PROCESSING DATA MESSAGES OF A VIRTUAL NETWORK THAT ARE SENT TO AND RECEIVED FROM EXTERNAL SERVICE MACHINES
First Claim
1. For a multi-tenant virtual network system, a method of processing a data message that is associated with a virtual network that is defined for a particular tenant over a plurality of public cloud datacenters, the method comprising:
- determining that the data message is associated with an external service machine outside of the virtual network and the plurality of public cloud datacenters;
based on a tenant identifier (TID) for the particular tenant in the virtual network system, performing a first source network address translation (SNAT) operation to modify a first source network address of the data message to a modified second source network address;
performing a second SNAT operation to modify the modified second source network address of the data message to a modified third source network address; and
forwarding the data message, with the third modified source network address to the external service machine through an external network that is outside of the public cloud datacenters.
3 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity'"'"'s data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.
90 Citations
20 Claims
-
1. For a multi-tenant virtual network system, a method of processing a data message that is associated with a virtual network that is defined for a particular tenant over a plurality of public cloud datacenters, the method comprising:
-
determining that the data message is associated with an external service machine outside of the virtual network and the plurality of public cloud datacenters; based on a tenant identifier (TID) for the particular tenant in the virtual network system, performing a first source network address translation (SNAT) operation to modify a first source network address of the data message to a modified second source network address; performing a second SNAT operation to modify the modified second source network address of the data message to a modified third source network address; and forwarding the data message, with the third modified source network address to the external service machine through an external network that is outside of the public cloud datacenters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. For a multi-tenant virtual network system, a non-transitory machine readable medium of processing a data message that is associated with a virtual network that is defined for a particular tenant over a plurality of public cloud datacenters, the program for execution by at least one hardware processing unit, the program comprising sets of instructions for:
-
determining that the data message is associated with an external service machine outside of the virtual network and the plurality of public cloud datacenters; based on a tenant identifier (TID) for the particular tenant in the virtual network system, performing a first source network address translation (SNAT) operation to modify a first source network address of the data message to a modified second source network address; performing a second SNAT operation to modify the modified second source network address of the data message to a modified third source network address; and forwarding the data message, with the third modified source network address to the external service machine through an external network that is outside of the public cloud datacenters. - View Dependent Claims (17, 18, 19, 20)
-
Specification