Media access control address translation in virtualized environments
First Claim
1. A method for transmitting network packets through a network security device, the method comprising:
- receiving, by a first virtual firewall (VF) of a first network device, a network packet from a first virtual machine (VM) hosted by the first network device to be sent over a network to a second VM hosted by a second network device, wherein the network comprises the network security device, a first network switch on a first side of the network security device, and a second network switch on a second side of the network security device, and wherein the network packet comprises a first medium access control (MAC) address identifying the first VM and a second MAC address identifying the second VM;
translating, by the first VF, the first MAC address of the network packet to a third MAC address for the first VM hosted by the first network device, wherein the third MAC address belongs to a first network interface connected to the first network switch on the first side of the network security device;
translating, by the first VF, the second MAC address of the network packet to a fourth MAC address for the second VM hosted by the second network device, wherein the fourth MAC address belongs to a second network interface connected to the second network switch on the second side of the network security device; and
transmitting the network packet from the first VF of the first network device over the network through the first network switch, the network security device, and the second network switch to a second VF of the second network device hosting the second VM based on the third MAC address and the fourth MAC address.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and a network device are provided to transmit network packets through a network security device. The method, performed by the network device, receives a request to send a network packet from a first computing device to a second computing device over a network that includes the network device and the network security device. The network packet includes a first network interface identifier for identifying the first computing device and a second network interface identifier for identifying the second computing device. The method identifies third and fourth network interface identifiers that cause the network packet to be transmitted through the network security device. The method transmits the network packet over the network through the network security device using the third and fourth network interface identifiers. The method transmits the network packet to the second computing device using the first and second network interface identifiers.
44 Citations
19 Claims
-
1. A method for transmitting network packets through a network security device, the method comprising:
-
receiving, by a first virtual firewall (VF) of a first network device, a network packet from a first virtual machine (VM) hosted by the first network device to be sent over a network to a second VM hosted by a second network device, wherein the network comprises the network security device, a first network switch on a first side of the network security device, and a second network switch on a second side of the network security device, and wherein the network packet comprises a first medium access control (MAC) address identifying the first VM and a second MAC address identifying the second VM; translating, by the first VF, the first MAC address of the network packet to a third MAC address for the first VM hosted by the first network device, wherein the third MAC address belongs to a first network interface connected to the first network switch on the first side of the network security device; translating, by the first VF, the second MAC address of the network packet to a fourth MAC address for the second VM hosted by the second network device, wherein the fourth MAC address belongs to a second network interface connected to the second network switch on the second side of the network security device; and transmitting the network packet from the first VF of the first network device over the network through the first network switch, the network security device, and the second network switch to a second VF of the second network device hosting the second VM based on the third MAC address and the fourth MAC address. - View Dependent Claims (2, 3, 4, 5, 6, 12)
-
-
7. A network device for transmitting network packets through a network security device, the network device comprising:
-
a memory; and at least one processor in communication with the memory and configured to; host a first virtual machine (VM); and execute a first virtual firewall (VF), the first VF configured to; receive a network packet from the first VM to be sent over a network to a second VM hosted by another network device, wherein the network comprises the network security device, a first network switch on a first side of the network security device, and a second network switch on a second side of the network security device, and wherein the network packet comprises a first medium access control (MAC) address identifying the first VM and a second MAC address identifying the second VM, translate the first MAC address of the network packet to a third MAC address for the first VM hosted by the network device, wherein the third MAC address belongs to a first network interface connected to the first network switch on the first side of the network security device, translate the second MAC address of the network packet to a fourth MAC address for the second VM hosted by the another network device, wherein the fourth MAC address belongs to a second network interface connected to the second network switch on the second side of the network security device, and transmit the network packet over the network through the first network switch, the network security device, and the second network switch to a second VF of the another network device hosting the second VM based on the third MAC address and the fourth MAC address. - View Dependent Claims (8, 9, 10, 11)
-
-
13. A system for transmitting network packets through a network security device, the system comprising:
-
the network security device comprising;
a memory and at least one processor;a first network switch on a first side of the network security device; a second network switch on a second side of the network security device; a first network device including a first virtual firewall (VF) and hosting a first virtual machine (VM); and a second network switch including a second VF and hosting a second VM, wherein the first VF of the first network device is configured to; receive a network packet from the first VM to be sent over a network to the second VM hosted the second network device, wherein the network packet comprises a first medium access control (MAC) address identifying the first VM and a second MAC address identifying the second VM, translate the first MAC address of the network packet to a third MAC address for the first VM hosted by the first network device, wherein the third MAC address belongs to a first network interface connected to the first network switch on the first side of the network security device, translate the second MAC address of the network packet to a fourth MAC address for the second VM hosted by the another network device, wherein the fourth MAC address belongs to a second network interface connected to the second network switch on the second side of the network security device, and transmit the network packet over the network through the first network switch, the network security device, and the second network switch to a second VF of the second network device hosting the second VM based on the third MAC address and the fourth MAC address. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification