公开(公告)号：US20210258254A1

公开(公告)日：2021-08-19

申请号：US17307999

申请日：2021-05-04

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/741 ,  H04L12/713 ,  H04L12/751 ,  H04L12/931

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

公开(公告)号：US11075842B2

公开(公告)日：2021-07-27

申请号：US16427294

申请日：2019-05-30

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC分类号： H04L12/803 ,  H04L29/12 ,  H04L12/741 ,  H04L12/707 ,  H04L12/721 ,  H04L29/08 ,  H04L12/911

摘要： Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

公开(公告)号：US11025543B2

公开(公告)日：2021-06-01

申请号：US16776157

申请日：2020-01-29

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/741 ,  H04L12/713 ,  H04L12/751 ,  H04L12/931

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

公开(公告)号：US10608993B2

公开(公告)日：2020-03-31

申请号：US15726237

申请日：2017-10-05

申请人： Nicira, Inc.

发明人： Kaushal Bansal ,  Uday Masurekar ,  Serge Maskalik ,  Shadab Shah ,  Aravind Srinivasan ,  Minjal Agarwal

IPC分类号： H04L29/06 ,  G06F9/455

摘要： Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface. This management interface provides a uniform interface for defining different firewall rule sets and deploying these rules sets on different firewall devices (e.g., port-linked firewall engines, firewall service VMs, network-perimeter firewall devices, etc.). Also, this interface allows the location and/or behavior of the firewall rule sets to be dynamically modified. The management interface in some embodiments also provides controls for filtering and debugging firewall rules.

公开(公告)号：US10341233B2

公开(公告)日：2019-07-02

申请号：US14815838

申请日：2015-07-31

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC分类号： H04L12/741 ,  H04L12/803 ,  H04L12/721 ,  H04L29/08 ,  H04L12/911 ,  H04L12/707 ,  H04L29/12

摘要： Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

公开(公告)号：US20190075050A1

公开(公告)日：2019-03-07

申请号：US16179976

申请日：2018-11-04

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/741 ,  H04L12/931 ,  H04L12/713 ,  H04L12/751

CPC分类号： H04L45/74 ,  H04L45/02 ,  H04L45/586 ,  H04L49/354

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

公开(公告)号：US20180048623A1

公开(公告)日：2018-02-15

申请号：US15726237

申请日：2017-10-05

申请人： Nicira, Inc.

发明人： Kaushal Bansal ,  Uday Masurekar ,  Serge Maskalik ,  Shadab Shah ,  Aravind Srinivasan ,  Minjal Agarwal

IPC分类号： H04L29/06 ,  G06F9/455

CPC分类号： H04L63/0263 ,  G06F9/455 ,  H04L63/0218

摘要： Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface. This management interface provides a uniform interface for defining different firewall rule sets and deploying these rules sets on different firewall devices (e.g., port-linked firewall engines, firewall service VMs, network-perimeter firewall devices, etc.). Also, this interface allows the location and/or behavior of the firewall rule sets to be dynamically modified. The management interface in some embodiments also provides controls for filtering and debugging firewall rules.

公开(公告)号：US09787641B2

公开(公告)日：2017-10-10

申请号：US14788689

申请日：2015-06-30

申请人： Nicira, Inc.

发明人： Kaushal Bansal ,  Uday Masurekar ,  Serge Maskalik ,  Shadab Shah ,  Aravind Srinivasan ,  Minjal Agarwal

IPC分类号： H04L29/06 ,  G06F9/455

CPC分类号： H04L63/0263 ,  G06F9/455 ,  H04L63/0218

摘要： Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface. This management interface provides a uniform interface for defining different firewall rule sets and deploying these rules sets on different firewall devices (e.g., port-linked firewall engines, firewall service VMs, network-perimeter firewall devices, etc.). Also, this interface allows the location and/or behavior of the firewall rule sets to be dynamically modified. The management interface in some embodiments also provides controls for filtering and debugging firewall rules.

公开(公告)号：US09774537B2

公开(公告)日：2017-09-26

申请号：US14557295

申请日：2014-12-01

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC分类号： H04L12/803 ,  H04L29/08 ,  H04L12/721 ,  H04L12/911 ,  H04L12/707 ,  H04L29/12

CPC分类号： H04L47/125 ,  H04L45/24 ,  H04L45/44 ,  H04L47/70 ,  H04L61/2069 ,  H04L61/2521 ,  H04L61/6022 ,  H04L67/1002 ,  H04L67/1017 ,  H04L67/1025 ,  H04L67/1029

摘要： Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

公开(公告)号：US09225597B2

公开(公告)日：2015-12-29

申请号：US14214553

申请日：2014-03-14

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/28 ,  G06F15/173 ,  H04L12/24 ,  H04L12/707

CPC分类号： H04L45/02 ,  H04L45/04 ,  H04L45/24 ,  H04L45/58

摘要： Some embodiments provide a network system. The network system includes a first set of host machines hosting virtual machines that connect to each other through a logical network. The network system includes a second set of host machines hosting virtualized containers that operate as gateways to process packets entering the logical network from external sources. Each of the virtualized containers advertises itself to an external router as a next hop for packets entering the logical network such that the external router uses equal-cost multi-path forwarding to distribute the packets across the virtualized containers on the second set of host machines.

摘要翻译： 一些实施例提供网络系统。 网络系统包括托管通过逻辑网络彼此连接的虚拟机的第一组主机。 网络系统包括托管虚拟化容器的第二组主机，作为网关来处理从外部源进入逻辑网络的分组。 每个虚拟化容器将自身通告给外部路由器作为进入逻辑网络的分组的下一跳，使得外部路由器使用等价的多路径转发来在第二组主机上的虚拟化容器上分发分组。