-
1.发明申请SECURE AND EFFICIENT OFFLOADING OF NETWORK POLICIES TO NETWORK INTERFACE CARDS 有权将网络政策安全有效地卸载到网络接口卡公开(公告)号:US20130061047A1
公开(公告)日:2013-03-07
申请号:US13565369
申请日:2012-08-02
申请人: Murari Sridharan , Narasimhan Venkataramaiah , Yu-Shun Wang , Albert G. Greenberg , Alireza Dabagh , Pankaj Garg , Daniel M. Firestone
发明人: Murari Sridharan , Narasimhan Venkataramaiah , Yu-Shun Wang , Albert G. Greenberg , Alireza Dabagh , Pankaj Garg , Daniel M. Firestone
CPC分类号: H04L45/586
摘要: Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition.
摘要翻译: 用于在操作虚拟化计算环境的主机计算设备中的网络接口控制器(NIC)中有效和安全地实现网络策略的技术。 在一些实施例中,NIC可以绕过主计算设备的父分区来处理和转发数据包直接到其目的地。 特别地,在一些实施例中,NIC可以存储网络策略信息以直接处理和转发分组到虚拟机(VM)。 如果NIC无法处理数据包,则NIC可能会将数据包转发到父分区。 在一些实施例中,NIC可以使用封装协议来传送分组报头中的地址信息。 在一些实施例中,该地址信息可以由MC通过安全信道传送到父分区。 NIC也可以绕过父分区,从虚拟机获取和解密路由数据包的加密地址。
-
2.发明申请DEVICE, METHOD AND SYSTEM FOR VIRTUAL BUSINESS OPERATION BASED ON POSITIONING TECHNOLOGY 审中-公开基于定位技术的虚拟业务操作的设备,方法和系统公开(公告)号:US20110184741A1
公开(公告)日:2011-07-28
申请号:US12839679
申请日:2010-07-20
申请人: Yeong Sung Lin , Jen-Wel Chen , Pei Yu Chen , Yu Shun Wang , Yao-Yuan Chang , Shih-Chang Lin , Yi-Wei Li , Pin Hung Chen , Yung-Pin Tsai
发明人: Yeong Sung Lin , Jen-Wel Chen , Pei Yu Chen , Yu Shun Wang , Yao-Yuan Chang , Shih-Chang Lin , Yi-Wei Li , Pin Hung Chen , Yung-Pin Tsai
CPC分类号: G06Q30/0603
摘要: A positioning-based virtual business operation system includes a seller equipment having a positioning device for acquiring positioning information of the seller equipment and a data transmitting/receiving device for transmitting the positioning information; an operation platform having a business information interface for receiving the positioning information of the seller equipment and updating location information of the seller equipment in the business information interface; and an operator equipment for transmitting operation service information to the operation platform via a network and adjusting service information of the seller equipment or operator information in the business information interface, thereby allowing consumers, mobile sellers, operators of virtual business, and operators of portal sites to benefit from the system and thus creating an all-beneficial business running pattern.
摘要翻译: 基于定位的虚拟商业操作系统包括具有用于获取卖方设备的定位信息的定位设备和用于发送定位信息的数据发送/接收设备的卖家设备; 具有业务信息接口的操作平台,用于接收卖方设备的定位信息,并在业务信息界面中更新卖方设备的位置信息; 以及用于经由网络将操作服务信息发送到操作平台并且调整业务信息界面中的卖方设备或操作者信息的服务信息的操作者设备,由此允许消费者,移动卖家,虚拟商家的操作者和门户站点的操作者 从系统中受益,从而创造一个全方位的业务运行模式。
-
公开(公告)号:US07653746B2
公开(公告)日:2010-01-26
申请号:US10632249
申请日:2003-08-01
申请人: Joseph Dean Touch , Lars Eggert , Yu-Shun Wang
发明人: Joseph Dean Touch , Lars Eggert , Yu-Shun Wang
CPC分类号: H04L29/12283 , H04L29/1249 , H04L61/2061 , H04L61/256 , H04L61/2592 , H04L67/10 , H04L67/40 , H04L69/329
摘要: A system and method for relocating a subnet to a remote location includes a tether router coupled to an anchor router via a link. The tether router is coupled to a plurality of nodes, each node corresponding to a network address of a plurality of network addresses allocated to a user. The plurality of network addresses is allocated to the user by a lease broker. The link may include a private tunnel for traversing a mechanism that otherwise hinders communication from the tether router to the anchor router, such as a network address translation (NAT) mechanism.
摘要翻译: 用于将子网重新定位到远程位置的系统和方法包括经由链路耦合到锚定路由器的系绳路由器。 系绳路由器耦合到多个节点,每个节点对应于分配给用户的多个网络地址的网络地址。 多个网络地址由租赁代理分配给用户。 链路可以包括用于遍历机制的私有隧道,否则阻止从系绳路由器到锚定路由器的通信,诸如网络地址转换(NAT)机制。
-
4.发明申请公开(公告)号:US20130058346A1
公开(公告)日:2013-03-07
申请号:US13603281
申请日:2012-09-04
IPC分类号: H04L12/56
CPC分类号: H04L45/586
摘要: A distributed routing domain is disclosed wherein each user or tenant can deploy a multi-subnet routing topology in a network-virtualized datacenter. A virtualization module implements the distributed routing domain and enforces a multi-subnet routing topology in a distributed fashion without requiring a standalone physical router or VM router. The topology and the routing rules are distributed in a network virtualization module on each hypervisor host, and collectively realize the multi-subnet topology for a virtual network over any physical network topology.
摘要翻译: 公开了分布式路由域,其中每个用户或租户可以在网络虚拟化的数据中心中部署多子网路由拓扑。 虚拟化模块实现分布式路由域并以分布式方式实施多子网路由拓扑,而不需要独立的物理路由器或VM路由器。 拓扑和路由规则分布在每个管理程序主机上的网络虚拟化模块中,并通过任何物理网络拓扑统一实现虚拟网络的多子网拓扑。
-
5.发明申请公开(公告)号:US20130031544A1
公开(公告)日:2013-01-31
申请号:US13192254
申请日:2011-07-27
IPC分类号: G06F9/46
CPC分类号: G06F11/1484 , G06F9/45558 , G06F11/203 , G06F2009/4557
摘要: Methods and apparatus are provided for controlling live migration of a virtual machine from a first host to a second host in a data center. A virtual machine manager may distribute to at least one host in a virtual network an updated mapping policy that maps a customer address of the virtual machine to a provider address of the migrated virtual machine. The updated mapping policy enables hosts in the virtual network to communicate with the migrated virtual machine. The updated mapping policy can be a shadow policy. The shadow policy is transmitted to hosts in the virtual network by the virtual machine manager before live migration of the virtual machine completes and is maintained by recipient hosts in an inactive state until triggered. The virtual machine manager notifies hosts in the virtual network to activate the shadow policy when live migration completes.
摘要翻译: 提供了用于控制虚拟机从数据中心的第一主机到第二主机的实时迁移的方法和装置。 虚拟机管理器可以向虚拟网络中的至少一个主机分发更新的映射策略,其将虚拟机的客户地址映射到迁移的虚拟机的提供商地址。 更新的映射策略使虚拟网络中的主机能够与迁移的虚拟机进行通信。 更新的映射策略可以是阴影策略。 在虚拟机的实时迁移完成之前,虚拟机管理器将虚拟策略传输到虚拟网络中的主机,并由处于非活动状态的收件人主机进行维护,直到触发。 虚拟机管理器通知虚拟网络中的主机,以便在实时迁移完成时激活阴影策略。
-
6.发明授权公开(公告)号:US09424144B2
公开(公告)日:2016-08-23
申请号:US13192254
申请日:2011-07-27
CPC分类号: G06F11/1484 , G06F9/45558 , G06F11/203 , G06F2009/4557
摘要: Methods and apparatus are provided for controlling live migration of a virtual machine from a first host to a second host in a data center. A virtual machine manager may distribute to at least one host in a virtual network an updated mapping policy that maps a customer address of the virtual machine to a provider address of the migrated virtual machine. The updated mapping policy enables hosts in the virtual network to communicate with the migrated virtual machine. The updated mapping policy can be a shadow policy. The shadow policy is transmitted to hosts in the virtual network by the virtual machine manager before live migration of the virtual machine completes and is maintained by recipient hosts in an inactive state until triggered. The virtual machine manager notifies hosts in the virtual network to activate the shadow policy when live migration completes.
摘要翻译: 提供了用于控制虚拟机从数据中心的第一主机到第二主机的实时迁移的方法和装置。 虚拟机管理器可以向虚拟网络中的至少一个主机分发更新的映射策略,其将虚拟机的客户地址映射到迁移的虚拟机的提供商地址。 更新的映射策略使虚拟网络中的主机能够与迁移的虚拟机进行通信。 更新的映射策略可以是阴影策略。 在虚拟机的实时迁移完成之前,虚拟机管理器将虚拟策略传输到虚拟网络中的主机,并由处于非活动状态的收件人主机进行维护,直到触发。 虚拟机管理器通知虚拟网络中的主机,以便在实时迁移完成时激活阴影策略。
-
7.发明申请公开(公告)号:US20130047151A1
公开(公告)日:2013-02-21
申请号:US13210510
申请日:2011-08-16
申请人: Murari Sridharan , David A. Maltz , Narasimhan A. Venkataramaiah , Parveen K. Patel , Yu-Shun Wang
发明人: Murari Sridharan , David A. Maltz , Narasimhan A. Venkataramaiah , Parveen K. Patel , Yu-Shun Wang
IPC分类号: G06F9/45
CPC分类号: H04L61/2596 , G06F9/45558 , G06F2009/45595 , H04L12/4604 , H04L12/4633 , H04L45/74 , H04L61/2503 , H04L65/102 , H04L67/1002
摘要: Methods and apparatus are provided for controlling communication between a virtualized network and non-virtualized entities using a virtualization gateway. A packet is sent by a virtual machine in the virtualized network to a non-virtualized entity. The packet is routed by the host of the virtual machine to a provider address of the virtualization gateway. The gateway translates the provider address of the gateway to a destination address of the non-virtualized entity and sends the packet to the non-virtualized entity. The non-virtualized entity may be a physical resource, such as a physical server or a storage device. The physical resource may be dedicated to one customer or may be shared among customers.
摘要翻译: 提供了用于使用虚拟化网关来控制虚拟化网络和非虚拟化实体之间的通信的方法和装置。 数据包由虚拟化网络中的虚拟机发送到非虚拟化实体。 数据包由虚拟机的主机路由到虚拟化网关的提供商地址。 网关将网关的提供商地址转换为非虚拟化实体的目标地址,并将数据包发送到非虚拟化实体。 非虚拟化实体可以是物理资源,例如物理服务器或存储设备。 物理资源可以专用于一个客户,或者可以在客户之间共享。
-
8.发明授权公开(公告)号:US09042384B2
公开(公告)日:2015-05-26
申请号:US13603281
申请日:2012-09-04
IPC分类号: H04L12/28 , H04L12/713
CPC分类号: H04L45/586
摘要: A distributed routing domain is disclosed wherein each user or tenant can deploy a multi-subnet routing topology in a network-virtualized datacenter. A virtualization module implements the distributed routing domain and enforces a multi-subnet routing topology in a distributed fashion without requiring a standalone physical router or VM router. The topology and the routing rules are distributed in a network virtualization module on each hypervisor host, and collectively realize the multi-subnet topology for a virtual network over any physical network topology.
摘要翻译: 公开了分布式路由域,其中每个用户或租户可以在网络虚拟化的数据中心中部署多子网路由拓扑。 虚拟化模块实现分布式路由域并以分布式方式实施多子网路由拓扑,而不需要独立的物理路由器或VM路由器。 拓扑和路由规则分布在每个管理程序主机上的网络虚拟化模块中,并通过任何物理网络拓扑统一实现虚拟网络的多子网拓扑。
-
9.发明授权Secure and efficient offloading of network policies to network interface cards 有权安全高效地将网络策略卸载到网络接口卡公开(公告)号:US08856518B2
公开(公告)日:2014-10-07
申请号:US13565369
申请日:2012-08-02
申请人: Murari Sridharan , Narasimhan Venkataramaiah , Yu-Shun Wang , Albert G. Greenberg , Alireza Dabagh , Pankaj Garg , Daniel M. Firestone
发明人: Murari Sridharan , Narasimhan Venkataramaiah , Yu-Shun Wang , Albert G. Greenberg , Alireza Dabagh , Pankaj Garg , Daniel M. Firestone
IPC分类号: H04L29/06 , H04L12/713
CPC分类号: H04L45/586
摘要: Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition.
摘要翻译: 用于在操作虚拟化计算环境的主机计算设备中的网络接口控制器(NIC)中有效和安全地实现网络策略的技术。 在一些实施例中,NIC可以绕过主计算设备的父分区来处理和转发数据包直接到其目的地。 特别地,在一些实施例中,NIC可以存储网络策略信息以直接处理和转发分组到虚拟机(VM)。 如果NIC无法处理数据包,则NIC可能会将数据包转发到父分区。 在一些实施例中,NIC可以使用封装协议来传送分组报头中的地址信息。 在一些实施例中,该地址信息可以由MC通过安全信道传送到父分区。 NIC也可以绕过父分区,从虚拟机获取和解密路由数据包的加密地址。
-
公开(公告)号:US08775817B2
公开(公告)日:2014-07-08
申请号:US12118753
申请日:2008-05-12
申请人: Kevin Ransom , Brian Lieuallen , Yu-Shun Wang , Scott Briggs
发明人: Kevin Ransom , Brian Lieuallen , Yu-Shun Wang , Scott Briggs
IPC分类号: H04L29/06
CPC分类号: G06F17/30094
摘要: A distributed hash table infrastructure is described that supports pluggable modules for various services. Transport providers, security providers, and other service providers may be swapped, providing flexibility in supporting various devices and networking configurations.
摘要翻译: 描述了分布式哈希表基础架构,支持各种服务的可插拔模块。 可以交换运输提供商,安全提供商和其他服务提供商,为支持各种设备和网络配置提供灵活性。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.015 秒)
