Virtual tunnel network router
First Claim
Patent Images
1. A host computer, comprising:
- a virtualization software platform operating on the host computer;
a virtual machine executed by the virtualization software platform, wherein the virtual machine comprises a network address that is on a subnet that is reserved as non-routable;
a public network segment module operating on the host computer configured to facilitate communications with an external computer;
a private network segment module operating on the host computer configured to communicate with the virtual machine, enable communications internal to the host computer, and prevent communications with the external computer; and
a virtual routing module operating on the host computer that is executed as a virtual image by the virtualization software platform and is configured to;
(a) communicate with the virtual machine via the private network segment module, wherein the virtual routing module is separate from the virtual machine;
(b) direct data packets from the private network segment module to the public network segment module; and
(c) execute a tunneling layer to merge the private network segment module of the host computer and an external private network segment module of the external computer to form a private virtual network segment between the virtual machine and the external computer,wherein the virtual router comprises a network address that is based on the network address of the virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
A virtual host computer is presented that includes a virtualization software platform, at least one virtual machine executed by the virtualization software platform, a private network segment configured to prevent communications with at least one external computer, a public network segment configured to facilitate communications with the at least one external computer, and a virtual routing module that is executed as a virtual image by the virtualization software platform. The virtual routing module is configured to communicate with the at least one virtual machine via the private network segment, communicate with the public network segment, and execute a tunneling layer to form a private virtual network segment between the at least one virtual machine and the at least one external computer.
-
Citations
3 Claims
-
1. A host computer, comprising:
-
a virtualization software platform operating on the host computer; a virtual machine executed by the virtualization software platform, wherein the virtual machine comprises a network address that is on a subnet that is reserved as non-routable; a public network segment module operating on the host computer configured to facilitate communications with an external computer; a private network segment module operating on the host computer configured to communicate with the virtual machine, enable communications internal to the host computer, and prevent communications with the external computer; and a virtual routing module operating on the host computer that is executed as a virtual image by the virtualization software platform and is configured to; (a) communicate with the virtual machine via the private network segment module, wherein the virtual routing module is separate from the virtual machine; (b) direct data packets from the private network segment module to the public network segment module; and (c) execute a tunneling layer to merge the private network segment module of the host computer and an external private network segment module of the external computer to form a private virtual network segment between the virtual machine and the external computer, wherein the virtual router comprises a network address that is based on the network address of the virtual machine.
-
-
2. A computer network, comprising:
-
a first host computer comprising a first virtualization platform operating on the first host computer, a first virtual machine executed by the first virtualization platform, a first private network segment module operating on the first host computer configured to communicate with the first virtual machine, enable communications internal to the first host computer and prevent external communications, a first public network segment module operating on the first host computer configured to facilitate external communications, and a first virtual routing module operating on the first host computer that is executed as a virtual image by the first virtualization software platform; a second host computer comprising a second virtualization platform operating on the second host computer, a second virtual machine executed by the second virtualization platform, a second private network segment module operating on the second host computer configured to communicate with the second virtual machine, enable communications internal to the second host computer and prevent external communications, a second public network segment module operating on the second host computer configured to facilitate external communications, and a second virtual routing module operating on the second host computer that is executed as a virtual image by the second virtualization software platform; (a) wherein the first virtual routing module is configured to; (i) communicate with the first virtual machine of the first host computer via the first private network segment module, wherein the first virtual routing module is separate from the first virtual machine; (ii) communicate with the second virtual machine of the second host computer via the first public network segment module; and (iii) execute a first tunneling mechanism to merge the first private network segment module and the second private network segment module to form a private virtual network segment from the first virtual machine of the first host computer to the second virtual machine of the second host computer; and
(b) wherein the second virtual routing module is configured to;(i) communicate with the second virtual machine of the second host computer via the second private network segment module, wherein the second virtual routing module is separate from the second virtual machine; (ii) communicate with the first virtual machine of the first host computer via the second public network segment module; and (iii) execute a second tunneling mechanism to merge the second private network segment module and the first private network segment module to form a private virtual network segment from the second virtual machine of the second host computer to the first virtual machine of the first host computer, wherein the first and second virtual machines of the first and second host computers comprise network addresses that are on respective subnets that are reserved as non-routable, and wherein the first and second virtual routing modules comprise network addresses that are based on the respective first and second virtual machines of the first and second host computers.
-
-
3. A method of establishing a computer network, the method comprising:
-
executing a first virtualization platform on a first host computer, the first host computer comprising a first private network segment module operating on the first host computer configured to enable communications internal to the first host computer and prevent external communications, and a first public network segment module operating on the first host computer configured to facilitate external communications; initiating an instance of a first virtual machine on the first host computer by the first virtualization platform, wherein the first private network segment module is further configured to communicate with the first virtual machine; executing a second virtualization platform on a second host computer, the second host computer comprising a second private network segment module operating on the second host computer configured to enable communications internal to the second host computer and prevent external communications, and a second public network segment module configured operating on the second host computer to facilitate external communications; initiating an instance of a second virtual machine on the second host computer by the second virtualization platform, wherein the second private network segment module is further configured to communicate with the second virtual machine; deploying a first virtual routing module on the first host computer, the first virtual routing module being executed as a virtual image by the first virtualization software platform; deploying a second virtual routing module on the second host computer, the second virtual routing module being executed as a virtual image by the second virtualization software platform; configuring the first virtual routing module to communicate with the first virtual machine of the first host computer via the first private network segment module, wherein the first virtual routing module is separate from the first virtual machine, communicate with the second virtual machine of the second host computer via the first public network segment module, and execute a first tunneling mechanism to merge the first private network segment module and the second private network segment module to form a private virtual network segment from the first virtual machine of the first host computer to the second virtual machine of the second host computer; configuring the second virtual routing module to communicate with the second virtual machine of the second host computer via the second private network segment module, wherein the second virtual routing module is separate from the second virtual machine, communicate with the first virtual machine of the first host computer via the second public network segment module, and execute a second tunneling mechanism to merge the second private network segment module and the first private network segment module to form a private virtual network segment from the second virtual machine of the second host computer to the first virtual machine of the first host computer; assigning the first and second virtual machines of the first and second host computers to network addresses that are on respective subnets and are reserved as non-routable; and assigning the first and second virtual routing modules to network addresses that are based on the respective first and second virtual machines of the first and second host computers.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
InventorsO'Connell, Martin, Kameswaran, Anand
-
Primary Examiner(s)JAKOVAC, RYAN J
-
Application NumberUS11/602,389Publication NumberTime in Patent Office3,528 DaysField of Search709/238US Class Current1/1CPC Class CodesH04L 12/4633 Interconnection of networks...H04L 45/586 of virtual routers
