Source address translation in overlay networks

US 9,876,711 B2
Filed: 09/04/2014
Issued: 01/23/2018
Est. Priority Date: 11/05/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a first access switch in an overlay network, an encapsulated packet from a tunnel endpoint in the overlay network, the encapsulated packet originating from a host associated with the tunnel endpoint and encapsulated at the tunnel endpoint with a first source tunnel endpoint address and a destination tunnel endpoint address of a second access switch in the overlay network;

replacing the first source tunnel endpoint address in the encapsulated packet with a second source tunnel endpoint address of the first access switch to yield a translated packet;

transmitting the translated packet from the first access switch towards the destination tunnel endpoint address; and

recording, in a translation table at the first access switch, an association between the host and the first source tunnel endpoint address;

wherein the second access switch is configured to forward the translated packet to a second tunnel endpoint associated with the second access switch.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory computer-readable storage media for translating source addresses in an overlay network. An access switch in an overlay network, such as a VXLAN, may receive an encapsulated packet from a tunnel endpoint in the overlay network. The encapsulated packet may originate from a host associated with the tunnel endpoint and be encapsulated at the tunnel endpoint with a first source tunnel endpoint address and a destination tunnel endpoint address. The access switch may replace the first source tunnel endpoint address in the encapsulated packet with a second source tunnel endpoint address of the access switch to yield a translated packet. The access switch may then transmit the translated packet towards the destination tunnel endpoint address.

Citations

18 Claims

1. A method comprising:
- receiving, at a first access switch in an overlay network, an encapsulated packet from a tunnel endpoint in the overlay network, the encapsulated packet originating from a host associated with the tunnel endpoint and encapsulated at the tunnel endpoint with a first source tunnel endpoint address and a destination tunnel endpoint address of a second access switch in the overlay network;
  
  replacing the first source tunnel endpoint address in the encapsulated packet with a second source tunnel endpoint address of the first access switch to yield a translated packet;
  
  transmitting the translated packet from the first access switch towards the destination tunnel endpoint address; and
  
  recording, in a translation table at the first access switch, an association between the host and the first source tunnel endpoint address;
  
  wherein the second access switch is configured to forward the translated packet to a second tunnel endpoint associated with the second access switch.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first source tunnel endpoint address, the second source tunnel endpoint address, and the destination tunnel endpoint address are Internet protocol (IP) addresses.
  - 3. The method of claim 1, wherein the tunnel endpoint is a first tunnel endpoint.
  - 4. The method of claim 1, wherein the encapsulated packet is encapsulated at the tunnel endpoint by using media access control in user datagram protocol (MAC-in-UDP) encapsulation.
  - 5. The method of claim 1, wherein the overlay network is a virtual extensible local area network (VXLAN) and the tunnel endpoint is a virtual tunnel endpoint (VTEP).
  - 6. The method of claim 1, the method further comprising:
    - receiving, at the first access switch, an incoming encapsulated packet being destined for the host, the incoming encapsulated packet having the second source tunnel endpoint address in a destination tunnel endpoint address field;
      
      determining that the host is associated with the first source tunnel endpoint address by using the translation table;
      
      rewriting the destination tunnel endpoint address field in the incoming encapsulated packet with the first source tunnel endpoint address to yield an incoming translated packet; and
      
      transmitting the incoming translated packet from the first access switch to the tunnel endpoint.
  - 7. The method of claim 1,wherein,each packet that originates from the host is encapsulated and translated.

8. A system comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium having stored therein instructions which, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving, at first access switch in an overlay network, an encapsulated packet from a tunnel endpoint in the overlay network, the encapsulated packet originating from a host associated with the tunnel endpoint and encapsulated at the tunnel endpoint with a first source tunnel endpoint address and a destination tunnel endpoint address of a second access switch of the overlay network;
  
  replacing the first source tunnel endpoint address in the encapsulated packet with a second source tunnel endpoint address of the first access switch to yield a translated packet;
  
  transmitting the translated packet from the first access switch towards the destination tunnel endpoint address; and
  
  recording, in a translation table at the first access switch, an association between the host and the first source tunnel endpoint address;
  
  wherein the second access switch is configured to forward the translated packet to a second tunnel endpoint associated with the second access switch.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the first source tunnel endpoint address, the second source tunnel endpoint address, and the destination tunnel endpoint address are Internet protocol (IP) addresses.
  - 10. The system of claim 8, wherein the tunnel endpoint is a first tunnel endpoint.
  - 11. The system of claim 8, wherein the encapsulated packet is encapsulated at the tunnel endpoint by using media access control in user datagram protocol (MAC-in-UDP) encapsulation.
  - 12. The system of claim 8, wherein the overlay network is a virtual extensible local area network (VXLAN) and the tunnel endpoint is a virtual tunnel endpoint (VTEP).
  - 13. The system of claim 8, the non-transitory computer-readable storage medium storing additional instructions which, when executed by the processor, cause the processor to perform further operations comprising:
    - receiving, at the first access switch, an incoming encapsulated packet being destined for the host, the incoming encapsulated packet having the second source tunnel endpoint address in a destination tunnel endpoint address field;
      
      determining that the host is associated with the first source tunnel endpoint address by using the translation table;
      
      rewriting the destination tunnel endpoint address field in the incoming encapsulated packet with the first source tunnel endpoint address to yield an incoming translated packet; and
      
      transmitting the incoming translated packet from the first access switch to the tunnel endpoint.
  - 14. The system of claim 8,wherein,each packet that originates from the host is encapsulated and translated.

15. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor, cause the processor to perform operations comprising:
- receiving, at a first access switch in an overlay network, an encapsulated packet being destined for a host, the encapsulated packet having a first destination tunnel endpoint address for the access switch and a destination host address for the host, the first destination tunnel endpoint address provided by a second access switch;
  
  determining that the host is associated with a tunnel endpoint by using a translation table that stores an association between the destination host address and a second destination tunnel endpoint address of the tunnel endpoint;
  
  replacing the first destination tunnel endpoint address in the encapsulated packet with the second destination tunnel endpoint address to yield a translated packet;
  
  transmitting the translated packet from the first access switch to the tunnel endpoint; and
  
  recording, in a translation table at the first access switch, an association between the host and the first destination tunnel endpoint address;
  
  wherein the second access switch is configured to receive the encapsulated packet from a second tunnel endpoint associated with the second access switch.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the first destination tunnel endpoint address and the second destination tunnel endpoint are IP addresses, and the destination host address is a media access control (MAC) address.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the tunnel endpoint is configured to de-encapsulate the translated packet to yield a de-encapsulated frame and forward the de-encapsulated frame to the host.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the translated packet is a UDP packet and the de-encapsulated frame is a MAC frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Chu, Kit Chiu, Edsall, Thomas J., Yadav, Navindra, Matus, Francisco M., Doddapaneni, Krishna, Sinha, Satyam
Primary Examiner(s)
HAILE, AWET A

Application Number

US14/477,762
Publication Number

US 20150124821A1
Time in Patent Office

1,237 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/18   for broadcast or conference...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4645   Details on frame tagging ro...

H04L 2212/00   Encapsulation of packets

H04L 41/0654   using network fault recover...

H04L 43/0811   by checking connectivity

H04L 43/0852   Delays

H04L 43/0894   Packet rate

H04L 43/16   Threshold monitoring

H04L 45/02   Topology update or discovery

H04L 45/021   Ensuring consistency of rou...

H04L 45/16   Multipoint routing

H04L 45/22   Alternate routing

H04L 45/24   Multipath

H04L 45/245   Link aggregation, e.g. trun...

H04L 45/28   using route fault recovery

H04L 45/48   Routing tree calculation

H04L 45/50   using label swapping, e.g. ...

H04L 45/64   using an overlay routing layer

H04L 45/74 : Address processing for routing

H04L 45/745 : Address table lookup; Addre...

H04L 45/7453 : using hashing

H04L 47/125 : by balancing the load, e.g....

H04L 49/70 : Virtual switches

H04L 51/214 : using selective forwarding

H04L 61/2503 : Translation of Internet pro...

H04L 61/2592 : using tunnelling or encapsu...

H04L 67/10 : in which an application is ...

H04L 69/22 : Parsing or analysis of headers

View All

Source address translation in overlay networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Source address translation in overlay networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links