Virtual network protocol
First Claim
Patent Images
1. A method comprising:
- in a user process space of a host operating system operating on a given host machine, wherein the host operating system hosts one or more distinct virtual machines each being a hardware virtualization, performing the following steps;
receiving, in one or more processes running in the user process space, an outgoing packet from a source virtual machine (VM) of the one or more distinct virtual machines, the outgoing packet destined for a destination VM;
obtaining, in the one or more processes running in the user process space, a source secret key for the source VM, the source secret key not being known by the destination VM;
determining, in the one or more processes running in the user process space, a destination key based on a network address of the destination VM, where the destination secret key is not known by the source VM;
obtaining, in the one or more processes running the user process space, a token derived at least partly from the source secret key and the destination secret key;
encapsulating, in the one or more processes running the user process space, the outgoing packet in a second packet along with the token; and
transmitting, through one or more processes running in a kernel process space of the host operating system, the second packet to the destination VM.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing virtual network pairs between virtual machines and other devices.
-
Citations
18 Claims
-
1. A method comprising:
-
in a user process space of a host operating system operating on a given host machine, wherein the host operating system hosts one or more distinct virtual machines each being a hardware virtualization, performing the following steps; receiving, in one or more processes running in the user process space, an outgoing packet from a source virtual machine (VM) of the one or more distinct virtual machines, the outgoing packet destined for a destination VM; obtaining, in the one or more processes running in the user process space, a source secret key for the source VM, the source secret key not being known by the destination VM; determining, in the one or more processes running in the user process space, a destination key based on a network address of the destination VM, where the destination secret key is not known by the source VM; obtaining, in the one or more processes running the user process space, a token derived at least partly from the source secret key and the destination secret key; encapsulating, in the one or more processes running the user process space, the outgoing packet in a second packet along with the token; and transmitting, through one or more processes running in a kernel process space of the host operating system, the second packet to the destination VM. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A storage medium encoded with instructions which, when executed by data processing apparatus, cause the data processing apparatus to perform operations comprising:
-
in a user process space of a host operating system operating on a given host machine, wherein the host operating system hosts one or more distinct virtual machines each being a hardware virtualization, performing the following steps; receiving, in one or more processes running the user process space, an outgoing packet from a source virtual machine (VM) of the one or more distinct virtual machines, the outgoing packet destined for a destination VM; obtaining, in the one or more processes running the user process space, a source secret key for the source VM, the source secret key not being known by the destination VM; determining, in the one or more processes running the user process space, a destination key based on a network address of the destination VM, where the destination secret key is not known by the source VM; obtaining, in the one or more processes running the user process space, a token derived at least partly from the source secret key and the destination secret key; encapsulating, in the one or more processes running the user process space, the outgoing packet in a second packet along with the token; and transmitting, through one or more processes running in a kernel process space of the host operating system, the second packet to the destination VM. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a storage medium encoded with instructions; data processing apparatus operable to execute the instructions to perform operations comprising; in a user process space of a host operating system operating on a given host machine, wherein the host operating system hosts one or more distinct virtual machines each being a hardware virtualization, performing the following steps; receiving, in the one or more processes running the user process space, an outgoing packet from a source virtual machine (VM) of the one or more distinct virtual machines, the outgoing packet destined for a destination VM; obtaining, in the one or more processes running the user process space, a source secret key for the source VM, the source secret key not being known by the destination VM; determining, in the one or more processes running the user process space, a destination key based on a network address of the destination VM, where the destination secret key is not known by the source VM; obtaining, in the one or more processes running the user process space, a token derived at least partly from the source secret key and the destination secret key; encapsulating, in the one or more processes running the user process space, the outgoing packet in a second packet along with the token; and transmitting, through one or more processes running in a kernel process space of the host operating system, the second packet to the destination VM. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification