Migrating middlebox state for distributed middleboxes

US 9,552,219 B2
Filed: 11/16/2015
Issued: 01/24/2017
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. For a first middlebox element executing on a first host, a method comprising:

providing a middlebox service for a logical middlebox to a virtual machine (VM) operating in the first host, wherein the first middlebox element is one of a plurality of middlebox elements executing on a plurality of hosts that implement the logical middlebox to provide the middlebox service to a plurality of VMs operating in the plurality of hosts, the plurality of VMs logically connected through a logical network comprising the logical middlebox;

receiving a notification from a migration module before the VM migrates from the first host to a second host; and

supplying middlebox state information relating to the VM to the migration module, wherein the migration module subsequently sends the middlebox state information to the second host when the VM migrates to the second host, in order for a second middlebox element executing on the second host to continue providing the middlebox service to the VM operating in the second host.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.

189 Citations

20 Claims

1. For a first middlebox element executing on a first host, a method comprising:
- providing a middlebox service for a logical middlebox to a virtual machine (VM) operating in the first host, wherein the first middlebox element is one of a plurality of middlebox elements executing on a plurality of hosts that implement the logical middlebox to provide the middlebox service to a plurality of VMs operating in the plurality of hosts, the plurality of VMs logically connected through a logical network comprising the logical middlebox;
  
  receiving a notification from a migration module before the VM migrates from the first host to a second host; and
  
  supplying middlebox state information relating to the VM to the migration module, wherein the migration module subsequently sends the middlebox state information to the second host when the VM migrates to the second host, in order for a second middlebox element executing on the second host to continue providing the middlebox service to the VM operating in the second host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the logical middlebox is one of a load balancer, network address translation, and firewall.
  - 3. The method of claim 1, wherein the logical network further comprises a set of logical forwarding elements that are implemented in a plurality of managed switching elements that execute on the plurality of hosts.
  - 4. The method of claim 3, wherein the plurality of VMs and the logical middlebox are logically connected to the logical forwarding elements.
  - 5. The method of claim 1, wherein the migration module sends the middlebox state information to another migration module operating in the second host.
  - 6. The method of claim 1, wherein the migration module operates within a hypervisor of the first host.
  - 7. The method of claim 1, wherein the first and second middlebox elements receive configuration data generated by a same network controller that is further for generating data for configuring managed forwarding elements executing on the plurality of hosts to implement the logical network of which the logical middlebox is a part.
  - 8. The method of claim 1, wherein the migration module facilitates migration of the VM to the second host.
  - 9. The method of claim 1, wherein the middlebox service is a first middlebox service, the VM is a first VM, the logical middlebox is a first logical middlebox, the logical network is a first logical network, and the plurality of VMs operating in the plurality of hosts are a first plurality of VMs operating in a first plurality of hosts, the method further comprising providing a second middlebox service for a second logical middlebox to a second VM operating in the first host, wherein the first middlebox element is one of a second plurality of middlebox elements executing on a second plurality of hosts that implement the second logical middlebox to provide the second middlebox service to a second plurality of VMs operating in the second plurality of hosts, the second plurality of VMs logically connected through a second logical network that includes the second logical middlebox.
  - 10. The method of claim 9 further comprising:
    - receiving a notification from the migration module before the second VM migrates from the first host to a third host; and
      
      supplying middlebox state information relating to the second VM to the migration module, wherein the migration module subsequently sends the middlebox state information relating to the second VM to the third host when the second VM migrates to the third host.

11. A non-transitory machine readable medium storing a first middlebox element for execution by at least one processing unit of a first host, the middlebox element comprising sets of instructions for:
- providing a middlebox service for a logical middlebox to a virtual machine (VM) operating in the first host, wherein the first middlebox element is one of a plurality of middlebox elements executing on a plurality of hosts that implement the logical middlebox to provide the middlebox service to a plurality of VMs operating in the plurality of hosts, the plurality of VMs logically connected through a logical network comprising the logical middlebox;
  
  receiving a notification from a migration module before the VM migrates from the first host to a second host; and
  
  supplying middlebox state information relating to the VM to the migration module, wherein the migration module subsequently sends the middlebox state information to the second host when the VM migrates to the second host, in order for a second middlebox element executing on the second host to continue providing the middlebox service to the VM operating in the second host.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The non-transitory machine readable medium of claim 11, wherein the logical middlebox is one of a load balancer, network address translation, and firewall.
  - 13. The non-transitory machine readable medium of claim 11, wherein the logical network further comprises a set of logical forwarding elements that are implemented in a plurality of managed switching elements that execute on the plurality of hosts.
  - 14. The non-transitory machine readable medium of claim 13, wherein the plurality of VMs and the logical middlebox are logically connected to the logical forwarding elements.
  - 15. The non-transitory machine readable medium of claim 11, wherein the migration module sends the middlebox state information to another migration module operating in the second host.
  - 16. The non-transitory machine readable medium of claim 11, wherein the migration module operates within a hypervisor of the first host.
  - 17. The non-transitory machine readable medium of claim 11, wherein the first and second middlebox elements receive configuration data generated by a same network controller that is further for generating data for configuring managed forwarding elements executing on the plurality of hosts to implement the logical network of which the logical middlebox is a part.
  - 18. The non-transitory machine readable medium of claim 11, wherein the migration module facilitates migration of the VM to the second host.
  - 19. The non-transitory machine readable medium of claim 11, wherein the middlebox service is a first middlebox service, the VM is a first VM, the logical middlebox is a first logical middlebox, the logical network is a first logical network, and the plurality of VMs operating in the plurality of hosts are a first plurality of VMs operating in a first plurality of hosts, the program further comprising a set of instructions for providing a second middlebox service for a second logical middlebox to a second VM operating in the first host, wherein the first middlebox element is one of a second plurality of middlebox elements executing on a second plurality of hosts that implement the second logical middlebox to provide the second middlebox service to a second plurality of VMs operating in the second plurality of hosts, the second plurality of VMs logically connected through a second logical network that includes the second logical middlebox.
  - 20. The non-transitory machine readable medium of claim 19, wherein the program further comprises sets of instructions for:
    - receiving a notification from the migration module before the second VM migrates from the first host to a third host; and
      
      supplying middlebox state information relating to the second VM to the migration module, wherein the migration module subsequently sends the middlebox state information relating to the second VM to the third host when the second VM migrates to the third host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Zhang, Ronghua, Koponen, Teemu, Thakkar, Pankaj, Padmanabhan, Amar, Lambeth, W. Andrew, Casado, Martin
Primary Examiner(s)
Wu, Qing

Application Number

US14/942,948
Publication Number

US 20160070588A1
Time in Patent Office

435 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Migrating middlebox state for distributed middleboxes

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

189 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Migrating middlebox state for distributed middleboxes

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links