Network control apparatus and method for port isolation

US 9,043,452 B2
Filed: 11/03/2011
Issued: 05/26/2015
Est. Priority Date: 05/04/2011
Status: Active Grant

First Claim

Patent Images

1. A method for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the method comprising:

determining that port isolation has been enabled for the logical forwarding element; and

performing a set of database join operations on tables of a set of tables for specifying forwarding behaviors of the logical forwarding element, the tables comprising a set of high priority tables for enabling port isolation, wherein the logical forwarding element processes data according to a set of forwarding behaviors specified in the set of high priority tables over forwarding behaviors specified in tables other than the high priority tables, the join operations to specify in the tables that the logical forwarding element drops a data packet received through a first logical port when the data packet is addressed to a second logical port different than the first logical port to implement the port isolation, wherein the set of tables are for translation into a set of physical forwarding rules to implement the forwarding behaviors of the logical forwarding element on the set of managed forwarding elements,wherein the determining and the performance of the set of database join operations are performed by an electronic device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for managing a logical switching element that includes several logical ports. The logical switching element receives and sends data packets through the logical ports. The logical switching element is implemented in a set of managed switching elements that forward data packets in a network. The method provides a set of tables for specifying forwarding behaviors of the logical switching element. The method performs a set of database join operations on the tables to specify in the tables that the logical forwarding element drops a data packet received through a first logical port when the data packet is headed to a second logical port different than the first logical port.

Citations

20 Claims

1. A method for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the method comprising:
- determining that port isolation has been enabled for the logical forwarding element; and
  
  performing a set of database join operations on tables of a set of tables for specifying forwarding behaviors of the logical forwarding element, the tables comprising a set of high priority tables for enabling port isolation, wherein the logical forwarding element processes data according to a set of forwarding behaviors specified in the set of high priority tables over forwarding behaviors specified in tables other than the high priority tables, the join operations to specify in the tables that the logical forwarding element drops a data packet received through a first logical port when the data packet is addressed to a second logical port different than the first logical port to implement the port isolation, wherein the set of tables are for translation into a set of physical forwarding rules to implement the forwarding behaviors of the logical forwarding element on the set of managed forwarding elements,wherein the determining and the performance of the set of database join operations are performed by an electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the set of tables includes at least one table that maps the logical ports to network addresses of devices that couple to the logical forwarding element.
  - 3. The method of claim 2, wherein the network addresses include Media Access Control (MAC) addresses.
  - 4. The method of claim 2, wherein the network addresses include Internet Protocol (IP) addresses.
  - 5. The method of claim 1, wherein the set of tables includes at least one table that maps the logical ports of the logical forwarding element to a set of physical ports of the set of managed forwarding elements.
  - 6. The method of claim 1, wherein the set of managed forwarding elements comprises at least one of a hardware switch and a virtual switch.
  - 7. The method of claim 1 further comprising receiving data for managing the logical forwarding element, wherein the set of database join operations is performed in response to receiving the data.
  - 8. The method of claim 1, wherein a particular data packet includes a source network address that is associated with a device from which the particular data packet is originated and a destination network address that is associated with a device to which the particular data packet is destined.
  - 9. The method of claim 1, wherein a particular data packet is addressed to a particular logical port when the particular data packet has a destination address of a destination device that is associated with the particular logical port.
  - 10. The method of claim 1, wherein at least one logical port of the logical forwarding element is associated with at least one virtual machine (VM), wherein the logical forwarding element enables an exchange of data packets with the VM through the logical port.

11. A non-transitory machine readable medium storing a program for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the program for execution by at least one processing unit, the program comprising sets of instructions for:
- defining a first set of forwarding behaviors of the logical forwarding element, at least one forwarding behavior specifying that the logical forwarding element sends data packets to a first logical port when the data packets are addressed to a destination device associated with the first logical port;
  
  receiving an instruction to enable port isolation for the logical forwarding element; and
  
  defining a second set of forwarding behaviors to implement the port isolation by performing a set of database operations in order to specify that the logical forwarding element drops data packets received through a second logical port from a source device associated with the second logical port when the data packets are addressed to the destination device associated with the first logical port, wherein at least one of the source and destination devices is a virtual machine (VM) associated with one of the logical ports, wherein the logical forwarding element enables the VM to exchange data through the associated logical port.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The non-transitory machine readable medium of claim 11, wherein a data packet is addressed to a particular destination device when the data packet includes a destination network address that is associated with the particular destination device.
  - 13. The non-transitory machine readable medium of claim 12, wherein the destination network address is one of a Media Access Control (MAC) address and an Internet Protocol (IP) address.
  - 14. The non-transitory machine readable medium of claim 11, wherein the set of instructions for receiving an instruction to enable port isolation comprises a set of instructions for receiving a user input through a user interface of the program, wherein the program defines the second set of forwarding behaviors in response to receiving the user input.
  - 15. The non-transitory machine readable medium of claim 11, wherein the second set of forwarding behaviors are for subsequent implementation by the set of managed forwarding elements.
  - 16. The non-transitory machine readable medium of claim 11, wherein a data packet includes a source network address that is associated with a source device from which the data packet is originated and a destination network address that is associated with a destination device to which the data packet is destined.
  - 17. The non-transitory machine readable medium of claim 11, wherein the destination device is a first destination device and the second set of forwarding behaviors does not specify that the logical forwarding element drops data packets received through the second logical port when the data packet is addressed to a second destination device that is a device shared by all devices that are associated with the logical ports of the logical forwarding element.

18. A method for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the method comprising:
- defining a first set of forwarding behaviors of the logical forwarding element, at least one forwarding behavior specifying that the logical forwarding element sends data packets to a first logical port when the data packets are addressed to a destination device associated with the first logical port;
  
  receiving an instruction to enable port isolation for the logical forwarding element; and
  
  defining a second set of forwarding behaviors to implement the port isolation by performing a set of database operations in order to specify that the logical forwarding element drops data packets received through a second logical port from a source device associated with the second logical port when the data packets are addressed to the destination device associated with the first logical port, wherein at least one of the source and destination devices is a virtual machine (VM) associated with one of the logical ports, wherein the logical forwarding element enables the VM to exchange data through the associated logical port,wherein the definition of the first and second sets of forwarding behaviors are performed by an electronic device.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the second set of forwarding behaviors are for subsequent implementation by the set of managed forwarding elements.
  - 20. The method of claim 18, wherein the destination device is a first destination device and the second set of forwarding behaviors does not specify that the logical forwarding element drops data packets received through the second logical port when the data packet is addressed to a second destination device that is a device shared by all devices that are associated with the logical ports of the logical forwarding element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Fulton, Bryan J.
Primary Examiner(s)
SERRAO, RANODHI N

Application Number

US13/288,908
Publication Number

US 20130058350A1
Time in Patent Office

1,300 Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 41/0896 Bandwidth or capacity manag...

Network control apparatus and method for port isolation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network control apparatus and method for port isolation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links