Using different TCP/IP stacks for different tenants on a multi-tenant host

US 9,729,679 B2
Filed: 03/31/2014
Issued: 08/08/2017
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of separating tenant data on an electronic computing device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the method comprising:

implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;

for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and

for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor,wherein the first and second sets of processes execute outside of any tenant VM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multiple TCP/IP stack processors on a host. The multiple TCP/IP stack processors are provided independently of TCP/IP stack processors implemented by virtual machines on the host. The TCP/IP stack processors provide multiple different default gateway addresses for use with multiple processes. The default gateway addresses allow a service to communicate across an L3 network. Processes outside of virtual machines that utilize the TCP/IP stack processor on a first host can benefit from using their own gateway, and communicate with their peer process on a second host, regardless of whether the second host is located within the same subnet or a different subnet. The multiple TCP/IP stack processors can use separately allocated resources. Separate TCP/IP stack processors can be provided for each of multiple tenants on the host. Separate loopback interfaces of multiple TCP/IP stack processors can be used to create separate containment for separate sets of processes on a host.

47 Citations

View as Search Results

20 Claims

1. A method of separating tenant data on an electronic computing device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the method comprising:
- implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;
  
  for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and
  
  for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor,wherein the first and second sets of processes execute outside of any tenant VM.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant.
  - 3. The method of claim 1, wherein the electronic device implements a user space and a kernel space.
  - 4. The method of claim 3, wherein the first set of processes is implemented in the user space.
  - 5. The method of claim 3, wherein the first set of processes is implemented in the kernel space.
  - 6. The method of claim 1, wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.
  - 7. The method of claim 1, wherein the first set of processes comprises hypervisor service processes.

8. A non-transitory machine readable medium storing a program which when executed by at least one processing unit separates tenant data on an electronic computing device that implements virtual machines (VMs) for a plurality of tenants, the program comprising sets of instructions for:
- implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;
  
  for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and
  
  for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor,wherein the first and second sets of processes execute outside of any tenant VM.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory machine readable medium of claim 8, wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant.
  - 10. The non-transitory machine readable medium of claim 8, wherein the electronic device implements a user space and a kernel space.
  - 11. The non-transitory machine readable medium of claim 10, wherein the first set of processes is implemented in the user space.
  - 12. The non-transitory machine readable medium of claim 10, wherein the first set of processes is implemented in the kernel space.
  - 13. The non-transitory machine readable medium of claim 8, wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.
  - 14. The non-transitory machine readable medium of claim 8, wherein the first set of processes comprises a virtual machine migrator process.

15. An electronic device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the electronic device comprising:
- at least one processing unit;
  
  a non-transitory machine readable medium storing a program which when executed by the processing unit keeps the tenant data of each tenant separate from the tenant data of other tenants, the program comprising sets of instructions for;
  
  implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs;
  
  for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor to prevent data from being sent to a second tenant; and
  
  for a second set of non-tenant VM processes implemented for the second tenant, sending data from the second set of processes through a second TCP/IP stack processor to prevent data from being sent to the first tenantwherein the first and second sets of processes execute outside of any tenant VM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The electronic device of claim 15, wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant.
  - 17. The electronic device of claim 15, wherein the electronic device implements a user space and a kernel space.
  - 18. The electronic device of claim 17, wherein the first set of processes is implemented in the user space.
  - 19. The electronic device of claim 17, wherein the first set of processes is implemented in the kernel space.
  - 20. The electronic device of claim 15, wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Raju, Nithin B., Chandrashekhar, Ganesan
Primary Examiner(s)
Keehn, Richard G

Application Number

US14/231,708
Publication Number

US 20150281407A1
Time in Patent Office

1,226 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

Using different TCP/IP stacks for different tenants on a multi-tenant host

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using different TCP/IP stacks for different tenants on a multi-tenant host

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links