公开(公告)号：US20110110377A1

公开(公告)日：2011-05-12

申请号：US12614007

申请日：2009-11-06

申请人： Hasan Alkhatib ,  Deepak Bansal

发明人： Hasan Alkhatib ,  Deepak Bansal

IPC分类号： H04L12/56

CPC分类号： H04L29/12349 ,  H04L45/64 ,  H04L61/2507 ,  H04L63/0272

摘要： Computerized methods, systems, and computer-storage media for establishing and managing a virtual network overlay (“overlay”) are provided. The overlay spans between a data center and a private enterprise network and includes endpoints, of a service application, that reside in each location. The service-application endpoints residing in the data center and in the enterprise private network are reachable by data packets at physical IP addresses. Virtual presences of the service-application endpoints are instantiated within the overlay by assigning the service-application endpoints respective virtual IP addresses and maintaining an association between the virtual IP addresses and the physical IP addresses. This association facilitates routing the data packets between the service-application endpoints, based on communications exchanged between their virtual presences within the overlay. Also, the association secures a connection between the service-application endpoints within the overlay that blocks communications from other endpoints without a virtual presence in the overlay.

摘要翻译： 提供了用于建立和管理虚拟网络覆盖（“覆盖”）的计算机化方法，系统和计算机存储介质。 覆盖层跨越数据中心和私有企业网络，并且包括驻留在每个位置的服务应用程序的端点。 驻留在数据中心和企业专用网络中的服务应用程序端点可以通过物理IP地址的数据包来访问。 通过分配服务应用端点各自的虚拟IP地址并维持虚拟IP地址和物理IP地址之间的关联，在覆盖内实例化服务应用端点的虚拟存在。 该关联有助于在服务应用端点之间基于在它们的虚拟存在之间交换的通信来路由数据分组。 此外，该关联确保覆盖内的服务应用端点之间的连接，其阻止来自其他端点的通信，而无需在覆盖中虚拟存在。

公开(公告)号：US08248944B2

公开(公告)日：2012-08-21

申请号：US12717784

申请日：2010-03-04

申请人： Deepak Bansal ,  Hasan Alkhatib

发明人： Deepak Bansal ,  Hasan Alkhatib

IPC分类号： H04J1/16

CPC分类号： H04L69/14 ,  H04L47/193 ,  H04L47/20 ,  H04L47/22 ,  H04L67/10 ,  H04L69/161 ,  H04L69/326 ,  H04L69/329 ,  H04L69/40 ,  Y02D50/30

摘要： Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.

摘要翻译： 提供了用于建立和管理基于传输控制协议（TCP）的隧道（“隧道”）的计算机化方法，系统和计算机存储介质。 隧道跨越数据中心和私有企业网络，并连接驻留在每个位置的服务应用程序的端点。 在通信期间，端点通过包括隧道的一个或多个信道（例如，较高级信道和下级信道）发送数据分组。 每个信道支持在其上整体运行的可靠性机制（例如，拥塞控制机制和丢失恢复机制），以确保完整的数据分组传递。 为了防止由可靠性机制的重复努力引起的不合理的性能下降，采用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用由诸如来自服务模型的指令或源/目的地端点的检测到的标识的预定义标准来调用，并且在每个网络连接的基础上被调用。

公开(公告)号：US20110283017A1

公开(公告)日：2011-11-17

申请号：US12780673

申请日：2010-05-14

申请人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

发明人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

IPC分类号： G06F15/173 ,  G06F9/455

CPC分类号： H04L12/4641 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/42 ,  H04L45/46 ,  H04L45/566 ,  H04L45/586

摘要： Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.

摘要翻译： 提供了计算机化方法，系统和计算机可读介质，用于建立和管理虚拟网络（V-net）和虚拟机（VM）交换机，从而实现V-net成员之间的保护和隔离互连。 V-net成员包括生成发往目标网络适配器的数据包的始发网络适配器。 在检测到数据包生成时，源侧VM交换机访问与V-net相关联的转发表，确定与目的网络适配器的标识符相对应的目的地侧的VM交换机定位符，并修改数据包 包括标识符。 转发表表示位于数据中心内的相应节点上的V-net和VM交换机的成员之间的映射。 在操作中，映射强制执行数据包流量的通信策略。 目的端VM交换机接收到数据包后，恢复数据包并将其转发到目的网络适配器。

公开(公告)号：US20110216651A1

公开(公告)日：2011-09-08

申请号：US12717784

申请日：2010-03-04

申请人： Deepak Bansal ,  Hasan Alkhatib

发明人： Deepak Bansal ,  Hasan Alkhatib

IPC分类号： H04L12/56

CPC分类号： H04L69/14 ,  H04L47/193 ,  H04L47/20 ,  H04L47/22 ,  H04L67/10 ,  H04L69/161 ,  H04L69/326 ,  H04L69/329 ,  H04L69/40 ,  Y02D50/30

摘要： Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.

摘要翻译： 提供了用于建立和管理基于传输控制协议（TCP）的隧道（“隧道”）的计算机化方法，系统和计算机存储介质。 隧道跨越数据中心和私有企业网络，并连接驻留在每个位置的服务应用程序的端点。 在通信期间，端点通过包括隧道的一个或多个信道（例如，较高级信道和下级信道）发送数据分组。 每个信道支持在其上整体运行的可靠性机制（例如，拥塞控制机制和丢失恢复机制），以确保完整的数据分组传递。 为了防止由可靠性机制的重复努力引起的不合理的性能下降，采用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用由诸如来自服务模型的指令或源/目的地端点的检测到的标识的预定义标准来调用，并且在每个网络连接的基础上被调用。

公开(公告)号：US08688994B2

公开(公告)日：2014-04-01

申请号：US12823891

申请日：2010-06-25

申请人： Hasan Alkhatib ,  Geoffrey Outhred ,  Deepak Bansal ,  Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Anthony Chavez

发明人： Hasan Alkhatib ,  Geoffrey Outhred ,  Deepak Bansal ,  Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Anthony Chavez

IPC分类号： H04L9/32 ,  H04L9/00 ,  H04L12/28 ,  G06F15/16 ,  H04N7/14

CPC分类号： G06F21/31 ,  H04L9/3234 ,  H04L9/3247 ,  H04L29/12264 ,  H04L29/12452 ,  H04L61/2046 ,  H04L61/2535 ,  H04L61/2546 ,  H04L63/0815 ,  H04L63/104 ,  H04L2209/60

摘要： Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

摘要翻译： 提供了用于促进第一和第二虚拟网络覆盖（“覆盖”）之间的协作的计算机化方法，系统和计算机可读介质。 第一个覆盖由第一个授权域管理，并包括从第一个地址范围分配虚拟IP地址的成员。 第二重叠由第二权限域管理，第二权限域与第二联合机制相关联，用于代表第二重叠进行协商。 第二个联邦机制能够与第一个与第一个权威机构相关联的第一个联合机制进行谈判或者征集授权。 当谈判成功或授权被授权时，第二联合机制在第二重叠和第一覆盖之间建立通信链接，或者将第二覆盖的成员连接到第一重叠。 加入涉及将访客IP地址从第一个地址范围分配给该成员。

公开(公告)号：US08379651B2

公开(公告)日：2013-02-19

申请号：US13552328

申请日：2012-07-18

申请人： Deepak Bansal ,  Hasan Alkhatib

发明人： Deepak Bansal ,  Hasan Alkhatib

IPC分类号： H04L12/56

CPC分类号： H04L69/14 ,  H04L47/193 ,  H04L47/20 ,  H04L47/22 ,  H04L67/10 ,  H04L69/161 ,  H04L69/326 ,  H04L69/329 ,  H04L69/40 ,  Y02D50/30

摘要： Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.

摘要翻译： 提供了用于建立和管理基于传输控制协议（TCP）的隧道（隧道）的计算机化方法，系统和计算机存储介质。 隧道跨越数据中心和私有企业网络，并连接驻留在每个位置的服务应用程序的端点。 在通信期间，端点通过包括隧道的一个或多个信道（例如，较高级信道和下级信道）发送数据分组。 每个信道支持在其上整体运行的可靠性机制（例如，拥塞控制机制和丢失恢复机制），以确保完整的数据分组传递。 为了防止由可靠性机制的重复努力引起的不合理的性能下降，采用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用由诸如来自服务模型的指令或源/目的地端点的检测到的标识的预定义标准来调用，并且在每个网络连接的基础上被调用。

公开(公告)号：US08407366B2

公开(公告)日：2013-03-26

申请号：US12780673

申请日：2010-05-14

申请人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

发明人： Hasan Alkhatib ,  Changhoon Kim ,  Geoff Outhred ,  Deepak Bansal ,  Albert Greenberg ,  Dave Maltz ,  Parveen Patel

IPC分类号： G06F15/173

CPC分类号： H04L12/4641 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/42 ,  H04L45/46 ,  H04L45/566 ,  H04L45/586

摘要： Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.

摘要翻译： 提供了计算机化方法，系统和计算机可读介质，用于建立和管理虚拟网络（V-net）和虚拟机（VM）交换机，从而实现V-net成员之间的保护和隔离互连。 V-net成员包括生成发往目标网络适配器的数据包的始发网络适配器。 在检测到数据包生成时，源侧VM交换机访问与V-net相关联的转发表，确定与目的网络适配器的标识符相对应的目的地侧的VM交换机定位符，并修改数据包 包括标识符。 转发表表示位于数据中心内的相应节点上的V-net和VM交换机的成员之间的映射。 在操作中，映射强制执行数据包流量的通信策略。 目的端VM交换机接收到数据包后，恢复数据包并将其转发到目的网络适配器。

公开(公告)号：US20120284403A1

公开(公告)日：2012-11-08

申请号：US13552328

申请日：2012-07-18

申请人： Deepak Bansal ,  Hasan Alkhatib

发明人： Deepak Bansal ,  Hasan Alkhatib

IPC分类号： G06F15/173

CPC分类号： H04L69/14 ,  H04L47/193 ,  H04L47/20 ,  H04L47/22 ,  H04L67/10 ,  H04L69/161 ,  H04L69/326 ,  H04L69/329 ,  H04L69/40 ,  Y02D50/30

摘要： Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.

摘要翻译： 提供了用于建立和管理基于传输控制协议（TCP）的隧道（隧道）的计算机化方法，系统和计算机存储介质。 隧道跨越数据中心和私有企业网络，并连接驻留在每个位置的服务应用程序的端点。 在通信期间，端点通过包括隧道的一个或多个信道（例如，较高级信道和下级信道）发送数据分组。 每个信道支持在其上整体运行的可靠性机制（例如，拥塞控制机制和丢失恢复机制），以确保完整的数据分组传递。 为了防止由可靠性机制的重复努力引起的不合理的性能下降，采用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用由诸如来自服务模型的指令或源/目的地端点的检测到的标识的预定义标准来调用，并且在每个网络连接的基础上被调用。

公开(公告)号：US20110310899A1

公开(公告)日：2011-12-22

申请号：US12820896

申请日：2010-06-22

申请人： Hasan Alkhatib ,  Geoff Outhred

发明人： Hasan Alkhatib ,  Geoff Outhred

IPC分类号： H04L12/56

CPC分类号： H04L45/745 ,  H04L12/4641 ,  H04L12/66 ,  H04L29/12047 ,  H04L29/12339 ,  H04L45/02 ,  H04L45/74 ,  H04L49/70 ,  H04L61/15 ,  H04L61/2007 ,  H04L61/2503

摘要： Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.

摘要翻译： 提供计算机化方法，系统和计算机可读介质以将虚拟网关功能分发到物理网络内的多个节点。 最初，执行网关功能的驱动程序被配置为与在网络节点上实例化的端点协作，而实现目录服务以维持虚拟互联网协议（IP）地址和位置相关地址之间的映射，以及表 根据连接网络中的端点的已知路径枚举转换动作。 在操作中，目录服务使用适当的位置相关地址（利用映射）和适当的转换动作（利用表）来回复来自驱动器的请求（携带数据分组的源和目的地IP地址）。 转换动作包括重写数据分组的报头以包括位置相关地址，将数据分组封装在相应外部数据分组内的内部数据分组，或者用隧道协议配置数据分组。

公开(公告)号：USRE41024E1

公开(公告)日：2009-12-01

申请号：US12267325

申请日：2008-11-07

申请人： Hasan Alkhatib ,  Fouad Tobagi ,  Bruce C Wootton

发明人： Hasan Alkhatib ,  Fouad Tobagi ,  Bruce C Wootton

IPC分类号： H04L12/56

CPC分类号： H04W8/26 ,  H04L29/12009 ,  H04L29/1233 ,  H04L61/25

摘要： The present invention provides for a system This document describes embodiments for communicating with a host using a global address and a local address. The present invention allows These embodiments allow for the communication to be initiated by an entity outside the host's network. The entity initiating the communication resolves the destination host's domain name into a global address and a local address. Messages are sent to the destination host using both the global address and the local address. In one embodiment, both the global and local address are included in the message by encapsulating IP packets. Some embodiments of the present invention also use pseudo addressing.

摘要翻译： 本发明提供一种系统本文件描述了使用全局地址和本地地址与主机进行通信的实施例。 本发明允许这些实施例允许由主机网络之外的实体发起通信。 启动通信的实体将目标主机的域名解析为全局地址和本地地址。 消息将使用全局地址和本地地址发送到目标主机。 在一个实施例中，通过封装IP分组将全局和本地地址都包括在消息中。 本发明的一些实施例也使用伪寻址。