Network traffic processing according to network traffic rule criteria and transferring network traffic metadata in a network device that includes hosted virtual machines

US 8,954,957 B2
Filed: 07/01/2009
Issued: 02/10/2015
Est. Priority Date: 07/01/2009
Status: Active Grant

First Claim

Patent Images

1. A network device adapted to process network traffic, the network device comprising:

a memory;

a first network connection adapted to communicate first network traffic, wherein the first network connection is connected with a first network;

a second network connection adapted to communicate second network traffic, wherein the second network connection is connected with a second network;

a network traffic processing module connected with the first network connection and the second network connection;

a plurality of hosted virtual machines each adapted to execute at least one virtual machine application;

a virtual machine data interface connected with the plurality of hosted virtual machines and the network traffic processing module, wherein the virtual machine data interface is adapted to direct a first portion of the first network traffic and a first portion of the second network traffic according to network traffic rule criteria and network traffic rules;

a first network traffic tap adapted to direct at least the first portion of the first network traffic between the first network connection and the virtual machine data interface; and

a second network traffic tap adapted to direct at least a first portion of the second network traffic between the second network connection and the virtual machine data interface; and

at least one intra-module network traffic tap adapted to direct network traffic metadata from the network traffic processing module to the virtual machine data interface, wherein the network traffic metadata includes additional information describing application associated with the network traffic, and wherein the network traffic metadata is communicated to one or more virtual machine applications using an extended non-standard protocol that provides functionality of application programming interface;

wherein the virtual machine data interface is adapted to direct the first portion of the first network traffic and the first portion of the second network traffic between the first and second network traffic taps and the plurality of hosted virtual machines;

wherein the virtual machine data interface is adapted to direct the network traffic metadata between the intra-module network traffic tap and the plurality of hosted virtual machines.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network devices include hosted virtual machines and virtual machine applications. Hosted virtual machines and their applications implement additional functions and services in network devices. Network devices include data taps for directing network traffic to hosted virtual machines and allowing hosted virtual machines to inject network traffic. Network devices include unidirectional data flow specifications, referred to as hyperswitches. Each hyperswitch is associated with a hosted virtual machine and receives network traffic received by the network device from a single direction. Each hyperswitch processes network traffic according to rules and rule criteria. A hosted virtual machine can be associated with multiple hyperswitches, thereby independently specifying the data flow of network traffic to and from the hosted virtual machine from multiple networks. The network device architecture also enables the communication of additional information between the network device and one or more virtual machine applications using an extended non-standard network protocol.

Citations

14 Claims

1. A network device adapted to process network traffic, the network device comprising:
- a memory;
  
  a first network connection adapted to communicate first network traffic, wherein the first network connection is connected with a first network;
  
  a second network connection adapted to communicate second network traffic, wherein the second network connection is connected with a second network;
  
  a network traffic processing module connected with the first network connection and the second network connection;
  
  a plurality of hosted virtual machines each adapted to execute at least one virtual machine application;
  
  a virtual machine data interface connected with the plurality of hosted virtual machines and the network traffic processing module, wherein the virtual machine data interface is adapted to direct a first portion of the first network traffic and a first portion of the second network traffic according to network traffic rule criteria and network traffic rules;
  
  a first network traffic tap adapted to direct at least the first portion of the first network traffic between the first network connection and the virtual machine data interface; and
  
  a second network traffic tap adapted to direct at least a first portion of the second network traffic between the second network connection and the virtual machine data interface; and
  
  at least one intra-module network traffic tap adapted to direct network traffic metadata from the network traffic processing module to the virtual machine data interface, wherein the network traffic metadata includes additional information describing application associated with the network traffic, and wherein the network traffic metadata is communicated to one or more virtual machine applications using an extended non-standard protocol that provides functionality of application programming interface;
  
  wherein the virtual machine data interface is adapted to direct the first portion of the first network traffic and the first portion of the second network traffic between the first and second network traffic taps and the plurality of hosted virtual machines;
  
  wherein the virtual machine data interface is adapted to direct the network traffic metadata between the intra-module network traffic tap and the plurality of hosted virtual machines.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The network device of claim 1, wherein the first portion of the processed network traffic includes network traffic generated by the plurality of hosted virtual machines.
  - 3. The network device of claim 1, wherein:
    - the plurality of hosted virtual machines includes a first hosted virtual machine and a first virtual machine application adapted to perform a sequence of operations on processed network traffic, wherein the processed network traffic includes a second portion of the first network traffic, a second portion of the second network traffic, or both the second portion of the first network traffic and the second portion of the second network traffic.
  - 4. The network device of claim 3, comprising:
    - at least one intra-module network traffic tap adapted to direct at least a first portion of the processed network traffic within the sequence of operations between the first hosted virtual machine and the virtual machine data interface;
      
      wherein the virtual machine data interface is adapted to direct the first portion of the processed network traffic between the plurality of hosted virtual machines and the first and second network traffic taps.
  - 5. The network device of claim 1, wherein:
    - the plurality of hosted virtual machines includes a first hosted virtual machine, wherein the first hosted virtual machine includes a first virtual network interface adapted to communicate the first portions of the first and second network traffic with a first virtual machine application, wherein the first portions of the first and second network traffic are received from the virtual machine data interface.
  - 6. The network device of claim 1, wherein the first network traffic includes network traffic received from a first network via the first network connection.
  - 7. The network device of claim 1, wherein the first network traffic includes network traffic generated by the plurality of hosted virtual machines and directed towards a first network via the first network connection.
  - 8. The network device of claim 1, wherein the network traffic rules include a redirect rule adapted to direct at least one of the first portions of the first and second network traffic to one of the plurality of hosted virtual machines.
  - 9. The network device of claim 1, wherein the network traffic rules include a copy rule adapted to direct a copy of the first portion of the first network traffic, the first portion of the second network traffic, or both first portion of the first network traffic and the first portion of the second network traffic to one of the plurality of hosted virtual machines.
  - 10. The network device of claim 1, wherein the network traffic rules include a drop rule adapted to discard one of the first portions of the first and second network traffic.
  - 11. The network device of claim 1, comprising:
    - a management module adapted to configure the first and second network traffic taps and the virtual machine data interface.
  - 12. The network device of claim 1, wherein the first network connection and the second network connection are connected with the first network.
  - 13. The network device of claim 1, wherein the first network connection is connected with the first network and the second network connection is connected with the second network.
  - 14. The network device of claim 1, wherein the network traffic rules include a pass rule adapted to bypass at least one of the first portions of the first and second network traffic around one of the plurality of hosted virtual machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Riverbed Technology, LLC (Riverbed Technology Incorporated)
Original Assignee
Riverbed Technology Incorporated
Inventors
Wu, David Tze-Si, Ly, Kand, Trac, Lap Nathan, Potashnik, Alexei
Primary Examiner(s)
An, Meng
Assistant Examiner(s)
GHAFFARI, ABU Z

Application Number

US12/496,430
Publication Number

US 20110004876A1
Time in Patent Office

2,050 Days
Field of Search

718/1, 709/223, 709/225, 709/238, 709/239, 370/417
US Class Current

718/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4625   Single bridge functionality...

H04L 49/70   Virtual switches

Network traffic processing according to network traffic rule criteria and transferring network traffic metadata in a network device that includes hosted virtual machines

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Network traffic processing according to network traffic rule criteria and transferring network traffic metadata in a network device that includes hosted virtual machines

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links