Virtual Network Flow Monitoring

US 20140281030A1
Filed: 03/15/2013
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system for end-to-end virtual network flow monitoring in a virtual datacenter having a plurality of virtual machines (VMs), said system comprising:

a memory area associated with the virtual datacenter, said memory area storing a flow pattern including at least a source address and a destination address, the flow pattern being received from a user in a request to perform virtual network flow monitoring; and

a processor programmed to;

distribute the flow pattern stored in the memory area to a plurality of applications in the virtual datacenter, each of the plurality of applications managing a plurality of VMs as part of at least one virtual network;

aggregate, by the virtual datacenter from the plurality of applications, context data for one or more data packets routed by the plurality of applications and matching the flow pattern; and

determine a role associated with the user; and

filter, by the virtual datacenter based on the determined role, the aggregated context data for presentation to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments perform end-to-end virtual network flow monitoring in a virtual datacenter and provide differentiated views to users based on user role. A target flow pattern describing data packets of interest is distributed to a plurality of applications managing VMs in the virtual datacenter, such as hosts, virtual gateways, and other virtual network applications. Each of the applications monitors data packets routed by the application by comparing the data packets to the flow pattern and selectively collecting context data describing the data packets. The context data collected by the applications is aggregated at a remote server for analysis and reporting.

308 Citations

20 Claims

1. A system for end-to-end virtual network flow monitoring in a virtual datacenter having a plurality of virtual machines (VMs), said system comprising:
- a memory area associated with the virtual datacenter, said memory area storing a flow pattern including at least a source address and a destination address, the flow pattern being received from a user in a request to perform virtual network flow monitoring; and
  
  a processor programmed to;
  
  distribute the flow pattern stored in the memory area to a plurality of applications in the virtual datacenter, each of the plurality of applications managing a plurality of VMs as part of at least one virtual network;
  
  aggregate, by the virtual datacenter from the plurality of applications, context data for one or more data packets routed by the plurality of applications and matching the flow pattern; and
  
  determine a role associated with the user; and
  
  filter, by the virtual datacenter based on the determined role, the aggregated context data for presentation to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the plurality of applications operate as at least one of a host computing device or a virtual gateway.
  - 3. The system of claim 1, wherein the processor is further programmed to display the aggregated context data to the user.
  - 4. The system of claim 1, wherein the flow pattern further comprises at least one of a transmission control protocol (TCP) or a user datagram protocol (UDP).
  - 5. The system of claim 1, wherein the user comprises at least one of a virtual application owner, an administrator, or a developer.
  - 6. The system of claim 1, wherein the processor aggregates the context data across a logical network boundary.
  - 7. The system of claim 1, further comprising means for end-to-end tracing of the one or more data packets through the virtual datacenter based on a footprint for each of the one or more data packets.

8. A method comprising:
- for each of a plurality of computing devices associated with one or more virtual networks in a virtual datacenter, the virtual datacenter comprising a plurality of virtual machines (VMs);
  
  accessing, by the computing device, a flow pattern providing a source address and a destination address;
  
  receiving a data packet from the one or more virtual networks;
  
  comparing, by the computing device, the received data packet to the accessed flow pattern; and
  
  based on the comparison, collecting data describing the received data packet and transmitting the collected data for analysis to a reporting device accessible by each of the plurality of computing devices associated with the one or more virtual networks in the virtual datacenter.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein collecting the data comprises identifying at least one of a forwarding port, a filter applied to the data packet, a virtual network encapsulating the data packet, whether the received data packet has been copied, or whether the received data packet has been cloned.
  - 10. The method of claim 8, wherein collecting the data comprises collecting the data on determining that the received data packet matches the accessed flow pattern.
  - 11. The method of claim 8, wherein the computing device receives a plurality of the data packets, and wherein collecting the data comprises collecting the data for only those data packets, from the plurality of data packets, that match the accessed flow pattern.
  - 12. The method of claim 8, wherein receiving the data packet comprises receiving, by a host computing device, a data packet.
  - 13. The method of claim 8, wherein the computing device comprises a virtual gateway application, and further comprising deriving, by the virtual gateway application, flow table information from the accessed flow pattern.
  - 14. The method of claim 13, wherein comparing the received data packet to the accessed flow pattern comprises comparing the received data packet to the derived flow table information.
  - 15. The method of claim 8, wherein the computing device comprises a host, and wherein collecting the data comprises collecting the data across a network stack within the host.

16. One or more computer-readable storage media storing computer-executable components for performing end-to-end virtual network flow monitoring in a virtual datacenter having a plurality of virtual machine (VMs), the computer-executable components comprising:
- a plurality of host components that each, when executed, cause at least one processor to;
  
  receive a data packet;
  
  compare the received data packet to a flow pattern defined by a user, the flow pattern including at least a source address and a destination address; and
  
  based on the comparison, collect context data describing the received data packet; and
  
  a management component in communication with each of the plurality of host components, the management component, when executed, causing at least one processor to;
  
  aggregate the collected context data from one or more of the plurality of host components;
  
  determine a role associated with the user; and
  
  filter, based on the determined role, the aggregated, collected context data for presentation to the user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer storage media of claim 16, wherein the management component further receives, from the user, a request to perform the virtual network flow monitoring, the request including the flow pattern.
  - 18. The computer storage media of claim 16, wherein the management component further distributes the flow pattern to each of the plurality of host components.
  - 19. The computer storage media of claim 16, wherein each of the plurality of host components manages a plurality of VMs.
  - 20. The computer storage media of claim 16, wherein at least one of the plurality of host components represents a virtual gateway from a first virtual network to a second virtual network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Cui, Liang, Zhang, Wei, Jiang, Jingchun Jason, Jiang, Caixia

Granted Patent

US 9,407,519 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/244
CPC Class Codes

H04L 43/026   using flow identification

H04L 43/028   by filtering

Y02D 30/50   in wire-line communication ...

Virtual Network Flow Monitoring

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

308 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual Network Flow Monitoring

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

308 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links