Virtual network in server farm
First Claim
Patent Images
1. A computer implemented method for managing virtual networks, the method comprising the steps of:
- maintaining a fenced configuration of virtual machines deployed on a plurality of physical servers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group, the plurality of physical servers being communicatively coupled in a private network, the private network is connected to an external network through a network gateway;
intercepting a plurality of outbound packets from a first virtual machine that resides on a first physical server in the plurality of physical servers, the plurality of outbound packets being destined for a second virtual machine that resides on a second physical server in the plurality of physical servers; and
determining if the first virtual machine and the second virtual machine are a part of the fenced configuration,wherein if the first virtual machine and the second virtual machine are a part of the fenced configuration, transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, wherein the second physical server further transmits the plurality of outbound packets to the second virtual machine;
wherein if the first virtual machine is a part of the fenced configuration and the second virtual machine is not a part of the fenced configuration, dropping the plurality of outbound packets.
3 Assignments
0 Petitions
Accused Products
Abstract
A plurality of virtual machines execute on a network of physical computers. The virtual machines are deployed in fenced and unfenced configurations across multiple physical computers. Host level virtual network devices execute on the physical computers, and intercept the virtual machine network traffic. For each fenced configuration of virtual machines, a distributed virtual switch transmits network traffic between the virtual machines deployed in that fenced configuration, and a virtual router routes network traffic between virtual machines deployed in that fenced configuration and external components.
-
Citations
35 Claims
-
1. A computer implemented method for managing virtual networks, the method comprising the steps of:
-
maintaining a fenced configuration of virtual machines deployed on a plurality of physical servers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group, the plurality of physical servers being communicatively coupled in a private network, the private network is connected to an external network through a network gateway; intercepting a plurality of outbound packets from a first virtual machine that resides on a first physical server in the plurality of physical servers, the plurality of outbound packets being destined for a second virtual machine that resides on a second physical server in the plurality of physical servers; and determining if the first virtual machine and the second virtual machine are a part of the fenced configuration, wherein if the first virtual machine and the second virtual machine are a part of the fenced configuration, transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed, wherein the second physical server further transmits the plurality of outbound packets to the second virtual machine; wherein if the first virtual machine is a part of the fenced configuration and the second virtual machine is not a part of the fenced configuration, dropping the plurality of outbound packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one computer readable non-transitory storage medium containing a computer program product for managing virtual networks, the computer program product comprising:
-
program code for maintaining a fenced configuration of virtual machines deployed on a plurality of physical servers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group, the plurality of physical servers being communicatively coupled in a private network, the private network is connected to an external network through a network gateway; program code for intercepting a plurality of outbound packets network traffic from a first virtual machine that resides on a first physical server in the plurality of physical servers, the plurality of outbound packets being destined for a second virtual machine that resides on a second physical server in the plurality of physical servers; and program code for determining if the first virtual machine and the second virtual machine are a part of the at least one fenced configuration, program code for transmitting each of the plurality of outbound packets at least to the second physical server on which the second virtual machine is deployed wherein the program code for transmitting performs the transmission if the first virtual machine and the second virtual machine are a part of the at least one fenced configuration, wherein the program code for transmitting causes the second physical server further transmits the plurality of outbound packets to the second virtual machine; and program code for dropping the plurality of outbound packets if the first virtual machine is a part of the fenced configuration and the second virtual machine is not a part of the at least one fenced configuration transmitting intercepted inbound packets to locally deployed target virtual machines. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer system for managing virtual networks, the computer system comprising:
-
a plurality of physical computers communicatively coupled in a private network, the private network is connected to an external network through a virtual router; a plurality of virtual machines deployed on the plurality of physical computers; a host level virtual network device executing on each of the plurality of physical computers, the host level virtual network device being configured to intercept network traffic of virtual machines deployed on the each of the plurality of physical computers; a fenced configuration of virtual machines deployed on the plurality of physical computers, wherein the fenced configuration is a logical group of virtual machines that reside on the plurality of physical servers in the private network, the logical group in which the virtual machines are network isolated from other virtual machines that are not a part of the logical group; for the fenced configuration of virtual machines, a distributed virtual switch communicatively coupled to the fenced configuration of virtual machines, the distributed virtual switch being configured to switch network traffic among virtual machines deployed in the fenced configuration; and for the fenced configuration of virtual machines, the virtual router communicatively coupled to the fenced configuration of virtual machines, the virtual router being configured to route network traffic between virtual machines deployed in the fenced configuration and components of the external network, wherein the routing of the network traffic being enabling an exchange of data packets between a virtual machine in the fenced configuration and the components of the external network, wherein, the distributed virtual switch enables communication between a first virtual machine and a second virtual machine that are a part of the fenced configuration and disables communication between the first virtual machine that is a part of the fenced configuration and a third virtual machine that is not a part of the fenced configuration, wherein the first virtual machine, the second virtual machine and the third virtual machine are a part of the plurality of virtual machines.
-
Specification