Network control system for configuring middleboxes

US 8,966,029 B2
Filed: 11/15/2012
Issued: 02/24/2015
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a logical middlebox in a hosting system comprising a plurality of nodes, the method comprising:

receiving a set of configuration data for the logical middleboxical network comprising a set of logical forwarding elements that connects a set of end machines;

using a stored set of tables describing physical locations of the end machines to identify a set of nodes that hosts at least a subset of the end machines of the logical network; and

providing the logical middlebox configuration data for distribution to the identified set of nodes that host the subset of the end machines of the logical network in order to implement the logical middlebox on the identified set of nodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

199 Citations

23 Claims

1. A method for configuring a logical middlebox in a hosting system comprising a plurality of nodes, the method comprising:
- receiving a set of configuration data for the logical middleboxical network comprising a set of logical forwarding elements that connects a set of end machines;
  
  using a stored set of tables describing physical locations of the end machines to identify a set of nodes that hosts at least a subset of the end machines of the logical network; and
  
  providing the logical middlebox configuration data for distribution to the identified set of nodes that host the subset of the end machines of the logical network in order to implement the logical middlebox on the identified set of nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the configuration data comprises a set of database table records.
  - 3. The method of claim 2, wherein the database table records and the stored set of tables are used as inputs to the identification of the set of nodes.
  - 4. The method of claim 1, wherein the set of configuration data is received through an application programming interface exposed to a user.
  - 5. The method of claim 1 further comprising:
    - receiving logical control plane data describing the set of logical forwarding elements;
      
      generating logical forwarding plane data from the logical control plane data, the logical forwarding plane data comprising a set of flow entries for forwarding packets within the logical network; and
      
      generating physical control plane data from the logical forwarding plane data, the physical control plane data comprising a set of flow entries for forwarding physical packets received at physical forwarding elements that implement the logical forwarding elements.
  - 6. The method of claim 5, wherein the logical control plane data comprises a routing policy for forwarding packets to the logical middle box when the packets match a particular criteria.
  - 7. The method of claim 6, wherein the logical forwarding plane data comprises a flow entry for a logical router that specifies to route a packet matching the particular criteria to a logical port of the logical router to which the logical middlebox connects.
  - 8. The method of claim 7, wherein the physical control plane data comprises a flow entry that specifies to map a packet having a logical egress context of the logical port to a physical port to which a physical implementation of the logical middlebox connects.
  - 9. The method of claim 5, wherein the identified set of nodes is a first set of nodes, wherein the method further comprises:
    - using the stored set of tables describing physical locations of the end machines to identify a second set of nodes at which to implement the logical forwarding elements; and
      
      providing the physical control plane data for distribution to the identified nodes.
  - 10. The method of claim 9, wherein the first and second sets of nodes are the same.
  - 11. The method of claim 9, wherein the first set of nodes is a subset of the second set of nodes.

12. A machine readable medium storing a network controller application for execution by at least one processing unit, the network controller application comprising sets of instructions for:
- receiving a logical middlebox configuration for distribution to a middlebox element on a physical host to which the network controller application couples, wherein the physical host hosts a managed switching element and at least one virtual machine that sends packets to and receives packets from the managed switching element;
  
  automatically generating an identifier for association with the logical middlebox configuration at the middlebox element;
  
  distributing the logical middlebox configuration and the generated identifier to the middlebox element on the physical host; and
  
  distributing the generated identifier to the managed switching element in order for the managed switching element and the middlebox element to exchange data packets.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The machine readable medium of claim 12, wherein the network controller application is for execution by at least one processing unit of a first network controller, wherein the logical middlebox configuration is received from a second network controller.
  - 14. The machine readable medium of claim 12, wherein the logical middlebox configuration is a first logical middlebox configuration and the generated identifier is a first identifier, wherein the network controller application further comprises sets of instructions for:
    - receiving a second logical middlebox configuration for distribution to the middlebox element on the physical host;
      
      automatically generating a second, different identifier for association with the second logical middlebox configuration at the middlebox element;
      
      distributing the second logical middlebox configuration and the second identifier to the middlebox element on the physical host; and
      
      distributing the second identifier to the managed switching element in order for the managed switching element and the middlebox element to exchange data packets by tagging the data packets with the second identifier, wherein the middlebox element processes data packets tagged with the first identifier by using the first logical middlebox configuration and processes data packets tagged with the second identifier by using the second logical middlebox configuration.
  - 15. The machine readable medium of claim 14, wherein the first and second logical middlebox configurations are for logical middleboxes in a same logical network.
  - 16. The machine readable medium of claim 14, wherein the first and second logical middlebox configurations are for logical middleboxes in different logical networks.
  - 17. The machine readable medium of claim 12, wherein the logical middlebox configuration is a first logical middlebox configuration and the generated identifier is a first identifier, wherein the network controller application further comprises sets of instructions for:
    - receiving a second logical middlebox configuration for distribution to a second middlebox element on the physical host;
      
      automatically generating a second, different identifier for association with the second logical middlebox configuration at the second middlebox element;
      
      distributing the second logical middlebox configuration and the second identifier to the second middlebox element on the physical host; and
      
      distributing the second identifier to the managed switching element and the second middlebox element to exchange data packets.
  - 18. The machine readable medium of claim 12, wherein the managed switching element couples within the physical host to the middlebox element.

19. A hierarchical network control system for distributing a logical middlebox configuration to a set of distributed middlebox elements at a set of host machines, the network control system comprising:
- a first network controller at a first hierarchical level for identifying a plurality of host machines for receiving the logical middlebox configuration based on network state information that identifies the host machines as hosting virtual machines of a logical network that contains the logical middlebox, wherein the logical middlebox is a distributed middlebox that is implemented on the host machines; and
  
  a plurality of additional network controllers at a second hierarchical level that each manages one or more of the identified host machines, each of the additional network controllers for receiving the same logical middlebox configuration from the first network controller and distributing the configuration to the distributed middlebox elements at the identified host machines in order for each of the distributed middlebox elements to implement the same logical middlebox configuration.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The hierarchical network control system of claim 19 further comprising a second plurality of additional network controllers at the second hierarchical level that each manages a set of host machines that do not include any of the identified plurality of host machines, wherein the second plurality of additional network controllers are not for receiving the logical middlebox configuration from the first network controller.
  - 21. The hierarchical network control system of claim 19, wherein the plurality of additional network controllers is a first plurality of network controllers, the system further comprising:
    - a second network controller at the first hierarchical level for receiving a second logical middlebox configuration and identifying a second plurality of host machines for receiving the second logical middlebox configuration based on additional network state information that identifies the second plurality of host machines as hosting virtual machines on a second logical network that contains the second logical middlebox; and
      
      a second plurality of additional network controllers at a second hierarchical level that each manage one or more of the second plurality of identified host machines, each of the additional network controllers for receiving the same second logical middlebox configuration from the second network controller and distributing the second configuration to the distributed middlebox elements at the second plurality of identified host machines in order for each of the distributed middlebox elements at the second plurality of identified host machines to implement the second logical middlebox configuration.
  - 22. The hierarchical network control system of claim 21, wherein a particular network controller is part of the first plurality of network controllers and the second plurality of network controllers.
  - 23. The hierarchical network control system of claim 22, wherein the particular network controller is for assigning different identifiers to the different middlebox configurations and distributing the identifiers to the distributed middlebox element at its managed host machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Zhang, Ronghua, Koponen, Teemu, Thakkar, Pankaj, Padmanabhan, Amar, Casado, Martin
Primary Examiner(s)
Wang, Liangche A

Application Number

US13/678,485
Publication Number

US 20130132536A1
Time in Patent Office

831 Days
Field of Search

709/220, 709/221, 709/222, 709/223, 709/238
US Class Current

709/221
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Network control system for configuring middleboxes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

199 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Network control system for configuring middleboxes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

199 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links