OFFLOADING PACKET PROCESSING FOR NETWORKING DEVICE VIRTUALIZATION

US 20130254766A1
Filed: 07/17/2012
Published: 09/26/2013
Est. Priority Date: 03/21/2012
Status: Active Grant

First Claim

Patent Images

1. At a computer system including one or more processors and system memory, the computer system also including a physical network interface card (NIC) and executing a host partition, a method for processing network packets for a virtual machine executing at the computer system, the method comprising:

an act of the host partition maintaining one or more rule sets for a virtual machine;

an act of the physical NIC maintaining one or more flow tables for the virtual machine; and

an act of the physical NIC receiving a network packet associated with the virtual machine;

an act of processing the network packet for the virtual machine, including;

an act of the physical NIC comparing the network packet with the one or more flow tables, andwhen the network packet matches with a flow in the one or more flow tables, an act of the physical NIC performing an action on the network packet based on the matching flow, orwhen the network packet does not match with a flow in the one or more flow tables, an act of the physical NIC passing the network packet to the host partition for processing against the one or more rule sets.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for offloading packet processing for networking device virtualization. A host maintains rule set(s) for a virtual machine, and a physical network interface card (NIC) maintains flow table(s) for the virtual machine. The physical NIC receives and processes a network packet associated with the virtual machine. Processing the network packet includes the physical NIC comparing the network packet with the flow table(s) at the physical NIC. When the network packet matches with a flow in the flow table(s) at the physical NIC, the physical NIC performs an action on the network packet based on the matching flow. Alternatively, when the network packet does not match with a flow in the flow table(s) at the physical NIC, the physical NIC passes the network packet to the host partition for processing against the rule set(s).

Citations

20 Claims

1. At a computer system including one or more processors and system memory, the computer system also including a physical network interface card (NIC) and executing a host partition, a method for processing network packets for a virtual machine executing at the computer system, the method comprising:
- an act of the host partition maintaining one or more rule sets for a virtual machine;
  
  an act of the physical NIC maintaining one or more flow tables for the virtual machine; and
  
  an act of the physical NIC receiving a network packet associated with the virtual machine;
  
  an act of processing the network packet for the virtual machine, including;
  
  an act of the physical NIC comparing the network packet with the one or more flow tables, andwhen the network packet matches with a flow in the one or more flow tables, an act of the physical NIC performing an action on the network packet based on the matching flow, orwhen the network packet does not match with a flow in the one or more flow tables, an act of the physical NIC passing the network packet to the host partition for processing against the one or more rule sets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, wherein the one or more rule sets include one or more of an incoming rule set or an outgoing rule set for the virtual machine.
  - 3. The method as recited in claim 1, wherein the one or more flow tables include one or more of an incoming flow table or an outgoing flow table for the virtual machine.
  - 4. The method as recited in claim 1, further comprising, when the network packet does not match with a flow in the one or more flow tables, an act of the host partition comparing the network packet with the one or more rule sets.
  - 5. The method as recited in claim 4, wherein when the network packet matches with a rule in the one or more rule sets, an act of the host partition performing an action on the network packet based on the matching rule.
  - 6. The method as recited in claim 5, wherein when the network packet matches with a rule in the one or more rule sets, an act of the host partition creating one or more flows at the physical NIC in the one or more flow tables.
  - 7. The method as recited in claim 1, further comprising an act of the host partition maintaining one or more flow tables for the virtual machine, and wherein the one or more flow tables maintained at the physical NIC comprise a subset of the one or more flow tables maintained at the host partition.
  - 8. The method as recited in claim 1, wherein the act of the physical NIC passing the network packet to the host partition comprises an act of the physical NIC passing the network packet to the host partition directly.
  - 9. The method as recited in claim 1, wherein the act of physical NIC passing the network packet to the host partition comprises an act of the physical NIC passing the network packet to the host partition through the virtual machine.
  - 10. The method as recited in claim 1, further comprising:
    - an act of a virtual NIC driver at the virtual machine storing at least a portion of an outgoing flow table in an outgoing flow list; and
      
      an act of the virtual NIC driver comparing the network packet with the outgoing flow list prior to sending the network packet to the physical NIC.
  - 11. The method as recited in claim 1, wherein the computer system executes a plurality of virtual machines, and wherein act of the host partition maintaining one or more rule sets for the virtual machine comprises an act of the host partition maintaining different rule sets for each of the plurality of virtual machines.
  - 12. The method as recited in claim 1, wherein the computer system executes a plurality of virtual machines, and wherein the act of the physical NIC maintaining one or more flow tables for the virtual machine comprises an act of the physical NIC maintaining different flow tables for each of the plurality of virtual machines.
  - 13. The method as recited in claim 1, wherein the host partition maintains a plurality of layers of rule sets, each layer including a corresponding incoming rule set and a corresponding outgoing rule set, and wherein the host partition processes network packets by passing each network packet through each layer while, at each layer, matching each network packet against one of the corresponding incoming rule set or the corresponding outgoing rule set.

14. A computer program product comprising one or more computer storage media having stored thereon computer executable instructions that, when executed by one or more processors of a computer system, cause the computer system to implement a method for processing network packets for a virtual machine executing at the computer system, the method comprising:
- an act of a virtual switch maintaining one or more rule sets for a virtual machine;
  
  an act of the virtual switch maintaining one or more flow table tables for the virtual machine;
  
  an act of the virtual switch offloading at least a portion of the one or more flow tables to the physical NIC; and
  
  an act of the virtual switch processing a network packet for the virtual machine, including;
  
  the virtual switch receiving the network packet from one of the virtual machine or the physical NIC;
  
  the virtual switch matching the network packet with a rule in the one or more rule sets; and
  
  based on matching the network packet with the rule;
  
  the virtual switch creating a flow in the one or more flow tables; and
  
  the virtual switch offloading the flow to the physical NIC.
- View Dependent Claims (15, 16)
- - 15. The computer program product as recited in claim 14, wherein the act of maintaining one or more rule sets for a virtual machine comprises an act of maintaining an incoming rule set and an outgoing rule set.
  - 16. The computer program product as recited in claim 14, wherein the act of the virtual switch processing a network packet for the virtual machine also includes:
    - the virtual switch performing at least one action on the network packet based on the rule.

17. The computer program product as recited in claim 17, wherein the at least one action comprises one or more of a packet inspection or a packet manipulation operation.

18. A computer system, comprising:
- one or more processors;
  
  system memory;
  
  a physical network interface card (NIC); and
  
  one or more computer storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, execute a virtual switch, the virtual switch being configured to;
  
  execute within a host partition at the computer system;
  
  maintain an incoming rule set and an outgoing rule set for a virtual machine;
  
  maintain an incoming flow table and an outgoing flow table for the virtual machine;
  
  offload at least a portion of one or more of the incoming flow table or the outgoing table to a virtual bridge the physical NIC; and
  
  process a network packet for the virtual machine, including;
  
  receiving the network packet from one or more of the virtual machine or the physical NIC;
  
  matching the network packet with a rule in one of the incoming rule set or the outgoing rule set; and
  
  based on matching the network packet with the rule;
  
  creating a flow in one or more of the incoming flow table or the outgoing flow table at the virtual switch; and
  
  offloading the flow to one or more of the incoming flow table or the outgoing table at the virtual bridge of the physical NIC.
- View Dependent Claims (19, 20)
- - 19. The computer system as recited in claim 18, wherein the physical NIC comprises a Peripheral Component Interconnect Express (PCIe) NIC.
  - 20. The computer system as recited in claim 19, wherein the physical NIC presents a Single Root I/O Virtualization (SRIOV) function to the virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zuo, Yue, Firestone, Daniel M., Greenberg, Albert Gordon, Garg, Pankaj, Chau, Ho Yuen, Deng, Yimin, Tuttle, Bryan William

Granted Patent

US 8,930,690 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

H04L 41/342   between virtual entities, e...

H04L 43/026   using flow identification

H04L 43/20   the monitoring system or th...

H04L 47/20   Traffic policing

H04L 49/70   Virtual switches

OFFLOADING PACKET PROCESSING FOR NETWORKING DEVICE VIRTUALIZATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OFFLOADING PACKET PROCESSING FOR NETWORKING DEVICE VIRTUALIZATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links