Network control system for configuring middleboxes

US 9,558,027 B2
Filed: 01/12/2015
Issued: 01/31/2017
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A network control system for configuring a logical network, the network control system comprising:

a first controller instance, executing on a controller computer for receiving (i) configuration data for configuring a logical middlebox and (ii) logical network data that define a logical network topology comprising the logical middlebox and a set of logical forwarding elements; and

a second controller instance executing on a host machine of a plurality of host machines managed by the network control system, the second controller instance for;

receiving, from the first controller instance, (i) data records defining the logical middlebox configuration and (ii) forwarding data for the logical network;

customizing the forwarding data for a managed forwarding element that executes on the host machine; and

distributing (i) the customized forwarding data to the managed forwarding element for implementing the set of logical forwarding elements and (ii) the configuration data to a middlebox instance operating on the host machine for implementing the logical middlebox.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

187 Citations

20 Claims

1. A network control system for configuring a logical network, the network control system comprising:
- a first controller instance, executing on a controller computer for receiving (i) configuration data for configuring a logical middlebox and (ii) logical network data that define a logical network topology comprising the logical middlebox and a set of logical forwarding elements; and
  
  a second controller instance executing on a host machine of a plurality of host machines managed by the network control system, the second controller instance for;
  
  receiving, from the first controller instance, (i) data records defining the logical middlebox configuration and (ii) forwarding data for the logical network;
  
  customizing the forwarding data for a managed forwarding element that executes on the host machine; and
  
  distributing (i) the customized forwarding data to the managed forwarding element for implementing the set of logical forwarding elements and (ii) the configuration data to a middlebox instance operating on the host machine for implementing the logical middlebox.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The network control system of claim 1, wherein the set of logical forwarding elements are for connecting a set of end machines in the logical network topology, wherein each end machine executes on a host machine of the plurality of host machines.
  - 3. The network control system of claim 1, wherein the host machine is a first host machine, the managed forwarding element is a first managed forwarding element, and the middlebox instance is a first middlebox instance, the network control system further comprising a third controller instance executing on a second host machine, the third controller instance for:
    - receiving, from the first controller instance, the data records and forwarding data for the logical network;
      
      customizing the forwarding data for a second managed forwarding element that executes on the second host machine of the plurality of host machines; and
      
      distributing (i) the customized forwarding data to the second managed forwarding element for implementing the set of logical forwarding elements, and (ii) the configuration data to a second middlebox instance operating on the second host machine for implementing the logical middlebox.
  - 4. The network control system of claim 3, wherein the forwarding data comprise data tuples written in terms of generic expressions of an attribute of each of the first and second managed forwarding elements, wherein the customized forwarding data comprise a customized expression of an attribute specific to each of the managed forwarding elements.
  - 5. The network control system of claim 1, wherein the second controller instance is further for automatically generating a unique identifier for the middlebox instance and distributing the identifier to the managed forwarding element and the middlebox instance.
  - 6. The network control system of claim 5, wherein the managed forwarding element adds the identifier to data packets that are destined to be processed by the middlebox instance.
  - 7. The network control system of claim 5, wherein the configuration data is first configuration data, the logical middlebox is a first logical middlebox, and the generated identifier is a first identifier, wherein the second controller instance is further for:
    - receiving second configuration data for a second logical middlebox to be distributed to a second middlebox instance on the host machine;
      
      automatically generating a second, different identifier for the second middlebox instance;
      
      distributing the second configuration data and the second identifier to the second middlebox instance; and
      
      distributing the second identifier to the managed forwarding element to exchange data packets with the second middlebox instance.
  - 8. The network control system of claim 1, wherein the first controller instance is further for identifying the host machine in the plurality of host machines as a host machine that is to receive the middlebox configuration data.
  - 9. The network control system of claim 1, wherein the middlebox instance is one of a plurality of middlebox instances that implement the logical middlebox, each middlebox instance executing on a separate host machine of a physical network.
  - 10. The network control system of claim 1, wherein the middlebox instance is one of a set of middlebox instances on the host machine, each middlebox instance for processing data packets of a different logical network.
  - 11. The network control system of claim 1, wherein the middlebox instance is one of a set of middlebox instances on the host machine, each middlebox instance for implementing a different type of logical middlebox in the logical network.

12. A method for configuring a logical network in a network comprising a plurality of host machines, the method comprising:
- receiving, at a first controller instance operating on a host machine, (i) configuration data for configuring a logical middlebox and (ii) forwarding data for a logical network comprising the logical middlebox and a set of logical forwarding elements, the configuration data and forwarding data received from a second controller instance operating on a controller computer separate from the host machine;
  
  customizing the forwarding data for a managed forwarding element that executes on the host machine; and
  
  distributing (i) the customized forwarding data to the managed forwarding element for implementing the set of logical forwarding elements and (ii) the configuration data to a middlebox instance operating on the host machine for implementing the logical middlebox.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the set of logical forwarding elements are for connecting a set of end machines in the logical network, wherein each end machine executes on a host machine of the plurality of host machines.
  - 14. The method of claim 12 further comprising:
    - automatically generating, at the controller instance, a unique identifier for the middlebox instance; and
      
      distributing the identifier to the managed forwarding element and the middlebox instance.
  - 15. The network control system of claim 14, wherein the managed forwarding element adds the identifier to data packets that are destined to be processed by the middlebox instance.
  - 16. The network control system of claim 12, wherein the middlebox instance is one of a plurality of middlebox instances that implement the logical middlebox, each middlebox instance running on a separate host machine of a physical network.
  - 17. The network control system of claim 12, wherein the middlebox instance is one of a set of middlebox instances that execute on the host machine, each middlebox instance for processing data packets of a different logical network.

18. A method for configuring a logical network in a network comprising a plurality of host machines, the method comprising:
- receiving, at a controller instance operating on a host machine, (i) first configuration data for configuring a first logical middlebox and (ii) forwarding data for a logical network comprising the first logical middlebox and a set of logical forwarding elements;
  
  customizing the forwarding data for a managed forwarding element that executes on the host machine;
  
  distributing (i) the customized forwarding data to the managed forwarding element for implementing the set of logical forwarding elements and (ii) the first configuration data to a first middlebox instance operating on the host machine for implementing the first logical middlebox;
  
  receiving, at the controller instance, second configuration data for configuring a second logical middlebox; and
  
  distributing the configuration data to a second middlebox instance operating on the host machine for implementing the second logical middlebox.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the controller instance operating on the host machine is a first controller instance, wherein the configuration data and forwarding data are received from a second controller instance operating on a controller computer separate from the host machine.
  - 20. The method of claim 18, wherein the first and second logical middleboxes are distributed logical middleboxes that are implemented by the first and second middlebox instances respectively on the host machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Zhang, Ronghua, Koponen, Teemu, Thakkar, Pankaj, Padmanabhan, Amar, Casado, Martin
Primary Examiner(s)
Elpenord, Candal

Application Number

US14/595,195
Publication Number

US 20150124651A1
Time in Patent Office

750 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Network control system for configuring middleboxes

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

187 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network control system for configuring middleboxes

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links