Network control apparatus and method for port isolation
First Claim
1. A method for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the method comprising:
- determining that port isolation has been enabled for the logical forwarding element; and
performing a set of database join operations on tables of a set of tables for specifying forwarding behaviors of the logical forwarding element, the tables comprising a set of high priority tables for enabling port isolation, wherein the logical forwarding element processes data according to a set of forwarding behaviors specified in the set of high priority tables over forwarding behaviors specified in tables other than the high priority tables, the join operations to specify in the tables that the logical forwarding element drops a data packet received through a first logical port when the data packet is addressed to a second logical port different than the first logical port to implement the port isolation, wherein the set of tables are for translation into a set of physical forwarding rules to implement the forwarding behaviors of the logical forwarding element on the set of managed forwarding elements,wherein the determining and the performance of the set of database join operations are performed by an electronic device.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for managing a logical switching element that includes several logical ports. The logical switching element receives and sends data packets through the logical ports. The logical switching element is implemented in a set of managed switching elements that forward data packets in a network. The method provides a set of tables for specifying forwarding behaviors of the logical switching element. The method performs a set of database join operations on the tables to specify in the tables that the logical forwarding element drops a data packet received through a first logical port when the data packet is headed to a second logical port different than the first logical port.
-
Citations
20 Claims
-
1. A method for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the method comprising:
-
determining that port isolation has been enabled for the logical forwarding element; and performing a set of database join operations on tables of a set of tables for specifying forwarding behaviors of the logical forwarding element, the tables comprising a set of high priority tables for enabling port isolation, wherein the logical forwarding element processes data according to a set of forwarding behaviors specified in the set of high priority tables over forwarding behaviors specified in tables other than the high priority tables, the join operations to specify in the tables that the logical forwarding element drops a data packet received through a first logical port when the data packet is addressed to a second logical port different than the first logical port to implement the port isolation, wherein the set of tables are for translation into a set of physical forwarding rules to implement the forwarding behaviors of the logical forwarding element on the set of managed forwarding elements, wherein the determining and the performance of the set of database join operations are performed by an electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory machine readable medium storing a program for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the program for execution by at least one processing unit, the program comprising sets of instructions for:
-
defining a first set of forwarding behaviors of the logical forwarding element, at least one forwarding behavior specifying that the logical forwarding element sends data packets to a first logical port when the data packets are addressed to a destination device associated with the first logical port; receiving an instruction to enable port isolation for the logical forwarding element; and defining a second set of forwarding behaviors to implement the port isolation by performing a set of database operations in order to specify that the logical forwarding element drops data packets received through a second logical port from a source device associated with the second logical port when the data packets are addressed to the destination device associated with the first logical port, wherein at least one of the source and destination devices is a virtual machine (VM) associated with one of the logical ports, wherein the logical forwarding element enables the VM to exchange data through the associated logical port. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method for managing a logical forwarding element comprising a plurality of logical ports through which the logical forwarding element receives and sends data packets, the logical forwarding element implemented in a set of managed forwarding elements that forward data packets in a network, the method comprising:
-
defining a first set of forwarding behaviors of the logical forwarding element, at least one forwarding behavior specifying that the logical forwarding element sends data packets to a first logical port when the data packets are addressed to a destination device associated with the first logical port; receiving an instruction to enable port isolation for the logical forwarding element; and defining a second set of forwarding behaviors to implement the port isolation by performing a set of database operations in order to specify that the logical forwarding element drops data packets received through a second logical port from a source device associated with the second logical port when the data packets are addressed to the destination device associated with the first logical port, wherein at least one of the source and destination devices is a virtual machine (VM) associated with one of the logical ports, wherein the logical forwarding element enables the VM to exchange data through the associated logical port, wherein the definition of the first and second sets of forwarding behaviors are performed by an electronic device. - View Dependent Claims (19, 20)
-
Specification