MULTI-TENANT ISOLATION IN A CLOUD ENVIRONMENT USING SOFTWARE DEFINED NETWORKING
First Claim
Patent Images
1. A method for processing packet traffic in a multi-tenant network, comprising:
- receiving a packet;
responsive to determining that a tenant associated with the received packet cannot be determined, requesting tenant information from a first controller;
receiving the requested tenant information from the first controller;
responsive to determining that a forwarding rule associated with the received packet cannot be determined, requesting the forwarding rule from a second controller;
receiving the requested forwarding rule from the second controller; and
transmitting the packet in accordance with the received forwarding rule.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for ensuring multi-tenant isolation in a data center are provided. A switch, or virtualized switch, can be used to de-multiplex incoming traffic between a number of data centers tenants and to direct traffic to the appropriate virtual slice for an identified tenant. The switch can store tenant identifying information received from a master controller and packet forwarding rules received from at least one tenant controller. The packet handling rules are associated with a specific tenant and can be used to forward traffic to its destination.
237 Citations
27 Claims
-
1. A method for processing packet traffic in a multi-tenant network, comprising:
-
receiving a packet; responsive to determining that a tenant associated with the received packet cannot be determined, requesting tenant information from a first controller; receiving the requested tenant information from the first controller; responsive to determining that a forwarding rule associated with the received packet cannot be determined, requesting the forwarding rule from a second controller; receiving the requested forwarding rule from the second controller; and transmitting the packet in accordance with the received forwarding rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A switch in a multi-tenant network comprising a processor and a memory, the memory containing instructions executable by the processor whereby the switch is operative to:
-
receive a packet; responsive to determining that a tenant associated with the received packet cannot be determined, request tenant information from a first controller; receive the requested tenant information from the first controller; responsive to determining that a forwarding rule associated with the received packet cannot be determined, request the forwarding rule from a second controller; receive the requested forwarding rule from the second controller; and transmit the packet in accordance with the received forwarding rule. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A switch comprising:
-
a receiving module for receiving a packet; a tenant identification module for requesting tenant information from a first controller in response to determining that a tenant associated with the received packet cannot be determined, and for receiving the requested tenant information from the first controller; a rule identification module for requesting a forwarding rule from a second controller in response to determining that the forwarding rule associated with the received packet cannot be determined, and for receiving the requested forwarding rule from the second controller; and a transmitting module for transmitting the packet in accordance with the received forwarding rule.
-
Specification