公开(公告)号：US20110310899A1

公开(公告)日：2011-12-22

申请号：US12820896

申请日：2010-06-22

申请人： Hasan Alkhatib ,  Geoff Outhred

发明人： Hasan Alkhatib ,  Geoff Outhred

IPC分类号： H04L12/56

CPC分类号： H04L45/745 ,  H04L12/4641 ,  H04L12/66 ,  H04L29/12047 ,  H04L29/12339 ,  H04L45/02 ,  H04L45/74 ,  H04L49/70 ,  H04L61/15 ,  H04L61/2007 ,  H04L61/2503

摘要： Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.

摘要翻译： 提供计算机化方法，系统和计算机可读介质以将虚拟网关功能分发到物理网络内的多个节点。 最初，执行网关功能的驱动程序被配置为与在网络节点上实例化的端点协作，而实现目录服务以维持虚拟互联网协议（IP）地址和位置相关地址之间的映射，以及表 根据连接网络中的端点的已知路径枚举转换动作。 在操作中，目录服务使用适当的位置相关地址（利用映射）和适当的转换动作（利用表）来回复来自驱动器的请求（携带数据分组的源和目的地IP地址）。 转换动作包括重写数据分组的报头以包括位置相关地址，将数据分组封装在相应外部数据分组内的内部数据分组，或者用隧道协议配置数据分组。

公开(公告)号：US08407366B2

公开(公告)日：2013-03-26

申请号：US12780673

申请日：2010-05-14

申请人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

发明人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

IPC分类号： G06F15/173

CPC分类号： H04L12/4641 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/42 ,  H04L45/46 ,  H04L45/566 ,  H04L45/586

摘要： Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.

摘要翻译： 提供了计算机化方法，系统和计算机可读介质，用于建立和管理虚拟网络（V-net）和虚拟机（VM）交换机，从而实现V-net成员之间的保护和隔离互连。 V-net成员包括生成发往目标网络适配器的数据包的始发网络适配器。 在检测到数据包生成时，源侧VM交换机访问与V-net相关联的转发表，确定与目的网络适配器的标识符相对应的目的地侧的VM交换机定位符，并修改数据包 包括标识符。 转发表表示位于数据中心内的相应节点上的V-net和VM交换机的成员之间的映射。 在操作中，映射强制执行数据包流量的通信策略。 目的端VM交换机接收到数据包后，恢复数据包并将其转发到目的网络适配器。

公开(公告)号：US08374183B2

公开(公告)日：2013-02-12

申请号：US12820896

申请日：2010-06-22

申请人： Hasan Alkhatib ,  Geoff Outhred

发明人： Hasan Alkhatib ,  Geoff Outhred

IPC分类号： H04L12/56

CPC分类号： H04L45/745 ,  H04L12/4641 ,  H04L12/66 ,  H04L29/12047 ,  H04L29/12339 ,  H04L45/02 ,  H04L45/74 ,  H04L49/70 ,  H04L61/15 ,  H04L61/2007 ,  H04L61/2503

摘要： Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.

公开(公告)号：US20110283017A1

公开(公告)日：2011-11-17

申请号：US12780673

申请日：2010-05-14

申请人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

发明人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

IPC分类号： G06F15/173 ,  G06F9/455

CPC分类号： H04L12/4641 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/42 ,  H04L45/46 ,  H04L45/566 ,  H04L45/586

摘要： Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.

摘要翻译： 提供了计算机化方法，系统和计算机可读介质，用于建立和管理虚拟网络（V-net）和虚拟机（VM）交换机，从而实现V-net成员之间的保护和隔离互连。 V-net成员包括生成发往目标网络适配器的数据包的始发网络适配器。 在检测到数据包生成时，源侧VM交换机访问与V-net相关联的转发表，确定与目的网络适配器的标识符相对应的目的地侧的VM交换机定位符，并修改数据包 包括标识符。 转发表表示位于数据中心内的相应节点上的V-net和VM交换机的成员之间的映射。 在操作中，映射强制执行数据包流量的通信策略。 目的端VM交换机接收到数据包后，恢复数据包并将其转发到目的网络适配器。