Distributed service processing of network gateways using virtual machines
First Claim
1. A computer-implemented method, comprising:
- receiving a packet at an ingress interface of a gateway device communicatively coupled to a local area network (LAN) and an external network;
determining a first service and a second service corresponding to a connections session, the first service and the second service determined using a policy;
identifying a first service processing module associated with the first service, the first service processing module being executed by a first virtual machine having a first guest operating system, the first virtual machine running on a first physical host being communicatively coupled to the gateway device, the first physical host having a first host operating system, the first host operating system providing a first hypervisor;
sending the packet to the first service processing module, the first service processing module performing the first service on the packet to produce a first processed packet;
determining whether the first service processing module has sufficient bandwidth to handle the first service;
when the first service processing module does not have sufficient bandwidth to perform the first service on the packet;
allocating and launching a third service processing module; and
alternatively sending the packet to the third service processing module, the third service processing module performing the first service on the packet to produce the first processed packet;
identifying a second service processing module associated with the second service, the second service processing module being executed by a second virtual machine having a second guest operating system, the second virtual machine running on a second physical host being communicatively coupled to the gateway device, the second physical host having a second host operating system, the second host operating system providing a second hypervisor;
sending the first processed packet to the second service processing module, the second service processing module performing the second service on the first processed packet to produce a second processed packet; and
forwarding the second processed packet at an egress interface of the gateway device to a destination.
2 Assignments
0 Petitions
Accused Products
Abstract
A network gateway device includes an ingress interface, an egress interface, and a load balancing module coupled to the ingress and egress interfaces. The load balancing module configured to receive a packet from the ingress interface, determine a set of a plurality of processes corresponding to a connections session associated with the packet based on a policy. For each of the identified processes, the load balancing module is to identify a service processing module executed by a virtual machine that is capable of handling the identified process, and to send the packet to the identified service processing module to perform the identified process on the packet. The packet is then transmitted to the egress interface of the gateway device to be forwarded to a destination.
164 Citations
15 Claims
-
1. A computer-implemented method, comprising:
-
receiving a packet at an ingress interface of a gateway device communicatively coupled to a local area network (LAN) and an external network; determining a first service and a second service corresponding to a connections session, the first service and the second service determined using a policy; identifying a first service processing module associated with the first service, the first service processing module being executed by a first virtual machine having a first guest operating system, the first virtual machine running on a first physical host being communicatively coupled to the gateway device, the first physical host having a first host operating system, the first host operating system providing a first hypervisor; sending the packet to the first service processing module, the first service processing module performing the first service on the packet to produce a first processed packet; determining whether the first service processing module has sufficient bandwidth to handle the first service; when the first service processing module does not have sufficient bandwidth to perform the first service on the packet; allocating and launching a third service processing module; and alternatively sending the packet to the third service processing module, the third service processing module performing the first service on the packet to produce the first processed packet; identifying a second service processing module associated with the second service, the second service processing module being executed by a second virtual machine having a second guest operating system, the second virtual machine running on a second physical host being communicatively coupled to the gateway device, the second physical host having a second host operating system, the second host operating system providing a second hypervisor; sending the first processed packet to the second service processing module, the second service processing module performing the second service on the first processed packet to produce a second processed packet; and forwarding the second processed packet at an egress interface of the gateway device to a destination. - View Dependent Claims (2, 3, 10, 11)
-
-
4. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method, the method comprising:
-
receiving a packet at an ingress interface of a gateway device communicatively coupled to a local area network (LAN) and an external network; determining a first service and a second service corresponding to a connections session, the first service and the second service determined using a policy; identifying a first service processing module associated with the first service, the first service processing module being executed by a first virtual machine using a first guest operating system, the first virtual machine running on a first physical host using a first host operating system, the first host operating system providing a first hypervisor, the first physical host being communicatively coupled to the gateway device; sending the packet to the first service processing module, the first service processing module performing the first service on the packet to produce a first processed packet; determining whether the first service processing module has sufficient bandwidth to handle the first service; when the first service processing module does not have sufficient bandwidth to perform the first service on the packet; allocating and launching a third service processing module; and alternatively sending the packet to the third service processing module, the third service processing module performing the first service on the packet to produce the first processed packet; identifying a second service processing module associated with the second service, the second service processing module being executed by a second virtual machine using a second guest operating system, the second virtual machine running on a second physical host using a second host operating system, the second host operating system providing a second hypervisor, the second physical host being communicatively coupled to the gateway device; sending the first processed packet to the second service processing module, the second service processing module performing the second service on the first processed packet to produce a second processed packet; and forwarding the second processed packet at an egress interface of the gateway device to a destination. - View Dependent Claims (5, 6, 12, 13)
-
-
7. A gateway device, comprising:
-
an ingress interface; an egress interface; and a load balancing module coupled to the ingress and egress interfaces, the load balancing module comprising; at least one processor; and a memory coupled to the at least one processor, the memory storing instructions executable by the at least one processor to perform a method comprising; receiving a packet from the ingress interface; determining a first service and a second service corresponding to a connections session associated with the packet, the first service and the second service determined using a policy; identifying a first service processing module associated with the first service, the first service processing module being executed by a first virtual machine having a first guest operating system, the first virtual machine running on a first physical host being communicatively coupled to the gateway device, the first physical host having a first host operating system, the first host operating system providing a first hypervisor; sending the packet to the first service processing module, the first service processing module performing the first service on the packet to produce a first processed packet; determining whether the first service processing module has sufficient bandwidth to handle the first service; when the first service processing module does not have sufficient bandwidth to perform the first service on the packet; allocating and launching a third service processing module; and alternatively sending the packet to the third service processing module, the third service processing module performing the first service on the packet to produce the first processed packet; identifying a second service processing module associated with the second service, the second service processing module being executed by a second virtual machine having a second guest operating system, the second virtual machine running on a second physical host being communicatively coupled to the gateway device, the second physical host having a second host operating system, the second host operating system providing a second hypervisor; sending the first processed packet to the second service processing module, the second service processing module performing the second service on the first processed packet to produce a second processed packet; and forwarding the second processed packet at an egress interface of the gateway device to a destination. - View Dependent Claims (8, 9, 14, 15)
-
Specification