Architecture of networks with middleboxes

US 9,697,033 B2
Filed: 01/12/2015
Issued: 07/04/2017
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A system for implementing a logical network that comprises a set of end machines, a first logical middlebox, and a second logical middlebox, the end machines and the first and second logical middleboxes connected in the logical network by a set of logical forwarding elements, the system comprising:

a set of physical nodes, wherein each of the nodes executes;

an end machine of the logical network;

a managed forwarding element that implements the set of logical forwarding elements of the logical network; and

a middlebox element that implements the first logical middlebox of the logical network,wherein a first middlebox element executing on a first node in the set of nodes and a second middlebox element executing on a second node in the set of nodes implement a same configuration for the first logical middlebox;

a physical middlebox appliance that implements the second logical middlebox;

a set of network controllers for providing configuration data to the managed forwarding elements, middlebox elements, and physical middlebox appliance, wherein the set of network controllers receive configuration data for the logical network, identify the set of nodes to which to distribute the logical network configuration data, and distribute configuration data for the first logical middlebox to the middlebox elements of the identified set of nodes.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. Each of several nodes includes (i) a virtual machine for implementing an end machine of the logical network, (ii) a managed switching element for implementing the set of logical forwarding elements of the logical network, and (iii) a middlebox element for implementing the first logical middlebox of the logical network. The system includes a physical middlebox appliance for implementing the second logical middlebox.

Citations

18 Claims

1. A system for implementing a logical network that comprises a set of end machines, a first logical middlebox, and a second logical middlebox, the end machines and the first and second logical middleboxes connected in the logical network by a set of logical forwarding elements, the system comprising:
- a set of physical nodes, wherein each of the nodes executes;
  
  an end machine of the logical network;
  
  a managed forwarding element that implements the set of logical forwarding elements of the logical network; and
  
  a middlebox element that implements the first logical middlebox of the logical network,wherein a first middlebox element executing on a first node in the set of nodes and a second middlebox element executing on a second node in the set of nodes implement a same configuration for the first logical middlebox;
  
  a physical middlebox appliance that implements the second logical middlebox;
  
  a set of network controllers for providing configuration data to the managed forwarding elements, middlebox elements, and physical middlebox appliance, wherein the set of network controllers receive configuration data for the logical network, identify the set of nodes to which to distribute the logical network configuration data, and distribute configuration data for the first logical middlebox to the middlebox elements of the identified set of nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the logical network is a first logical network, wherein the set of end machines is a first set of end machines, wherein the set of logical forwarding elements is a first set of forwarding elements, wherein the system is further for implementing a second logical network that comprises a second set of end machines and a third logical middlebox connected by a second set of logical forwarding elements.
  - 3. The system of claim 2, wherein a particular node in the set of nodes further executes an end machine of the second set of end machines of the second logical network.
  - 4. The system of claim 3, wherein the managed forwarding element of the particular node further implements the second set of logical forwarding elements of the second logical network and the middlebox element of the particular node further implements the third logical middlebox of the second logical network.
  - 5. The system of claim 1, wherein the first logical middlebox and the second logical middlebox are different types of middleboxes.
  - 6. The system of claim 1, wherein the first logical middlebox and the second logical middlebox are a same type of middlebox that perform different functions in the logical network.
  - 7. The system of claim 1, wherein the first logical middlebox is one of a firewall, a network address translator, and a load balancer.
  - 8. The system of claim 1, wherein the second logical middlebox is one of an intrusion detection system and a wide area network (WAN) optimizer.
  - 9. The system of claim 1, wherein the first logical middlebox operates separately on the middlebox element of each node of the set of nodes without communication of state information between the middlebox elements of the nodes of the set of nodes.
  - 10. The system of claim 9, wherein the physical middlebox appliance performs an operation that requires state information relating to packets routed between several different sets of end machines of the logical network.
  - 11. The system of claim 9, wherein each particular middlebox element stores state information regarding transport connections of packets processed by the particular middlebox element.
  - 12. The system of claim 11, wherein the processing for a particular transport connection by the first logical middlebox does not require any state information regarding other transport connections.
  - 13. The system of claim 1, wherein the set of logical forwarding elements comprises a logical router and a logical switch, wherein a first managed forwarding element of the first node and a second managed forwarding element of the second node both implement the logical router and the logical switch.
  - 14. The system of claim 13, wherein the set of network controllers distributes configuration data for the set of logical forwarding elements of the logical network to the managed forwarding elements.
  - 15. The system of claim 1, wherein the set of network controllers distributes configuration data for the second logical middlebox to the physical middlebox appliance.
  - 16. The system of claim 1, wherein at least a subset of the end machines are virtual machines.
  - 17. The system of claim 1 further comprising additional physical middlebox appliances that operate as a cluster with the physical middlebox appliance to implement the second logical middlebox.
  - 18. The system of claim 17 further comprising a dedicated network connection for sharing state information between the cluster of physical middlebox appliances.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Koponen, Teemu, Zhang, Ronghua, Thakkar, Pankaj, Casado, Martin
Primary Examiner(s)
Wang, Liangche A

Application Number

US14/595,199
Publication Number

US 20150142938A1
Time in Patent Office

904 Days
Field of Search

709220, 709222, 709223, 709221, 709238
US Class Current
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0813   characterised by the condit...

H04L 41/0823   characterised by the purpos...

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 45/02   Topology update or discovery

H04L 45/64   using an overlay routing layer

H04L 45/74   Address processing for routing

H04L 49/15   Interconnection of switchin...

H04L 49/70 : Virtual switches

H04L 61/2503 : Translation of Internet pro...

H04L 61/2517 : using port numbers

H04L 61/2521 : Translation architectures o...

H04L 61/256 : NAT traversal

H04L 63/0218 : Distributed architectures, ...

H04L 67/1008 : based on parameters of serv...

View All

Architecture of networks with middleboxes

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture of networks with middleboxes

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links