Distributed logical L3 routing

US 9,276,897 B2
Filed: 02/01/2013
Issued: 03/01/2016
Est. Priority Date: 08/17/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:

receiving a packet from a particular machine that connects to the first managed forwarding element;

performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router, said performing logical L2 processing for the first domain comprising identifying the logical router by identifying a logical egress port of the first logical L2 domain that is associated with a media access control (MAC) address of the logical router;

performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs;

performing logical L2 processing for the second logical L2 domain; and

based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L2 logical attributes comprising said logical egress port.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, and (3) a second logical L2 processing for a second logical L2 domain. The program generates a second set of flow entries for configuring the second managed forwarding element to determine whether the first managed forwarding element has performed the first logical L2 processing, the logical L3 processing, and the second logical L2 processing.

226 Citations

17 Claims

1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
- receiving a packet from a particular machine that connects to the first managed forwarding element;
  
  performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router, said performing logical L2 processing for the first domain comprising identifying the logical router by identifying a logical egress port of the first logical L2 domain that is associated with a media access control (MAC) address of the logical router;
  
  performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs;
  
  performing logical L2 processing for the second logical L2 domain; and
  
  based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L2 logical attributes comprising said logical egress port.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The machine readable medium of claim 1, wherein the set of instructions for performing the logical L2 processing for the first logical L2 domain further comprises sets of instructions for (i) mapping the packet to the first logical L2 domain, (ii) performing a set of ingress access control list (ACL) operations for the first logical L2 domain, and (iii) performing a set of egress ACL operations for the first logical L2 domain.
  - 3. The machine readable medium of claim 1, wherein the set of instructions for performing the logical L3 processing comprises sets of instructions for (i) performing a set of ingress access control list (ACL) operations for the logical router, (ii) identifying a logical egress port of logical router that corresponds to the second logical L2 domain, and (iii) performing a set of egress ACL operations for the first logical domain.
  - 4. The machine readable medium of claim 1, wherein the set of instructions for performing the logical L2 processing for the second logical L2 domain comprises sets of instructions for (i) performing a set of ingress access control list (ACL) operations for the second logical L2 domain and (ii) identifying a logical egress port of the second logical L2 domain that corresponds to a destination address for the packet.
  - 5. The machine readable medium of claim 4, wherein the set of instructions for performing the logical L2 processing for the second logical L2 domain further comprises a set of instructions for performing a set of egress ACL operations for the second logical L2 domain.
  - 6. The machine readable medium of claim 4, wherein the set of instructions for forwarding the packet to the second managed forwarding element comprises mapping the logical egress port of the second logical L2 domain to the second managed forwarding element.

7. A non-transitorymachine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
- receiving a packet from a particular machine that connects to the first managed forwarding element;
  
  performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router;
  
  performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain, by identifying a logical egress port of the logical router that has an IP address associated with an IP subnet for the second logical L2 domain, wherein the packet has a destination IP address in the IP subnet;
  
  performing logical L2 processing for the second logical L2 domain; and
  
  based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L3 logical attributes comprising said logical egress port.

8. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
- receiving a packet from a particular machine that connects to the first managed forwarding element;
  
  performing (i) logical L2 processing for a first logical L2 domain to which the particular machine logically couples, to logically forward the packet to a logical router, (ii) logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs, and (iii) logical L2 processing for the second logical L2 domain; and
  
  based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element, wherein the second managed forwarding element performs a set of egress access control list (ACL) operations for the second logical L2 domain, and delivers the packet to the destination machine, based on the context information stored in the packet,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains.

9. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures first and second managed forwarding elements (MFEs) to perform logical L2 switching and L3 routing, the program comprising sets of instructions for:
- generating a first set of data records for configuring the first MFE to implement, for a packet sent to the first MFE by a first machine that couples directly to the first MFE, (i) logical L2 processing for a first logical L2 domain to which the first machine logically connects to logically forward the packet to a logical router, (ii) logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a second machine associated with a destination address of the packet belongs, (iii) logical L2 processing for the second logical L2 domain, and (iv) forwarding of the packet to the second MFE with context information stored in the packet indicating that the logical L2 processing was performed by the first MFE; and
  
  generating a second set of data records for configuring the second MFE to implement, for the packet received from the first MFE and addressed to the second machine, logical L2 processing for the second logical L2 domain to deliver the packet to the second machine based on the context information stored in the packet, wherein the logical L2 processing implemented by the second MFE for the second logical L2 domain comprises a set of egress access control list ACL operations to determine whether to allow the packet to be delivered to the second machine,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains.
- View Dependent Claims (10, 11)
- - 10. The machine readable medium of claim 9, wherein the logical L2 processing implemented by the first MFE for the second logical L2 domain comprises a set of ingress ACL operations to determine whether to perform additional logical L2 processing for the second logical L2 domain.
  - 11. The machine readable medium of claim 9, wherein the program further comprises a set of instructions for establishing a tunnel between the first and second MFEs.

12. For a first managed forwarding element that implements a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the method comprising:
- receiving a packet from a particular machine that connects to the first managed forwarding element;
  
  performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router, said performing logical L2 processing for the first logical L2 domain comprising identifying the logical router by identifying a logical egress port of the first logical L2 domain that is associated with media access control (MAC) address of the logical router;
  
  performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs;
  
  performing logical L2 processing for the second logical L2 domain; and
  
  based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L2 logical attributes comprising said logical egress port.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein forwarding the packet to the second managed forwarding element comprises encapsulating the packet in a tunnel between the first and second managed forwarding elements.
  - 14. The method of claim 12, wherein performing the logical L2 processing for the second logical L2 domain comprises (i) performing a set of ingress access control list (ACL) operations for the second logical L2 domain and (ii) identifying a logical egress port of the second logical L2 domain that corresponds to a destination address for the packet.
  - 15. The method of claim 14, wherein performing the logical L2 processing for the second logical L2 domain further comprises performing a set of egress ACL operations for the second logical L2 domain.

16. For a network controller for managing managed forwarding elements (MFEs) that forward data in a network, a method for configuring first and second MFEs to perform logical L2 switching and L3 routing, the method comprising:
- generating a first set of data records for configuring the first MFE to implement, for a packet sent to the first MFE by a first machine that couples directly to the first MFE, (i) logical L2 processing for a first logical L2 domain to which the first machine logically connects to logically forward the packet to a logical router, (ii) logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a second machine associated with a destination address of the packet belongs, (iii) logical L2 processing for the second logical L2 domain, and (iv) forwarding of the packet to the second MFE with context information stored in the packet indicating that the logical L2 processing was performed by the first MFE; and
  
  generating a second set of data records for configuring the second MFE to implement, for the packet received from the first MFE and addressed to the second machine, logical L2 processing for the second logical L2 domain to deliver the packet to the second machine based on the context information stored in the packet, wherein the logical L2 processing implemented by the second MFE for the second logical L2 domain comprises a set of egress access control list (ACL) operations to determine whether to allow the packet to be delivered to the second machine,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains.
- View Dependent Claims (17)
- - 17. The method of claim 16 further comprising establishing a tunnel between the first and second MFEs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Zhang, Ronghua, Koponen, Teemu, Thakkar, Pankaj
Primary Examiner(s)
Chu, Wutchung

Application Number

US13/757,609
Publication Number

US 20130148541A1
Time in Patent Office

1,124 Days
Field of Search

709/223, 709/238, 709/208, 709/222, 709226-228, 370/392, 370/235, 370/254
US Class Current

1/1
CPC Class Codes

H04L 41/0803   Configuration setting

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/54   Organization of routing tables

H04L 45/74   Address processing for routing

H04L 47/12   Avoiding congestion; Recove...

H04L 47/125   by balancing the load, e.g....

H04L 61/103   across network layers, e.g....

H04L 61/256   NAT traversal

H04L 61/2592   using tunnelling or encapsu...

Distributed logical L3 routing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

226 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed logical L3 routing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

226 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links