Virtual network in server farm

US 7,802,000 B1
Filed: 05/01/2006
Issued: 09/21/2010
Est. Priority Date: 08/01/2005
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for managing virtual networks, the method comprising the steps of:

maintaining a fenced configuration of virtual machines deployed on a plurality of physical servers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group, the plurality of physical servers being communicatively coupled in a private network, the private network is connected to an external network through a network gateway;

intercepting a plurality of outbound packets from a first virtual machine that resides on a first physical server in the plurality of physical servers, the plurality of outbound packets being destined for a second virtual machine that resides on a second physical server in the plurality of physical servers; and

determining if the first virtual machine and the second virtual machine are a part of the fenced configuration,wherein if the first virtual machine and the second virtual machine are a part of the fenced configuration, transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, wherein the second physical server further transmits the plurality of outbound packets to the second virtual machine;

wherein if the first virtual machine is a part of the fenced configuration and the second virtual machine is not a part of the fenced configuration, dropping the plurality of outbound packets.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of virtual machines execute on a network of physical computers. The virtual machines are deployed in fenced and unfenced configurations across multiple physical computers. Host level virtual network devices execute on the physical computers, and intercept the virtual machine network traffic. For each fenced configuration of virtual machines, a distributed virtual switch transmits network traffic between the virtual machines deployed in that fenced configuration, and a virtual router routes network traffic between virtual machines deployed in that fenced configuration and external components.

Citations

35 Claims

1. A computer implemented method for managing virtual networks, the method comprising the steps of:
- maintaining a fenced configuration of virtual machines deployed on a plurality of physical servers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group, the plurality of physical servers being communicatively coupled in a private network, the private network is connected to an external network through a network gateway;
  
  intercepting a plurality of outbound packets from a first virtual machine that resides on a first physical server in the plurality of physical servers, the plurality of outbound packets being destined for a second virtual machine that resides on a second physical server in the plurality of physical servers; and
  
  determining if the first virtual machine and the second virtual machine are a part of the fenced configuration,wherein if the first virtual machine and the second virtual machine are a part of the fenced configuration, transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, wherein the second physical server further transmits the plurality of outbound packets to the second virtual machine;
  
  wherein if the first virtual machine is a part of the fenced configuration and the second virtual machine is not a part of the fenced configuration, dropping the plurality of outbound packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 further comprising routing network traffic between virtual machines of the fenced configuration and components of the external network, wherein the routing network traffic being enabling an exchange of data packets between a virtual machine in the fenced configuration and the components of the external network, through the network gateway.
  - 3. The method of claim 1, wherein the determining includes checking a fence identifier that is added to a packet header of each of the plurality of outbound packets, wherein the fenced configuration is assigned a unique fence identifier.
  - 4. The method of claim 1 further comprising:
    - a host level virtual network device receiving packets from a physical network device intended for virtual machines deployed in a fenced configuration on a physical server;
      
      the host level virtual network device un-encapsulating the received packets for transmission to target virtual machines deployed in the fenced configuration on the physical server; and
      
      the host level virtual network device transmitting the un-encapsulated packets to a virtual network for distribution to the target virtual machines deployed in the fenced configuration on the physical server.
  - 5. The method of claim 1 wherein transmitting each of the plurality of outbound packets to at least to the second physical server, further comprises transmitting the plurality of outbound packets to every physical server on the network.
  - 6. The method of claim 1 wherein transmitting each of the plurality of outbound packets at least to the second physical server, further comprises:
    - maintaining a record of on which of the plurality of physical servers, virtual machines of the fenced configuration are deployed; and
      
      transmitting the plurality of outbound packets to physical servers on which virtual machines are deployed in a same fenced configuration as the first virtual machine.
  - 7. The method of claim 1 wherein transmitting each of the plurality of outbound packets at least the second physical server, further comprises:
    - maintaining a separate multicast address for the at least one fenced configuration; and
      
      transmitting each of the plurality of outbound packets to a multicast address for the fenced configuration in which the first virtual machine is deployed.
  - 8. The method of claim 1 wherein transmitting each of the plurality of outbound packets at least to the second physical server, further comprises:
    - maintaining a mapping between virtual machine addresses and physical server addresses; and
      
      using the mapping to transmit each of the plurality of outbound packets to the second physical server on which the second virtual machine is deployed in a same fenced configuration as the first virtual machine that sent the plurality of outbound packets.
  - 9. The method of claim 1 further comprising creating a configuration of virtual machines.
  - 10. The method of claim 9 further comprising deploying the configuration of virtual machines on multiple physical servers in non-fenced mode.
  - 11. The method of claim 9 further comprising deploying the configuration of virtual machines on multiple physical servers in fenced mode.
  - 12. The method of claim 9 further comprising:
    - making a copy of the configuration of virtual machines; and
      
      deploying the copy of the configuration of virtual machines on multiple physical servers in fenced mode.
  - 13. The method of claim 1 further comprising:
    - creating a fenced configuration of virtual machines; and
      
      deploying the fenced configuration of virtual machines.
  - 14. The method of claim 1 further comprising fencing a deployed non-fenced configuration of virtual machines.
  - 15. The method of claim 1 further comprising un-fencing a deployed fenced configuration of virtual machines.
  - 16. The method of claim 1 further comprising:
    - fragmenting the plurality of outbound packets into packet fragments; and
      
      transmitting the packet fragments.
  - 17. The method of claim 16 further comprising:
    - receiving the packet fragments; and
      
      reassembling the packet fragments into packets.
  - 18. The method of claim 1 further comprising maintaining the fenced configuration of virtual machines deployed on the plurality of physical servers residing on a plurality of network subnets.

19. At least one computer readable non-transitory storage medium containing a computer program product for managing virtual networks, the computer program product comprising:
- program code for maintaining a fenced configuration of virtual machines deployed on a plurality of physical servers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group, the plurality of physical servers being communicatively coupled in a private network, the private network is connected to an external network through a network gateway;
  
  program code for intercepting a plurality of outbound packets network traffic from a first virtual machine that resides on a first physical server in the plurality of physical servers, the plurality of outbound packets being destined for a second virtual machine that resides on a second physical server in the plurality of physical servers; and
  
  program code for determining if the first virtual machine and the second virtual machine are a part of the at least one fenced configuration,program code for transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed wherein the program code for transmitting performs the transmission if the first virtual machine and the second virtual machine are a part of the at least one fenced configuration, wherein the program code for transmitting causes the second physical server further transmits the plurality of outbound packets to the second virtual machine; and
  
  program code for dropping the plurality of outbound packets if the first virtual machine is a part of the fenced configuration and the second virtual machine is not a part of the at least one fenced configuration transmitting intercepted inbound packets to locally deployed target virtual machines.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 20. The computer program product of claim 19 further comprising:
    - program code for routing network traffic between virtual machines of the fenced configuration and components of the external network, wherein the routing network traffic being enabling an exchange of data packets between a virtual machine in the fenced configuration and the components of the external network, through the network gateway.
  - 21. The computer program product of claim 19 the program code for determining comprising program code for checking a fence identifier that is added to a packet header of each of the plurality of outbound packets, wherein the fenced configuration is assigned a unique fence identifier.
  - 22. The computer program product of claim 19 further comprising:
    - program code for a host level virtual network device receiving packets from a physical network device intended for virtual machines deployed in a fenced configuration on a physical server;
      
      program code for the host level virtual network device un-encapsulating the received packets for transmission to target virtual machines deployed in the fenced configuration on the physical server; and
      
      program code for the host level virtual network device transmitting the un-encapsulated packets to a virtual network for distribution to the target virtual machines deployed in the fenced configuration on the physical server.
  - 23. The computer program product of claim 19 wherein the program code for transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, further comprises program code for transmitting the plurality of outbound packets to every physical server on the network.
  - 24. The computer program product of claim 19 wherein the program code for transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, further comprises:
    - program code for maintaining a record of on which of the plurality of physical servers, virtual machines of the fenced configuration are deployed; and
      
      program code for transmitting the plurality of outbound packets to physical servers on which virtual machines are deployed in a same fenced configuration as a virtual machine that sent the plurality of outbound packets.
  - 25. The computer program product of claim 19 wherein the program code for transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, further comprises:
    - program code for maintaining a separate multicast address for the at least one fenced configuration; and
      
      program code for transmitting each of the plurality of outbound packets to a multicast address for the fenced configuration in which a virtual machine that sent the plurality of outbound packets is deployed.
  - 26. The computer program product of claim 19 wherein the program code for transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, further comprises:
    - program code for maintaining a mapping between virtual machine addresses and physical server addresses; and
      
      program code for using the mapping to transmit each of the plurality of outbound packets to a physical server on which the second virtual machine is deployed.
  - 27. The computer program product of claim 19 further comprising program code for creating a configuration of virtual machines.
  - 28. The computer program product of claim 27 further comprising program code for deploying the configuration of virtual machines on multiple physical servers in non-fenced mode.
  - 29. The computer program product of claim 27 further comprising program code for deploying the configuration of virtual machines on multiple physical servers in fenced mode.
  - 30. The computer program product of claim 27 further comprising:
    - program code for making a copy of the configuration of virtual machines; and
      
      program code for deploying the copy of the configuration of virtual machines on the plurality of physical servers in fenced mode.
  - 31. The computer program product of claim 19 further comprising:
    - program code for creating a fenced configuration of virtual machines; and
      
      program code for deploying the fenced configuration of virtual machines.
  - 32. The computer program product of claim 19 further comprising program code for fencing a deployed non-fenced configuration of virtual machines.
  - 33. The computer program product of claim 19 further comprising program code for un-fencing a deployed fenced configuration of virtual machines.
  - 34. The computer program product of claim 19 further comprising program code for maintaining at least one fenced configuration of virtual machines deployed on multiple physical servers residing on a plurality of network subnets.

35. A computer system for managing virtual networks, the computer system comprising:
- a plurality of physical computers communicatively coupled in a private network, the private network is connected to an external network through a virtual router;
  
  a plurality of virtual machines deployed on the plurality of physical computers;
  
  a host level virtual network device executing on each of the plurality of physical computers, the host level virtual network device being configured to intercept network traffic of virtual machines deployed on the each of the plurality of physical computers;
  
  a fenced configuration of virtual machines deployed on the plurality of physical computers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers in the private network, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group;
  
  for the fenced configuration of virtual machines, a distributed virtual switch communicatively coupled to the fenced configuration of virtual machines, the distributed virtual switch being configured to switch network traffic among virtual machines deployed in the fenced configuration; and
  
  for the fenced configuration of virtual machines, the virtual router communicatively coupled to the fenced configuration of virtual machines, the virtual router being configured to route network traffic between virtual machines deployed in the fenced configuration and components of the external network, wherein the routing of the network traffic being enabling an exchange of data packets between a virtual machine in the fenced configuration and the components of the external network,wherein, the distributed virtual switch enables communication between a first virtual machine and a second virtual machine that are a part of the fenced configuration and disables communication between the first virtual machine that is a part of the fenced configuration and a third virtual machine that is not a part of the fenced configuration, wherein the first virtual machine, the second virtual machine and the third virtual machine are a part of the plurality of virtual machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Huang, Xun Wilson, Dalal, Anupam, Phillips, James, Siamwalla, Rachit, Lochan, Gaurav
Primary Examiner(s)
Dinh; Khanh Q

Application Number

US11/381,119
Time in Patent Office

1,604 Days
Field of Search

709/226, 709/238, 709/223, 709/227, 709/220, 709/225, 709/228, 711/154, 455/404.2
US Class Current

709/228
CPC Class Codes

G06F 9/5077   Logical partitioning of res...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 45/00   Routing or path finding of ...

H04L 45/76   Routing in software-defined...

H04L 61/106   across networks, e.g. mappi...

H04L 61/2514   between local and global IP...

H04L 67/10   in which an application is ...

Virtual network in server farm

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual network in server farm

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links