Network interface controller supporting network virtualization

US 20140185616A1
Filed: 12/31/2012
Published: 07/03/2014
Est. Priority Date: 12/31/2012
Status: Active Grant

First Claim

Patent Images

1. A network interface device, comprising:

a host interface for connection to a host processor having a memory;

a network interface, which is configured to transmit and receive data packets over a data network, which supports multiple tenant networks overlaid on the data network; and

processing circuitry, which is configured to receive, via the host interface, a work item submitted by a virtual machine running on the host processor, and to identify, responsively to the work item, a tenant network over which the virtual machine is authorized to communicate, wherein the work item specifies a message to be sent to a tenant destination address on the tenant network,wherein the processing circuitry is configured to generate, in response to the work item, a data packet containing an encapsulation header that is associated with the tenant network, and to transmit the data packet over the data network to at least one data network address corresponding to the specified tenant destination address.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network interface device includes a host interface for connection to a host processor having a memory. A network interface is configured to transmit and receive data packets over a data network, which supports multiple tenant networks overlaid on the data network. Processing circuitry is configured to receive, via the host interface, a work item submitted by a virtual machine running on the host processor, and to identify, responsively to the work item, a tenant network over which the virtual machine is authorized to communicate, wherein the work item specifies a message to be sent to a tenant destination address. The processing circuitry generates, in response to the work item, a data packet containing an encapsulation header that is associated with the tenant network, and to transmit the data packet over the data network to at least one data network address corresponding to the specified tenant destination address.

78 Citations

View as Search Results

33 Claims

1. A network interface device, comprising:
- a host interface for connection to a host processor having a memory;
  
  a network interface, which is configured to transmit and receive data packets over a data network, which supports multiple tenant networks overlaid on the data network; and
  
  processing circuitry, which is configured to receive, via the host interface, a work item submitted by a virtual machine running on the host processor, and to identify, responsively to the work item, a tenant network over which the virtual machine is authorized to communicate, wherein the work item specifies a message to be sent to a tenant destination address on the tenant network,wherein the processing circuitry is configured to generate, in response to the work item, a data packet containing an encapsulation header that is associated with the tenant network, and to transmit the data packet over the data network to at least one data network address corresponding to the specified tenant destination address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device according to claim 1, wherein the processing circuitry is configured to read encapsulation header information for insertion in the encapsulation header from an encapsulation table in the memory that is indicated by the work item.
  - 3. The device according to claim 2, wherein the encapsulation table is written to the memory, for each of the multiple tenant networks, by a virtual machine monitor running on the host processor.
  - 4. The device according to claim 3, wherein the work item contains an index to an entry in the encapsulation table corresponding to the specified tenant destination address, and wherein the virtual machine obtains the index, to be conveyed to the network interface device, from the virtual machine monitor but is unable to access the encapsulation header information in the encapsulation table.
  - 5. The device according to claim 4, wherein the processing circuitry is configured to read the encapsulation header information from the encapsulation table using a memory key that allows access only to entries in the encapsulation table that are assigned to the virtual machine that submitted the work item.
  - 6. The device according to claim 2, wherein the work item comprises multiple gather entries containing pointers to locations in the memory from which the processing circuitry is to read data for insertion into the data packet, including a gather entry containing an index to an entry in the encapsulation table containing the encapsulation header information.
  - 7. The device according to claim 1, wherein the processing circuitry is configured to generate and transmit the data packet to the specified tenant destination address without direct involvement of a virtual machine monitor running on the host processor.
  - 8. The device according to claim 1, wherein the data network is a Layer-3 network, and wherein the tenant networks are Layer-2 virtualized networks that are overlaid on the Layer-3 network.
  - 9. The device according to claim 1, wherein the processing circuitry is configured to decapsulate encapsulated data packets received from the data network and to convey the decapsulated data packets to the virtual machine.
  - 10. The device according to claim 9, wherein the processing circuitry is configured to filter and convey at least a part of the received data packets to a learner entity running on the host processor.

11. A computer system, comprising:
- a memory;
  
  a host processor configured to access the memory and to run one or more virtual machines; and
  
  a network interface controller (NIC), which is configured to transmit and receive data packets over a data network, which supports multiple tenant networks overlaid on the data network, and which is configured to read from the memory a work item submitted by a virtual machine running on the host processor, and to identify, responsively to the work item a tenant network over which the virtual machine is authorized to communicate, wherein the work item specifies a message to be sent to a tenant destination address on the tenant network,wherein the NIC is configured to generate, in response to the work item, a data packet containing an encapsulation header that is associated with the tenant network, and to transmit the data packet over the data network to at least one data network address corresponding to the specified tenant destination address.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The system according to claim 11, wherein the NIC is configured to read encapsulation header information for insertion in the encapsulation header from an encapsulation table in the memory that is indicated by the work item.
  - 13. The system according to claim 12, wherein the encapsulation table is written to the memory, for each of the multiple tenant networks, by a virtual machine monitor running on the host processor.
  - 14. The system according to claim 13, wherein the work item contains an index to an entry in the encapsulation table corresponding to the specified tenant destination address, and wherein the virtual machine obtains the index, to be conveyed to the NIC, from the virtual machine monitor but is unable to access the encapsulation header information in the encapsulation table.
  - 15. The system according to claim 14, wherein the NIC is configured to read the encapsulation header information from the encapsulation table using a memory key that allows access only to entries in the encapsulation table that are assigned to the virtual machine that submitted the work item.
  - 16. The system according to claim 14, wherein the virtual machine monitor is configured to deliver a tenant address table to the virtual machine, indicating a correspondence between tenant destination addresses on the tenant network and indices to the encapsulation table from which the NIC is to read the encapsulation header information.
  - 17. The system according to claim 12, wherein the work item comprises multiple gather entries containing pointers to locations in the memory from which the NIC is to read data for insertion into the data packet, including a gather entry containing an index to an entry in the encapsulation table containing the encapsulation header information.
  - 18. The system according to claim 11, wherein the NIC is configured to generate and transmit the data packet to the specified tenant destination address without direct involvement of a virtual machine monitor running on the host processor.
  - 19. The system according to claim 11, wherein the data network is a Layer-3 network, and wherein the tenant networks are Layer-2 virtualized networks that are overlaid on the Layer-3 network.
  - 20. The system according to claim 11, wherein the NIC is configured to decapsulate encapsulated data packets received from the data network and to convey the decapsulated data packets to the virtual machine.
  - 21. The system according to claim 20, wherein the NIC is configured to filter and convey at least a part of the received data packets to a learner entity running on the host processor.

22. A method for communication, comprising:
- configuring a network interface controller (NIC), which is coupled to a host processor having a memory, to transmit and receive data packets over a data network, which supports multiple tenant networks overlaid on the data network;
  
  receiving in the NIC a work item submitted by a virtual machine running on the host processor, and identifying, responsively to the work item, a tenant network over which the virtual machine is authorized to communicate, wherein the work item specifies a message to be sent to a tenant destination address on the tenant network;
  
  generating in the NIC, in response to the work item, a data packet containing an encapsulation header that is associated with the tenant network; and
  
  transmitting the data packet over the data network to at least one data network address corresponding to the specified tenant destination address.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. The method according to claim 22, wherein generating the data packet comprises reading into the NIC encapsulation header information for insertion in the encapsulation header from an encapsulation table in the memory that is indicated by the work item.
  - 24. The method according to claim 23, wherein the encapsulation table is written to the memory, for each of the multiple tenant networks, by a virtual machine monitor running on the host processor.
  - 25. The method according to claim 24, wherein the work item contains an index to an entry in the encapsulation table corresponding to the specified tenant destination address, and wherein the method comprises providing the index to the virtual machine from the virtual machine monitor and conveying the index from the virtual machine to the NIC, while the virtual machine is unable to access the encapsulation header information in the encapsulation table.
  - 26. The method according to claim 25, wherein reading the encapsulation header information comprises accessing the encapsulation table by the NIC using a memory key that allows access only to entries in the encapsulation table that are assigned to the virtual machine that submitted the work item.
  - 27. The method according to claim 25, and comprising delivering a tenant address table from the virtual machine monitor to the virtual machine, indicating a correspondence between tenant destination addresses on the tenant network and indices to the encapsulation table from which the NIC is to read the encapsulation header information.
  - 28. The method according to claim 23, wherein the work item comprises multiple gather entries containing pointers to locations in the memory from which the NIC is to read data for insertion into the data packet, including a gather entry containing an index to an entry in the encapsulation table containing the encapsulation header information.
  - 29. The method according to claim 22, wherein the data packet is generated and transmitted by the NIC to the specified tenant destination address without direct involvement of a virtual machine monitor running on the host processor.
  - 30. The method according to claim 22, wherein the data network is a Layer-3 network, and wherein the tenant networks are Layer-2 virtualized networks that are overlaid on the Layer-3 network.
  - 31. The method according to claim 22, and comprising decapsulating, in the NIC, encapsulated data packets received from the data network and conveying the decapsulated data packets to the virtual machine.
  - 32. The method according to claim 31, and comprising filtering and conveying at least a part of the received data packets from the NIC to a learner entity running on the host processor.

33. A computer software product, for use on a computer that includes a memory and a network interface controller (NIC), which is coupled to transmit and receive data packets over a data network, which supports multiple tenant networks overlaid on the data network,wherein the product comprises a computer-readable medium in which program instructions are stored, which instructions, when read by the computer, causes a virtual machine on the computer to submit to the NIC a work item, causing the NIC to identify, responsively to the work item, a tenant network over which the virtual machine is authorized to communicate, wherein the work item specifies a message to be sent to a tenant destination address on the tenant network and causes the NIC to generate a data packet containing an encapsulation header that is associated with the tenant network and to transmit the data packet over the data network to at least one data network address corresponding to the specified tenant destination address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mellanox Technologies Limited (NVIDIA Corporation)
Original Assignee
Mellanox Technologies Limited (NVIDIA Corporation)
Inventors
Bloch, Noam, Hirshberg, Eitan, Kagan, Michael

Granted Patent

US 9,008,097 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

G06F 9/45533   Hypervisors; Virtual machin...

H04L 12/4633   Interconnection of networks...

H04L 45/64   using an overlay routing layer

H04L 67/10   in which an application is ...

Network interface controller supporting network virtualization

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Network interface controller supporting network virtualization

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others