-
公开(公告)号:US08958292B2
公开(公告)日:2015-02-17
申请号:US13177546
申请日:2011-07-06
IPC分类号: H04L12/26 , H04L12/931 , H04L12/24 , G06F11/07
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions.
摘要翻译: 一些实施例中的端口安全性是应用于逻辑交换元件的特定端口的技术,使得通过特定逻辑端口进入和存在逻辑交换元件的网络数据具有某些地址,交换元件已经限制了要使用的逻辑端口 。 例如,逻辑交换单元可以将特定的逻辑端口限制到一个或多个特定的网络地址。为了实现用于端口安全的逻辑交换机的逻辑端口,一些实施例的控制应用接收指定特定逻辑端口的用户输入和 特定逻辑端口所属的逻辑交换机。 在一些实施例中,控制应用将用户输入格式化成指定指定的逻辑控制平面数据。 一些实施例中的控制应用随后将逻辑控制平面数据转换为指定端口安全功能的逻辑转发数据。
-
2.发明授权公开(公告)号:US08717895B2
公开(公告)日:2014-05-06
申请号:US13177530
申请日:2011-07-06
申请人: Teemu Koponen , Pankaj Thakkar , Martin Casado , W. Andrew Lambeth , Alexander Yip , Jeremy Stribling
发明人: Teemu Koponen , Pankaj Thakkar , Martin Casado , W. Andrew Lambeth , Alexander Yip , Jeremy Stribling
IPC分类号: H04L12/26 , H04L12/54 , G06F15/173 , G06F12/10
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Some embodiments provide a virtualizer for managing a plurality of managed switching elements that forward data through a network. The virtualizer comprises a first set of tables for storing input logical forwarding plane data and a second set of tables for storing output physical control plane data. It also includes a table mapping engine for mapping the input logical forwarding plane data in the first set of tables to output physical control plane data in the second set of tables by performing a set of database join operations on the input logical forwarding plane data in the first set of tables. In some embodiments, the physical control plane data is subsequently translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements.
摘要翻译: 一些实施例提供了一种虚拟器,用于管理通过网络转发数据的多个被管理的交换元件。 虚拟器包括用于存储输入逻辑转发平面数据的第一组表和用于存储输出物理控制平面数据的第二组表。 它还包括一个表映射引擎,用于映射第一组表中的输入逻辑转发平面数据,以通过对输入的逻辑转发平面数据执行一组数据库连接操作来输出第二组表中的物理控制平面数据 第一套表。 在一些实施例中,物理控制平面数据随后被转换成物理转发行为,其指导被管理的交换元件转发数据。
-
公开(公告)号:US20130058341A1
公开(公告)日:2013-03-07
申请号:US13177546
申请日:2011-07-06
IPC分类号: H04L12/56
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses. To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions.
摘要翻译: 一些实施例中的端口安全性是应用于逻辑交换元件的特定端口的技术,使得通过特定逻辑端口进入和存在逻辑交换元件的网络数据具有某些地址,交换元件已经限制了要使用的逻辑端口 。 例如,逻辑交换单元可以将特定逻辑端口限制为一个或多个特定网络地址。 为了启用用于端口安全性的逻辑交换机的逻辑端口,一些实施例的控制应用接收指定特定逻辑端口和特定逻辑端口所属的逻辑交换机的用户输入。 在一些实施例中,控制应用将用户输入格式化成指定指定的逻辑控制平面数据。 一些实施例中的控制应用随后将逻辑控制平面数据转换为指定端口安全功能的逻辑转发数据。
-
公开(公告)号:US20130058215A1
公开(公告)日:2013-03-07
申请号:US13177530
申请日:2011-07-06
申请人: Teemu Koponen , Pankaj Thakkar , Martin Casado , W. Andrew Lambeth , Alexander Yip , Jeremy Stribling
发明人: Teemu Koponen , Pankaj Thakkar , Martin Casado , W. Andrew Lambeth , Alexander Yip , Jeremy Stribling
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Some embodiments provide a virtualizer for managing a plurality of managed switching elements that forward data through a network. The virtualizer comprises a first set of tables for storing input logical forwarding plane data and a second set of tables for storing output physical control plane data. It also includes a table mapping engine for mapping the input logical forwarding plane data in the first set of tables to output physical control plane data in the second set of tables by performing a set of database join operations on the input logical forwarding plane data in the first set of tables. In some embodiments, the physical control plane data is subsequently translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements.
摘要翻译: 一些实施例提供了一种虚拟器,用于管理通过网络转发数据的多个被管理的交换元件。 虚拟器包括用于存储输入逻辑转发平面数据的第一组表和用于存储输出物理控制平面数据的第二组表。 它还包括一个表映射引擎,用于映射第一组表中的输入逻辑转发平面数据,以通过对输入的逻辑转发平面数据执行一组数据库连接操作来输出第二组表中的物理控制平面数据 第一套表。 在一些实施例中,物理控制平面数据随后被转换成物理转发行为,其指导被管理的交换元件转发数据。
-
公开(公告)号:US10103939B2
公开(公告)日:2018-10-16
申请号:US13269409
申请日:2011-10-07
申请人: Teemu Koponen , Pankaj Thakkar , W. Andrew Lambeth
发明人: Teemu Koponen , Pankaj Thakkar , W. Andrew Lambeth
IPC分类号: H04L12/24 , H04L12/931 , H04L12/803
摘要: For a network control system that receives, from a user, logical datapath sets that logically express desired forwarding behaviors that are to be implemented by a set of managed switching elements, a controller for managing several managed switching elements that forward data in a network that includes the managed switching elements is described. The controller includes a set of modules for detecting a change in one or more managed switching elements and for updating logical datapath set based on the detected change. The logical datapath set is for subsequent translation into a set of physical forwarding behaviors of the managed switching elements.
-
公开(公告)号:US09369426B2
公开(公告)日:2016-06-14
申请号:US13589062
申请日:2012-08-17
申请人: Teemu Koponen , Ronghua Zhang , Martin Casado , Pankaj Thakkar , Jesse E. Gross, IV , Daniel J. Wendlandt , Mehak Mahajan
发明人: Teemu Koponen , Ronghua Zhang , Martin Casado , Pankaj Thakkar , Jesse E. Gross, IV , Daniel J. Wendlandt , Mehak Mahajan
IPC分类号: H04L12/28 , H04L12/26 , H04L12/24 , H04L12/931 , H04L12/46 , H04L29/12 , H04L12/801 , H04L12/803 , H04L12/741 , H04L12/715
CPC分类号: H04L45/74 , H04L41/0803 , H04L45/04 , H04L45/54 , H04L47/12 , H04L47/125 , H04L61/103 , H04L61/256 , H04L61/2592
摘要: A novel method for configuring first and second managed forwarding elements to perform logical L2 switching and L3 routing is described. The method generates a first set of flow entries for configuring the first managed forwarding element to perform logical L2 ingress processing and L3 routing processing. The method generates a second set of flow entries for configuring the second managed forwarding element to performing logical L2 egress processing.
摘要翻译: 描述了一种用于配置第一和第二管理转发元件以执行逻辑L2交换和L3路由的新颖方法。 该方法生成第一组流条目,用于配置第一管理转发元素以执行逻辑L2入口处理和L3路由处理。 该方法生成第二组流条目,用于配置第二管理转发元件以执行逻辑L2出口处理。
-
公开(公告)号:US09231891B2
公开(公告)日:2016-01-05
申请号:US13288023
申请日:2011-11-02
IPC分类号: H04L12/28 , H04L12/44 , G06F15/16 , G06F15/173 , H04L12/931 , H04L12/933 , H04L12/713 , H04L12/54 , H04L12/24 , H04L12/935 , H04L12/46 , H04L12/911 , G06F11/07
CPC分类号: H04L41/0893 , G06F11/07 , G06F15/17312 , H04L12/4633 , H04L41/0816 , H04L41/0853 , H04L41/0896 , H04L45/00 , H04L45/586 , H04L47/783 , H04L49/00 , H04L49/1546 , H04L49/3063 , H04L49/70 , H04L61/2007 , H04L61/6022
摘要: Some embodiments provide a method that identifies several higher level switching elements for facilitating lower level switching elements to forward packets among network hosts. The method establishes a set of tunnels among the lower level switching elements and the higher level switching elements. At least one tunnel is established between a lower level switching element and a higher level switching element. For each higher level switching element in the several higher level switching elements, the method identifies a first set of forwarding data that specifies forwarding of packets between the higher level switching element and the several lower level switching elements. For each lower level switching element in the several lower level switching elements, the method identifies a second set of forwarding data that specifies forwarding of packets between the lower level switching element, the several of network hosts, and the several higher level switching elements.
摘要翻译: 一些实施例提供了一种识别多个更高级别的交换元件以促进下层交换元件在网络主机之间转发分组的方法。 该方法在较低级别的开关元件和较高级别的开关元件之间建立一组隧道。 在较低级别的开关元件和较高级别的开关元件之间建立至少一个通道。 对于多个较高级别的交换单元中的每个较高级别的交换单元,该方法识别第一组转发数据,该第一组转发数据指定在较高级别的开关元件和多个较低级别的开关元件之间转发分组。 对于多个下层交换单元中的每个下级交换单元,该方法识别第二组转发数据,该第二组转发数据指定在下层交换单元,若干网络主机与多个较高级别的交换单元之间转发分组。
-
公开(公告)号:US09178833B2
公开(公告)日:2015-11-03
申请号:US13589077
申请日:2012-08-17
申请人: Teemu Koponen , Pankaj Thakkar
发明人: Teemu Koponen , Pankaj Thakkar
IPC分类号: G06F15/173 , H04L12/863 , H04L12/24 , H04L12/721 , G05B11/01 , G06F15/177 , H04L12/54 , H04L12/717 , G06F9/455
CPC分类号: H04L47/50 , G05B11/01 , G06F9/45558 , G06F15/177 , G06F2009/45595 , H04L12/4633 , H04L41/0226 , H04L41/042 , H04L41/20 , H04L41/50 , H04L45/38 , H04L45/42 , H04L45/66 , H04L47/825 , H04L49/254
摘要: A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.
摘要翻译: 描述用于生成用于管理实现与第一逻辑数据路径集相关联的转发操作的第一和第二被管理转发元素的物理控制平面数据的网络控制系统。 该系统包括用于将第一逻辑数据路径集合的逻辑控制平面数据转换成通用物理控制平面(UPCP)数据的第一控制器实例。 该系统还包括用于将UPCP数据转换成用于第一被管理转发元件而不是第二管理转发元件的定制物理控制平面(CPCP)数据的第二控制器实例。 所述系统还包括用于接收由所述第一控制器实例产生的UPCP数据的第三控制器实例,将所述第二控制器实例标识为负责生成所述第一管理的前向元件的CPCP数据的所述控制器实例,以及将所接收的UPCP数据提供给所述第二控制器实例 控制器实例。
-
公开(公告)号:US08964767B2
公开(公告)日:2015-02-24
申请号:US13589044
申请日:2012-08-17
CPC分类号: H04L12/66 , H04L41/044 , H04L45/04
摘要: Some embodiments provide a novel method for forwarding a packet at a managed switching element in a first domain. The method receives a packet from a local machine. The method encapsulates the packet with a first context identifier that identifies a first logical port of a first logical switching element that couples to machines in both the first domain and a second domain. The first logical port maps to a destination address of the packet. Based on a mapping of the first logical port to a second logical port of a second logical switching element that couples to machines in only the first domain, the method encapsulates the packet with a second context identifier that identifies the second logical port. The method transmits the twice-encapsulated packet out of a port of the managed switching element based on the second context identifier.
摘要翻译: 一些实施例提供了一种用于在第一域中的被管理交换元件处转发分组的新颖方法。 该方法从本地计算机接收数据包。 该方法封装具有标识耦合到第一域和第二域中的机器的第一逻辑交换元件的第一逻辑端口的第一上下文标识符的分组。 第一个逻辑端口映射到数据包的目标地址。 基于第一逻辑端口到仅耦合到仅在第一域中的机器的第二逻辑交换单元的第二逻辑端口的映射,该方法用识别第二逻辑端口的第二上下文标识符封装分组。 该方法基于第二上下文标识符从被管理交换元件的端口发送两次封装的分组。
-
公开(公告)号:US08958298B2
公开(公告)日:2015-02-17
申请号:US13589074
申请日:2012-08-17
申请人: Ronghua Zhang , Pankaj Thakkar , Jesse E. Gross, IV , Justin Pettit , Keith E. Amidon , Daniel J. Wendlandt , Teemu Koponen , Martin Casado
发明人: Ronghua Zhang , Pankaj Thakkar , Jesse E. Gross, IV , Justin Pettit , Keith E. Amidon , Daniel J. Wendlandt , Teemu Koponen , Martin Casado
IPC分类号: H04L1/00 , H04L12/28 , H04L12/58 , G06F15/16 , G06F15/177 , G06F15/173 , H04L29/12 , H04L12/801 , H04L12/803 , H04L12/24 , H04L12/741
CPC分类号: H04L45/74 , H04L41/0803 , H04L45/04 , H04L45/54 , H04L47/12 , H04L47/125 , H04L61/103 , H04L61/256 , H04L61/2592
摘要: A novel method for logically routing a packet between a source machine that is in a first logical domain and a destination machine that is in a second logical domain is described. The method configures a managed switching element as a second-level managed switching element. The method configures a router in a host that includes the second-level managed switching element. The method communicatively couples the second-level managed switching element with the router. The method causes the router to route a packet when the router receives a packet from the first logical domain that is addressed to the second logical domain.
摘要翻译: 描述了一种用于在位于第一逻辑域中的源计算机和位于第二逻辑域中的目的地机器之间逻辑路由分组的新颖方法。 该方法将管理的交换元件配置为二级管理的交换元件。 该方法在包含第二级托管交换元件的主机中配置路由器。 该方法将二级管理交换单元与路由器通信地耦合。 当路由器接收到从寻址到第二逻辑域的第一逻辑域的分组时,该方法使得路由器路由分组。
-
-
-
-
-
-
-
-
-
搜索结果
60 条记录 (耗时 0.053 秒)
