Connection identifier assignment and source network address translation

US 8,913,611 B2
Filed: 11/15/2012
Issued: 12/16/2014
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine readable medium of a controller of a network control system for configuring a plurality of middlebox instances to implement a logical middlebox in a distributed manner in a plurality of hosts, the non-transitory machine readable medium storing sets of instructions for:

assigning a first set of connection identifiers to a first middlebox instance of a plurality of middlebox instances that implement the logical middlebox in the plurality of hosts, the first middlebox instance operating in a first host of the plurality of hosts;

assigning a second set of connection identifiers to a second middlebox instance of the plurality of middlebox instances, the second middlebox instance operatin in a second host of the plurality of hosts; and

configuring (i) the first middlebox instance to associate one of the first set of connection identifiers with a first packet originating from a first virtual machine operatin in the first host and (ii) the second middlebox instance to associate one of the second set of connection identifiers with a second packet originating from a second virtual machine operatin in the second host, in order for a third host of the plurality of hosts that receives the first and second packets to distinguish between sources of the first and second packets when the first and second packets have identical source network addresses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet.

212 Citations

20 Claims

1. A non-transitory machine readable medium of a controller of a network control system for configuring a plurality of middlebox instances to implement a logical middlebox in a distributed manner in a plurality of hosts, the non-transitory machine readable medium storing sets of instructions for:
- assigning a first set of connection identifiers to a first middlebox instance of a plurality of middlebox instances that implement the logical middlebox in the plurality of hosts, the first middlebox instance operating in a first host of the plurality of hosts;
  
  assigning a second set of connection identifiers to a second middlebox instance of the plurality of middlebox instances, the second middlebox instance operatin in a second host of the plurality of hosts; and
  
  configuring (i) the first middlebox instance to associate one of the first set of connection identifiers with a first packet originating from a first virtual machine operatin in the first host and (ii) the second middlebox instance to associate one of the second set of connection identifiers with a second packet originating from a second virtual machine operatin in the second host, in order for a third host of the plurality of hosts that receives the first and second packets to distinguish between sources of the first and second packets when the first and second packets have identical source network addresses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The non-transitory machine readable medium of claim 1, wherein the first and second sets of connection identifiers are mutually exclusive.
  - 3. The non-transitory machine readable medium of claim 1, wherein the first and second middlebox instances are configured to associate the connection identifiers with the first packet and the second packet in order for the third host to distinguish between the sources of the first and second packets when the first and second packets have identical sources and destination network addresses and are formatted according to a same communication protocol.
  - 4. The non-transitory machine readable medium of claim 1, wherein a number of connection identifiers in the first set is different than a number of connection identifiers in the second set.
  - 5. The non-transitory machine readable medium of claim 1, wherein the first middlebox instance associates the connection identifier in the first set with the first packet by replacing a source port number of the first packet with the connection identifier in the first set.
  - 6. The non-transitory machine readable medium of claim 1, wherein the non-transitory machine readable medium further storing a set of instructions for configuring the third middlebox instance to use the connection identifiers associated with in the first and second packets to send responses to the first and second virtual machines.
  - 7. The non-transitory machine readable medium of claim 1, further storing a set of instructions for configuring the third middlebox instance to generate a set of flow entries based on the connection identifiers associated with packets that are received by the third host in order for a managed switching element operating in the third host to use the set of flow entries to send responses to the correct sources of the packets.
  - 8. The non-transitory machine readable medium of claim 1, wherein the first packet and the second packet have identical source port numbers and identical destination port numbers.
  - 9. The non-transitory machine readable medium of claim 1, further storing a set of instructions for:
    - receiving a request from a third middlebox instance to release a particular set of connection identifiers that have been assigned to the third middlebox instance; and
      
      recording that the particular set of connection identifiers are now available.

10. For a network controller, a method for configuring a logical middlebox in a plurality of hosts, the method comprising:
- assigning a first set of connection identifiers to a first middlebox instance of a plurality of middlebox instances that implement the logical middlebox in the plurality of hosts, the first middlebox instance operating in a first host of the plurality of hosts;
  
  assigning a second set of connection identifiers to a second middlebox instance of the plurality of middlebox instances, the second middlebox instance operating in a second host of the plurality of hosts; and
  
  configuring (i) the first middlebox instance to associate one of the first set of connection identifiers with a first packet originating from a first virtual machine operating in the first host and (ii) the second middlebox instance to associate one of the second set of connection identifiers with a second packet originating from a second virtual machine operating in the second host, in order for a third host of the plurality of hosts that receives the first and second packets to distinguish between sources of the first and second packets when the first and second packets have identical source network addresses.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, wherein the first and second sets of connection identifiers are mutually exclusive.
  - 12. The method of claim 10, wherein the first and second middlebox instances are configured to associate the connection identifiers with the first and second packets in order for the third host to distinguish between the sources of the first and second packets when the first and second packets have identical source and destination network addresses and are formatted according to a same communication protocol.
  - 13. The method of claim 10, wherein a number of connection identifiers in the first set is different than a number of connection identifiers in the second set.
  - 14. The method of claim 10, wherein the first middlebox instance associates the connection identifier in the first set with the first packet by replacing a source port number of the first packet with the connection identifier in the first set.
  - 15. The method of claim 10 further comprising configuring the third middlebox instance to use the connection identifiers associated with the first and second packets to send responses to the first and second virtual machines.
  - 16. The method of claim 10 further comprising configuring the third middlebox instance to generate set of flow entries based on the connection identifiers associated with packets that are received by the third host in order for a managed switching element operating in the third host to use the set of flow entries to send responses to the correct sources of the packets.
  - 17. The method of claim 10 further comprising:
    - after assigning the first set of connection identifiers to the first middlebox instance, determining whether the first middlebox instance is operational; and
      
      when the first middle instance is no longer operational, recording that the connection identifiers are now available.
  - 18. The method of claim 10 further comprising configuring the first and second middlebox instances to perform source network address translation on packets originating from the first and second virtual machines according to a configuration for the logical middlebox.
  - 19. The method of claim 10 further comprising:
    - receiving a request from the first middlebox instance for additional connection identifiers;
      
      in response to the request, identifying a third set of connection identifiers that are available to be assigned for the logical middlebox; and
      
      assigning the identified connection identifiers to the first middlebox instance.
  - 20. The method of claim 19 further comprising, after assigning the third set of connection identifiers to the first middlebox instance, recording that the first set of connection identifiers are no longer available.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Koponen, Teemu, Zhang, Ronghua, Thakkar, Pankaj, Casado, Martin
Primary Examiner(s)
Yao, Kwang B
Assistant Examiner(s)
DUDA, ADAM K

Application Number

US13/678,518
Publication Number

US 20130128891A1
Time in Patent Office

761 Days
Field of Search

None
US Class Current

370/389
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Connection identifier assignment and source network address translation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

212 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Connection identifier assignment and source network address translation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

212 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links