Acceleration of packet flow classification in a virtualized system
First Claim
1. An apparatus comprising:
- a memory to store a plurality of database lookups and a plurality of policy databases, each database lookup associated with only one policy database and each policy database and database lookup pair associated with only one virtual machine, the policy database to store a processing policy associated with a received packet; and
a packet classifier to direct the received packet to the policy database and database lookup pair associated with one of a plurality of virtual machines to identify the processing policy to handle the received packet,wherein the virtual machine identified to handle the received packet is dependent on a network interface through which the packet is received.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system having a plurality of virtual machines is provided. Each virtual machine in the computer system has an associated policy (rules) database and database (policy table) for storing rules and a database lookup associated with the policy database. One policy database/database lookup pair per virtual machine allows each virtual machine to have a different set of packet processing rules and security policies for handling the same key. In addition, the policy database associated with one virtual machine may be updated and the database lookup associated with the policy database re-generated independently without requiring any update of the policy database lookups associated with any of the other policy databases in the computer system.
206 Citations
18 Claims
-
1. An apparatus comprising:
-
a memory to store a plurality of database lookups and a plurality of policy databases, each database lookup associated with only one policy database and each policy database and database lookup pair associated with only one virtual machine, the policy database to store a processing policy associated with a received packet; and a packet classifier to direct the received packet to the policy database and database lookup pair associated with one of a plurality of virtual machines to identify the processing policy to handle the received packet, wherein the virtual machine identified to handle the received packet is dependent on a network interface through which the packet is received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An method comprising:
-
providing a plurality of database lookups and a plurality of policy databases, each database lookup associated with only one policy database and each policy database and database lookup pair associated with only one virtual machine, the policy database to store a processing policy associated with a received packet; and directing the received packet to the policy database and database lookup pair associated with one of a plurality of virtual machines to identify the processing policy to handle the received packet, wherein the virtual machine identified to handle the received packet is dependent on a network interface through which the packet is received. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An article including a machine-accessible medium having associated information, wherein the information, when accessed, results in a machine performing:
-
providing a plurality of database lookups and a plurality of policy databases, each database lookup associated with only one policy database and each policy database and database lookup pair associated with only one virtual machine, the policy database to store a processing policy associated with a received packet; and directing the received packet to the policy database and database lookup pair associated with one of a plurality of virtual machines to identify the processing policy to handle the received packet, wherein the virtual machine identified to handle the received packet is dependent on a network interface through which the packet is received.
-
-
18. An system comprising:
-
a switch; a memory to store a plurality of database lookups and a plurality of policy databases, each database lookup associated with only one policy database and each policy database and database lookup pair associated with only one virtual machine, the policy database to store a processing policy associated with a received packet; and a packet classifier to direct the received packet to the policy database and database lookup pair associated with one of a plurality of virtual machines to identify the processing policy to handle the received packet, wherein the virtual machine identified to handle the received packet is dependent on a network interface through which the packet is received.
-
Specification