Networking in a virtual computing infrastructure

US 8,938,540 B2
Filed: 11/17/2011
Issued: 01/20/2015
Est. Priority Date: 06/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method for networking in a cloud computing environment having a plurality of computing nodes, the method comprising:

upon receiving authorization, communicating with a plurality of virtual machines to provide at least one virtual network to service to the plurality of virtual machines, wherein each of the plurality of virtual machines communicate with a virtual network layer at a virtual interface via at least one virtual Ethernet (vEthernet);

associating a first virtual Media Access Control (MAC) address to a first virtual machine;

associating a second virtual MAC address to a second virtual machine;

storing a mapping between the first virtual MAC address and a first Internet Protocol (IP) address of a first host machine upon which the first virtual machine executes;

storing a mapping between the second virtual MAC address and a second Internet Protocol (IP) address of a second host machine upon which the second virtual machine executes;

receiving, at an operating system of the first host machine from the first virtual machine, a particular packet that specifies the first virtual MAC address as a source and the second virtual MAC address as a destination;

in response to receiving the particular packet, determining, in the operating system of the first host machine, and based on the mapping between the second virtual MAC address and the second IP address, that the particular packet is to be routed to the second host machine;

encapsulating, at the operating system of the first host machine, the particular packet within encapsulating data that specifies the second IP address as a destination; and

sending the encapsulating data containing the particular packet through a physical network interface of the first host machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud computing environment having a plurality of computing nodes is described. Upon receiving authorization, a plurality of virtual machines may be communicated to provide at least one virtual network to service to the plurality virtual machines. Each of the plurality of virtual machines communicates with a virtual network layer at a virtual interface via at least one virtual Ethernet (vEthernet), An IP gateway to a network is provided to the plurality of virtual machines. Communications between the fP gateway and the network are facilitated. Communications between a network control layer and at least one network are routed.

190 Citations

20 Claims

1. A method for networking in a cloud computing environment having a plurality of computing nodes, the method comprising:
- upon receiving authorization, communicating with a plurality of virtual machines to provide at least one virtual network to service to the plurality of virtual machines, wherein each of the plurality of virtual machines communicate with a virtual network layer at a virtual interface via at least one virtual Ethernet (vEthernet);
  
  associating a first virtual Media Access Control (MAC) address to a first virtual machine;
  
  associating a second virtual MAC address to a second virtual machine;
  
  storing a mapping between the first virtual MAC address and a first Internet Protocol (IP) address of a first host machine upon which the first virtual machine executes;
  
  storing a mapping between the second virtual MAC address and a second Internet Protocol (IP) address of a second host machine upon which the second virtual machine executes;
  
  receiving, at an operating system of the first host machine from the first virtual machine, a particular packet that specifies the first virtual MAC address as a source and the second virtual MAC address as a destination;
  
  in response to receiving the particular packet, determining, in the operating system of the first host machine, and based on the mapping between the second virtual MAC address and the second IP address, that the particular packet is to be routed to the second host machine;
  
  encapsulating, at the operating system of the first host machine, the particular packet within encapsulating data that specifies the second IP address as a destination; and
  
  sending the encapsulating data containing the particular packet through a physical network interface of the first host machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18)
- - 2. The method of claim 1, further comprising;
    - providing to the plurality of virtual machines an IP Gateway to a network;
      
      facilitating communications between the IP gateway and the network; and
      
      routing communications between a network control layer and at least one network;
      
      wherein the network control layer includes a virtual DHCP server configured to provide address allocation instantiated on the vEthernet.
  - 3. The method of claim 2, wherein the network control layer includes a virtual DNS server configured to provide a local address resolution service.
  - 4. The method of claim 2, further comprising associating with other networks via one or more virtual Ethernets to provide ingress and egress IP routing.
  - 5. The method of claim 2, wherein a customer of the cloud computing environment has authority to create more vEthernets or delete existing ones.
  - 6. The method of claim 2, wherein each of the virtual interfaces of the plurality of virtual machines is associated with a single vEthernet.
  - 7. The method of claim 2, wherein each of the virtual interfaces being associated with at least one vEthernet is subject to at least one from a group consisting of administrative authorization, filtering, or one or more rate limiting policies.
  - 8. The method of claim 2, wherein each virtual interface on a vEthernet is configured to be like a physical interface connected to a physical Ethernet switch.
  - 9. The method of claim 2, wherein routing communications between a network control layer and at least one network includes routing vEthernet communications to the network to access a customer'"'"'s IP network.
  - 10. The method of claim 2, wherein routing communications between a network control layer and at least one network includes using a customer'"'"'s existing internet firewalling, proxying or NAT when vEthernet communications are routed between the IP gateway and the network.
  - 11. The method of claim 2, further including accepting dynamically created one or more vEthernets and associating the created vEthernets with an instance using the virtual interface.
  - 12. The method of claim 2, further including supporting full layer networking functionality.
  - 13. The method of claim 12, further including enabling a point-to-point tunnel carrying a layer frame across a layer network.
  - 14. The method of claim 13, further including aggregating point-to-point tunnels to provide a virtual layer overlay network topology layered on top of an arbitrary layer 3 network topology.
  - 15. The method of claim 2, further comprising:
    - determining, from a plurality of permissions, a user permission; and
      
      granting authorization, based on the user permission, to access communications to the network via one or more virtual machines on at least one vEthemet.
  - 16. The method of claim 15, further comprising determining, from the plurality of permissions, an object permission for an object upon which an action is to be performed via one or more virtual machines on at least one vEthernet.
  - 18. The method of claim 1, further comprising:
    - determining, at an operating system of the second host machine, and based on information contained in the encapsulating data and in the particular packet, that the first IP address is associated with the first virtual MAC address.

17. A cloud computing environment having a plurality of computing device nodes, wherein each device node comprises:
- one or more central processing units;
  
  a host operating system,at least one virtual interface,and network control, anda storage device storing instructions which, when executed by the one or more central processing units, cause the one or more central processing units to perform;
  
  associating a first virtual Media Access Control (MAC) address to a first virtual machine;
  
  associating a second virtual MAC address to a second virtual machine;
  
  storing, a mapping between the first virtual MAC address and a first Internet Protocol (IP) address of a first host machine upon which the first virtual machine executes;
  
  storing a mapping between the second virtual MAC address and a second Internet Protocol (IP) address of a second host machine upon which the first virtual machine executes;
  
  receiving, at an operating system of the first host machine, from the first virtual machine, a particular packet that specifies the first virtual MAC address as a source and the second virtual MAC address as a destination;
  
  in response to receiving the particular packet, determining, in the operating system of the first host machine, and based on the mapping between the second virtual MAC address and the second IP address, that the particular packet is to be routed to the second host machine;
  
  encapsulating, at the operating system of the first host machine, the particular packet within encapsulating data that specifies the second IP address as a destination; and
  
  sending the encapsulating data containing the particular packet through a physical network interface of the first host machine.
- View Dependent Claims (19, 20)
- - 19. The cloud computing environment of claim 17, wherein the at least one virtual interface is associated with a virtual Media Access Code (MAC) address that differs from a MAC address of a computing device node on which a virtual machine possessing the at least one virtual interface executes.
  - 20. The cloud computing environment of claim 17, wherein determining the destination address of the destination virtual interface for the intercepted Ethernet frame comprises determining an Internet Protocol (IP) address that is mapped to a virtual Media Access Code (MAC) address associated with the destination virtual interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Van Biljon, Willem Robert, Pinkham, Christopher Conway, Cloran, Russell Andrew, Gorven, Michael Carl, Hardy, Alexandre, Divey, Brynmor K. B., Hoole, Quinton Robin, Kalele, Girish
Primary Examiner(s)
Yohannes, Tesfay

Application Number

US13/299,335
Publication Number

US 20120110188A1
Time in Patent Office

1,160 Days
Field of Search

709/220, 709/226, 709/248, 370/412, 370/428
US Class Current

709/226
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06Q 30/04   Billing or invoicing

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/10   Tax strategies

H04L 41/0213   Standardised network manage...

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 67/10   in which an application is ...

H04L 67/60   Scheduling or organising th...

H04L 9/40   Network security protocols

H04M 15/66   Policy and charging system

Networking in a virtual computing infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

190 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Networking in a virtual computing infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links