Use of tunnels to hide network addresses

US 9,680,750 B2
Filed: 11/04/2011
Issued: 06/13/2017
Est. Priority Date: 07/06/2010
Status: Active Grant

First Claim

Patent Images

1. For a network comprising a plurality of managed switching elements that are controlled by a set of network controllers to implement a set of logical switching elements, the plurality of managed switching elements including a first plurality of managed edge switching elements, a second plurality of managed edge switching elements, and a plurality of managed non-edge switching elements, a method comprising:

establishing a tunnel between each managed edge switching element of the first plurality of managed edge switching elements and every other managed edge switching element of the first plurality of managed edge switching elements, wherein edge switching elements connect to edge machines;

establishing a tunnel between each managed edge switching element of the second plurality of managed edge switching elements and every other managed edge switching element of the second plurality of managed edge switching elements, wherein no tunnel is established between any managed edge switching element of the first plurality of managed edge switching elements and any managed edge switching element of the second plurality of managed edge switching elements; and

establishing a tunnel between each managed edge switching element of the first and second pluralities of managed edge switching elements and at least one particular managed non- edge switching element of the plurality of managed non-edge switching elements,wherein the particular managed non-edge switching element is for facilitating communication between the managed edge switching elements in the first plurality of managed edge switching elements and the managed edge switching elements in the second plurality of managed edge switching elements, andwherein each of a plurality of tunnels established between the managed edge switching elements of the first and second pluralities of managed edge switching elements and the particular managed non-edge switching element traverse through one or more unmanaged switching elements.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For a managed network including first and second managed switching elements that implement logical data path sets, some embodiments provide a method that establishes, from the first managed switching element, a network tunnel through a network to the second managed switching element. The network includes a set of unmanaged switching elements. Through the network tunnel, the network forwards logical network data to the set of unmanaged switching elements for the set of unmanaged switching elements to forward to the second managed switching element. The logical network is hidden from the set of unmanaged switching elements when the logical network data is forwarded through the tunnel.

Citations

24 Claims

1. For a network comprising a plurality of managed switching elements that are controlled by a set of network controllers to implement a set of logical switching elements, the plurality of managed switching elements including a first plurality of managed edge switching elements, a second plurality of managed edge switching elements, and a plurality of managed non-edge switching elements, a method comprising:
- establishing a tunnel between each managed edge switching element of the first plurality of managed edge switching elements and every other managed edge switching element of the first plurality of managed edge switching elements, wherein edge switching elements connect to edge machines;
  
  establishing a tunnel between each managed edge switching element of the second plurality of managed edge switching elements and every other managed edge switching element of the second plurality of managed edge switching elements, wherein no tunnel is established between any managed edge switching element of the first plurality of managed edge switching elements and any managed edge switching element of the second plurality of managed edge switching elements; and
  
  establishing a tunnel between each managed edge switching element of the first and second pluralities of managed edge switching elements and at least one particular managed non- edge switching element of the plurality of managed non-edge switching elements,wherein the particular managed non-edge switching element is for facilitating communication between the managed edge switching elements in the first plurality of managed edge switching elements and the managed edge switching elements in the second plurality of managed edge switching elements, andwherein each of a plurality of tunnels established between the managed edge switching elements of the first and second pluralities of managed edge switching elements and the particular managed non-edge switching element traverse through one or more unmanaged switching elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising:
    - forwarding an encapsulated data packet from a particular managed edge switching element in the first plurality of managed edge switching elements to a particular managed non-edge switching element of the plurality of managed non-edge switching elements through a particular tunnel established between the particular managed edge switching element and the particular managed non-edge switching element.
  - 3. The method of claim 2, wherein the method further comprises:
    - receiving, at the particular managed edge switching element, an encapsulated data packet forwarded through the particular tunnel by the particular managed non-edge switching element, said received data packet previously forwarded to the particular managed non-edge switching element by a managed edge switching element in the second plurality of managed edge switching elements;
      
      decapsulating the received data packet; and
      
      forwarding the decapsulated data packet to an edge machine connected to the particular managed edge switching element.
  - 4. The method of claim 2, wherein the forwarding of the data packet comprises encapsulating the data packet according to a tunneling protocol.
  - 5. The method of claim 4, wherein the tunneling protocol is one of a control and provisioning of wireless access points (CAPWAP) protocol, a generic routing encapsulation (GRE) protocol, and a GRE Internet Protocol Security (IPSec) protocol.
  - 6. The method of claim 4, wherein encapsulating the data packet according to the tunneling protocol comprises encapsulating the data packet with a tunnel header that is specified based on the tunnel protocol.
  - 7. The method of claim 2, wherein forwarding the data packet through the tunnel is for reducing a size of a forwarding table of each of the one or more unmanaged switching elements.
  - 8. The method of claim 1 further comprising establishing, for each particular managed non-edge switching element of the plurality of managed non-edge switching elements, a tunnel between the particular managed non-edge switching element and every other managed non-edge switching element of the plurality of managed non-edge switching elements.
  - 9. The method of claim 1, wherein establishing a tunnel between a particular managed edge switching element of the first plurality of managed edge switching elements and every other managed edge switching element of the first plurality of managed edge switching elements further comprises establishing the tunnels when the particular managed edge switching element is added to the first plurality of managed edge switching elements.
  - 10. The method of claim 1, wherein at least one of the first and second pluralities of managed edge switching elements comprises a virtual switching element.
  - 11. The method of claim 1, wherein at least one of the first and second pluralities of managed edge switching elements comprises a software switching element.
  - 12. The method of claim 1, wherein the one or more unmanaged switching elements comprises a set of off-the-shelf switching elements.

13. A non-transitory computer readable medium storing a program for managing a network comprising a plurality of managed switching elements that are controlled by a set of network controllers to implement a set of logical switching elements, the plurality of managed switching elements including a first plurality of managed edge switching elements, a second plurality of managed edge switching elements, and a plurality of managed non-edge switching elements, the program executable by at least one processing unit, the program comprising sets of instructions for:
- establishing a tunnel between each managed edge switching element of the first plurality of managed edge switching elements and every other managed edge switching element of the first plurality of managed edge switching elements, wherein edge switching elements connect to edge machines;
  
  establishing a tunnel between each managed edge switching element of the second plurality of managed edge switching elements and every other managed edge switching element of the second plurality of managed edge switching elements, wherein no tunnel is established between any managed edge switching element of the first plurality of managed edge switching elements and any managed edge switching element of the second plurality of managed edge switching elements; and
  
  establishing a tunnel between each managed edge switching element of the first and second pluralities of managed edge switching elements and at least one particular managed non- edge switching element of the plurality of managed non-edge switching elements,wherein the particular managed non-edge switching element is for facilitating communication between the managed edge switching elements in the first plurality of managed edge switching elements and the managed edge switching elements in the second plurality of managed edge switching elements, andwherein each of a plurality of tunnels established between each managed edge switching element of the first and second pluralities of managed edge switching elements and the particular managed non-edge switching element traverse through one or more unmanaged switching elements.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The non-transitory computer readable medium of claim 13 the program further comprising a set of instructions for forwarding an encapsulated data packet from a particular managed edge switching element in the first plurality of managed edge switching elements to a particular managed non-edge switching element of the plurality of managed non-edge switching elements through a particular tunnel established between the particular managed edge switching element and the particular managed non-edge switching element.
  - 15. The non-transitory computer readable medium of claim 14, wherein the program further comprises a set of instructions for:
    - receiving, at the particular managed edge switching element, an encapsulated data packet forwarded through the particular tunnel by the particular managed non-edge switching element, said received data packet previously forwarded to the particular managed non-edge switching element by a managed edge switching element in the second plurality of managed edge switching elements;
      
      decapsulating the received data packet; and
      
      forwarding the decapsulated data packet to an edge machine connected to the particular managed edge switching element.
  - 16. The non-transitory computer readable medium of claim 14, wherein the set of instructions for forwarding an encapsulated data packet comprises a set of instructions for encapsulating the data packet according to a tunneling protocol.
  - 17. The non-transitory computer readable medium of claim 16, wherein the tunneling protocol is one of a control and provisioning of wireless access points (CAPWAP) protocol, a generic routing encapsulation (GRE) protocol, and a GRE Internet Protocol Security (IPSec) protocol.
  - 18. The non-transitory computer readable medium of claim 16, wherein the set of instructions for encapsulating the data packet according to the tunneling protocol comprises a set of instructions for encapsulating the data packet with a tunnel header that is specified based on the tunnel protocol.
  - 19. The non-transitory computer readable medium of claim 14, wherein forwarding the data packet through the tunnel is for reducing a size of a forwarding table of each of the one or more unmanaged switching elements.
  - 20. The non-transitory computer readable medium of claim 13, wherein at least one of the first and second pluralities of managed edge switching elements comprises a virtual switching element.
  - 21. The non-transitory computer readable medium of claim 13, wherein at least one of the first and second pluralities of managed edge switching elements comprises a software switching element.
  - 22. The non-transitory computer readable medium of claim 13, wherein the program further comprises a set of instructions for establishing, for each particular managed non-edge switching element of the plurality of managed non-edge switching elements, a tunnel between the particular managed non-edge switching element and every other managed non-edge switching element of the plurality of managed non-edge switching elements.
  - 23. The non-transitory computer readable medium of claim 13, wherein the set of instructions for establishing a tunnel between a particular managed edge switching element of the first plurality of managed edge switching elements and every other managed edge switching element of the first plurality of managed edge switching elements further comprises a set of instruction for establishing the tunnels when the particular managed edge switching element is added to the first plurality of managed edge switching elements.
  - 24. The non-transitory computer readable medium of claim 13, wherein the one or more unmanaged switching elements comprises a set of off-the-shelf switching elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Casado, Martin, Lambeth, W. Andrew
Primary Examiner(s)
Hsu, Alpus H

Application Number

US13/290,054
Publication Number

US 20130058351A1
Time in Patent Office

2,048 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0896   Bandwidth or capacity manag...

H04L 41/0897   by horizontal or vertical s...

H04L 45/00   Routing or path finding of ...

H04L 45/22   Alternate routing

H04L 45/74   Address processing for routing

H04L 47/00   Traffic control in data swi...

H04L 49/25   Routing or path finding in ...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Use of tunnels to hide network addresses

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Use of tunnels to hide network addresses

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links