APPARATUS AND METHOD FOR SEGREGATING TENANT SPECIFIC DATA WHEN USING MPLS IN OPENFLOW-ENABLED CLOUD COMPUTING

US 20130125124A1
Filed: 01/25/2013
Published: 05/16/2013
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method for isolating tenant specific data using a cloud network manager (CNM), which comprises:

maintaining a mapping among a plurality of items in a plurality of databases or tables, the plurality of databases or tables comprising a tenant database (DB), a tenant identifier to tenant label (TITL) table, a top of rack server label to virtual switch link label (TLVLL) table, a label mapping table (SMVL), and a CNM address mapping table;

using the plurality of databases to generate tenant specific labels that are added to packets sent between tenant virtual machines (VMs).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tenant database is used to add tenant ID information to the cloud network manager (CNM) address mapping table to isolate tenant specific data to a tenant ID to the CNM. The CNM maintains a mapping among a plurality of items in a plurality of databases or tables. The plurality of databases or tables include a tenant database (DB), a tenant identifier to tenant label (TITL) table, a top of rack server label to virtual switch link label (TLVLL) table, a label mapping table (SMVL), and a CNM address mapping table. The CNM uses the plurality of databases to generate tenant specific labels that are added to packets sent between tenant virtual machines (VMs).

142 Citations

20 Claims

1. A method for isolating tenant specific data using a cloud network manager (CNM), which comprises:
- maintaining a mapping among a plurality of items in a plurality of databases or tables, the plurality of databases or tables comprising a tenant database (DB), a tenant identifier to tenant label (TITL) table, a top of rack server label to virtual switch link label (TLVLL) table, a label mapping table (SMVL), and a CNM address mapping table;
  
  using the plurality of databases to generate tenant specific labels that are added to packets sent between tenant virtual machines (VMs).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein database accesses are performed prior to installing or uninstalling flows on Openflow switches.
  - 3. The method of claim 1, wherein the CNM uses the TITL table to look up the tenant label using a tenant ID as a key.
  - 4. The method of claim 1, wherein the CNM uses the TLVLL table to look up the virtual switch (VS) link label using the top of rack server (TORS) label as the key.
  - 5. The method of claim 1, wherein the CNM uses the CNM address mapping table to maintain a mapping among a tenant ID, a tenant VM media access control (MAC) address, a tenant VM Internet Protocol (IP) address, and a server MAC address.
  - 6. The method of claim 5, wherein there is one CNM address mapping table per tenant.
  - 7. The method of claim 1, wherein tenant specific data is isolated by adding a tenant label as a forwarding entry.
  - 8. The method of claim 7, wherein using the tenant label that has a tenant ID segregates and isolates tenant specific traffic to a respective VM.
  - 9. The method of claim 8, wherein VMs that belong to different tenants have the same internet protocol and media access control addresses.
  - 10. The method of claim 1, wherein the tenant DB keeps pointers to the CNM address mapping table.
  - 11. The method of claim 10, wherein the CNM first performs a lookup to the tenant DB to find a tenant specific address mapping table before performing all other CNM address mapping table lookups.

12. A method for isolating tenant specific data using a cloud network manager (CNM), which comprises:
- receiving notification that a virtual machine (VM) is scheduled for activation on a virtualized server;
  
  determining a VM media access control (MAC) address;
  
  determining a virtual switch (VS) MAC address that resides on the virtualized server;
  
  receiving a message including a tenant identifier (ID), a tenant MAC, and a server MAC;
  
  performing a lookup in a label mapping table and a tenant identifier to tenant label (TITL) table for a VS to top of rack switch (TORS) label and a tenant specific label;
  
  recording an association between the tenant ID, the VM MAC address, and the VS MAC address in a CNM mapping table;
  
  sending a flow entry modification message to the VS to indicate that data packets matching the VS to TORS label, the tenant specific label, and the VM MAC address should be forwarded to the VM.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the CNM sends a flow entry modification message to the VS to indicate that Dynamic Host Configuration Protocol (DHCP) requests originating from the VM should be forwarded to the CNM.
  - 14. The method of claim 12, wherein the CNM sends a flow entry modification message to the VS to indicate that Address Resolution Protocol (ARP) requests originating from the VM should be forwarded to the CNM.

15. A method for isolating tenant specific data using a cloud network manager (CNM), which comprises:
- sending a first flow entry modification message to a source virtual switch (VS) to indicate that the source VS should first push a tenant specific label and then push a VS to top of rack switch (TORS) label onto data packets in order to forward the data packets to a destination virtual machine (VM);
  
  sending a second flow entry modification message to a source TORS to indicate that when the source TORS receives data packets matching the VS to TORS label, the source TORS should push a destination TORS label;
  
  sending a third flow entry modification message to a destination TORS to indicate that when the destination TORS receives data packets matching the destination TORS label, the destination TORS should pop the TORS label and forward the data packets to a destination VS;
  
  sending a fourth flow entry modification message to the destination VS to indicate that when the destination VS receives data packets matching the VS to TORS label and the tenant specific label, the destination VS should first pop the VS to TORS label and then pop the tenant specific label.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein in response to the first flow entry modification message the source VS forwards the packets to a source TORS.
  - 17. The method of claim 16, wherein in response to the second flow entry modification message, the source TORS forwards the data packets to a destination TORS using a cloud network.
  - 18. The method of claim 17, wherein in response to the third flow entry modification message, the destination TORS forwards the data packets to a destination VS.
  - 19. The method of claim 18, wherein in response to the fourth flow entry modification message, the destination VS forwards the packets to the destination VM.
  - 20. The method of claim 15, wherein the CNM provides a destination Internet Protocol address to a source VM in order to allow the source VM to forward packets to a destination VM belonging to a same tenant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Kempf, James, Mishra, Ramesh

Granted Patent

US 9,250,941 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 16/21   Design, administration or m...

G06F 9/45533   Hypervisors; Virtual machin...

H04L 41/042   comprising distributed mana...

H04L 41/342   between virtual entities, e...

H04L 41/5096   wherein the managed service...

H04L 45/306   Route determination based o...

H04L 45/50   using label swapping, e.g. ...

H04L 45/54   Organization of routing tables

H04L 45/64   using an overlay routing layer

H04L 49/70   Virtual switches

H04L 61/103   across network layers, e.g....

H04L 61/5014   using dynamic host configur...

APPARATUS AND METHOD FOR SEGREGATING TENANT SPECIFIC DATA WHEN USING MPLS IN OPENFLOW-ENABLED CLOUD COMPUTING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

142 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

APPARATUS AND METHOD FOR SEGREGATING TENANT SPECIFIC DATA WHEN USING MPLS IN OPENFLOW-ENABLED CLOUD COMPUTING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

142 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others