Handling NAT in logical L3 routing
First Claim
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures a plurality of managed forwarding elements (MFEs) to implement a logical network that comprises a logical L3 router and at least one logical L2 switch that logically couples to a plurality of machines, the program comprising sets of instructions for:
- for each MFE of the plurality of MFEs that implement the logical network and couple directly to at least one of the machines, generating a first set of data records for configuring the MFE to install a first set of flow entries that implement the logical L2 switch and logical L3 router for packets sent by the at least one machine that couples directly to the MFE, wherein each MFE of the plurality of MFEs operates on a separate physical machine to implement the logical L2 switch and logical L3 router on the separate physical machine; and
for each MFE of the plurality of MFEs, generating a second set of data records for configuring the MFE to install a second set of flow entries that implement network address translation (NAT) processing on a subset of packets sent by the at least one machine that couples directly to the MFE, the subset of packets comprising packets sent to a destination that does not logically couple to a same logical L2 switch as the machine that sent the packet to the MFE.
1 Assignment
0 Petitions
Accused Products
Abstract
A non-transitory machine readable medium storing a program that configures first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The program generates a first set of flow entries for configuring the first managed forwarding element to perform (1) a first logical L2 processing for a first logical L2 domain, (2) a logical L3 processing, (3) a network address translation (NAT) processing on packets to be sent to the second managed forwarding element, and (4) a logical ingress L2 processing for a second logical L2 domain on the packets. The program generates a second set of flow entries for configuring the second managed forwarding element to perform a logical egress L2 processing for the second logical L2 domain on the packets.
-
Citations
20 Claims
-
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit configures a plurality of managed forwarding elements (MFEs) to implement a logical network that comprises a logical L3 router and at least one logical L2 switch that logically couples to a plurality of machines, the program comprising sets of instructions for:
-
for each MFE of the plurality of MFEs that implement the logical network and couple directly to at least one of the machines, generating a first set of data records for configuring the MFE to install a first set of flow entries that implement the logical L2 switch and logical L3 router for packets sent by the at least one machine that couples directly to the MFE, wherein each MFE of the plurality of MFEs operates on a separate physical machine to implement the logical L2 switch and logical L3 router on the separate physical machine; and for each MFE of the plurality of MFEs, generating a second set of data records for configuring the MFE to install a second set of flow entries that implement network address translation (NAT) processing on a subset of packets sent by the at least one machine that couples directly to the MFE, the subset of packets comprising packets sent to a destination that does not logically couple to a same logical L2 switch as the machine that sent the packet to the MFE. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. For a network controller that manages a network, a method for configuring a plurality of network elements in the network to implement a logical network comprising first and second logical L2 domains, the method comprising:
-
configuring a first plurality of edge managed forwarding elements (MFEs) to perform logical switching for the first logical L2 domain and a second plurality of edge MFEs to perform logical switching for the second logical L2 domain, wherein each edge MFE in at least one of the first and second pluralities of MFEs operates in a separate physical machine to implement the logical switching for at least one of the first and second logical L2 domains; configuring a separate managed forwarding element that operates in a physical machine, separate from the physical machines in which the edge MFEs operate, as a second-level managed forwarding element to perform logical switching for the first and second logical L2 domains; configuring a container in the physical machine to operate as a router for routing packets sent between the first and second logical domains and performing network address translation (NAT) on the packets by configuring a routing table and a NAT table for the container, wherein the second-level MFE is configured to send to the container packets sent between the first and second logical domains in order for the container to route and perform NAT operations on the packets before returning the packets to the second-level MFE operating in the physical machine. - View Dependent Claims (8, 9, 10, 11)
-
-
12. For a network controller manages a network, a method for configuring a plurality of managed forwarding elements (MFEs) to implement a logical network that comprises a logical L3 router and at least one logical L2 switch that logically couples to a plurality of machines, the method comprising:
-
for each MFE of the plurality of MFEs that implement the logical network and couple directly to at least one of the machines, generating a first set of data records for configuring the MFE to install a first set of flow entries that implement the logical L2 switch and logical L3 router for packets sent by the at least one machine that couples directly to the MFE, wherein each MFE of the plurality of MFEs operates on a separate physical machine to implement the logical L2 switch and logical L3 router on the separate physical machine; and for each MFE of the plurality of MFEs, generating a second set of data records for configuring the MFE to install a second set of flow entries that implement network address translation (NAT) processing on a subset of packets sent by the at least one machine that couples directly to the MFE, the subset of packets comprising packets sent to a destination that does not logically couple to a same logical L2 switch as the machine that sent the packet to the MFE. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification