Interconnecting members of a virtual network

US 8,407,366 B2
Filed: 05/14/2010
Issued: 03/26/2013
Est. Priority Date: 05/14/2010
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable memory having computer-executable instructions embodied thereon that, when executed, perform a method for managing distribution of data packets between a plurality of members of a virtual network (V-net) that are isolated from other machines on a network, the method comprising:

providing a first V-net that comprises the plurality of members running, in part, within at least one data center, wherein the plurality of members include an originating network adapter and a destination network adapter;

detecting the originating network adapter attempting to transmit one or more data packets to the destination network adapter, wherein the one or more data packets are structured with a header that includes a target identifier of the destination network adapter;

performing a resolution process that comprises;

(a) accessing a forwarding table that is associated with the first V-net; and

(b) discovering a locator of a destination-side VM switch, listed in the forwarding table, that corresponds to the target identifier;

encapsulating the one or more data packets to include the locator of destination-side-VM-switch locator within an expanded header; and

directing the one or more encapsulated data packets from a source-side VM switch to the destination-side VM switch using the destination-side-VM-switch locator within the expanded header.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.

Citations

11 Claims

1. One or more computer-readable memory having computer-executable instructions embodied thereon that, when executed, perform a method for managing distribution of data packets between a plurality of members of a virtual network (V-net) that are isolated from other machines on a network, the method comprising:
- providing a first V-net that comprises the plurality of members running, in part, within at least one data center, wherein the plurality of members include an originating network adapter and a destination network adapter;
  
  detecting the originating network adapter attempting to transmit one or more data packets to the destination network adapter, wherein the one or more data packets are structured with a header that includes a target identifier of the destination network adapter;
  
  performing a resolution process that comprises;
  
  (a) accessing a forwarding table that is associated with the first V-net; and
  
  (b) discovering a locator of a destination-side VM switch, listed in the forwarding table, that corresponds to the target identifier;
  
  encapsulating the one or more data packets to include the locator of destination-side-VM-switch locator within an expanded header; and
  
  directing the one or more encapsulated data packets from a source-side VM switch to the destination-side VM switch using the destination-side-VM-switch locator within the expanded header.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The one or more computer-readable media of claim 1, wherein the forwarding table represents a mapping between the plurality of members of the first V-net and VM switches that are each located on respective nodes within the at least one data center, and wherein the mapping is designed according to communication policies that govern data-packet traffic between the plurality of members.
  - 3. The one or more computer-readable media of claim 1, wherein one of the plurality of members comprises a network adapter running on a virtual machine or a physical machine.
  - 4. The one or more computer-readable media of claim 1, wherein the destination-side VM switch and the destination network adapter reside within a first node of the at least one data center, and wherein the source-side VM switch and the originating network adapter reside on a second node of the at least one data center.
  - 5. The one or more computer-readable media of claim 4, wherein the forwarding table is maintained within a directory server that is accessible to the source-side VM switch by way of at least one request message, wherein the resolution process further comprises sending the target identifier, including an IP address and a media access control (MAC) address of the destination network adapter, to the directory server packaged within the at least one request message.
  - 6. The one or more computer-readable media of claim 4, wherein a portion of the forwarding table is stored at the source-side VM switch, wherein the resolution process further comprises inspecting the forwarding table locally at the source-side VM switch.
  - 7. The one or more computer-readable media of claim 1, wherein the plurality of members that comprise the first V-net are allocated to a first service application.
  - 8. The one or more computer-readable media of claim 1, the method further comprising providing a second V-net that comprises a plurality of members running, in part, within the at least one data center, wherein one or more of the plurality of members of the first V-net are assigned IP address that overlap IP addresses that are assigned to one or more of the plurality of members of the second V-net.
  - 9. The one or more computer-readable media of claim 8, wherein the plurality of members that comprise the second V-net are allocated to a second service application.
  - 10. The one or more computer-readable media of claim 1, wherein the destination network adapter resides on a node located in an enterprise private network that is remote from the at least one data center, and wherein the source-side VM switch is provisioned with gateway functionality for routing with the enterprise private network.
  - 11. The one or more computer-readable media of claim 10, wherein the method further comprising:
    - employing the gateway functionality to route the one or more encapsulated data packets to the destination network adapter; and
      
      employing the gateway functionality to apply transport protection to the one or more encapsulated data packets, wherein the transport protection affords a secure tunnel that traverses the at least one data center and the enterprise private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Alkhatib, Hasan, Kim, Changhoon, Outhred, Geoff, Bansal, Deepak, Greenberg, Albert, Maltz, Dave, Patel, Parveen
Primary Examiner(s)
SALAD, ABDULLAHI ELMI

Application Number

US12/780,673
Publication Number

US 20110283017A1
Time in Patent Office

1,047 Days
Field of Search

709238-239, 709227-228, 709/244, 709/229, 709/225, 709/245, 718/1, 370/392
US Class Current

709/238
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/42   Centralised routing

H04L 45/46   Cluster building

H04L 45/566   Routing instructions carrie...

H04L 45/586   of virtual routers

Interconnecting members of a virtual network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Interconnecting members of a virtual network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links