Network address translation for virtual machines

US 9,419,921 B1
Filed: 01/12/2012
Issued: 08/16/2016
Est. Priority Date: 01/13/2011
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a data processing apparatus, the method comprising:

receiving an outbound packet from a virtual machine executing on the data processing apparatus, the outbound packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a first source port, and wherein the source IP address and the first source port are associated with the virtual machine;

in response to receiving the outbound packet, selecting a second source port different than the first source port from a plurality of ports associated with the virtual machine;

in response to selecting the second source port;

changing the first source port in the header information of the outbound packet to the second source port, to establish a modified outbound packet; and

maintaining the source IP address in the header information of the modified outbound packet; and

sending the modified outbound packet over a network to a gateway separate from the data processing apparatus, wherein the gateway is configured to change the source IP address of the modified outbound packet to an IP address of the gateway and to maintain the second source port in the header information of the modified outbound packet before routing the modified outbound packet to its destination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an outbound packet from a virtual machine executing on the data processing apparatus, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the virtual machine; selecting a different port than the source port from a plurality of ports associated with the virtual machine; changing the source port in the header information to the selected port; and sending the modified packet to an external network by way of a gateway that is configured to change the source IP address of the packet to an IP address of the gateway before routing the packet to its destination.

Citations

22 Claims

1. A method implemented by a data processing apparatus, the method comprising:
- receiving an outbound packet from a virtual machine executing on the data processing apparatus, the outbound packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a first source port, and wherein the source IP address and the first source port are associated with the virtual machine;
  
  in response to receiving the outbound packet, selecting a second source port different than the first source port from a plurality of ports associated with the virtual machine;
  
  in response to selecting the second source port;
  
  changing the first source port in the header information of the outbound packet to the second source port, to establish a modified outbound packet; and
  
  maintaining the source IP address in the header information of the modified outbound packet; and
  
  sending the modified outbound packet over a network to a gateway separate from the data processing apparatus, wherein the gateway is configured to change the source IP address of the modified outbound packet to an IP address of the gateway and to maintain the second source port in the header information of the modified outbound packet before routing the modified outbound packet to its destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein an IP address bound to the data processing apparatus is different from the source IP address.
  - 3. The method of claim 1 wherein sending the modified outbound packet over the network to the gateway comprises sending the modified packet to the gateway over a virtual network pair.
  - 4. The method of claim 1 wherein there are a plurality of virtual machines executing on the data processing apparatus.
  - 5. The method of claim 4 wherein each virtual machine in the plurality is associated with the source IP address and a distinct port.
  - 6. The method of claim 1 wherein the selected second source port is a previously selected port for the destination IP and destination port.
  - 7. The method of claim 1 wherein selecting and changing are performed in a process executing in a user process space of an operating system.
  - 8. The method of claim 1 wherein the packet is a layer 2 or a layer 3 packet.

9. A computer readable medium storing instructions that, when executed by data processing apparatus, cause the data processing apparatus to perform operations comprising:
- receiving an outbound packet from a virtual machine executing on the data processing apparatus, the outbound packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and the first source port are associated with the virtual machine;
  
  in response to receiving the outbound packet, selecting a second source port different than the first source port from a plurality of ports associated with the virtual machine;
  
  in response to selecting the second source port;
  
  changing the first source port in the header information of the outbound packet to the second source port, to establish a modified outbound packet; and
  
  maintaining the source IP address in the header information of the modified outbound packet; and
  
  sending the modified outbound packet over a network to a gateway separate from the data processing apparatus, wherein the gateway is configured to change the source IP address of the modified outbound packet to an IP address of the gateway and to maintain the second source port in the header information of the modified outbound packet before routing the modified outbound packet to its destination.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer readable medium of claim 9 wherein an IP address bound to the data processing apparatus is different from the source IP address.
  - 11. The computer readable medium of claim 9 wherein sending the modified outbound packet over the network to the gateway comprises sending the modified packet to the gateway over a virtual network pair.
  - 12. The computer readable medium of claim 9 wherein there are a plurality of virtual machines executing on the data processing apparatus.
  - 13. The computer readable medium of claim 12 wherein each virtual machine in the plurality is associated with the source IP address and a distinct port.
  - 14. The computer readable medium of claim 9 wherein the selected second source port is a previously selected port for the destination IP and destination port.
  - 15. The computer readable medium of claim 9 wherein selecting and changing are performed in a process executing in a user process space of an operating system.

16. A system comprising:
- a computer readable medium having instructions stored thereon; and
  
  data processing apparatus capable of executing the instructions to perform operations comprising;
  
  receiving an outbound packet from a virtual machine executing on the data processing apparatus, the outbound packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a first source port, and wherein the source IP address and the first source port are associated with the virtual machine;
  
  in response to receiving the outbound packet, selecting a second source port different than the first source port from a plurality of ports associated with the virtual machine;
  
  in response to selecting the second source port;
  
  changing the first source port in the header information of the outbound packet to the second source port, to establish a modified outbound packet; and
  
  maintaining the source IP address in the header information of the modified outbound packet; and
  
  sending the modified outbound packet over a network to a gateway separate from the data processing apparatus, wherein the gateway is configured to change the source IP address of the modified outbound packet to an IP address of the gateway and to maintain the second source port in the header information of the modified outbound packet before routing the modified outbound packet to its destination.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system of claim 16 wherein an IP address bound to the data processing apparatus is different from the source IP address.
  - 18. The system of claim 16 wherein sending the modified outbound packet over the network to the gateway comprises sending the modified packet to the gateway over a virtual network pair.
  - 19. The system of claim 16 wherein there are a plurality of virtual machines executing on the data processing apparatus.
  - 20. The system of claim 19 wherein each virtual machine in the plurality is associated with the source IP address and a distinct port.
  - 21. The system of claim 16 wherein the selected second source port is a previously selected port for the destination IP and destination port.
  - 22. The system of claim 16 wherein selecting and changing are performed in a process executing in a user process space of an operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Anderson, Evan K.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Asefa, Debebe

Application Number

US13/349,063
Time in Patent Office

1,678 Days
Field of Search

370254-350, 718/1
US Class Current

1/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 47/193   at the transport layer, e.g...

H04L 49/70   Virtual switches

H04L 61/2514   between local and global IP...

H04L 61/2557   Translation policies or rules

H04W 80/04   Network layer protocols, e....

H04W 80/06   Transport layer protocols, ...

Network address translation for virtual machines

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Network address translation for virtual machines

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links