Virtual network pairs
First Claim
1. A method implemented by data processing apparatus, the method comprising:
- receiving a plurality of outgoing packets from one or more source virtual machines executing on the data processing apparatus, each source virtual machine being a hardware virtualization of the data processing apparatus and each packet being destined for a destination virtual machine;
establishing a plurality of virtual network pairs, one for each unique pair of source and destination virtual machines, wherein establishing the plurality of virtual network pairs comprises receiving, from an external data processing apparatus and in exchange for a secret key that is not known by the one or more destination virtual machines, a distinct token and network address for each of the one or more destination virtual machines, wherein each token is a single piece of information that represents a distinct secret key and the network address of the destination virtual machine, and wherein the established virtual network pairs are unidirectional;
encapsulating each outgoing packet in a message with the token for the destination virtual machine of the message; and
sending each message to the respective destination virtual machine for the message by sending the message to the respective network address for the destination virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing virtual network pairs between virtual machines and other devices. In one aspect, a method includes receiving a plurality of outgoing packets from one or more source virtual machines executing on the data processing apparatus, each source virtual machine being a hardware virtualization of the data processing apparatus and each packet destined for a destination virtual machine; establishing a plurality of virtual network pairs, one for each unique pair of source and destination virtual machines, wherein establishing the plurality of virtual network pairs comprises obtaining, from an external data processing apparatus, a different network address for each destination virtual machine; encapsulating each outgoing packet in a message; and sending each message to the destination virtual machine for the respective packet by sending the message to the respective network destination address.
75 Citations
20 Claims
-
1. A method implemented by data processing apparatus, the method comprising:
-
receiving a plurality of outgoing packets from one or more source virtual machines executing on the data processing apparatus, each source virtual machine being a hardware virtualization of the data processing apparatus and each packet being destined for a destination virtual machine; establishing a plurality of virtual network pairs, one for each unique pair of source and destination virtual machines, wherein establishing the plurality of virtual network pairs comprises receiving, from an external data processing apparatus and in exchange for a secret key that is not known by the one or more destination virtual machines, a distinct token and network address for each of the one or more destination virtual machines, wherein each token is a single piece of information that represents a distinct secret key and the network address of the destination virtual machine, and wherein the established virtual network pairs are unidirectional; encapsulating each outgoing packet in a message with the token for the destination virtual machine of the message; and sending each message to the respective destination virtual machine for the message by sending the message to the respective network address for the destination virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
data processing apparatus and one or more storage devices having instructions stored thereon that, when executed by the data processing apparatus, cause the data processing apparatus to perform operations comprising; receiving a plurality of outgoing packets from one or more source virtual machines executing on the data processing apparatus, each source virtual machine being a hardware virtualization of the data processing apparatus and each packet being destined for a destination virtual machine; establishing a plurality of virtual network pairs, one for each unique pair of source and destination virtual machines, wherein establishing the plurality of virtual network pairs comprises receiving, from an external data processing apparatus and in exchange for a secret key that is not known by the one or more destination virtual machines, a distinct token and network address for each of the one or more destination virtual machines, wherein each token is a single piece of information that represents a distinct secret key and the network address of the destination virtual machine, and wherein the established virtual network pairs are unidirectional; encapsulating each outgoing packet in a message with the token for the destination virtual machine of the message; and sending each message to the respective destination virtual machine for the message by sending the message to the respective network address for the destination virtual machine. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory storage medium having instructions stored thereon that, when executed by data processing apparatus, cause the data processing apparatus to perform operations comprising:
-
receiving a plurality of outgoing packets from one or more source virtual machines executing on the data processing apparatus, each source virtual machine being a hardware virtualization of the data processing apparatus and each packet being destined for a destination virtual machine; establishing a plurality of virtual network pairs, one for each unique pair of source and destination virtual machines, wherein establishing the plurality of virtual network pairs comprises receiving, from an external data processing apparatus and in exchange for a secret key that is not known by the one or more destination virtual machines, a distinct token and network address for each of the one or more destination virtual machines, wherein each token is a single piece of information that represents a distinct secret key and the network address of the destination virtual machine, and wherein the established virtual network pairs are unidirectional; encapsulating each outgoing packet in a message with the token for the destination virtual machine of the message; and sending each message to the respective destination virtual machine for the message by sending the message to the respective network address for the destination virtual machine. - View Dependent Claims (18, 19, 20)
-
Specification