Participating in cloud as totally stubby edge
First Claim
1. One or more computer-readable storage devices that store executable instructions to perform a method of participating in a network cloud, the method comprising:
- sending a request to join said network cloud that is administered by an administrator;
after said request has been approved, receiving, by a device that is not trusted by said administrator, a parameter that governs said device'"'"'s participation in said network cloud, said parameter specifying (a) that said device is not allowed to transit data from one node in the cloud to another node in the cloud, (b) limits on which paths the device is allowed to specify for data that originates outside of the cloud, and (c) that said device is not allowed to specify a path for any data that said device receives from any node in the cloud;
based on a map of said network cloud, selecting a path to a first node in said network cloud, said path specifying a next hop that is either said first node or a second node in said network cloud from which said first node is directly or indirectly reachable;
inserting, into a frame that comprises data that has not been received by said device from any node in said network cloud, a tag that describes said path; and
sending said frame to said next hop;
the parameter that governs said device'"'"'s participation in the network cloud being enforced by nodes in the cloud that are trusted by said administrator, enforcement being performed by said nodes'"'"' rejection of paths that violate any terms of said device'"'"'s participation that are specified by said parameter.
2 Assignments
0 Petitions
Accused Products
Abstract
A Totally Stubby Edge (TSE) participates in a cloud under the condition that the TSE may select paths for frames that the TSE introduces to the cloud, but may not transit frames between nodes in the cloud. The edge submits, to an administrator of the cloud, a request to join the cloud. If the administrator allows the request, then the edge is given access to the address tables that define the structure of the cloud, and may insert itself into the structure. The edge may use the address tables to select paths for frames that the edge introduces to the cloud. Normally path decisions are made by devices that the administrator trusts and controls. However, since the TSE selects paths for its own frames but does not transit frames between other nodes in the cloud, the TSE may select paths even if it is untrusted by the administrator.
49 Citations
20 Claims
-
1. One or more computer-readable storage devices that store executable instructions to perform a method of participating in a network cloud, the method comprising:
-
sending a request to join said network cloud that is administered by an administrator; after said request has been approved, receiving, by a device that is not trusted by said administrator, a parameter that governs said device'"'"'s participation in said network cloud, said parameter specifying (a) that said device is not allowed to transit data from one node in the cloud to another node in the cloud, (b) limits on which paths the device is allowed to specify for data that originates outside of the cloud, and (c) that said device is not allowed to specify a path for any data that said device receives from any node in the cloud; based on a map of said network cloud, selecting a path to a first node in said network cloud, said path specifying a next hop that is either said first node or a second node in said network cloud from which said first node is directly or indirectly reachable; inserting, into a frame that comprises data that has not been received by said device from any node in said network cloud, a tag that describes said path; and sending said frame to said next hop; the parameter that governs said device'"'"'s participation in the network cloud being enforced by nodes in the cloud that are trusted by said administrator, enforcement being performed by said nodes'"'"' rejection of paths that violate any terms of said device'"'"'s participation that are specified by said parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of admitting a device to participate in a network cloud, the method comprising:
-
receiving, from said device, which is not trusted by an administrator of said network cloud, a request to participate in said network cloud; determining, based on authentication information provided by said device, that said device is permitted to participate in said network cloud; providing, to said device, a parameter that governs said device'"'"'s participation in said network cloud, said parameter specifying (a) that said device is not allowed to transit data from one node in the cloud to another node in the cloud, (b) limits on which paths the device is allowed to specify for data that originates outside of the cloud, and (c) that said device is not allowed to specify a path for any data that said device receives from any node in the cloud; receiving, from said device, a frame comprising a tag that specifies a path on which said frame is to be sent; verifying that said tag complies with said parameter; and sending said frame to a first node in said network cloud in accordance with said path; the parameter that governs said device'"'"'s participation in the network cloud being enforced by nodes in the cloud that are trusted by said administrator, enforcement being performed by said nodes'"'"' rejection of paths that violate any terms of said device'"'"'s participation that are specified by said parameter. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a network interface associated with a Media Access Control (MAC) address; a hypervisor; a virtual machine that is implemented by said hypervisor, and that participates in a network cloud as an edge device by inserting a tag into a frame, said tag specifying a path on which said frame is to be sent to a node in said network cloud, said path being based on a map maintained by an administrator of said network cloud, wherein said administrator does not trust said virtual machine, participation of said virtual machine in said network cloud being governed by conditions that (a) said virtual machine not transit data that said virtual machine receives from nodes in said network cloud, (b) that said virtual machine obey limits on which paths it may specify for data, and (c) that said virtual machine is not allowed to specify a path for any data that said virtual machine receives from any node in the cloud; the conditions that governs said virtual machine'"'"'s participation in the network cloud being enforced by nodes in the cloud that are trusted by said administrator, enforcement being performed by said nodes'"'"' rejection of paths that violate any terms of said virtual machine'"'"'s participation that are specified by said conditions. - View Dependent Claims (17, 18, 19, 20)
-
Specification