VPN for containers and virtual machines in local area networks
First Claim
1. A computer-implemented method for combining Virtual Environments (VEs) into a Virtual Private Network (VPN), the method comprising:
- connecting at least two host nodes into an Ethernet network;
launching at least two VEs on each of the hosts;
combining the VEs from both hosts into a VPN;
assigning a number to the VPN;
launching an additional VE on one of the hosts to perform network function virtualization (NFV) for the other VEs;
configuring a first switch on each of the hosts to route packets to VEs that subscribe to the VPN;
using a second switch connected to the first switches of the host nodes to join different host nodes into a segment of the Ethernet network;
analyzing an incoming broadcast packet by the first switch;
replacing a standard destination MAC address in a packet header by a number of the VPN to which a source VE belongs;
for each arriving packet, looking up which VEs belong to the VPN whose VPN number replaced the destination MAC address; and
for each such found VE, replacing the number of the VPN with the destination MAC address of the VE and delivering the packet to the found VE,wherein the host nodes receive VE-related traffic via a proxy.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product for a VPN for containers and VMs implemented on different network node. A number of network hardware nodes have containers and VMs running on them. The containers and VMs are aggregated into VPNs assembled across the hardware nodes. Each hardware node has a network edge programmable switch configured to route packets to containers and VMs only inside a particular VPN. The switch detects a number of the VPN inside the packet header, replaces this number by a standard broadcast header number and multi-casts the packet to the containers and the VMs inside the VPN.
24 Citations
20 Claims
-
1. A computer-implemented method for combining Virtual Environments (VEs) into a Virtual Private Network (VPN), the method comprising:
-
connecting at least two host nodes into an Ethernet network; launching at least two VEs on each of the hosts; combining the VEs from both hosts into a VPN; assigning a number to the VPN; launching an additional VE on one of the hosts to perform network function virtualization (NFV) for the other VEs; configuring a first switch on each of the hosts to route packets to VEs that subscribe to the VPN; using a second switch connected to the first switches of the host nodes to join different host nodes into a segment of the Ethernet network; analyzing an incoming broadcast packet by the first switch; replacing a standard destination MAC address in a packet header by a number of the VPN to which a source VE belongs; for each arriving packet, looking up which VEs belong to the VPN whose VPN number replaced the destination MAC address; and for each such found VE, replacing the number of the VPN with the destination MAC address of the VE and delivering the packet to the found VE, wherein the host nodes receive VE-related traffic via a proxy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product comprising a non-transitory computer readable medium containing code for implementing the steps of:
-
connecting at least two host nodes into an Ethernet network; launching at least two VEs on each of the hosts; combining the VEs from both hosts into a VPN; assigning a number to the VPN; launching an additional VE on one of the hosts to perform network function virtualization (NFV) for the other VEs; configuring a first switch on each of the hosts to route packets to VEs that subscribe to the VPN; using a second switch connected to the first switches of the host nodes to join different host nodes into a segment of the Ethernet network; analyzing an incoming broadcast packet by the first switch; replacing a standard destination MAC address in a packet header by a number of the VPN to which a source VE belongs; for each arriving packet, looking up which VEs belong to the VPN whose VPN number replaced the destination MAC address; and for each such found VE, replacing the number of the VPN with the destination MAC address of the VE and delivering the packet to the found VE, wherein the host nodes receive VE-related traffic via a proxy.
-
-
20. A system for combining Virtual Environments (VEs) into a Virtual Private Network (VPN), the system comprising:
-
at least two host nodes connected into an Ethernet network; at least two VEs on each of the hosts; the VEs from both hosts combined into a VPN with an assigned number; an additional VE on one of the hosts that performs network function virtualization (NFV) for the other VEs; a first switch on each of the hosts configured to route packets to VEs that subscribe to the VPN; a second switch connected to the first switches of the host nodes configured to join different host nodes into a segment of the Ethernet network; wherein an incoming broadcast packet is analyzed by the first switch; wherein a standard destination MAC address in a packet header is replaced by a number of the VPN to which a source VE belongs; for each arriving packet, looking up which VEs belong to the VPN whose VPN number replaced the destination MAC address; and for each such found VE, replacing the number of the VPN with the destination MAC address of the VE and delivering the packet to the found VE, wherein the host nodes receive VE-related traffic via a proxy.
-
Specification