Abstract:
Techniques are described for creating multiple virtual network interfaces usable by a logically-related group of one or more containers (“pod”) for communicating on respective virtual networks of a network infrastructure. In some examples, a control flow for pod network interface configuration on a host includes obtaining, by a CNI instance, a list of multiple virtual network interfaces from an agent of a network controller that is executing on the host. The single CNI instance processes the list of multiple virtual network interfaces to create corresponding virtual network interfaces for the pod and, for each of the virtual network interfaces, to attach the virtual network interface to the pod and to the virtual router or bridge for the host. In this way, the single CNI enables packetized communications by containers of the pod over multiple networks using the multiple virtual network interfaces configured for the pod.
Abstract:
In some examples, a method includes receiving, by an orchestrator for a virtualized computing infrastructure, namespace specification data the specifies a namespace, a first virtual network for the namespace, and a second virtual network for the namespace; sending, by the orchestrator to a network controller for the virtualized computing infrastructure, based on the namespace specification data, at least one request to create, for a virtual execution element to be deployed to the namespace and instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for the first virtual network and the second virtual network; and send, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network.
Abstract:
In some examples, a method includes receiving, by an orchestrator for a virtualized computing infrastructure, namespace specification data the specifies a namespace, a first virtual network for the namespace, and a second virtual network for the namespace; sending, by the orchestrator to a network controller for the virtualized computing infrastructure, based on the namespace specification data, at least one request to create, for a virtual execution element to be deployed to the namespace and instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for the first virtual network and the second virtual network; and send, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network.
Abstract:
In some examples, a method includes receiving, by an orchestrator for a virtualized computing infrastructure, namespace specification data the specifies a namespace, a first virtual network for the namespace, and a second virtual network for the namespace; sending, by the orchestrator to a network controller for the virtualized computing infrastructure, based on the namespace specification data, at least one request to create, for a virtual execution element to be deployed to the namespace and instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for the first virtual network and the second virtual network; and send, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network.
Abstract:
In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.
Abstract:
In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.
Abstract:
In general, techniques are described for providing a hierarchical naming scheme used to propagate state information within network devices. A network device comprising a topic database and a processor may be configured to perform the techniques. The topic database may be configured to store a hierarchical naming scheme that associates objects representative of the state information to hierarchically arranged topics. The processor may be configured to associate consuming components within the network device to the hierarchically arranged topics, and operate as a producer component to publish an object to one of the hierarchically arranged topics. The processor may also be configured to propagate the published object to one of the consumer components associated with the one of the hierarchically arranged topics.
Abstract:
In general, techniques are described for programming a set of one or more pre-defined rules within the forwarding plane of a packet gateway of a mobile service provider network and caching, within control plane, a group identifier that identifies the set of programmed, pre-defined rules. The control plane may match quality of service (QoS) information of incoming subscriber service requests with the group identifier and respective subsets of the set of programmed, pre-defined rules to rapidly associate service requests with already-programmed PCC rules and thereafter install, to the forwarding plane, subscriber service-specific actions for the PCC rules.
Abstract:
In general, techniques are described for offloading data transfer statistics from a mobile access gateway. The mobile access gateway comprises a forwarding unit. The forwarding unit comprises a packet forwarding engine (PFE). When the PFE receives a packet, the PFE updates a data transfer statistic based on a quantity of data in the packet. The data transfer statistic is initially stored in a memory of the PFE. The PFE is configured to push the data transfer statistic from the memory of the PFE to a memory of the forwarding unit.
Abstract:
In some examples, a method includes receiving, by an orchestrator for a virtualized computing infrastructure, namespace specification data the specifies a namespace, a first virtual network for the namespace, and a second virtual network for the namespace; sending, by the orchestrator to a network controller for the virtualized computing infrastructure, based on the namespace specification data, at least one request to create, for a virtual execution element to be deployed to the namespace and instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for the first virtual network and the second virtual network; and send, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network.