Auto-discovery service and method of discovering applications within a virtual network

US 10,514,937 B2
Filed: 01/05/2012
Issued: 12/24/2019
Est. Priority Date: 01/05/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first host computing device comprising a first virtual machine (VM) and a first application executing on the first VM; and

a second host computing device communicatively coupled to the first host computing device to form a network, the second host computing device comprising;

a virtualization software layer;

a database;

a second VM, wherein a second application is executing within the second VM;

an auto-discovery service at least partially instantiated within the virtualization software layer and communicatively coupled to the second VM; and

a traffic interceptor module within the auto-discovery service, wherein the auto-discovery service is configured to;

register the second application with the auto-discovery service, wherein registering the second application includes receiving a message from the second application;

intercept, using the traffic interceptor module, a packet from the second application that is bound for the first host computing device;

determine whether the packet satisfies a first condition, the first condition being that the packet represents a new network connection for the second application;

receive, from the second application, one or more of a plurality of second conditions, the one or more of the plurality of second conditions being that the packet includes fields matching one or more of the following;

a source IP address, a destination IP address, and a destination port number stored in the database;

register the one or more of the plurality of second conditions with the traffic interceptor module;

determine whether the packet satisfies the one or more of the plurality of second conditions;

when the packet satisfies the first condition and the one or more of the plurality of second conditions, insert an option into the packet, wherein the option includes the message received from the second application and transmit the packet to the first host computing device to discover applications within the first host computing device;

in response to the packet transmitted to the first host computing device, receive, from the first host computing device, a second packet comprising a second message that includes an internet protocol (IP) address of the first application;

extract the second message from the second packet;

determining whether the second packet satisfies the one or more of the plurality of second conditions; and

based on the second packet satisfying the one or more of the plurality of second conditions, transmit the extracted second message to the second application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments provide a system including a first host computing device that includes a first virtual machine (VM) and a first application. The system also includes a second host computing device including a virtualization software layer, a second VM, and an auto-discovery service at least partially instantiated within the virtualization software layer. The auto-discovery service is configured to receive a message and an auto-discovery packet from a second application executing on the second VM. The auto-discovery service inserts an option into the auto-discovery packet, and transmits the auto-discovery packet to the first application. The option in the auto-discovery packet includes the message received from the second application.

21 Citations

View as Search Results

19 Claims

1. A system comprising:
- a first host computing device comprising a first virtual machine (VM) and a first application executing on the first VM; and
  
  a second host computing device communicatively coupled to the first host computing device to form a network, the second host computing device comprising;
  
  a virtualization software layer;
  
  a database;
  
  a second VM, wherein a second application is executing within the second VM;
  
  an auto-discovery service at least partially instantiated within the virtualization software layer and communicatively coupled to the second VM; and
  
  a traffic interceptor module within the auto-discovery service, wherein the auto-discovery service is configured to;
  
  register the second application with the auto-discovery service, wherein registering the second application includes receiving a message from the second application;
  
  intercept, using the traffic interceptor module, a packet from the second application that is bound for the first host computing device;
  
  determine whether the packet satisfies a first condition, the first condition being that the packet represents a new network connection for the second application;
  
  receive, from the second application, one or more of a plurality of second conditions, the one or more of the plurality of second conditions being that the packet includes fields matching one or more of the following;
  
  a source IP address, a destination IP address, and a destination port number stored in the database;
  
  register the one or more of the plurality of second conditions with the traffic interceptor module;
  
  determine whether the packet satisfies the one or more of the plurality of second conditions;
  
  when the packet satisfies the first condition and the one or more of the plurality of second conditions, insert an option into the packet, wherein the option includes the message received from the second application and transmit the packet to the first host computing device to discover applications within the first host computing device;
  
  in response to the packet transmitted to the first host computing device, receive, from the first host computing device, a second packet comprising a second message that includes an internet protocol (IP) address of the first application;
  
  extract the second message from the second packet;
  
  determining whether the second packet satisfies the one or more of the plurality of second conditions; and
  
  based on the second packet satisfying the one or more of the plurality of second conditions, transmit the extracted second message to the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the database stores:
    - a list of network connections for the second application, the database fields comprising the source IP address; and
      
      the destination IP address, and the destination port.
  - 3. The system of claim 1, wherein the first condition further comprises whether a transmission control protocol (TCP) SYN bit is set within a header of the packet.
  - 4. The system of claim 1, wherein the traffic interceptor module is configured to receive network packets transmitted to the second VM and to receive network packets transmitted from the second VM.
  - 5. The system of claim 4, wherein the virtualization software layer comprises a virtual switch comprising a plurality of ports for connecting to a plurality of VMs, and wherein the traffic interceptor module is connected to a port associated with the second VM.
  - 6. The system of claim 4, wherein the auto-discovery service is further configured to register at least one traffic interception rule with the traffic interceptor module.
  - 7. The system of claim 1, wherein the message is encoded by the second application and wherein the message comprises an IP address of the second application.
  - 8. The system of claim 7, wherein the message is encoded as a transmission control protocol (TCP) option, and wherein contents of the message contents are included in the TCP option field.

9. A method of discovering network applications, the method comprising:
- instantiate a traffic interceptor module within an auto-discovery service executing within a virtualization software layer of a first computing device;
  
  register the first application with the auto-discovery service, wherein registering the first application includes receiving, by the auto-discovery, a message from the first application executing on a first VM of the first computing device;
  
  intercepting, by the traffic interceptor module, a packet from the first application that is bound for a second computing device;
  
  determining, by the auto-discovery service, whether the packet satisfies a first condition, the first condition being that the packet represents a new network connection for the second application;
  
  receiving, by the auto-discovery service, one or more of a plurality of second conditions, the one or more of the plurality of second conditions being that the packet includes fields matching one or more of the following;
  
  a source IP address, a destination IP address, and a destination port number stored in a database;
  
  register the one or more of the plurality of second conditions with the traffic interceptor module;
  
  determine whether the packet satisfies the first condition and the one or more of the plurality of second conditions;
  
  when the packet satisfies the first condition and the one or more of the plurality of second conditions, insert, by the auto-discovery service, an option into the packet, wherein the option includes the message received from the first application and transmitting, by the auto-discovery service, the packet to the second computing device to discover applications within the second computing device;
  
  in response to the packet transmitted to the second computing device, receiving, from the second computing device, a second packet comprising a second message that includes an internet protocol (IP) address of a second application that exists within the second computing device;
  
  extracting the second message from the second packet;
  
  determining whether the second packet satisfies the one or more of the plurality of second conditions; and
  
  based on the second packet satisfying the one or more of the plurality of second conditions, transmitting the extracted second message to the first application.
- View Dependent Claims (10, 11, 18, 19)
- - 10. The method of claim 9, wherein the one or more of the plurality of second conditions are being that the packet includes fields matching the source IP address, the destination IP address, and the destination port number stored in a database.
  - 11. The method of claim 10, further comprising calling the callback function with the extracted message.
  - 18. The method of claim 9, wherein the packet is a SYN packet and the second packet is a SYN-ACK packet.
  - 19. The method of claim 18, wherein the second condition further comprises whether a SYN bit and an ACK bit are set within the packet.

12. A non-transitory computer-readable storage medium having computer executable instructions embodied thereon, wherein, when executed by a processor, the computer-executable instructions cause the processor to:
- instantiate a traffic interceptor module within an auto-discovery service executing within a virtualization software layer of a first computing device;
  
  attach the traffic interceptor module to a virtual switch within the virtualization software layer;
  
  attach the traffic interceptor module to a first VM, wherein a first application is executing within the first VM;
  
  register the first application with the auto-discovery service, wherein registering the first application includes receiving a message from the first application;
  
  intercept, by the traffic interceptor module, a packet from the first application that is bound for a second computing device;
  
  receive, from the first application, one or more of a plurality of first conditions;
  
  register the one or more of the plurality of first conditions with the traffic interceptor module;
  
  determine whether the packet satisfies a second condition, the second condition being the packet represents a new network connection for the first application, and whether the packet satisfies the one or more of the plurality of first conditions being that the packet includes fields matching one or more of the following;
  
  a source IP address, a destination IP address, and a destination port number stored in a database;
  
  when the packet satisfies the one or more of the plurality of first conditions and the second condition, insert the message into the packet and transmit the packet to the second computing device to discover applications within the second computing device;
  
  in response to the packet transmitted to the second computing device, receive, by the auto-discovery service from the second computing device, a second message within a second packet that includes internet protocol (IP) address of a second application that exists within the second computing device;
  
  extract the second message from the second packet;
  
  determine whether the second packet satisfies the one or more of the plurality of first conditions; and
  
  based on the second packet satisfying the one or more of the plurality of first conditions, transmit the extracted second message to the first application.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer-readable storage medium of claim 12, wherein the computer executable instructions further cause the processor to register the second condition with the traffic interceptor module.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the computer executable instructions further cause the processor to register a callback function of the first application with the auto-discovery service.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the computer executable instructions further cause the processor to determine whether the second packet received from the second application satisfies the second condition.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the computer executable instructions further cause the processor to call the callback function if the second packet received from the second application satisfies the one or more of the plurality of first conditions.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the second condition further comprises whether a transmission control protocol (TCP) SYN bit is set within a header of the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Zhang, Yiwen, Cui, Liang, Xia, Zhifeng
Primary Examiner(s)
Aponte, Francisco J
Assistant Examiner(s)
Lu, Kevin X

Application Number

US13/344,505
Publication Number

US 20130179879A1
Time in Patent Office

2,910 Days
Field of Search

717120, 709224
US Class Current
CPC Class Codes

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45537   Provision of facilities of ...

G06F 9/45545   Guest-host, i.e. hypervisor...

Auto-discovery service and method of discovering applications within a virtual network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Auto-discovery service and method of discovering applications within a virtual network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links