual machine data interface is adapted to direct third network traffic between the plurality of hosted virtual machines.
  - 9. The network device of claim 1, wherein the first network traffic includes network traffic received from a first network via the first network connection.
  - 10. The network device of claim 1, wherein the first network traffic includes network traffic generated by the plurality of hosted virtual machines and directed towards a first network via the first network connection.
  - 11. The network device of claim 1, wherein the virtual machine data interface is adapted to direct the first portions of the first and second network traffic according to network traffic rule criteria and network traffic rules.
  - 12. The network device of claim 11, wherein the network traffic rules include a redirect rule adapted to direct at least one of the first portions of the first and second network traffic to one of the plurality of hosted virtual machines.
  - 13. The network device of claim 11, wherein the network traffic rules include a copy rule adapted to direct a copy of at least one of the first portions of the first and second network traffic to one of the plurality of hosted virtual machines.
  - 14. The network device of claim 11, wherein the network traffic rules include a pass rule adapted to bypass at least one of the first portions of the first and second network traffic around one of the plurality of hosted virtual machines.
  - 15. The network device of claim 11, wherein the network traffic rules include a drop rule adapted to discard one of the first portions of the first and second network traffic.
  - 16. The network device of claim 1, comprising:
    - a management module adapted to configure the first and second network traffic taps and the virtual machine data interface.
  - 17. The network device of claim 1, wherein the first network connection and the second network connection are connected with a first network.
  - 18. The network device of claim 1, wherein the first network connection is connected with a first network and the second network connection is connected with a second network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Riverbed Technology, LLC (Riverbed Technology Incorporated)
Original Assignee
Riverbed Technology Incorporated
Inventors
Wu, David Tze-Si, Trac, Lap Nathan, Ly, Kand, Potashnik, Alexei

Granted Patent

US 8,954,957 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4625   Single bridge functionality...

H04L 49/70   Virtual switches

Network Traffic Processing Pipeline for Virtual Machines in a Network Device

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Network Traffic Processing Pipeline for Virtual Machines in a Network Device

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others