公开(公告)号：US20190132221A1

公开(公告)日：2019-05-02

申请号：US15881674

申请日：2018-01-26

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L12/24 ,  H04L12/46

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

公开(公告)号：US20220272037A1

公开(公告)日：2022-08-25

申请号：US17742085

申请日：2022-05-11

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Mani Kancherla ,  Dharmaraja Rajan ,  Philip Kippen ,  Yashika Narang ,  Chidambareswaran Raman

IPC分类号： H04L45/74 ,  H04L45/586 ,  H04L45/00 ,  H04L12/46 ,  G06F9/44 ,  G06F9/455 ,  H04L41/00 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5054

摘要： The technology disclosed herein enables a dynamic chain of service functions for processing network traffic. In a particular embodiment, a method includes, in a logical router for a logical network connecting service functions, receiving a network packet from a service function over the logical network after the network packet has been processed by the service function. The method further includes determining a new classification of the network packet and determining a next service function based on application of a service chain policy to the new classification. The method also includes directing the network packet to the next service function over the logical network.

公开(公告)号：US20230388200A1

公开(公告)日：2023-11-30

申请号：US18227303

申请日：2023-07-28

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L41/5041 ,  H04L43/028 ,  H04L67/1014 ,  H04L47/2483 ,  H04L47/2408 ,  H04L45/00 ,  H04L12/46

CPC分类号： H04L41/5041 ,  H04L43/028 ,  H04L67/1014 ,  H04L47/2483 ,  H04L47/2408 ,  H04L45/00 ,  H04L12/4633 ,  G06F2009/45595

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

公开(公告)号：US20210044502A1

公开(公告)日：2021-02-11

申请号：US17067635

申请日：2020-10-09

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  H04L12/851 ,  H04L12/701 ,  H04L12/46

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

公开(公告)号：US20180159801A1

公开(公告)日：2018-06-07

申请号：US15371934

申请日：2016-12-07

申请人： Nicira, Inc.

发明人： Dharmaraja Rajan ,  Sami Boutros ,  Philip Kippen

IPC分类号： H04L12/931 ,  H04L29/06 ,  H04L12/713 ,  H04L12/46 ,  H04L12/741

CPC分类号： H04L49/70 ,  H04L12/4641 ,  H04L45/586 ,  H04L45/74 ,  H04L69/22

摘要： A data system transfers data packets over Service Function Chains (SFCs). A classifier receives the packets and determines SFC Identifiers (IDs) and metadata. The classifier inserts the SFC IDs and metadata in Virtual Local Area Network (VLAN) ID data fields of the packets. The classifier transfers the classified packets to a forwarder. The forwarder identifies the SFC IDs and metadata from the VLAN ID data fields. The forwarder selects network functions based on the SFC IDs and metadata. The forwarder transfers the packets having the SFC IDs and metadata in the VLAN ID data fields to the selected network functions. The selected network functions identify the SFC IDs and metadata from the VLAN ID data fields. The network functions process the packets based on the SFC IDs, metadata, and configured policies to perform functions like network address translation, firewall, deep packet inspection, and others.

公开(公告)号：US20190132220A1

公开(公告)日：2019-05-02

申请号：US15881670

申请日：2018-01-26

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L12/24 ,  H04L12/46

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

公开(公告)号：US20180331951A1

公开(公告)日：2018-11-15

申请号：US15593516

申请日：2017-05-12

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Mani Kancherla ,  Dharmaraja Rajan ,  Philip Kippen ,  Yashika Narang ,  Chidambareswaran Raman

IPC分类号： H04L12/741 ,  H04L29/06 ,  H04L12/713 ,  H04L12/721

CPC分类号： H04L45/74 ,  H04L45/586 ,  H04L45/72 ,  H04L69/22 ,  H04L2212/00

摘要： The technology disclosed herein enables a dynamic chain of virtual service functions for processing network traffic in a virtual computing environment. In a particular embodiment, a method includes providing a service chain policy to a virtual routing element connecting the respective service functions and determining an initial classification of a network packet entering the dynamic service chain. The initial classification indicates at least a first service function in a sequence of the service functions for processing the network packet. The method further includes providing a service chain policy to a virtual routing element connecting the respective service functions. After the network packet has been processed by a one service function in the sequence and before the virtual routing element passes the network packet to a next service function in the sequence, the method provides applying the service chain policy to the network packet in the virtual routing element to determine the next service function and directing the network packet from the virtual routing element to the next service function. The process continues till the packet passes through all service functions till it reaches its destination.

公开(公告)号：US10129186B2

公开(公告)日：2018-11-13

申请号：US15371934

申请日：2016-12-07

申请人： Nicira, Inc.

发明人： Dharmaraja Rajan ,  Sami Boutros ,  Philip Kippen

IPC分类号： H04L12/931 ,  H04L29/06 ,  H04L12/713 ,  H04L12/46 ,  H04L12/741

摘要： A data system transfers data packets over Service Function Chains (SFCs). A classifier receives the packets and determines SFC Identifiers (IDs) and metadata. The classifier inserts the SFC IDs and metadata in Virtual Local Area Network (VLAN) ID data fields of the packets. The classifier transfers the classified packets to a forwarder. The forwarder identifies the SFC IDs and metadata from the VLAN ID data fields. The forwarder selects network functions based on the SFC IDs and metadata. The forwarder transfers the packets having the SFC IDs and metadata in the VLAN ID data fields to the selected network functions. The selected network functions identify the SFC IDs and metadata from the VLAN ID data fields. The network functions process the packets based on the SFC IDs, metadata, and configured policies to perform functions like network address translation, firewall, deep packet inspection, and others.

公开(公告)号：US11824778B2

公开(公告)日：2023-11-21

申请号：US17742085

申请日：2022-05-11

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Mani Kancherla ,  Dharmaraja Rajan ,  Philip Kippen ,  Yashika Narang ,  Chidambareswaran Raman

IPC分类号： H04L45/74 ,  H04L45/586 ,  H04L45/00 ,  H04L12/46 ,  G06F9/44 ,  G06F9/455 ,  H04L41/00 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5054 ,  H04L69/22

CPC分类号： H04L45/74 ,  G06F9/44 ,  G06F9/45558 ,  H04L12/4633 ,  H04L41/00 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5054 ,  H04L45/586 ,  H04L45/72 ,  G06F2009/45595 ,  H04L69/22 ,  H04L2212/00

摘要： The technology disclosed herein enables a dynamic chain of service functions for processing network traffic. In a particular embodiment, a method includes, in a logical router for a logical network connecting service functions, receiving a network packet from a service function over the logical network after the network packet has been processed by the service function. The method further includes determining a new classification of the network packet and determining a next service function based on application of a service chain policy to the new classification. The method also includes directing the network packet to the next service function over the logical network.

公开(公告)号：US11750476B2

公开(公告)日：2023-09-05

申请号：US17067635

申请日：2020-10-09

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Pere Monclus ,  Philip Kippen ,  Dharma Rajan ,  Yashika Narang

IPC分类号： H04L41/5041 ,  H04L67/1014 ,  H04L47/2483 ,  H04L47/2408 ,  H04L45/00 ,  H04L9/40 ,  H04L67/10 ,  H04L43/028 ,  H04L12/46 ,  G06F9/455 ,  H04L69/22

CPC分类号： H04L41/5041 ,  H04L12/4633 ,  H04L43/028 ,  H04L45/00 ,  H04L47/2408 ,  H04L47/2483 ,  H04L67/1014 ,  G06F2009/45595 ,  H04L63/0209 ,  H04L63/123 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

摘要： For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).