Stateful services on stateless clustered edge

US 9,876,714 B2
Filed: 11/14/2014
Issued: 01/23/2018
Est. Priority Date: 11/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method for performing a service statefully at a cluster of nodes including first and second nodes, the method comprising:

at the first node;

receiving a first packet for a first flow, based on a first set of flow identifiers of the first flow;

performing the service on the first packet and storing state information;

from the second node, receiving a second packet for a second flow that is part of one connection session with the first flow, wherein the second node initially received the second packet based on a second set of flow identifiers of the second flow and then forwarded the second packet to the first node as the first node previously processed the first flow that is part of the same connection session as the second flow; and

performing the service on the second packet by using state information stored at the first node for the connection session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to enable dynamic scaling of network services at the edge, novel systems and methods are provided to enable addition of add new nodes or removal of existing nodes while retaining the affinity of the flows through the stateful services. The methods provide a cluster of network nodes that can be dynamically resized to handle and process network traffic that utilizes stateful network services. The existing traffic flows through the edge continue to function during and after the changes to membership of the cluster. All nodes in the cluster operate in active-active mode, i.e., they are receiving and processing traffic flows, thereby maximizing the utilization of the available processing power.

98 Citations

View as Search Results

20 Claims

1. A method for performing a service statefully at a cluster of nodes including first and second nodes, the method comprising:
- at the first node;
  
  receiving a first packet for a first flow, based on a first set of flow identifiers of the first flow;
  
  performing the service on the first packet and storing state information;
  
  from the second node, receiving a second packet for a second flow that is part of one connection session with the first flow, wherein the second node initially received the second packet based on a second set of flow identifiers of the second flow and then forwarded the second packet to the first node as the first node previously processed the first flow that is part of the same connection session as the second flow; and
  
  performing the service on the second packet by using state information stored at the first node for the connection session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the service performed for the first flow is network address translation (NAT).
  - 3. The method of claim 2, wherein the NAT processing translates the first set of flow identifiers of the first flow into the second set of flow identifiers of the second flow.
  - 4. The method of claim 1, wherein the first node is identified by a hash of the first set of flow identifiers while the second node is identified by a hash of the second set of flow identifiers.
  - 5. The method of claim 1, wherein the second node comprises an indirection table having an entry for forwarding packets having the second set of flow identifiers from the second node to the first node.
  - 6. The method of claim 5 further comprising using a pinned flow table having an entry for keeping and processing packets having the second set of flow identifiers at the first node.
  - 7. The method of claim 1, wherein a hash of flow identifiers initially identifies an owner node of the flow, wherein the first node is the owner node of the particular flow according to a hash of the first set of flow identifiers and the second node is the owner node of the particular flow according to a hash of the second set of flow identifiers.

8. A method for performing a service statefully at a cluster of nodes including a plurality of nodes, the method comprising:
- at a first node;
  
  based on an original source address in headers of a plurality of outgoing packets exiting a logical network segment, receiving the plurality of outgoing packets;
  
  performing a service on each outgoing packet; and
  
  for each of the outgoing packets, translating the original source address in the header of the outgoing packet to a translated source address that is uniquely associated with the first node to ensure that incoming packets that enter the logical network segment in response to the plurality of outgoing packets are received by the first node based on the translated source address, instead of being received by another node in the node cluster.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8 further comprising performing inverse source network address translation (SNAT) on each incoming packet to replace the translated source address with the original source address of the flow.
  - 10. The method of claim 8 further comprising maintaining state information for the incoming packets.

11. A non-transitory machine readable medium storing a program for performing a service statefully at a cluster of nodes including a plurality of nodes, the program for execution on at least one processing unit of a first node, the program comprising sets of instructions for:
- based on an original source address in headers of a plurality of outgoing packets exiting a logical network segment, receiving the plurality of outgoing packets;
  
  performing a service on each outgoing packet; and
  
  for each of the outgoing packets, translating the original source address in the header of the outgoing packet to a translated source address that is uniquely associated with the first node to ensure that incoming packets that enter the logical network segment in response to the plurality of outgoing packets are received by the first node based on the translated source address, instead of being received by another node in the node cluster.
- View Dependent Claims (12, 13)
- - 12. The non-transitory machine readable medium of claim 11, wherein the program further comprises a set of instructions for performing inverse source network address translation (SNAT) on an incoming packet that replaces the translated source address in the header of the incoming packet with the original source address.
  - 13. The non-transitory machine readable medium of claim 11, wherein the program further comprises a set of instructions for maintaining state information for the incoming packets.

14. A non-transitory machine readable medium storing a program for execution on at least one processing unit, the program for performing a service statefully at a cluster of nodes including first and second nodes, the program comprising sets of instructions for:
- at the first node;
  
  receiving a first packet for a first flow, based on a first set of flow identifiers of the first flow;
  
  performing the service on the first packet and storing state information;
  
  from the second node, receiving a second packet for a second flow that is part of one connection session with the first flow, wherein the second node initially received the second packet based on a second set of flow identifiers of the second flow and then forwarded the second packet to the first node as the first node previously processed the first flow that is part of the same connection session as the second flow; and
  
  performing the service on the second packet by using state information of the particular flow stored at the first node for the connection session.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory machine readable medium of claim 14, wherein the service performed for the first flow is network address translation (NAT).
  - 16. The non-transitory machine readable medium of claim 15, wherein the NAT processing translates the first set of flow identifiers of the first flow into the second set of flow identifiers of the second flow.
  - 17. The non-transitory machine readable medium of claim 14, wherein the first node is identified by a hash of the first set of flow identifiers while the second node is identified by a hash of the second set of flow identifiers.
  - 18. The non-transitory machine readable medium of claim 14, wherein the second node comprises an indirection table having an entry for forwarding packets having the second set of flow identifiers from the second node to the first node.
  - 19. The non-transitory machine readable medium of claim 18 further comprising a set of instructions for using a pinned flow table having an entry for keeping and processing packets having the second set of flow identifiers at the first node.
  - 20. The non-transitory machine readable medium of claim 14, wherein a hash of flow identifiers initially identifies an owner node of the flow, wherein the first node is the owner node of the particular flow according to a hash of the first set of flow identifiers and the second node is the owner node of the particular flow according to a hash of the second set of flow identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Parsa, Mike, Jain, Jayant, Hong, Xinhua, Sengupta, Anirban, Fan, Kai-Wei
Primary Examiner(s)
Zhao, Wei

Application Number

US14/541,530
Publication Number

US 20160142297A1
Time in Patent Office

1,166 Days
Field of Search
US Class Current
CPC Class Codes

H04L 45/38   Flow based routing

H04L 45/46   Cluster building

H04L 45/58   Association of routers

H04L 45/7453   using hashing

H04L 61/2503   Translation of Internet pro...

Stateful services on stateless clustered edge

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

98 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Stateful services on stateless clustered edge

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links