Distributed virtual network gateways
First Claim
1. One or more computer-storage media hardware devices having computer-executable instructions embodied thereon that, when executed, perform a method for managing distribution of data packets between endpoints, the method comprising:
- reading at a first endpoint one or more data packets, wherein the one or more data packets include a header comprising a source IP address and a destination IP address;
sending a request from the first endpoint to a directory service, wherein the request includes the source IP address and the destination IP address, and wherein the directory service is configured to perform steps comprising;
(a) using a predefined mapping to identify a first location-dependent address that corresponds with the source IP address;
(b) using the predefined mapping to identify a second location-dependent address that corresponds with the destination IP address; and
(c) determining a forwarding path between the first endpoint and a second endpoint based on, in part, the first and second location-dependent addresses;
receiving from the directory service a response that includes the forwarding path; and
initiating transmission of the one or more data packets to the second endpoint along forwarding path.
2 Assignments
0 Petitions
Accused Products
Abstract
Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.
-
Citations
20 Claims
-
1. One or more computer-storage media hardware devices having computer-executable instructions embodied thereon that, when executed, perform a method for managing distribution of data packets between endpoints, the method comprising:
-
reading at a first endpoint one or more data packets, wherein the one or more data packets include a header comprising a source IP address and a destination IP address; sending a request from the first endpoint to a directory service, wherein the request includes the source IP address and the destination IP address, and wherein the directory service is configured to perform steps comprising; (a) using a predefined mapping to identify a first location-dependent address that corresponds with the source IP address; (b) using the predefined mapping to identify a second location-dependent address that corresponds with the destination IP address; and (c) determining a forwarding path between the first endpoint and a second endpoint based on, in part, the first and second location-dependent addresses; receiving from the directory service a response that includes the forwarding path; and initiating transmission of the one or more data packets to the second endpoint along forwarding path. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer system for supporting and isolating communications between endpoints, the computer system comprising:
-
a directory service that maintains a mapping between virtual internet protocol (IP) addresses and location-dependent addresses of a physical network; a first endpoint that originates one or more data packets structured with headers that include a source IP address and a destination IP address, wherein the source IP address points to the first endpoint, and wherein the destination IP address points to a second endpoint; and a driver that performs a routing decision comprising; (a) communicating with the directory service to determine a transformation action as a function of, at least, the source IP address and the destination 1P address; (b) when the first endpoint and the second endpoint reside within a common data center, the transformation action involves replacing the source IP address and the destination IP address with respective location-dependent addresses within the headers of the one or more data packets; and (c) when the second endpoint is unable to translate the headers of the one or more data packets if the source IP address and the destination IP address are removed, the transformation action involves encapsulating the one or more data packets as inner data packets within respective outer data packets, wherein the outer data packets each include headers that include the location-dependent addresses. - View Dependent Claims (19)
-
-
20. A computerized method for identifying a network pathway and transformation action in response to a request from a distributed, virtual network gateway, the method comprising:
-
providing a directory service that maintains a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, and maintains a table that returns an appropriate transformation action upon being queried with one or more IP addresses; receiving a request from a virtual network gateway in communication with a recipient endpoint, wherein the request includes indicia of a source IP address and a destination IP address carried by one or more data packets accepted by the recipient endpoint; using the mapping to identify location-dependent addresses corresponding to the source IP address and the destination IP address, wherein the location-dependent addresses assist in determining a forwarding path of the one or more data packets through a physical network; using the table to identify a corresponding transformation action corresponding to the forwarding path; and returning a response that delivers to the virtual network gateway indicia of the forwarding path and the identified transformation action, wherein the virtual network gateway communicates the response to the recipient endpoint.
-
Specification