User-configured on-demand virtual layer-2 network for infrastructure-as-a-service (IaaS) on a hybrid cloud network

US 9,154,327 B1
Filed: 05/27/2011
Issued: 10/06/2015
Est. Priority Date: 05/27/2011
Status: Active Grant

First Claim

Patent Images

1. A virtual network overlay system comprising:

a virtual network (VN) configuration database for storing virtual network addresses and physical network addresses for a plurality of nodes in a virtual network, the virtual network overlaid upon a plurality of physical networks that include an Internet that routes data using a layer-3 Internet Protocol (IP) network address;

a virtual-network configuration process, coupled to receive network-configuration requests from a client operated by a subscriber, for writing a new virtual network address and a new physical network address for a new node being added to the virtual network;

wherein applications executing on the new node send data to other nodes in the plurality of nodes using the virtual network addresses and receive data from the virtual network addressed to the new virtual network address;

a plurality of VN switch tables, wherein a VN switch table is stored on each node in the virtual network, the VN switch table storing entries for nodes on the virtual network, the entries storing a virtual network address and a physical network address for each node on the virtual network;

a VN configuration controller, activated by the virtual-network configuration process when the VN configuration database is updated, the VN configuration controller sending updates of the VN configuration database to the plurality nodes in the virtual network;

a plurality of virtual network management daemons running on the plurality of nodes of the virtual network, wherein a virtual network management daemon receives the updates from the VN configuration controller and writes the updates to the VN switch table;

wherein each node in the plurality of nodes on the virtual network further comprises;

a network stack that sends data to an application executing on the node when a virtual network address of an incoming packet matches a virtual network address of the node, and the network stack receives data from the application and sends the data to a virtual network address specified by the application;

a network interface controller (NIC), coupled to a physical local-area network that routes data using a layer-2 physical network address, for receiving data matching a physical network address for the node, and for sending data to a physical network address, wherein the physical local-area network is connected to the Internet; and

a VN device driver shim between the network stack and the NIC, the VN device driver shim intercepting data between the network stack and the NIC, the VN device driver shim intercepting a virtual network address from the network stack and encapsulating data with a physical network address sent to the NIC using the VN switch table,whereby data sent to virtual network addresses of the network stack are encapsulated using physical network addresses of the physical local-area network by the VN device driver shim looking up a translation in the VN switch table.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual network is overlaid upon physical networks. The virtual network is a layer-2 network that appears to expand an organization'"'"'s LAN using virtual MAC addresses. A VN device driver shim intercepts LAN packets and their virtual MAC and IP addresses and encapsulates them with physical packets that can be routed over the Internet. As new nodes are created, a VN switch table is expanded so that all nodes on the virtual network can reach the new node. A copy of the VN switch table is stored on each node by a virtual network management daemon on the node. A VN configuration controller in a central server updates the VN switch tables. Organizations can expand their virtual network as nodes are created at remote cloud computing providers without action by the staff at the cloud computing provider. Hybrid cloud virtual networks include on-premises physical and virtual-machine nodes, and off-premises guest nodes and instances.

Citations

21 Claims

1. A virtual network overlay system comprising:
- a virtual network (VN) configuration database for storing virtual network addresses and physical network addresses for a plurality of nodes in a virtual network, the virtual network overlaid upon a plurality of physical networks that include an Internet that routes data using a layer-3 Internet Protocol (IP) network address;
  
  a virtual-network configuration process, coupled to receive network-configuration requests from a client operated by a subscriber, for writing a new virtual network address and a new physical network address for a new node being added to the virtual network;
  
  wherein applications executing on the new node send data to other nodes in the plurality of nodes using the virtual network addresses and receive data from the virtual network addressed to the new virtual network address;
  
  a plurality of VN switch tables, wherein a VN switch table is stored on each node in the virtual network, the VN switch table storing entries for nodes on the virtual network, the entries storing a virtual network address and a physical network address for each node on the virtual network;
  
  a VN configuration controller, activated by the virtual-network configuration process when the VN configuration database is updated, the VN configuration controller sending updates of the VN configuration database to the plurality nodes in the virtual network;
  
  a plurality of virtual network management daemons running on the plurality of nodes of the virtual network, wherein a virtual network management daemon receives the updates from the VN configuration controller and writes the updates to the VN switch table;
  
  wherein each node in the plurality of nodes on the virtual network further comprises;
  
  a network stack that sends data to an application executing on the node when a virtual network address of an incoming packet matches a virtual network address of the node, and the network stack receives data from the application and sends the data to a virtual network address specified by the application;
  
  a network interface controller (NIC), coupled to a physical local-area network that routes data using a layer-2 physical network address, for receiving data matching a physical network address for the node, and for sending data to a physical network address, wherein the physical local-area network is connected to the Internet; and
  
  a VN device driver shim between the network stack and the NIC, the VN device driver shim intercepting data between the network stack and the NIC, the VN device driver shim intercepting a virtual network address from the network stack and encapsulating data with a physical network address sent to the NIC using the VN switch table,whereby data sent to virtual network addresses of the network stack are encapsulated using physical network addresses of the physical local-area network by the VN device driver shim looking up a translation in the VN switch table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19)
- - 2. The virtual network overlay system of claim 1 wherein the virtual network is a virtual layer-2 network and the virtual network address is a layer-2 network addresses and the physical network address is a layer-3 network address;
    - wherein the VN switch table stores layer-2 network virtual addresses and layer-3 physical network addresses, wherein layer-2 physical network addresses are generatable at a destination from layer-3 physical network addresses using Address Resolution Protocol (ARP).
  - 3. The virtual network overlay system of claim 2 wherein the physical local-area network is an Ethernet network and the physical network address is a Media-Access-Controller (MAC) address.
  - 4. The virtual network overlay system of claim 1 wherein the virtual network management daemon executes in a user space on each node in the virtual network;
    - and wherein the VN device driver shim and the network stack execute in a kernel space on each node in the virtual network.
  - 5. The virtual network overlay system of claim 1 wherein the virtual-network configuration process executes on a central on-demand VN configuration server that is accessed by the subscriber.
  - 6. The virtual network overlay system of claim 1 wherein the nodes on the virtual network comprise:
    - physical nodes located on a physical local-area network operated by the subscriber and not open to users from a general public;
      
      virtual-machine nodes located on an internal provider network operated by a cloud computing provider and open to users from the general public;
      
      wherein the virtual-machine nodes are created and destroyed directly by the subscriber without intervention of staff of the cloud computing provider in response to demand from the general public for access to applications by the subscriber;
      
      wherein the internal provider network and the physical local-area network are connected together by the Internet,wherein the virtual network spans public and private locations having physical nodes and virtual-machine nodes.
  - 7. The virtual network overlay system of claim 1 wherein the virtual network is a fully meshed network with point-to-point communication of data between any two nodes in the virtual network.
  - 8. The virtual network overlay system of claim 6 further comprising:
    - a plurality of virtual networks, each virtual network for private use by a different subscriber in a plurality of subscribers, wherein the virtual-network configuration process configures the plurality of virtual networks by updating the VN configuration database in response to requests from the different subscribers;
      
      a plurality of private physical local-area networks for each of the plurality of subscribers, the plurality of private physical local-area networks each being controlled by a subscriber with limited or no access by the general public;
      
      wherein the internal provider network is coupled to virtual-machine nodes for the different subscribers, the internal provider network routing data over the Internet to the plurality of private physical local-area networks using overlaid virtual networks;
      
      a payment module, coupled to the virtual-network configuration process and to the VN configuration database, for generating billing items for billing the subscribers for virtual networks overlaid upon the internal provider network of the cloud computing provider,whereby many virtual networks are overlaid on the internal provider network and billed by the cloud computing provider.
  - 9. The virtual network overlay system of claim 1 further comprising:
    - a virtual layer-2 frame, sent from the network stack to the VN device driver shim, the virtual layer-2 frame comprising a virtual layer-2 header containing the virtual network address and a payload containing a virtual layer-3 header and a data payload;
      
      a physical layer-2 frame generated by the VN device driver shim and sent to the NIC for transmission over the physical local-area network, the physical layer-2 frame comprising a physical layer-3 header and a physical layer-2 header and the virtual layer-2 frame,wherein the VN device driver shim generates the physical layer-2 frame from the virtual layer-2 frame.
  - 10. The virtual network overlay system of claim 9 further comprising:
    - a User Datagram Protocol (UDP) header and an Internet Protocol (IP) header in the physical layer-2 header.
  - 19. The system of claim 1, wherein each of the virtual network management daemons running on the plurality of nodes of the virtual network receives a particular update from the VN configuration controller and writes the particular update to the VN switch table without a specific authorization for the particular update.

11. A method comprising:
- storing in a configuration database virtual network addresses and physical network addresses for a plurality of nodes in a virtual network, the virtual network overlaid upon a plurality of physical networks that include an Internet that routes data using a layer-3 Internet Protocol (IP) network address;
  
  receiving network-configuration requests from a client operated by a subscriber, for writing a new virtual network address and a new physical network address for a new node being added to the virtual network, wherein applications executing on the new node send data to other nodes in the plurality of nodes using the virtual network addresses and receive data from the virtual network addressed to the new virtual network address;
  
  storing in a virtual network switch table on each node entries for nodes in the virtual network, the entries including a virtual network address and a physical network address for each node on the virtual network;
  
  sending updates of the configuration database from a configuration controller to the plurality of nodes in the virtual network when the configuration database is updated;
  
  at a virtual network management daemon running on each of the plurality of nodes, receiving the updates from the configuration controller and writing the updates to the virtual network switch table at the corresponding node;
  
  at a node among the plurality of nodes;
  
  sending data, from a network stack, to an application executing on the node when a virtual network address of an incoming packet matches a virtual network address of the node, and the network stack receives data from the application and sends the data to a virtual network address specified by the application;
  
  receiving, at a network interface controller, data matching a physical network address for the node and sending data to the physical network address; and
  
  intercepting, with a virtual network device driver shim, a virtual network address from the network stack and encapsulating data with a physical network address sent to the network interface controller using the virtual network switch table such that data sent to virtual network addresses of the network stack are encapsulated using physical network addresses of a physical local-area network that routes data using a layer-2 physical network address by the virtual network device driver shim looking up a translation in the virtual network switch table, wherein the physical local-area network is connected to the Internet.
- View Dependent Claims (12, 13, 14, 20)
- - 12. The method of claim 11, wherein the nodes on the virtual network comprise physical nodes located on a physical local-area network operated by the subscriber and not publicly open to users, and virtual-machine nodes located on an internal provider network operated by a cloud computing provider and open to users from the general public.
  - 13. The method of claim 12, further comprising creating and destroying virtual-machine nodes without intervention of the cloud computing provider in response to demand for access to applications by the subscriber.
  - 14. The method of claim 11, wherein the virtual network is a virtual layer-2 network and the virtual network address is a layer-2 network addresses and the physical network address is a layer-3 network address, further comprising:
    - storing in the virtual network switch table layer-2 network virtual addresses and layer-3 physical network addresses, wherein layer-2 physical network addresses are generated at a destination from layer-3 physical network addresses using Address Resolution Protocol (ARP).
  - 20. The method of claim 11, wherein the virtual network management daemon running on each of the plurality of nodes receives a particular update from the configuration controller and writes the particular update to the virtual network switch table without a specific authorization for the particular update.

15. An apparatus comprising:
- a network interface controller (NIC), coupled to a physical local-area network that routes data using a layer-2 physical network address, configured to receive data matching a physical network address from a node in a virtual network overlaid upon a plurality of physical networks that include an Internet that routes data using a layer-3 Internet Protocol (IP) network address, and for sending data to a physical network address;
  
  memory configured to store a virtual network switch table containing entries for nodes on the virtual network, the entries including a virtual network address and a physical network address for each node on the virtual network;
  
  a processor coupled to the NIC and the memory, and configured to execute;
  
  a network stack configure to send data to an application executing on the node when a virtual network address of an incoming packet matches a virtual network address of the node, to receive data from the application and sends the data to a virtual network address specified by the application; and
  
  a device driver shim that intercepts a virtual network address from the network stack and encapsulate packets using physical network addresses of the physical local-area network using the VN switch table to retrieve physical network addresses from corresponding virtual network addresses of the packets.
- View Dependent Claims (16, 17, 18, 21)
- - 16. The apparatus of claim 15, wherein the virtual network is a virtual layer-2 network and the virtual network address is a layer-2 network addresses and the physical network address is a layer-3 network address, and wherein the VN switch table stores layer-2 network virtual addresses and layer-3 physical network addresses, wherein layer-2 physical network addresses are generated at a destination from layer-3 physical network addresses.
  - 17. The apparatus of claim 15, wherein the processor executes the device driver shim and the network stack in a kernel space on the node.
  - 18. The apparatus of claim 15, wherein the processor is further configured to:
    - couple a virtual layer-2 frame from the network stack to the device driver shim, the virtual layer-2 frame comprising a virtual layer-2 header containing the virtual network address and a payload containing a virtual layer-3 header and a data payload; and
      
      generate a physical layer-2 frame with the device driver shim from the virtual layer-2 frame, and couple the physical layer-2 frame to the NIC for transmission over the physical local-area network, the physical layer-2 frame comprising a physical layer-3 header and a physical layer-2 header and the virtual layer-2 frame.
  - 21. The apparatus of claim 15, wherein the processor is further configured to receive a particular update from a configuration controller and write the particular update to the virtual network switch table without a specific authorization for the particular update.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Marino, Christopher C., Brendel, Juergen, Amor, Patrick, Kothari, Pritesh
Primary Examiner(s)
Zeender, Ryan
Assistant Examiner(s)
Haider, Fawaad

Application Number

US13/117,986
Time in Patent Office

1,593 Days
Field of Search

705/34
US Class Current

1/1
CPC Class Codes

G06Q 30/04   Billing or invoicing

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0813   characterised by the condit...

H04L 45/586   of virtual routers

H04L 45/64   using an overlay routing layer

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 45/74   Address processing for routing

H04L 49/70   Virtual switches

H04L 63/0485   Networking architectures fo...

H04L 67/10   in which an application is ...

H04L 67/12   specially adapted for propr...

H04L 69/22   Parsing or analysis of headers

H04L 69/321   Interlayer communication pr...

User-configured on-demand virtual layer-2 network for infrastructure-as-a-service (IaaS) on a hybrid cloud network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

User-configured on-demand virtual layer-2 network for infrastructure-as-a-service (IaaS) on a hybrid cloud network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links