Distributed logical L3 routing
First Claim
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
- receiving a packet from a particular machine that connects to the first managed forwarding element;
performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router, said performing logical L2 processing for the first domain comprising identifying the logical router by identifying a logical egress port of the first logical L2 domain that is associated with a media access control (MAC) address of the logical router;
performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs;
performing logical L2 processing for the second logical L2 domain; and
based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element,said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L2 logical attributes comprising said logical egress port.
2 Assignments
0 Petitions
Accused Products
Abstract
A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, and (3) a second logical L2 processing for a second logical L2 domain. The program generates a second set of flow entries for configuring the second managed forwarding element to determine whether the first managed forwarding element has performed the first logical L2 processing, the logical L3 processing, and the second logical L2 processing.
226 Citations
17 Claims
-
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
-
receiving a packet from a particular machine that connects to the first managed forwarding element; performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router, said performing logical L2 processing for the first domain comprising identifying the logical router by identifying a logical egress port of the first logical L2 domain that is associated with a media access control (MAC) address of the logical router; performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs; performing logical L2 processing for the second logical L2 domain; and based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element, said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L2 logical attributes comprising said logical egress port. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitorymachine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
-
receiving a packet from a particular machine that connects to the first managed forwarding element; performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router; performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain, by identifying a logical egress port of the logical router that has an IP address associated with an IP subnet for the second logical L2 domain, wherein the packet has a destination IP address in the IP subnet; performing logical L2 processing for the second logical L2 domain; and based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element, said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L3 logical attributes comprising said logical egress port.
-
-
8. A non-transitory machine readable medium storing a program which when executed by at least one processing unit implements a first managed forwarding element for implementing a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the program comprising sets of instructions for:
-
receiving a packet from a particular machine that connects to the first managed forwarding element; performing (i) logical L2 processing for a first logical L2 domain to which the particular machine logically couples, to logically forward the packet to a logical router, (ii) logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs, and (iii) logical L2 processing for the second logical L2 domain; and based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element, wherein the second managed forwarding element performs a set of egress access control list (ACL) operations for the second logical L2 domain, and delivers the packet to the destination machine, based on the context information stored in the packet, said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains.
-
-
9. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures first and second managed forwarding elements (MFEs) to perform logical L2 switching and L3 routing, the program comprising sets of instructions for:
-
generating a first set of data records for configuring the first MFE to implement, for a packet sent to the first MFE by a first machine that couples directly to the first MFE, (i) logical L2 processing for a first logical L2 domain to which the first machine logically connects to logically forward the packet to a logical router, (ii) logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a second machine associated with a destination address of the packet belongs, (iii) logical L2 processing for the second logical L2 domain, and (iv) forwarding of the packet to the second MFE with context information stored in the packet indicating that the logical L2 processing was performed by the first MFE; and generating a second set of data records for configuring the second MFE to implement, for the packet received from the first MFE and addressed to the second machine, logical L2 processing for the second logical L2 domain to deliver the packet to the second machine based on the context information stored in the packet, wherein the logical L2 processing implemented by the second MFE for the second logical L2 domain comprises a set of egress access control list ACL operations to determine whether to allow the packet to be delivered to the second machine, said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains. - View Dependent Claims (10, 11)
-
-
12. For a first managed forwarding element that implements a plurality of logical networks for a plurality of machines that connect to the first managed forwarding element, the method comprising:
-
receiving a packet from a particular machine that connects to the first managed forwarding element; performing logical L2 processing for a first logical L2 domain, to which the particular machine logically couples, to logically forward the packet to a logical router, said performing logical L2 processing for the first logical L2 domain comprising identifying the logical router by identifying a logical egress port of the first logical L2 domain that is associated with media access control (MAC) address of the logical router; performing logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a machine associated with a destination address of the packet belongs; performing logical L2 processing for the second logical L2 domain; and based on the logical L2 processing for the second logical L2 domain, forwarding the packet to a second managed forwarding element with context information stored in the packet indicating that the logical L2 processing for the second logical L2 domain was performed by the first managed forwarding element, said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains, said L2 logical attributes comprising said logical egress port. - View Dependent Claims (13, 14, 15)
-
-
16. For a network controller for managing managed forwarding elements (MFEs) that forward data in a network, a method for configuring first and second MFEs to perform logical L2 switching and L3 routing, the method comprising:
-
generating a first set of data records for configuring the first MFE to implement, for a packet sent to the first MFE by a first machine that couples directly to the first MFE, (i) logical L2 processing for a first logical L2 domain to which the first machine logically connects to logically forward the packet to a logical router, (ii) logical L3 processing for the logical router to logically forward the packet to a second logical L2 domain to which a second machine associated with a destination address of the packet belongs, (iii) logical L2 processing for the second logical L2 domain, and (iv) forwarding of the packet to the second MFE with context information stored in the packet indicating that the logical L2 processing was performed by the first MFE; and generating a second set of data records for configuring the second MFE to implement, for the packet received from the first MFE and addressed to the second machine, logical L2 processing for the second logical L2 domain to deliver the packet to the second machine based on the context information stored in the packet, wherein the logical L2 processing implemented by the second MFE for the second logical L2 domain comprises a set of egress access control list (ACL) operations to determine whether to allow the packet to be delivered to the second machine, said logical L2 and L3 processing performed by analyzing logical L2 and L3 attributes of the first and second logical L2 domains. - View Dependent Claims (17)
-
Specification