公开(公告)号：US11038782B2

公开(公告)日：2021-06-15

申请号：US16945868

申请日：2020-08-01

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Stephen Tan ,  Rahul Mishra ,  Kantesh Mundaragi ,  Jayant Jain ,  Akhila Naveen

IPC分类号： H04L12/26 ,  H04L12/24

摘要： Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

公开(公告)号：US20210111914A1

公开(公告)日：2021-04-15

申请号：US17129788

申请日：2020-12-21

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Sharath Bhat ,  Jerome Catrouillet ,  Subin Cyriac Mathew ,  Alexander Tessmer

IPC分类号： H04L12/18 ,  H04L12/761

摘要： Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

公开(公告)号：US20210044502A1

公开(公告)日：2021-02-11

申请号：US17067635

申请日：2020-10-09

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  H04L12/851 ,  H04L12/701 ,  H04L12/46

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

公开(公告)号：US10805192B2

公开(公告)日：2020-10-13

申请号：US15937621

申请日：2018-03-27

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Stephen Tan ,  Rahul Mishra ,  Kantesh Mundaragi ,  Jayant Jain ,  Akhila Naveen

IPC分类号： H04L12/26 ,  H04L12/24

摘要： Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

公开(公告)号：US20200021521A1

公开(公告)日：2020-01-16

申请号：US16579809

申请日：2019-09-23

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Mani Kancherla

IPC分类号： H04L12/717 ,  H04L29/12 ,  G06F9/50

摘要： For a managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services. The method receives at a host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the host. The host logically forwards the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address. The distributed router determines that the message requires processing by a centralized logical router (e.g., a service router, edge node, etc.) executing on an edge node host and forwards the message to the centralized logical router using the same anycast IP address and a second, unique MAC address.

公开(公告)号：US20190312812A1

公开(公告)日：2019-10-10

申请号：US16447939

申请日：2019-06-20

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Anirban Sengupta ,  Sreeram Ravinoothala ,  Liwen Wu

IPC分类号： H04L12/803 ,  H04L12/24 ,  H04L12/741 ,  H04L12/715 ,  H04L12/46 ,  H04L12/931 ,  H04L12/66 ,  H04L12/713

摘要： Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (ESGs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner internet protocol (IP) address and a same anycast inner media access control (MAC) address. In some embodiments, ESGs of a logical network facilitate communication between machines connected to the logical network and machines on external networks. In some embodiments, the method configures a set of virtual extensible local area network tunnel endpoints (VTEPs) connected to an ESG to use a same anycast VTEP IP address. The method, in some embodiments, configures a distributed logical router (DLR or DR) to send data packets with destinations outside the logical network from sources belonging to the logical network to the anycast VTEP IP address.

公开(公告)号：US20180159801A1

公开(公告)日：2018-06-07

申请号：US15371934

申请日：2016-12-07

申请人： Nicira, Inc.

发明人： Dharmaraja Rajan ,  Sami Boutros ,  Philip Kippen

IPC分类号： H04L12/931 ,  H04L29/06 ,  H04L12/713 ,  H04L12/46 ,  H04L12/741

CPC分类号： H04L49/70 ,  H04L12/4641 ,  H04L45/586 ,  H04L45/74 ,  H04L69/22

摘要： A data system transfers data packets over Service Function Chains (SFCs). A classifier receives the packets and determines SFC Identifiers (IDs) and metadata. The classifier inserts the SFC IDs and metadata in Virtual Local Area Network (VLAN) ID data fields of the packets. The classifier transfers the classified packets to a forwarder. The forwarder identifies the SFC IDs and metadata from the VLAN ID data fields. The forwarder selects network functions based on the SFC IDs and metadata. The forwarder transfers the packets having the SFC IDs and metadata in the VLAN ID data fields to the selected network functions. The selected network functions identify the SFC IDs and metadata from the VLAN ID data fields. The network functions process the packets based on the SFC IDs, metadata, and configured policies to perform functions like network address translation, firewall, deep packet inspection, and others.

公开(公告)号：US11824778B2

公开(公告)日：2023-11-21

申请号：US17742085

申请日：2022-05-11

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Mani Kancherla ,  Dharmaraja Rajan ,  Philip Kippen ,  Yashika Narang ,  Chidambareswaran Raman

IPC分类号： H04L45/74 ,  H04L45/586 ,  H04L45/00 ,  H04L12/46 ,  G06F9/44 ,  G06F9/455 ,  H04L41/00 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5054 ,  H04L69/22

CPC分类号： H04L45/74 ,  G06F9/44 ,  G06F9/45558 ,  H04L12/4633 ,  H04L41/00 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5054 ,  H04L45/586 ,  H04L45/72 ,  G06F2009/45595 ,  H04L69/22 ,  H04L2212/00

摘要： The technology disclosed herein enables a dynamic chain of service functions for processing network traffic. In a particular embodiment, a method includes, in a logical router for a logical network connecting service functions, receiving a network packet from a service function over the logical network after the network packet has been processed by the service function. The method further includes determining a new classification of the network packet and determining a next service function based on application of a service chain policy to the new classification. The method also includes directing the network packet to the next service function over the logical network.

公开(公告)号：US11811545B2

公开(公告)日：2023-11-07

申请号：US17129788

申请日：2020-12-21

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Sharath Bhat ,  Jerome Catrouillet ,  Subin Cyriac Mathew ,  Alexander Tessmer

IPC分类号： H04L12/18 ,  H04L12/761 ,  H04L45/16 ,  H04L45/44 ,  H04L41/0893

CPC分类号： H04L12/185 ,  H04L12/1886 ,  H04L45/16 ,  H04L41/0893 ,  H04L45/44

摘要： Some embodiments provide a method for configuring a set of MFEs to implement a distributed multicast logical router and multiple logical switches to process the multicast data messages. The method sends, from a managed forwarding element (MFE) implementing the distributed multicast logical router, a multicast group query to a set of data compute nodes (DCNs) that are logically connected to one of several logical switches and that execute on the same host machine as the managed forwarding element. The method receives multicast group reports from a subset of the set of DCNs and at least one of the multicast group reports specifies a multicast group of interest. The method distributes, to a set of MFEs executing on other host machines, a summarized multicast group report specifying a set of multicast groups of interest to the first MFE (i.e., multicast groups that the first MFE participates in).

公开(公告)号：US11750476B2

公开(公告)日：2023-09-05

申请号：US17067635

申请日：2020-10-09

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L41/5041 ,  H04L67/1014 ,  H04L47/2483 ,  H04L47/2408 ,  H04L45/00 ,  H04L9/40 ,  H04L67/10 ,  H04L43/028 ,  H04L12/46 ,  G06F9/455 ,  H04L69/22

CPC分类号： H04L41/5041 ,  H04L12/4633 ,  H04L43/028 ,  H04L45/00 ,  H04L47/2408 ,  H04L47/2483 ,  H04L67/1014 ,  G06F2009/45595 ,  H04L63/0209 ,  H04L63/123 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).