-
公开(公告)号:US08958292B2
公开(公告)日:2015-02-17
申请号:US13177546
申请日:2011-07-06
IPC分类号: H04L12/26 , H04L12/931 , H04L12/24 , G06F11/07
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions.
摘要翻译: 一些实施例中的端口安全性是应用于逻辑交换元件的特定端口的技术,使得通过特定逻辑端口进入和存在逻辑交换元件的网络数据具有某些地址,交换元件已经限制了要使用的逻辑端口 。 例如,逻辑交换单元可以将特定的逻辑端口限制到一个或多个特定的网络地址。为了实现用于端口安全的逻辑交换机的逻辑端口,一些实施例的控制应用接收指定特定逻辑端口的用户输入和 特定逻辑端口所属的逻辑交换机。 在一些实施例中,控制应用将用户输入格式化成指定指定的逻辑控制平面数据。 一些实施例中的控制应用随后将逻辑控制平面数据转换为指定端口安全功能的逻辑转发数据。
-
公开(公告)号:US20130058341A1
公开(公告)日:2013-03-07
申请号:US13177546
申请日:2011-07-06
IPC分类号: H04L12/56
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses. To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions.
摘要翻译: 一些实施例中的端口安全性是应用于逻辑交换元件的特定端口的技术,使得通过特定逻辑端口进入和存在逻辑交换元件的网络数据具有某些地址,交换元件已经限制了要使用的逻辑端口 。 例如,逻辑交换单元可以将特定逻辑端口限制为一个或多个特定网络地址。 为了启用用于端口安全性的逻辑交换机的逻辑端口,一些实施例的控制应用接收指定特定逻辑端口和特定逻辑端口所属的逻辑交换机的用户输入。 在一些实施例中,控制应用将用户输入格式化成指定指定的逻辑控制平面数据。 一些实施例中的控制应用随后将逻辑控制平面数据转换为指定端口安全功能的逻辑转发数据。
-
公开(公告)号:US10103939B2
公开(公告)日:2018-10-16
申请号:US13269409
申请日:2011-10-07
申请人: Teemu Koponen , Pankaj Thakkar , W. Andrew Lambeth
发明人: Teemu Koponen , Pankaj Thakkar , W. Andrew Lambeth
IPC分类号: H04L12/24 , H04L12/931 , H04L12/803
摘要: For a network control system that receives, from a user, logical datapath sets that logically express desired forwarding behaviors that are to be implemented by a set of managed switching elements, a controller for managing several managed switching elements that forward data in a network that includes the managed switching elements is described. The controller includes a set of modules for detecting a change in one or more managed switching elements and for updating logical datapath set based on the detected change. The logical datapath set is for subsequent translation into a set of physical forwarding behaviors of the managed switching elements.
-
公开(公告)号:US09231891B2
公开(公告)日:2016-01-05
申请号:US13288023
申请日:2011-11-02
IPC分类号: H04L12/28 , H04L12/44 , G06F15/16 , G06F15/173 , H04L12/931 , H04L12/933 , H04L12/713 , H04L12/54 , H04L12/24 , H04L12/935 , H04L12/46 , H04L12/911 , G06F11/07
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Some embodiments provide a method that identifies several higher level switching elements for facilitating lower level switching elements to forward packets among network hosts. The method establishes a set of tunnels among the lower level switching elements and the higher level switching elements. At least one tunnel is established between a lower level switching element and a higher level switching element. For each higher level switching element in the several higher level switching elements, the method identifies a first set of forwarding data that specifies forwarding of packets between the higher level switching element and the several lower level switching elements. For each lower level switching element in the several lower level switching elements, the method identifies a second set of forwarding data that specifies forwarding of packets between the lower level switching element, the several of network hosts, and the several higher level switching elements.
摘要翻译: 一些实施例提供了一种识别多个更高级别的交换元件以促进下层交换元件在网络主机之间转发分组的方法。 该方法在较低级别的开关元件和较高级别的开关元件之间建立一组隧道。 在较低级别的开关元件和较高级别的开关元件之间建立至少一个通道。 对于多个较高级别的交换单元中的每个较高级别的交换单元,该方法识别第一组转发数据,该第一组转发数据指定在较高级别的开关元件和多个较低级别的开关元件之间转发分组。 对于多个下层交换单元中的每个下级交换单元,该方法识别第二组转发数据,该第二组转发数据指定在下层交换单元,若干网络主机与多个较高级别的交换单元之间转发分组。
-
公开(公告)号:US09178833B2
公开(公告)日:2015-11-03
申请号:US13589077
申请日:2012-08-17
申请人: Teemu Koponen , Pankaj Thakkar
发明人: Teemu Koponen , Pankaj Thakkar
IPC分类号: G06F15/173 , H04L12/863 , H04L12/24 , H04L12/721 , G05B11/01 , G06F15/177 , H04L12/54 , H04L12/717 , G06F9/455
CPC分类号: H04L47/50 , G05B11/01 , G06F9/45558 , G06F15/177 , G06F2009/45595 , H04L12/4633 , H04L41/0226 , H04L41/042 , H04L41/20 , H04L41/50 , H04L45/38 , H04L45/42 , H04L45/66 , H04L47/825 , H04L49/254
摘要: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.
摘要翻译: 描述用于生成用于管理实现与第一逻辑数据路径集相关联的转发操作的第一和第二被管理转发元素的物理控制平面数据的网络控制系统。 该系统包括用于将第一逻辑数据路径集合的逻辑控制平面数据转换成通用物理控制平面(UPCP)数据的第一控制器实例。 该系统还包括用于将UPCP数据转换成用于第一被管理转发元件而不是第二管理转发元件的定制物理控制平面(CPCP)数据的第二控制器实例。 所述系统还包括用于接收由所述第一控制器实例产生的UPCP数据的第三控制器实例,将所述第二控制器实例标识为负责生成所述第一管理的前向元件的CPCP数据的所述控制器实例,以及将所接收的UPCP数据提供给所述第二控制器实例 控制器实例。
-
公开(公告)号:US20130103817A1
公开(公告)日:2013-04-25
申请号:US13589077
申请日:2012-08-17
申请人: Teemu Koponen , Pankaj Thakkar
发明人: Teemu Koponen , Pankaj Thakkar
IPC分类号: G06F15/173
CPC分类号: H04L47/50 , G05B11/01 , G06F9/45558 , G06F15/177 , G06F2009/45595 , H04L12/4633 , H04L41/0226 , H04L41/042 , H04L41/20 , H04L41/50 , H04L45/38 , H04L45/42 , H04L45/66 , H04L47/825 , H04L49/254
摘要: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.
摘要翻译: 描述用于生成用于管理实现与第一逻辑数据路径集相关联的转发操作的第一和第二被管理转发元素的物理控制平面数据的网络控制系统。 该系统包括用于将第一逻辑数据路径集合的逻辑控制平面数据转换成通用物理控制平面(UPCP)数据的第一控制器实例。 该系统还包括用于将UPCP数据转换成用于第一被管理转发元件而不是第二管理转发元件的定制物理控制平面(CPCP)数据的第二控制器实例。 所述系统还包括用于接收由所述第一控制器实例产生的UPCP数据的第三控制器实例,将所述第二控制器实例标识为负责生成所述第一管理的前向元件的CPCP数据的所述控制器实例,以及将所接收的UPCP数据提供给所述第二控制器实例 控制器实例。
-
公开(公告)号:US08913483B2
公开(公告)日:2014-12-16
申请号:US13218468
申请日:2011-08-26
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: In a hierarchical switching architecture that includes at least one lower level managed switching element that connects to several higher level managed switching elements, some embodiments provide a method of identifying a higher level managed switching element to which the lower level managed switching element forwards a packet for further processing. The method computes a value based on a set of attributes of the packet. The method identifies a record from a hierarchy traversal table based on the computed value. The record specifies (1) a first higher level managed switching element as a primary higher level managed switching element and (2) a second higher level managed switching element as a secondary higher level managed switching element. The primary and secondary higher level managed switching elements are for forwarding the packet for further processing. The method forwards the packet to one of the higher level managed switching elements.
摘要翻译: 在包括连接到几个更高级别的被管理交换单元的至少一个较低层管理的交换单元的分级交换体系结构中,一些实施例提供了一种识别较低层管理的交换单元的方法,下层管理交换单元向 进一步处理。 该方法基于数据包的一组属性计算一个值。 该方法基于计算的值从层次结构遍历表中识别记录。 该记录指定(1)第一较高级别的管理的交换元件作为主要的较高级别的管理的交换元件,以及(2)第二较高级别的管理的交换元件作为次要的上级管理的交换元件。 主要和次要上级管理的交换元件用于转发数据包以进行进一步处理。 该方法将数据包转发到较高层管理的交换元件之一。
-
公开(公告)号:US20130103818A1
公开(公告)日:2013-04-25
申请号:US13589078
申请日:2012-08-17
申请人: Teemu Koponen , Pankaj Thakkar
发明人: Teemu Koponen , Pankaj Thakkar
IPC分类号: G06F15/173
CPC分类号: H04L47/50 , G05B11/01 , G06F9/45558 , G06F15/177 , G06F2009/45595 , H04L12/4633 , H04L41/0226 , H04L41/042 , H04L41/20 , H04L41/50 , H04L45/38 , H04L45/42 , H04L45/66 , H04L47/825 , H04L49/254
摘要: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element.
摘要翻译: 描述用于生成用于管理实现与第一逻辑数据路径集相关联的转发操作的第一和第二被管理转发元素的物理控制平面数据的网络控制系统。 该系统包括用于将第一逻辑数据路径集合的逻辑控制平面数据转换成通用物理控制平面(UPCP)数据的第一控制器实例。 该系统还包括用于将UPCP数据转换成用于第一被管理转发元件而不是第二管理转发元件的定制物理控制平面(CPCP)数据的第二控制器实例。
-
公开(公告)号:US20130058331A1
公开(公告)日:2013-03-07
申请号:US13288023
申请日:2011-11-02
IPC分类号: H04L12/56
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Some embodiments provide a method that identifies several higher level switching elements for facilitating lower level switching elements to forward packets among network hosts. The method establishes a set of tunnels among the lower level switching elements and the higher level switching elements. At least one tunnel is established between a lower level switching element and a higher level switching element. For each higher level switching element in the several higher level switching elements, the method identifies a first set of forwarding data that specifies forwarding of packets between the higher level switching element and the several lower level switching elements. For each lower level switching element in the several lower level switching elements, the method identifies a second set of forwarding data that specifies forwarding of packets between the lower level switching element, the several of network hosts, and the several higher level switching elements.
摘要翻译: 一些实施例提供了一种识别多个更高级别的交换元件以促进下层交换元件在网络主机之间转发分组的方法。 该方法在较低级别的开关元件和较高级别的开关元件之间建立一组隧道。 在较低级别的开关元件和较高级别的开关元件之间建立至少一个通道。 对于多个较高级别的交换单元中的每个较高级别的交换单元,该方法识别第一组转发数据,该第一组转发数据指定在较高级别的开关元件和多个较低级别的开关元件之间转发分组。 对于多个下层交换单元中的每个下级交换单元,该方法识别第二组转发数据,该第二组转发数据指定在下层交换单元,若干网络主机与多个较高级别的交换单元之间转发分组。
-
50.发明申请NETWORK CONTROL APPARATUS AND METHOD FOR CREATING AND MODIFYING LOGICAL SWITCHING ELEMENTS 有权网络控制装置和创建和修改逻辑切换元件的方法公开(公告)号:US20120147898A1
公开(公告)日:2012-06-14
申请号:US13269543
申请日:2011-10-07
申请人: Teemu Koponen , Pankaj Thakkar , Bryan J. Fulton
发明人: Teemu Koponen , Pankaj Thakkar , Bryan J. Fulton
IPC分类号: H04L12/56
CPC分类号: H04L12/56 , H04L41/0893 , H04L45/42 , H04L47/50 , H04L49/254 , H04L49/70 , H04L61/6068
摘要: A network controller for managing several managed switching elements that forward data in a network that includes the managed switching elements. The network controller is further for creating a logical switching element to be implemented in a set of managed switching elements. The network controller includes a set of modules for receiving input data specifying a logical switching element and for creating, based on the received input data, a set of logical switch constructs for the logical switching element by performing a set of database join operations. At least one of the logical switch constructs is for facilitating non-forwarding behavior of the logical switching element.
摘要翻译: 一种网络控制器,用于管理在网络中转发包括所述被管理的交换元件的数据的多个被管理的交换单元。 网络控制器还用于创建要在一组管理的交换元件中实现的逻辑交换元件。 网络控制器包括一组模块,用于接收指定逻辑交换元件的输入数据,并且用于通过执行一组数据库连接操作来创建基于所接收的输入数据的逻辑交换元件的一组逻辑交换结构。 逻辑交换结构中的至少一个用于促进逻辑交换元件的非转发行为。
-
-
-
-
-
-
-
-
-
搜索结果
60 条记录 (耗时 0.039 秒)
