Architecture of networks with middleboxes

US 8,966,024 B2
Filed: 11/15/2012
Issued: 02/24/2015
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a logical network in a hosting system comprising a plurality of nodes, the method comprising:

receiving a first configuration for a first middlebox of the logical network and a second configuration for a second middlebox of the logical network, the logical network comprising a plurality of end machines hosted on a subset of the plurality of nodes;

identifying the subset of the plurality of the nodes as nodes for implementing the first middlebox;

distributing the first configuration for implementation of the first middlebox on the identified nodes, wherein each of the identified nodes receives the same first configuration for the first middlebox; and

distributing the second configuration for implementation of the second middle box on a single physical machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. Each of several nodes includes (i) a virtual machine for implementing an end machine of the logical network, (ii) a managed switching element for implementing the set of logical forwarding elements of the logical network, and (iii) a middlebox element for implementing the first logical middlebox of the logical network. The system includes a physical middlebox appliance for implementing the second logical middlebox.

194 Citations

26 Claims

1. A method for configuring a logical network in a hosting system comprising a plurality of nodes, the method comprising:
- receiving a first configuration for a first middlebox of the logical network and a second configuration for a second middlebox of the logical network, the logical network comprising a plurality of end machines hosted on a subset of the plurality of nodes;
  
  identifying the subset of the plurality of the nodes as nodes for implementing the first middlebox;
  
  distributing the first configuration for implementation of the first middlebox on the identified nodes, wherein each of the identified nodes receives the same first configuration for the first middlebox; and
  
  distributing the second configuration for implementation of the second middle box on a single physical machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the single physical machine comprises a single node that hosts an end machine for implementing the second middlebox.
  - 3. The method of claim 1, wherein the single physical machine comprises a physical middlebox appliance separate from the plurality of nodes.
  - 4. The method of claim 1, wherein the method is performed by a first network controller.
  - 5. The method of claim 4, wherein distributing the first configuration comprises:
    - automatically identifying a plurality of additional network controllers that manage the identified nodes; and
      
      distributing the first configuration to the identified network controllers for subsequent distribution to the identified nodes.
  - 6. The method of claim 5, wherein each of the identified nodes is managed by a single one of the additional network controllers.
  - 7. The method of claim 4, wherein distributing the second configuration comprises:
    - automatically identifying a particular additional network controller that manages the single physical machine from a set of additional network controllers; and
      
      distributing the second configuration to the identified particular network controller for subsequent distribution to the single physical machine.
  - 8. The method of claim 1, wherein receiving the first configuration for the first middlebox of the logical network and the second configuration for the second middlebox of the logical network comprises receiving a configuration through a first application programming interface (API) specific to the first middlebox and a second configuration through a second API specific to the second middlebox.
  - 9. The method of claim 1, wherein the first configuration is received as a set of database table records, wherein the method does not translate the records before distributing the records.
  - 10. The method of claim 1, wherein the first configuration defines a manner of processing a set of packets by the first middlebox for the plurality of end machines of the logical network.

11. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures a logical network in a hosting system comprising a plurality of nodes, the program comprising sets of instructions for:
- receiving a first configuration for a first middlebox of the logical network and a second configuration for a second middlebox of the logical network, the logical network comprising a plurality of end machines hosted on a subset of the plurality of nodes;
  
  identifying the subset of the plurality of the nodes as nodes for implementing the first middlebox;
  
  distributing the first configuration for implementation of the first middlebox on the identified nodes, wherein each of the identified nodes receives the same first configuration for the first middlebox; and
  
  distributing the second configuration for implementation of the second middle box on a single physical machine.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The machine readable medium of claim 11, wherein the single physical machine comprises a single node that hosts an end machine for implementing the second middlebox.
  - 13. The machine readable medium of claim 11, wherein the single physical machine comprises a physical middlebox appliance separate from the plurality of nodes.
  - 14. The machine readable medium of claim 11, wherein the program is performed by a first network controller.
  - 15. The machine readable medium of claim 14, wherein the set of instructions for distributing the first configuration comprises sets of instructions for:
    - automatically identifying a plurality of additional network controllers that manage the identified nodes; and
      
      distributing the first configuration to the identified network controllers for subsequent distribution to the identified nodes.
  - 16. The machine readable medium of claim 15, wherein each of the identified nodes is managed by a single one of the additional network controllers.
  - 17. The machine readable medium of claim 14, wherein the set of instructions for distributing the second configuration comprises sets of instructions for:
    - automatically identifying a particular additional network controller that manages the single physical machine from a set of additional network controllers; and
      
      distributing the second configuration to the identified particular network controller for subsequent distribution to the single physical machine.
  - 18. The machine readable medium of claim 11, wherein the set of instructions for receiving the first configuration for the first middlebox of the logical network and the second configuration for the second middlebox of the logical network comprises a set of instructions for receiving a configuration through a first application programming interface (API) specific to the first middlebox and a second configuration through a second API specific to the second middlebox.
  - 19. The machine readable medium of claim 11, wherein the first configuration is received as a set of database table records, wherein the set of instructions for distributing the records does not translate the records before distributing them.
  - 20. The machine readable medium of claim 11, wherein the first configuration defines a manner of processing a set of packets by the first middlebox for the plurality of end machines of the logical network.

21. An apparatus comprising:
- a set of processing units for executing sets of instructions; and
  
  a machine readable medium storing a program which when executed by at least one of the processing units configures a logical network in a hosting system comprising a plurality of nodes, the program comprising sets of instructions for;
  
  receiving a first configuration for a first middlebox of the logical network and a second configuration for a second middlebox of the logical network, the logical network comprising a plurality of end machines hosted on a subset of the plurality of nodes;
  
  identifying the subset of the plurality of the nodes as nodes for implementing the first middlebox;
  
  distributing the first configuration for implementation of the first middlebox on the identified nodes, wherein each of the identified nodes receives the same first configuration for the first middlebox; and
  
  distributing the second configuration for implementation of the second middle box on a single physical machine.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The apparatus of claim 21, wherein the program is performed by a first network controller.
  - 23. The apparatus of claim 22, wherein the set of instructions for distributing the first configuration comprises sets of instructions for:
    - automatically identifying a plurality of additional network controllers that manage the identified nodes; and
      
      distributing the first configuration to the identified network controllers for subsequent distribution to the identified nodes.
  - 24. The machine readable medium of claim 23, wherein each of the identified nodes is managed by a single one of the additional network controllers.
  - 25. The apparatus of claim 22, wherein the set of instructions for distributing the second configuration comprises sets of instructions for:
    - automatically identifying a particular additional network controller that manages the single physical machine from a set of additional network controllers; and
      
      distributing the second configuration to the identified particular network controller for subsequent distribution to the single physical machine.
  - 26. The apparatus of claim 21, wherein the set of instructions for receiving the first configuration for the first middlebox of the logical network and the second configuration for the second middlebox of the logical network comprises a set of instructions for receiving a configuration through a first application programming interface (API) specific to the first middlebox and a second configuration through a second API specific to the second middlebox.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Koponen, Teemu, Zhang, Ronghua, Thakkar, Pankaj, Casado, Martin
Primary Examiner(s)
Wang, Liangche A

Application Number

US13/678,498
Publication Number

US 20130132531A1
Time in Patent Office

831 Days
Field of Search

709/220, 709/221, 709/222, 709/223, 709/238
US Class Current

709/220
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Architecture of networks with middleboxes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

194 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture of networks with middleboxes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

194 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links