ROUTING DATA MESSAGE FLOW THROUGH MULTIPLE PUBLIC CLOUDS

US 20190104050A1
Filed: 05/04/2018
Published: 04/04/2019
Est. Priority Date: 10/02/2017
Status: Active Grant

First Claim

Patent Images

1. A method of routing data message flows through a plurality of virtual networks defined over a plurality of public cloud datacenters for a plurality of tenants of a virtual network provider, the method comprising:

at an ingress forwarding element of a first virtual network for a first tenant,receiving a data message from an external machine outside of the public cloud datacenters;

determining that the data message is associated with the first tenant;

performing a first lookup operation to identify an egress forwarding element at which the data message should exit the first virtual network;

based on the identified egress forwarding element, performing a second lookup operation to identify a next hop forwarding element to receive the data message; and

forwarding the encapsulated data message to the next hop forwarding element.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity'"'"'s data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

91 Citations

View as Search Results

20 Claims

1. A method of routing data message flows through a plurality of virtual networks defined over a plurality of public cloud datacenters for a plurality of tenants of a virtual network provider, the method comprising:
- at an ingress forwarding element of a first virtual network for a first tenant,receiving a data message from an external machine outside of the public cloud datacenters;
  
  determining that the data message is associated with the first tenant;
  
  performing a first lookup operation to identify an egress forwarding element at which the data message should exit the first virtual network;
  
  based on the identified egress forwarding element, performing a second lookup operation to identify a next hop forwarding element to receive the data message; and
  
  forwarding the encapsulated data message to the next hop forwarding element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein performing the first and second lookup operations comprises:
    - examining a first portion of a route table for the first virtual network to identify a network address of the egress forwarding element at which the data message should exit the first virtual network; and
      
      based on the network address of the egress forwarding element, examining a second portion of the route table of the virtual network provider to identify a local interface or a network address associated with the next hop forwarding element to receive the data message.
  - 3. The method of claim 2, wherein forwarding the encapsulated data message to the next hop forwarding element comprises encapsulating the data message with at least one encapsulating header that includes the network addresses of the next hop forwarding element, the ingress forwarding element and the egress forwarding element.
  - 4. The method of claim 1, wherein performing the first and second lookup operations comprises:
    - examining a first route table for the first virtual network to identify a network address of an egress forwarding element at which the data message should exit the first virtual network; and
      
      based on the network address of the egress forwarding element, examining a second route table of the virtual network provider to identify a local interface or a network address of the next hop forwarding element to receive the data message.
  - 5. The method of claim 4, wherein forwarding the encapsulated data message to the next hop forwarding element comprises encapsulating the data message with at least one encapsulating header that includes the network addresses of the next hop forwarding element, the ingress forwarding element and the egress forwarding element.
  - 6. The method of claim 1,wherein the second lookup operation identifies a local interface of the ingress forwarding element as being connected to the next hop forwarding element;
    - wherein the forwarding of the encapsulated data message comprises providing the data message to the local interface to forward the data message to the next hop forwarding element;
      
      wherein the next hop forwarding element is the egress forwarding element.
  - 7. The method of claim 1 further comprisingbased on a network address of the next hop forwarding element identified in the second lookup operation, performing a third lookup operation to identify a local interface of the ingress forwarding element that is connected to the next hop forwarding element,wherein the forwarding of the encapsulated data message comprises providing the data message to the local interface to forward the data message to the next hop forwarding element, and the next hop forwarding element is not the egress forwarding element.
  - 8. The method of claim 1, wherein said forwarding elements are software forwarding elements.
  - 9. The method of claim 8, wherein the first and second lookup operations are performed by reference to different portions of a VRF (virtual routing and forwarding) namespace of the software forwarding elements.
  - 10. The method of claim 1, wherein the public cloud datacenters are multi-tenant public cloud datacenters.

11. A non-transitory machine readable medium storing a program for routing data message flows through a plurality of virtual networks defined over a plurality of public cloud datacenters for a plurality of tenants of a virtual network provider, the program for execution by at least one processing unit of a computer that implements a forwarding element of a first virtual network for a first tenant, the program comprising sets of instructions for:
- receiving a data message from an external machine outside of the public cloud datacenters;
  
  determining that the data message is associated with the first tenant;
  
  performing a first lookup operation to identify an egress forwarding element at which the data message should exit the first virtual network;
  
  based on the identified egress forwarding element, performing a second lookup operation to identify a next hop forwarding element to receive the data message; and
  
  forwarding the encapsulated data message to the next hop forwarding element.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The non-transitory machine readable medium of claim 11, wherein the set of instructions for performing the first and second lookup operations comprises sets of instructions for:
    - examining a first portion of a route table for the first virtual network to identify a network address of the egress forwarding element at which the data message should exit the first virtual network; and
      
      based on the network address of the egress forwarding element, examining a second portion of the route table of the virtual network provider to identify a local interface or a network address associated with the next hop forwarding element to receive the data message.
  - 13. The non-transitory machine readable medium of claim 12, wherein the set of instructions for forwarding the encapsulated data message to the next hop forwarding element comprises a set of instructions for encapsulating the data message with at least one encapsulating header that includes the network addresses of the next hop forwarding element, the ingress forwarding element and the egress forwarding element.
  - 14. The non-transitory machine readable medium of claim 11, wherein the set of instructions for performing the first and second lookup operations comprises sets of instructions for:
    - examining a first route table for the first virtual network to identify a network address of an egress forwarding element at which the data message should exit the first virtual network; and
      
      based on the network address of the egress forwarding element, examining a second route table of the virtual network provider to identify a local interface or a network address of the next hop forwarding element to receive the data message.
  - 15. The non-transitory machine readable medium of claim 14, wherein the set of instructions for forwarding the encapsulated data message to the next hop forwarding element comprises a set of instructions for encapsulating the data message with at least one encapsulating header that includes the network addresses of the next hop forwarding element, the ingress forwarding element and the egress forwarding element.
  - 16. The non-transitory machine readable medium of claim 11,wherein the second lookup operation identifies a local interface of the ingress forwarding element as being connected to the next hop forwarding element;
    - wherein the forwarding of the encapsulated data message comprises providing the data message to the local interface to forward the data message to the next hop forwarding element;
      
      wherein the next hop forwarding element is the egress forwarding element.
  - 17. The non-transitory machine readable medium of claim 11, wherein the program further comprises sets of instructions for:
    - based on a network address of the next hop forwarding element identified in the second lookup operation, performing a third lookup operation to identify a local interface of the ingress forwarding element that is connected to the next hop forwarding element,wherein the forwarding of the encapsulated data message comprises providing the data message to the local interface to forward the data message to the next hop forwarding element, and the next hop forwarding element is not the egress forwarding element.
  - 18. The non-transitory machine readable medium of claim 11, wherein said forwarding elements are software forwarding elements.
  - 19. The non-transitory machine readable medium of claim 18, wherein the first and second lookup operations are performed by reference to different portions of a VRF (virtual routing and forwarding) namespace of the software forwarding elements.
  - 20. The non-transitory machine readable medium of claim 11, wherein the public cloud datacenters are multi-tenant public cloud datacenters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Cidon, Israel, Dar, Chen, Venugopal, Prashanth, Zohar, Eyal, Markuze, Alex, Bergman, Aran

Granted Patent

US 11,102,032 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 12/1428   Invoice generation, e.g. cu...

H04L 12/2854   Wide area networks, e.g. pu...

H04L 12/2859   Point-to-point connection b...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/35   containing special prefixes

H04L 2212/00   Encapsulation of packets

H04L 41/046   comprising network manageme...

H04L 41/0803   Configuration setting

H04L 41/0895   Configuration of virtualise...

H04L 41/40   using virtualisation of net...

H04L 43/08   Monitoring or testing based...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/0888   Throughput

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/12   Shortest path evaluation

H04L 45/14   Routing performance; Theore...

H04L 45/64 : using an overlay routing layer

H04L 45/74 : Address processing for routing

H04L 45/745 : Address table lookup; Addre...

H04L 61/25 : of the same type

H04L 61/2514 : between local and global IP...

H04L 61/255 : Maintenance or indexing of ...

H04L 61/4511 : using domain name system [DNS]

H04L 63/0245 : Filtering by information in...

H04L 63/0263 : Rule management

H04L 63/0272 : Virtual private networks

H04L 63/0281 : Proxies

H04L 63/20 : for managing network securi...

H04L 67/10 : in which an application is ...

H04M 15/00 : Arrangements for metering, ...

H04M 15/51 : for resellers, retailers or...

View All

ROUTING DATA MESSAGE FLOW THROUGH MULTIPLE PUBLIC CLOUDS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ROUTING DATA MESSAGE FLOW THROUGH MULTIPLE PUBLIC CLOUDS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links