Location aware virtual service provisioning in a hybrid cloud environment

US 9,313,048 B2
Filed: 04/04/2012
Issued: 04/12/2016
Est. Priority Date: 04/04/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a management application in a first virtual network comprising a first virtual service node, subscribing to virtual network services provided by a second virtual network;

sending to the second virtual network a first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network; and

sending to the second virtual network a second message comprising information configured to start a second virtual service node in the second virtual network to provide decentralized policy-based virtual network traffic services to direct network traffic between the one or more virtual machines within the second virtual network based on service profile identifiers of service profiles having corresponding service policies.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A sense of location is provided for distributed virtual switch components into the service provisioning scheme to reduce latency observed in conducting policy evaluations across a network in a hybrid cloud environment. A management application in a first virtual network subscribes to virtual network services provided by a second virtual network. A first message is sent to the second virtual network, the first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network. A second message is sent to the second virtual network, the second message comprising information configured to start a virtual service node in the second virtual network that provides network traffic services for the one or more virtual machines.

Citations

23 Claims

1. A method comprising:
- at a management application in a first virtual network comprising a first virtual service node, subscribing to virtual network services provided by a second virtual network;
  
  sending to the second virtual network a first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network; and
  
  sending to the second virtual network a second message comprising information configured to start a second virtual service node in the second virtual network to provide decentralized policy-based virtual network traffic services to direct network traffic between the one or more virtual machines within the second virtual network based on service profile identifiers of service profiles having corresponding service policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising assigning to the second virtual network an identifier configured to identify resources in the second virtual network that are associated with the first virtual network.
  - 3. The method of claim 2, wherein the identifier is configured to indicate a location of the resources as being in the second virtual network.
  - 4. The method of claim 2, further comprising associating the identifier with the second virtual service node and the virtual switch in order for the virtual switch to direct network traffic to the second virtual service node.
  - 5. The method of claim 1, further comprising:
    - routing by the virtual switch network traffic associated with the one or more virtual machines to the second virtual service node; and
      
      providing by the second virtual service node network traffic services for the associated network traffic.
  - 6. The method of claim 1, further comprising:
    - defining and storing information representing the service policies; and
      
      defining and storing information representing a plurality the service profiles comprising one or more identifiers for corresponding service policies for one or more virtual service nodes configured to provide the network traffic services.
  - 7. The method of claim 6, further comprising:
    - generating information representing a port profile comprising one or more service profile identifiers and an identifier for the second virtual service node, thereby assigning one or more service profiles to the port profile.
  - 8. The method of claim 7, further comprising:
    - assigning a virtual network port to a virtual machine running in the second virtual network;
      
      associating the port profile with the virtual network port; and
      
      routing, by the virtual switch, network traffic associated with the virtual machine to the second virtual service node based on the virtual service node identifier.
  - 9. The method of claim 1, wherein the decentralized policy-based virtual network traffic services comprise firewall services and wide area application services.

10. An apparatus comprising:
- one or more network interfaces configured to interface with a first virtual network comprising a first virtual service node; and
  
  a processor coupled to the one or more network interfaces, and configured to;
  
  subscribe to virtual network services provided by a second virtual network;
  
  send to the second virtual network a first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network; and
  
  send to the second virtual network a second message comprising information configured to start a second virtual service node in the second virtual network that provides decentralized policy-based virtual network traffic services to direct network traffic between the one or more virtual machines within the second virtual network based on service profile identifiers of service profiles having corresponding service policies.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The apparatus of claim 10, wherein the processor is further configured to assign to the second virtual network an identifier to identify resources in the second virtual network that are associated with the first virtual network, wherein the identifier is configured to indicate a location of the resources as being in the second virtual network.
  - 12. The apparatus of claim 11, wherein the processor is further configured to associate the identifier with the second virtual service node and the virtual switch in order for the virtual switch to direct network traffic to the second virtual service node.
  - 13. The apparatus of claim 10, wherein the processor is further configured to:
    - define and store information representing the service policies; and
      
      define and store information representing the service profiles comprising one or more identifiers for corresponding service policies for one or more virtual service nodes configured to provide the network traffic services.
  - 14. The apparatus of claim 13, wherein the processor is further configured to generate information representing a port profile comprising one or more service profile identifiers and an identifier for the second virtual service node which assigns one or more service profiles to the port profile.
  - 15. The apparatus of claim 14, wherein the processor is further configured to:
    - assign a virtual network port to a virtual machine running in the second virtual network; and
      
      associate the port profile with the virtual network port in order for the virtual switch to route network traffic associated with the virtual machine to the second virtual service node based on the virtual service node identifier.
  - 16. The apparatus of claim 10, wherein the decentralized policy-based virtual network traffic services comprise firewall services and wide area application services.

17. One or more non-transitory computer readable storage media storing instructions that, when executed by a processor, cause the processor to:
- subscribe by a first virtual network comprising a first virtual service node to virtual network services provided by a second virtual network;
  
  send to the second virtual network a first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network; and
  
  send to the second virtual network a second message comprising information configured to start a second virtual service node in the second virtual network that provides decentralized policy-based virtual network traffic services to direct network traffic between the one or more virtual machines within the second virtual network based on service profile identifiers of service profiles having corresponding service policies.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The non-transitory computer readable storage media of claim 17, further comprising instructions that, when executed by a processor, cause the processor to assign to the second virtual network an identifier configured to identify resources in the second virtual network that are associated with the first virtual network, wherein the identifier is configured to indicate a location of the resources as being in the second virtual network.
  - 19. The non-transitory computer readable storage media of claim 18, further comprising instructions that, when executed by a processor, cause the processor to associate the identifier with the second virtual service node and the virtual switch in order for the virtual switch to direct network traffic to the virtual service node.
  - 20. The non-transitory computer readable storage media of claim 17, further comprising instructions that, when executed by a processor, cause the processor to:
    - define and store information representing the service policies; and
      
      define and store information representing the service profiles comprising one or more identifiers for corresponding service policies for one or more virtual service nodes configured to provide the network traffic services.
  - 21. The non-transitory computer readable storage media of claim 17, further comprising instructions that, when executed by a processor, cause the processor to generate information representing a port profile comprising one or more service profile identifiers and an identifier for the second virtual service node, thereby assigning one or more service profiles to the port profile.
  - 22. The non-transitory computer readable storage media of claim 21, further comprising instructions that, when executed by a processor, cause the processor to:
    - assign a virtual network port to a virtual machine running in the second virtual network; and
      
      associate the port profile with the virtual network port in order for the virtual switch to route network traffic associated with the virtual machine to the second virtual service node based on the virtual service node identifier.
  - 23. The non-transitory computer readable storage media of claim 17, wherein the decentralized policy-based virtual network traffic services comprise firewall services and wide area application services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Chang, David, Patra, Abhijit, Bagepalli, Nagaraj, Anantha, Murali
Primary Examiner(s)
Bates, Kevin
Assistant Examiner(s)
RAHMAN, SM AZIZUR

Application Number

US13/438,861
Publication Number

US 20130268588A1
Time in Patent Office

1,469 Days
Field of Search

709/204
US Class Current

1/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/6418   Hybrid transport

H04L 41/12   Discovery or management of ...

H04L 49/70   Virtual switches

H04L 67/10   in which an application is ...

Location aware virtual service provisioning in a hybrid cloud environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Location aware virtual service provisioning in a hybrid cloud environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links