Multi-tier stateful network flow management architecture
First Claim
Patent Images
1. A method, comprising:
- receiving, at a packet transformation tier of a stateful network flow management service of a provider network, a particular network packet of a particular network flow, wherein the particular network flow is distinguishable from other network flows by a combination of one or more of;
a network protocol, a transmission direction, a source network address, a source network port, a destination network address or a destination network port;
generating, at a rewriting decisions tier of the stateful network flow management service, a rewrite entry indicating transformations to be applied to a plurality of network packets of the particular network flow in accordance with a packet processing requirement of a client;
modifying, at the packet transformation tier in accordance with the rewrite entry, one or more header elements of the particular network packet;
transmitting, from the packet transformation tier, a transformed version of the particular network packet resulting from said modifying to a destination network address indicated in the transformed version;
updating, at a flow state tracking tier of the stateful network flow management service, a flow state record corresponding to the particular network flow;
transmitting, from the flow state tracking tier to the rewriting decisions tier, a representation of one or more flow state records corresponding to respective active network flows including the particular network flow; and
generating, at the rewriting decisions tier based at least in part on the representation of the one or more flow state records, at least one additional rewrite entry corresponding to a different network flow.
1 Assignment
0 Petitions
Accused Products
Abstract
A packet transformation node of a multi-tier flow management system receives a packet of a particular network flow. The packet transformation node produces a modified version of the packet with changes to one or more header elements based on a rewrite entry generated at a rewriting decisions tier of the system, and transmits the modified version to a destination. A rewriting decisions node of the system generates rewrite entries corresponding to various packet processing requirements, based at least partly on state information regarding various flows for which rewriting entries have already been generated.
-
Citations
21 Claims
-
1. A method, comprising:
-
receiving, at a packet transformation tier of a stateful network flow management service of a provider network, a particular network packet of a particular network flow, wherein the particular network flow is distinguishable from other network flows by a combination of one or more of;
a network protocol, a transmission direction, a source network address, a source network port, a destination network address or a destination network port;generating, at a rewriting decisions tier of the stateful network flow management service, a rewrite entry indicating transformations to be applied to a plurality of network packets of the particular network flow in accordance with a packet processing requirement of a client; modifying, at the packet transformation tier in accordance with the rewrite entry, one or more header elements of the particular network packet; transmitting, from the packet transformation tier, a transformed version of the particular network packet resulting from said modifying to a destination network address indicated in the transformed version; updating, at a flow state tracking tier of the stateful network flow management service, a flow state record corresponding to the particular network flow; transmitting, from the flow state tracking tier to the rewriting decisions tier, a representation of one or more flow state records corresponding to respective active network flows including the particular network flow; and generating, at the rewriting decisions tier based at least in part on the representation of the one or more flow state records, at least one additional rewrite entry corresponding to a different network flow. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A multi-tier network flow management system implemented at one or more computing devices, comprising:
-
one or more nodes of a packet transformation tier; and one or more nodes of a rewriting decisions tier; wherein the one or more nodes of the packet transformation tier are configured to; receive a particular network packet of a particular network flow, wherein the particular network flow is distinguishable from other network flows by a combination of one or more of;
a network protocol, a source network address, a source network port, a destination network address or a destination network port;generate a modified version of the particular network packet, wherein the modified version includes changes to one or more header entries of the particular network packet in accordance with a particular rewrite entry created at the rewriting decisions tier; transmit the modified version of the particular network packet to a destination network address indicated in the modified version; and wherein the one or more nodes of the rewriting decisions tier are configured to; receive an indication from a client of a selected packet processing requirement to be applied to one or more network flows, wherein the selected packet processing requirement is selected from a plurality of supported packet processing requirements for network flows, and wherein the plurality of supported packet processing requirements comprise two or more of;
(a) a source address substitution requirement, (b) a multicast requirement, (c) an anycast requirement or (d) a load balancing requirement;generate a plurality of rewrite entries, including the particular rewrite entry, to fulfill the packet processing requirements of the client, wherein at least one entry of the plurality of rewrite entries is based at least in part, on an analysis of state information pertaining to one or more network flows. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-accessible storage medium storing program instructions that when executed on one or more processors implement a node of a rewriting decisions tier of a network flow management system, wherein the node of the rewriting decisions tier is configured to:
-
receive an indication from a client of a selected packet processing requirement to be applied to one or more network flows, wherein the selected packet processing requirement is selected from a plurality of supported packet processing requirements for network flows, wherein the plurality of supported packet processing requirements comprise two or more of;
(a) a source address substitution requirement, (b) a multicast requirement, (c) an anycast requirement or (d) a load balancing requirement;receive an indication that a rewrite entry to be used to modify one or more network packets of a particular network flow is to be generated, wherein the particular network flow is distinguishable from other network flows by a combination of one or more of;
a network protocol, a source network address, a source network port, a destination network address and a destination network port;generate the rewrite entry based at least in part on the indication of the client selected packet processing requirement; and initiate a transmission of the rewrite entry to a node of a different tier of the network flow management system. - View Dependent Claims (18)
-
-
19. A non-transitory computer-accessible storage medium storing program instructions that when executed on one or more processors implement a node of a flow state tracking tier of a network flow management system, wherein the node of the flow state tracking tier is configured to:
-
receive a first request for a rewrite entry to be used to modify one or more network packets of a particular network flow at a first node of a packet transformation tier of the network flow management system, wherein the particular network flow is distinguishable from other network flows by a combination of one or more of;
a network protocol, a source network address, a source network port, a destination network address and a destination network port;in response to a determination that a rewrite entry cache does not include a rewrite entry usable to respond to the first request, transmit a second request for the rewrite entry to a selected node of a rewriting decisions tier of the network flow management system; transmit, to the first node of the packet transformation tier, a rewrite entry generated at the selected node of the rewriting decisions tier in response to the second request; update, based at least in part on one or more messages received from the first node of the packet transformation tier subsequent to transmission of the rewrite entry to the first node, a first flow state record corresponding to the particular network flow; and transmit, to at least the selected node of the rewriting decisions tier, a representation of one or more flow state records including the first flow state record. - View Dependent Claims (20, 21)
-
Specification