Network operating system for managing and securing networks
First Claim
1. For a network operating system that executes on a network controller computing device and manages a network comprising a plurality of network elements that forward data flows in the network, a method comprising:
- configuring forwarding behaviors of the plurality of network elements according to network policies declared by a set of management applications that operate on top of the network operating system, wherein the forwarding behavior of each of the plurality of network elements is specified by a set of flow entries stored on the respective network element;
receiving a packet from a particular network element of the plurality of network elements for a particular data flow when the particular network element is unable to match the packet to a flow entry of the set of flow entries stored on the particular network element;
analyzing the packet according to the declared network policies and a current view of the network comprising a current topology of the plurality of network elements to determine whether to modify a forwarding behavior of the particular network element; and
when the forwarding behavior of the particular network element is to be modified, configuring the particular network element to forward additional packets for the particular data flow.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.
207 Citations
24 Claims
-
1. For a network operating system that executes on a network controller computing device and manages a network comprising a plurality of network elements that forward data flows in the network, a method comprising:
-
configuring forwarding behaviors of the plurality of network elements according to network policies declared by a set of management applications that operate on top of the network operating system, wherein the forwarding behavior of each of the plurality of network elements is specified by a set of flow entries stored on the respective network element; receiving a packet from a particular network element of the plurality of network elements for a particular data flow when the particular network element is unable to match the packet to a flow entry of the set of flow entries stored on the particular network element; analyzing the packet according to the declared network policies and a current view of the network comprising a current topology of the plurality of network elements to determine whether to modify a forwarding behavior of the particular network element; and when the forwarding behavior of the particular network element is to be modified, configuring the particular network element to forward additional packets for the particular data flow. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory machine readable medium for storing a network operating system which when executed by a set of processors manages a network comprising a plurality of network elements that forward data flows in the network, the network operating system comprising sets of instructions for:
-
configuring forwarding behaviors of the plurality of network elements according to network policies declared by a set of management applications, wherein the forwarding behavior of each of the plurality of network elements is specified by a set of flow entries stored on the respective network element; receiving a packet from a particular network element of the plurality of network elements for a particular data flow when the particular network element is unable to match the packet to a flow entry of the set of flow entries stored on the particular network element; and analyzing the packet according to the declared network policies and a current view of the network comprising a current topology of the plurality of network elements to determine whether to modify a forwarding behavior of the particular network element; and when the forwarding behavior of the particular network element is to be modified, configuring the particular network element to forward additional packets for the particular data flow. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A network controller for managing a network comprising a plurality of network elements that forward data flows in the network, the network controller comprising:
-
a set of processors; and a non-transitory machine readable medium for storing a network operating system comprising sets of instructions for; configuring forwarding behaviors of the plurality of network elements according to network policies declared by a set of management applications, wherein the forwarding behavior of each of the plurality of network elements is specified by a set of flow entries stored on the respective network element; receiving a packet from a particular network element of the plurality of network elements for a particular data flow when the particular network element is unable to match the packet to a flow entry of the set of flow entries stored on the particular network element; analyzing the packet according to the declared network policies and a current view of the network comprising a current topology of the plurality of network elements to determine whether to modify forwarding behaviors of the particular network element; and when the forwarding behaviors of the particular network element are to be modified, configuring the particular network element to forward additional packets for the particular data flow. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A network control system comprising:
-
a plurality of network elements that forward data flows in a network, wherein forwarding behaviors of each of the plurality of network elements are specified by a set of flow entries stored on the respective network element; and a network controller comprising a set of processing units, the network controller for configuring the forwarding behaviors of the plurality of network elements according to network policies declared by a set of management applications, wherein each network element of the plurality of network elements is for sending a packet for a particular data flow to the network controller when the respective network element is unable to match the packet to a flow entry of the set of flow entries stored on the respective network element, and wherein the network controller is further for analyzing the received packet according to the declared network policies and a current view of the network comprising a current topology of the plurality of network elements to determine whether to modify forwarding behaviors of the respective network element, when the forwarding behaviors of the respective network element are to be modified, configuring the respective network element to forward additional packets for the particular data flow. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification