OFFLOAD DEVICE-BASED STATELESS PACKET PROCESSING
First Claim
1. A computer-implemented method for processing data packets in an electronic environment, comprising:
- under control of one or more computer systems configured with executable instructions,receiving a user data packet to a virtual function associated with a virtual network for a user;
performing a lookup in a rule table for at least one rule for processing the user data packet;
performing software-based processing of the user data packet in a trusted domain in response to determining a trap rule from the rule table;
performing no further processing of the user data packet in response to determining a drop rule from the rule table; and
performing at least a portion of the processing of the user data packet using an offload device in response to determining a forward rule from the rule table, the processing including at least adding an outer header to the user data packet and sending the user data packet out onto a physical network, the outer header including at least one opaque field and including protocol-specific information.
1 Assignment
0 Petitions
Accused Products
Abstract
High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing hardware-based segmentation offload and other such functionality. A hardware vendor such as a network interface card (NIC) manufacturer can enable the hardware to support open and proprietary stateless tunneling in conjunction with a protocol such as single root I/O virtualization (SR-IOV) in order to implement a virtualized overlay network. The hardware can utilize various rules, for example, that can be used by the NIC to perform certain actions, such as to encapsulate egress packets and decapsulate packets.
-
Citations
29 Claims
-
1. A computer-implemented method for processing data packets in an electronic environment, comprising:
under control of one or more computer systems configured with executable instructions, receiving a user data packet to a virtual function associated with a virtual network for a user; performing a lookup in a rule table for at least one rule for processing the user data packet; performing software-based processing of the user data packet in a trusted domain in response to determining a trap rule from the rule table; performing no further processing of the user data packet in response to determining a drop rule from the rule table; and performing at least a portion of the processing of the user data packet using an offload device in response to determining a forward rule from the rule table, the processing including at least adding an outer header to the user data packet and sending the user data packet out onto a physical network, the outer header including at least one opaque field and including protocol-specific information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A computer-implemented method for processing data packets in an electronic environment, comprising:
under control of one or more computer systems configured with executable instructions, receiving a user data packet to a physical function associated with an offload device; building a lookup key for the user data packet using the offload device; performing a lookup in a rule table for at least one rule for processing the user data packet using the lookup key; performing software-based processing of the user data packet in a trusted domain in response to determining a trap rule from the rule table; performing no further processing of the user data packet in response to determining a drop rule from the rule table; and performing at least a portion of the processing of the user data packet using the offload device in response to determining a forward rule from the rule table, the processing including at least stripping an inner and outer header, performing any packet modification, and forwarding the user data packet to an internal virtual function, the internal virtual function operable to deliver the user data packet to a guest virtual machine. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
24. A system for processing data packets in an electronic environment, comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the processor to; receive a user data packet to a virtual function associated with a virtual network for a user; perform a lookup in a rule table for at least one rule for processing the user data packet; perform software-based processing of the user data packet in a trusted domain in response to determining a trap rule from the rule table; perform no further processing of the user data packet in response to determining a drop rule from the rule table; and perform at least a portion of the processing of the user data packet using an offload device in response to determining a forward rule from the rule table, the processing including at least adding an outer header to the user data packet and sending the user data packet out onto a physical network, the outer header including at least one opaque field and including protocol-specific information. - View Dependent Claims (25, 26)
-
-
27. A system for processing data packets in an electronic environment, comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the processor to; receive a user data packet to a physical function associated with an offload device; build a lookup key for the user data packet using the offload device; perform a lookup in a rule table for at least one rule for processing the user data packet using the lookup key; perform software-based processing of the user data packet in a trusted domain in response to determining a trap rule from the rule table; perform no further processing of the user data packet in response to determining a drop rule from the rule table; and perform at least a portion of the processing of the user data packet using the offload device in response to determining a forward rule from the rule table, the processing including at least stripping an inner and outer header, performing any packet modification, and forwarding the user data packet to an internal virtual function, the internal virtual function operable to deliver the user data packet to a guest virtual machine. - View Dependent Claims (28, 29)
-
Specification