Connection identifier assignment and source network address translation

US 9,697,030 B2
Filed: 11/20/2014
Issued: 07/04/2017
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine readable medium of a controller of a network control system for configuring a logical middlebox in a plurality of hosts, wherein the controller comprises sets of instructions for:

maintaining a set of connection identifiers to be assigned to a plurality of middlebox instances that implement the logical middlebox in the plurality of hosts;

receiving a request for a plurality of connection identifiers from a first middlebox instance of the plurality of middlebox instances, the first middlebox instance operating in a first host of the plurality of hosts;

based on the request, identifying a plurality of connection identifiers from the set of connection identifiers that are available to be assigned to the middlebox instances; and

assigning the identified connection identifiers to the first middlebox instance,wherein the first middlebox instance is configured to associate one of the connection identifiers assigned to the first middlebox instance with a first packet originating from a virtual machine (VM) operating in the first host in order for a second host that receives the first packet to distinguish the VM operating in the first host from other VMs operating in other hosts of the plurality of hosts from which the second host also receives packets.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet.

201 Citations

20 Claims

1. A non-transitory machine readable medium of a controller of a network control system for configuring a logical middlebox in a plurality of hosts, wherein the controller comprises sets of instructions for:
- maintaining a set of connection identifiers to be assigned to a plurality of middlebox instances that implement the logical middlebox in the plurality of hosts;
  
  receiving a request for a plurality of connection identifiers from a first middlebox instance of the plurality of middlebox instances, the first middlebox instance operating in a first host of the plurality of hosts;
  
  based on the request, identifying a plurality of connection identifiers from the set of connection identifiers that are available to be assigned to the middlebox instances; and
  
  assigning the identified connection identifiers to the first middlebox instance,wherein the first middlebox instance is configured to associate one of the connection identifiers assigned to the first middlebox instance with a first packet originating from a virtual machine (VM) operating in the first host in order for a second host that receives the first packet to distinguish the VM operating in the first host from other VMs operating in other hosts of the plurality of hosts from which the second host also receives packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The non-transitory machine readable medium of claim 1, wherein the controller further comprises a set of instructions for, after assigning the identified connection identifiers to the first middlebox instance, recording that the identified connection identifiers are not available.
  - 3. The non-transitory machine readable medium of claim 1, wherein the controller further comprises a set of instructions for configuring a second middlebox instance in the second host to use the connection identifiers associated with packets that come to the second host to send responses to correct sources of packets.
  - 4. The non-transitory machine readable medium of claim 1, wherein the controller further comprises sets of instructions for:
    - receiving a request to release a particular set of connection identifiers from a middlebox instance; and
      
      recording that the particular set of connection identifiers are available.
  - 5. The non-transitory machine readable medium of claim 1, wherein the controller further comprises sets of instructions for:
    - after assigning the plurality of connection identifiers to the first middlebox instance, determining whether the first middlebox instance is operational; and
      
      when the first middle instance is not operational, recording that the plurality of connection identifiers are available.
  - 6. The non-transitory machine readable medium of claim 1, wherein the first middlebox instance associates the connection identifier assigned to the first middlebox instance with the first packet by replacing a source port number of the first packet with the connection identifier.
  - 7. The non-transitory machine readable medium of claim 1, wherein a second middlebox instance in the second host is configured to generate a set of flow entries based on connection identifiers associated with packets that are received by the second host in order for a managed switching element operating in the second host to use the set of flow entries to send responses to the correct sources of the packets.
  - 8. The non-transitory machine readable medium of claim 1, wherein the first middlebox instance is configured to perform source network address translation on packets originating from the VM according to a configuration for the logical middlebox.
  - 9. The non-transitory machine readable medium of claim 1, wherein the request is a first request and the plurality of connection identifiers is a first plurality of connection identifiers, the controller further comprising sets of instructions for:
    - receiving a second request from the first middlebox instance for additional connection identifiers;
      
      in response to the second request, identifying a second plurality of connection identifiers that are available to be assigned to the middlebox instances; and
      
      assigning the identified connection identifiers to the first middlebox instance.
  - 10. The non-transitory machine readable medium of claim 9, wherein the controller further comprises a set of instructions for, after assigning the second plurality of connection identifiers to the first middlebox instance, recording that the second plurality of connection identifiers is no longer available.

11. For a network controller, a method for configuring a logical middlebox in a plurality of hosts, the method comprising:
- maintaining a set of connection identifiers to be assigned to a plurality of middlebox instances that implement the logical middlebox in the plurality of hosts;
  
  receiving a request for a plurality of connection identifiers from a first middlebox instance of the plurality of middlebox instances, the first middlebox instance operating in a first host of the plurality of hosts;
  
  based on the request, identifying a plurality of connection identifiers from the set of connection identifiers that are available to be assigned to the middlebox instances; and
  
  assigning the identified connection identifiers to the first middlebox instance,wherein the first middlebox instance is configured to associate one of the connection identifiers assigned to the first middlebox instance with a first packet originating from a virtual machine (VM) operating in the first host in order for a second host that receives the first packet to distinguish the VM operating in the first host from other VMs operating in other hosts of the plurality of hosts from which the second host also receives packets.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 further comprising, after assigning the identified connection identifiers to the first middlebox instance, recording that the identified connection identifiers are not available.
  - 13. The method of claim 11 further comprising configuring a second middlebox instance in the second host to use the connection identifiers associated with packets that come to the second host to send responses to correct sources of packets.
  - 14. The method of claim 11 further comprising:
    - receiving a request to release a particular set of connection identifiers from a middlebox instance; and
      
      recording that the particular set of connection identifiers are available.
  - 15. The method of claim 11 further comprising:
    - after assigning the plurality of connection identifiers to the first middlebox instance, determining whether the first middlebox instance is operational; and
      
      when the first middle instance is not operational, recording that the plurality of connection identifiers are available.
  - 16. The method of claim 11, wherein the first middlebox instance associates the connection identifier assigned to the first middlebox instance with the first packet by replacing a source port number of the first packet with the connection identifier.
  - 17. The method of claim 11, wherein a second middlebox instance in the second host is configured to generate a set of flow entries based on connection identifiers associated with packets that are received by the second host in order for a managed switching element operating in the second host to use the set of flow entries to send responses to the correct sources of the packets.
  - 18. The method of claim 11, wherein the first middlebox instance is configured to perform source network address translation on packets originating from the VM according to a configuration for the logical middlebox.
  - 19. The method of claim 11, wherein the request is a first request and the plurality of connection identifiers is a first plurality of connection identifiers, the method further comprising:
    - receiving a second request from the first middlebox instance for additional connection identifiers;
      
      in response to the second request, identifying a second plurality of connection identifiers that are available to be assigned to the middlebox instances; and
      
      assigning the identified connection identifiers to the first middlebox instance.
  - 20. The method of claim 19 further comprising, after assigning the second plurality of connection identifiers to the first middlebox instance, recording that the second plurality of connection identifiers is no longer available.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Koponen, Teemu, Zhang, Ronghua, Thakkar, Pankaj, Casado, Martin
Primary Examiner(s)
Yao, Kwang B
Assistant Examiner(s)
DUDA, ADAM K

Application Number

US14/549,512
Publication Number

US 20150098360A1
Time in Patent Office

957 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Connection identifier assignment and source network address translation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

201 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Connection identifier assignment and source network address translation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links