Proactive flow table for virtual networks

US 9,473,394 B1
Filed: 03/26/2014
Issued: 10/18/2016
Est. Priority Date: 01/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a virtual router of a computing device for one or more virtual networks, a tunnel packet comprising an outer header and an inner packet that defines a packet flow, wherein the virtual router receives the tunnel packet from a switch fabric coupled to the computing device and comprising a plurality of switches interconnected to form a physical network that switches packets for the one or more virtual networks;

determining, based at least on the outer header, that the packet is associated with a virtual network of the one or more virtual networks;

determining, by the virtual router, a packet flow defined by the inner packet does not match any flow table entry of a flow table that identifies active flows only for the virtual network; and

in response to determining the packet flow defined by the inner packet does not match any flow table entry of the flow table for the virtual network;

adding a first flow table entry for the packet flow to the flow table; and

adding a second flow table entry for a reverse packet flow of the packet flow to the flow table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a server that executes a virtual router configured to receive, from a switch fabric, a tunnel packet for a virtual network of the virtual networks, wherein the tunnel packet comprises an outer header and an inner packet that defines a packet flow. The virtual router is also configured to determine, based at least on the outer header, that the packet is associated with a virtual network of the one or more virtual networks, determine a packet flow defined by the inner packet does not match any flow table entry of a flow table that identifies active flows only for virtual network and, in response, add a flow table entry for a reverse packet flow of the packet flow to the flow table.

Citations

17 Claims

1. A method comprising:
- receiving, by a virtual router of a computing device for one or more virtual networks, a tunnel packet comprising an outer header and an inner packet that defines a packet flow, wherein the virtual router receives the tunnel packet from a switch fabric coupled to the computing device and comprising a plurality of switches interconnected to form a physical network that switches packets for the one or more virtual networks;
  
  determining, based at least on the outer header, that the packet is associated with a virtual network of the one or more virtual networks;
  
  determining, by the virtual router, a packet flow defined by the inner packet does not match any flow table entry of a flow table that identifies active flows only for the virtual network; and
  
  in response to determining the packet flow defined by the inner packet does not match any flow table entry of the flow table for the virtual network;
  
  adding a first flow table entry for the packet flow to the flow table; and
  
  adding a second flow table entry for a reverse packet flow of the packet flow to the flow table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the tunnel packet comprises a first tunnel packet, the outer header comprises a first outer header, and the inner packet comprises a first inner packet, the method further comprising:
    - receiving, by the virtual router, a second tunnel packet comprising a second outer header and a second inner packet for the reverse packet flow;
      
      matching, by the virtual router, the second inner packet for the reverse packet flow to the second flow table entry for the reverse packet flow; and
      
      applying, by the virtual router, a policy specified by the second flow table entry to the second inner packet.
  - 3. The method of claim 1, further comprising:
    - determining, by a virtual router agent of the virtual router and in response to determining the packet flow defined by the inner packet does not match any flow table entry of the flow table, a policy for the reverse packet flow,wherein the second flow table entry for the reverse packet flow of the packet flow specifies the policy for the reverse packet flow.
  - 4. The method of claim 1,wherein a source network address of the packet flow is a destination network address of the reverse packet flow, andwherein a destination network address of the packet flow is a source network address of the reverse packet flow.
  - 5. The method of claim 1,wherein a source port of the packet flow is a destination port of the reverse packet flow, andwherein a destination port of the packet flow is a source port of the reverse packet flow.
  - 6. The method of claim 1, wherein adding the second flow table entry for the reverse packet flow of the packet flow comprises adding the second flow table entry without having received a packet for the reverse packet flow.
  - 7. The method of claim 1, further comprising:
    - forwarding, by the virtual router, the inner packet according to the virtual network.
  - 8. The method of claim 1,wherein a virtual network controller configures and manages the virtual networks within the physical network, andwherein the computing device comprises a server of a plurality of servers interconnected by the switch fabric and executing the virtual router, wherein each of the plurality of servers comprises an operating environment executing one or more virtual machines in communication via the virtual networks, and wherein the plurality of servers comprises a set of virtual routers that extends the virtual networks to the virtual machines.
  - 9. The method of claim 1,wherein the virtual router implements respective routing instances for the one or more virtual networks,wherein the routing instances include respective flow tables, andwherein a routing instance of the routing instances for the virtual network is identified by a virtual network identifier, the method further comprising:
    - determining the routing instance based at least on a virtual network identifier of the outer header, wherein the routing instance includes the flow table that identifies active flows only for virtual network.

10. A network system comprising:
- a switch fabric comprising a plurality of switches interconnected to form a physical network;
  
  a virtual network controller configured to configure and manage virtual networks within the physical network; and
  
  a plurality of servers interconnected by the switch fabric, wherein each of the servers comprises an operating environment configured to execute one or more virtual machines in communication via the virtual networks, and wherein the servers comprise a set of virtual routers configured to extend the virtual networks to the virtual machines,wherein a virtual router of the set of virtual routers is configured to;
  
  receive, from the switch fabric, a tunnel packet for a virtual network of the virtual networks, wherein the tunnel packet comprises an outer header and an inner packet that defines a packet flow;
  
  determine, based at least on the outer header, that the packet is associated with the virtual network;
  
  determine a packet flow defined by the inner packet does not match any flow table entry of a flow table that identifies active flows only for that virtual network; and
  
  in response to determining the packet flow defined by the inner packet does not match any flow table entry of the flow table, add a first flow table entry for the packet flow to the flow table and add a second flow table entry for a reverse packet flow of the packet flow to the flow table.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The network system of claim 10, wherein the tunnel packet comprises a first tunnel packet, the outer header comprises a first outer header, and the inner packet comprises a first inner packet, wherein the virtual router is further configured to:
    - receive a second tunnel packet comprising a second outer header and a second inner packet for the reverse packet flow;
      
      match the second inner packet for the reverse packet flow to the second flow table entry for the reverse packet flow; and
      
      apply a policy specified by the second flow table entry to the second inner packet.
  - 12. The network system of claim 10,wherein the virtual router comprises a virtual router agent configured to determine, in response to determining the packet flow defined by the inner packet does not match any flow table entry of the flow table, a policy for the reverse packet flow, andwherein the second flow table entry for the reverse packet flow of the packet flow specifies the policy for the reverse packet flow.
  - 13. The network system of claim 10,wherein a source network address of the packet flow is a destination network address of the reverse packet flow, andwherein a destination network address of the packet flow is a source network address of the reverse packet flow.
  - 14. The network system of claim 10,wherein a source port of the packet flow is a destination port of the reverse packet flow, andwherein a destination port of the packet flow is a source port of the reverse packet flow.
  - 15. The network system of claim 10, wherein to add the second flow table entry for the reverse packet flow of the packet flow the virtual router is configured to add the second flow table entry without having received a packet for the reverse packet flow.
  - 16. The network system of claim 10, wherein the virtual router is configured to forward the inner packet according to the virtual network.

17. A non-transitory computer-readable medium comprising instructions for causing one or more programmable processors of a computing device to:
- receive, by a virtual router of the computing device for one or more virtual networks, a tunnel packet comprising an outer header and an inner packet that defines a packet flow, wherein the virtual router receives the tunnel packet from a switch fabric coupled to the computing device and comprising a plurality of switches interconnected to form a physical network that switches packets for the one or more virtual networks;
  
  determine, based at least on the outer header, that the packet is associated with a virtual network of the one or more virtual networks;
  
  determine, by the virtual router, a packet flow defined by the inner packet does not match any flow table entry of a flow table that identifies active flows only for virtual network; and
  
  in response to determining the packet flow defined by the inner packet does not match any flow table entry of the flow table;
  
  add a first flow table entry for the packet flow to the flow table; and
  
  add a second flow table entry for a reverse packet flow of the packet flow to the flow table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Sivaramakrishnan, Rajagopalan, Krishnan, Anand H.
Primary Examiner(s)
Javaid, Jamal

Application Number

US14/226,586
Time in Patent Office

937 Days
Field of Search

370/392, 370/389, 370/235
US Class Current

1/1
CPC Class Codes

H04L 45/38   Flow based routing

H04L 45/50   using label swapping, e.g. ...

H04L 45/586   of virtual routers

H04L 45/72   Routing based on the source...

H04L 45/745   Address table lookup; Addre...

H04L 45/7453   using hashing

H04L 47/31   by tagging of packets, e.g....

H04L 49/70   Virtual switches

Proactive flow table for virtual networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Proactive flow table for virtual networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links