Distributed virtual network gateways
First Claim
1. One or more computer-readable storage media excluding signals per se having computer-executable instructions embodied thereon that, when executed, perform a method for managing distribution of data packets between endpoints, the method comprising:
- detecting one or more data packets at a first endpoint, wherein each of the one or more data packets include a header comprising a source address and a destination address;
sending to a directory service a request that carries the source address and the destination address;
receiving from the directory service a response that carries a forwarding path;
performing a routing decision comprising readdressing the one or more data packets based on the received forwarding path, wherein readdressing the one or more data packets based on, in part, the forwarding path comprises encapsulating the one or more data packets as inner data packets within respective outer data packets, wherein the outer data packets each include a header that exposes location-dependent addresses of a physical network; and
transmitting the one or more readdressed data packets to a second endpoint based on, in part, the location-dependent address.
2 Assignments
0 Petitions
Accused Products
Abstract
Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.
-
Citations
19 Claims
-
1. One or more computer-readable storage media excluding signals per se having computer-executable instructions embodied thereon that, when executed, perform a method for managing distribution of data packets between endpoints, the method comprising:
-
detecting one or more data packets at a first endpoint, wherein each of the one or more data packets include a header comprising a source address and a destination address; sending to a directory service a request that carries the source address and the destination address; receiving from the directory service a response that carries a forwarding path; performing a routing decision comprising readdressing the one or more data packets based on the received forwarding path, wherein readdressing the one or more data packets based on, in part, the forwarding path comprises encapsulating the one or more data packets as inner data packets within respective outer data packets, wherein the outer data packets each include a header that exposes location-dependent addresses of a physical network; and transmitting the one or more readdressed data packets to a second endpoint based on, in part, the location-dependent address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for supporting and isolating communications between endpoints, the computer system comprising:
-
a directory service that maintains a mapping between virtual internet protocol (IP) addresses and location-dependent addresses of a physical network; a first endpoint that generates one or more data packets structured with headers that include a source IP address and a destination IP address, wherein the source IP address points to the first endpoint, and wherein the destination IP address points to a second endpoint; and a driver that performs a routing decision per each connection made by the first endpoint, wherein performing the routing decision comprises; (a) communicating with the directory service to determine a forwarding path and a transformation action as a function of the source IP address and the destination IP address; (b) upon determining that the first endpoint and the second endpoint reside within a common data center, rewriting the source IP address and the destination IP address with respective location-dependent addresses of the forwarding path; (c) upon determining that the second endpoint is unable to translate the headers of the one or more data packets if the source IP address and the destination IP address are removed, encapsulating the one or more data packets as inner data packets within respective outer data packets, wherein the outer data packets each include a header that exposes the location-dependent addresses of the forwarding path; and (d) upon determining that the transformation action dictates a layer of protection to secure connectivity between the first endpoint and the second endpoint be provided, transforming the one or more data packets based on the received transformation action. - View Dependent Claims (17, 18)
-
-
19. A computerized method for identifying a network pathway and transformation action in response to a request from a distributed, virtual network gateway, the method comprising:
-
providing a directory service that maintains a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, and maintains a table that recognizes an appropriate transformation action, wherein the table is designed according to communication policies that govern data-packet traffic across pathways that connect endpoints within a network; receiving a request from a virtual network gateway in communication with a recipient endpoint, wherein the request includes indicia of a source IP address and a destination IP address carried via a header of one or more data packets accepted by the recipient endpoint; inspecting the mapping with the source IP address and the destination IP address to identify corresponding location-dependent addresses constituting a forwarding path of the one or more data packets through a physical network; inspecting the table with the forwarding path to identify a corresponding transformation action, wherein the transformation action comprises at least one of the following; (a) rewriting the header of the one or more data packets to include the location-dependent addresses; (b) encapsulating the one or more data packets as inner data packets within respective outer data packets, wherein the outer data packets each include a header that carries the location-dependent addresses;
or(c) configuring the one or more data packets with a tunneling protocol; and returning a response that delivers to the virtual network gateway indicia of the identified forwarding path and the identified transformation action, wherein the virtual network gateway communicates the response to the recipient endpoint, and wherein the recipient endpoint implements the identified forwarding path and the identified transformation action when transmitting the one or more data packets therefrom.
-
Specification