Virtual input-output connections for machine virtualization

US 8,201,168 B2
Filed: 12/25/2008
Issued: 06/12/2012
Est. Priority Date: 12/25/2008
Status: Active Grant

First Claim

Patent Images

1. A computing method, comprising:

specifying a virtual computer system comprising at least one virtual or physical compute node, which produces data packets having respective source attributes;

defining at least one Virtual Input-Output Connection (VIOC) that is uniquely associated with the values of the source attributes;

defining a policy specifying an operation to be performed with regard to the VIOC;

implementing the virtual computer system on a physical computer system that includes at least one physical packet switching element; and

configuring the physical packet switching element to identify the data packets whose source attributes have the values that are associated with the VIOC and to perform the operation on the identified data packets, so as to enforce the policy on the VIOC,wherein configuring the physical packet switching element comprises detecting a change in one of the physical computer system and the virtual computer system, and re-configuring the physical packet switching element responsively to the detected change, so as to cause the physical packet switching element to continue enforcing the policy,wherein the at least one physical packet switching element comprises first and second physical packet switching elements, wherein configuring the physical packet switching element comprises initially configuring the first physical packet switching element to enforce the policy, and wherein re-configuring the physical packet switching element comprises, responsively to detecting the change, configuring the second physical packet switching element to enforce the policy.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing method includes specifying a virtual computer system including at least one virtual or physical compute node, which produces data packets having respective source attributes. At least one Virtual Input-Output Connection (VIOC) that is uniquely associated with the values of the source attributes is defined. A policy specifying an operation to be performed with regard to the VIOC is defined. The virtual computer system is implemented on a physical computer system, which includes at least one physical packet switching element. The physical packet switching element is configured to identify the data packets whose source attributes have the values that are associated with the VIOC and to perform the operation on the identified data packets, so as to enforce the policy on the VIOC.

Citations

31 Claims

1. A computing method, comprising:
- specifying a virtual computer system comprising at least one virtual or physical compute node, which produces data packets having respective source attributes;
  
  defining at least one Virtual Input-Output Connection (VIOC) that is uniquely associated with the values of the source attributes;
  
  defining a policy specifying an operation to be performed with regard to the VIOC;
  
  implementing the virtual computer system on a physical computer system that includes at least one physical packet switching element; and
  
  configuring the physical packet switching element to identify the data packets whose source attributes have the values that are associated with the VIOC and to perform the operation on the identified data packets, so as to enforce the policy on the VIOC,wherein configuring the physical packet switching element comprises detecting a change in one of the physical computer system and the virtual computer system, and re-configuring the physical packet switching element responsively to the detected change, so as to cause the physical packet switching element to continue enforcing the policy,wherein the at least one physical packet switching element comprises first and second physical packet switching elements, wherein configuring the physical packet switching element comprises initially configuring the first physical packet switching element to enforce the policy, and wherein re-configuring the physical packet switching element comprises, responsively to detecting the change, configuring the second physical packet switching element to enforce the policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method according to claim 1, wherein specifying the virtual computing system comprises specifying a Virtual Network Interface Card (VNIC) for the compute node, and wherein defining the VIOC comprises associating the VIOC with the VNIC.
  - 3. The method according to claim 1, wherein the source attributes comprise at least one attribute type selected from a group of types consisting of a source Media Access Control (MAC) address, a source Virtual Local Area Network (VLAN), a priority level and a source Internet Protocol (IP) address.
  - 4. The method according to claim 1, wherein configuring the physical packet switching element comprises producing a definition, having a format that is recognizable by the physical packet switching element, of the values of the source attributes that are associated with the VIOC, and configuring the physical packet switching element using the definition.
  - 5. The method according to claim 4, wherein the definition comprises an Access Control List (ACL).
  - 6. The method according to claim 1, wherein the physical computer system comprises at least one physical computer comprising multiple physical ports, and wherein defining the VIOC comprises aggregating the multiple physical ports and associating the VIOC with the multiple aggregated physical ports.
  - 7. The method according to claim 1, wherein the policy specifies access privileges with regard to the data packets that are associated with the VIOC.
  - 8. The method according to claim 1, wherein the policy defines a Virtual Local Area Network (VLAN) for exchanging the data packets that are associated with the VIOC.
  - 9. The method according to claim 1, wherein the policy defines an encryption operation to be applied with regard to the VIOC.
  - 10. The method according to claim 1, wherein the policy defines an authentication operation to be applied with regard to the VIOC.
  - 11. The method according to claim 1, wherein the policy defines a Quality-of-Service (QoS) property of the VIOC.
  - 12. The method according to claim 1, wherein the policy requests monitoring of information related to the VIOC.
  - 13. The method according to claim 1, wherein the policy defines a mirroring operation to be performed with regard to the VIOC.
  - 14. The method according to claim 1, wherein the policy requests one of an activation and a deactivation of the VIOC.
  - 15. The method according to claim 1, wherein defining the at least one VIOC comprises defining multiple VIOCs and grouping the multiple VIOCs to form a VIOC cluster, wherein defining the policy comprises defining a cluster policy to be applied to the multiple VIOCs in the VIOC cluster, and wherein configuring the physical packet switching element comprises configuring the physical packet switching element to apply the cluster policy to the data packets that are associated with any of the VIOCs in the VIOC cluster.

16. A computing apparatus, comprising:
- an interface, which is operative to communicate with a physical computer system that includes at least one physical packet switching element; and
  
  a processor, which is coupled to accept a specification of a virtual computer system comprising at least one virtual or physical compute node, which produces data packets having respective source attributes, to accept a definition of at least one Virtual Input-Output Connection (VIOC) that is uniquely associated with the values of the source attributes, to accept a policy specifying an operation to be performed with regard to the VIOC, to implement the virtual computer system on the physical computer system, and to configure the physical packet switching element to identify the data packets whose source attributes have the values that are associated with the VIOC and to perform the operation on the identified data packets, so as to enforce the policy on the VIOC,wherein the processor is coupled to detect a change in one of the physical computer system and the virtual computer system, and to re-configure the physical packet switching element responsively to the detected change so as to cause the physical packet switching element to continue enforcing the policy,wherein the at least one physical packet switching element comprises first and second physical packet switching elements, and wherein the processor is coupled to initially configure the first physical packet switching element to enforce the policy, and, responsively to detecting the change, to configure the second physical packet switching element to enforce the policy.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The apparatus according to claim 16, wherein the specification of the virtual computing system specifies a Virtual Network Interface Card (VNIC) for the compute node, and wherein the processor is coupled to associate the VIOC with the VNIC.
  - 18. The apparatus according to claim 16, wherein the source attributes comprise at least one attribute type selected from a group of types consisting of a source Media Access Control (MAC) address, a source Virtual Local Area Network (VLAN), a priority level and a source Internet Protocol (IP) address.
  - 19. The apparatus according to claim 16, wherein the processor is coupled to produce a definition, having a format that is recognizable by the physical packet switching element, of the values of the source attributes that are associated with the VIOC, and to configure the physical packet switching element using the definition.
  - 20. The apparatus according to claim 19, wherein the definition comprises an Access Control List (ACL).
  - 21. The apparatus according to claim 16, wherein the physical computer system comprises at least one physical compute node comprising multiple physical ports, and wherein the definition of the VIOC aggregates the multiple physical ports and associates the VIOC with the multiple aggregated physical ports.
  - 22. The apparatus according to claim 16, wherein the policy specifies access privileges with regard to the data packets that are associated with the VIOC.
  - 23. The apparatus according to claim 16, wherein the policy defines a Virtual Local Area Network (ULAN) for exchanging the data packets that are associated with the VIOC.
  - 24. The apparatus according to claim 16, wherein the policy defines an encryption operation to be applied with regard to the VIOC.
  - 25. The apparatus according to claim 16, wherein the policy defines an authentication operation to be applied with regard to the VIOC.
  - 26. The apparatus according to claim 16, wherein the policy defines a Quality-of-Service (QoS) property of the VIOC.
  - 27. The apparatus according to claim 16, wherein the policy requests monitoring of information related to the VIOC.
  - 28. The apparatus according to claim 16, wherein the policy defines a mirroring operation to be performed with regard to the VIOC.
  - 29. The apparatus according to claim 16, wherein the policy requests one of an activation and a deactivation of the VIOC.
  - 30. The apparatus according to claim 16, wherein the definition of the at least one VIOC defines multiple VIOCs and groups the multiple VIOCs to form a VIOC cluster, wherein the policy comprises a cluster policy to be applied to the multiple VIOCs in the VIOC cluster, and wherein the processor is coupled to configure the physical packet switching element to apply the cluster policy to the data packets that are associated with any of the VIOCs in the VIOC cluster.

31. A non-transitory computer-readable medium in which program instructions are stored, which instructions, when read by a processor, cause the processor to communicate with a physical computer system that includes at least one physical packet switching element, to accept a specification of a virtual computer system comprising at least one virtual or physical compute node, which produces data packets having respective source attributes, to accept a definition of at least one Virtual Input-Output Connection (VIOC) that is uniquely associated with the values of the source attributes, to accept a policy specifying an operation to be performed with regard to the VIOC, to implement the virtual computer system on the physical computer system, and to configure the physical packet switching element to identify the data packets whose source attributes have the values that are associated with the VIOC and to perform the operation on the identified data packets, so as to enforce the policy on the VIOC, to detect a change in one of the physical computer system and the virtual computer system, and to re-configure the physical packet switching element responsively to the detected change so as to cause the physical packet switching element to continue enforcing the policy,wherein the at least one physical packet switching element comprises first and second physical packet switching elements, and wherein the instructions cause the processor to initially configure the first physical packet switching element to enforce the policy, and, responsively to detecting the change, to configure the second physical packet switching element to enforce the policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mellanox Technologies Limited (NVIDIA Corporation)
Original Assignee
Voltaire Limited (NVIDIA Corporation)
Inventors
Haviv, Yaron, Berlovitch, Albert
Primary Examiner(s)
Vicary, Keith

Application Number

US12/344,235
Publication Number

US 20100169880A1
Time in Patent Office

1,265 Days
Field of Search

718/1, 709/224
US Class Current

718/1
CPC Class Codes

H04L 12/4625   Single bridge functionality...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 49/70   Virtual switches

H04L 63/101   Access control lists [ACL]

Virtual input-output connections for machine virtualization

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual input-output connections for machine virtualization

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links