公开(公告)号：US20210409453A1

公开(公告)日：2021-12-30

申请号：US17474029

申请日：2021-09-13

申请人： Nicira, Inc.

发明人： Kaushal Bansal ,  Uday Masurekar ,  Aravind Srinivasan ,  Shadab Shah ,  Serge Maskalik

IPC分类号： H04L29/06

摘要： Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced).

公开(公告)号：US20160094631A1

公开(公告)日：2016-03-31

申请号：US14815838

申请日：2015-07-31

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC分类号： H04L29/08

CPC分类号： H04L47/125 ,  H04L45/24 ,  H04L45/44 ,  H04L47/70 ,  H04L61/2069 ,  H04L61/2521 ,  H04L61/6022 ,  H04L67/1002 ,  H04L67/1017 ,  H04L67/1025 ,  H04L67/1029

摘要： Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

摘要翻译： 一些实施例提供了用于负载平衡由源计算节点（SCN）发送到一个或多个不同目的地计算节点（DCN）组的数据消息的新颖方法。 在一些实施例中，该方法在源计算节点的出口数据路径中部署负载均衡器。 该负载平衡器接收从源计算节点发送的每个数据消息，并且确定数据消息是否寻址到负载均衡器扩展数据流量以平衡负载的DCN组之一（例如，指向的数据流量） 组中的DCN。 当接收到的数据消息未被寻址到一个负载平衡DCN组时，负载平衡器将接收的数据消息转发到其寻址的目的地。 另一方面，当接收到的数据消息被寻址到负载平衡器的DCN组之一时，负载均衡器识别应该接收数据消息的寻址的DCN组中的DCN，并将数据消息引导到所识别的DCN。 为了将数据消息引导到所识别的DCN，在一些实施例中，负载平衡器从所识别的DCN组的地址改变数据消息中的目的地地址（例如，目的地IP地址，目的地端口，目的地MAC地址等） 到所识别的DCN的地址（例如，目的地IP地址）。

公开(公告)号：US09276904B2

公开(公告)日：2016-03-01

申请号：US14231682

申请日：2014-03-31

申请人： Nicira, Inc.

发明人： Kaushal Bansal ,  Uday Masurekar ,  Aravind Srinivasan ,  Shadab Shah ,  Serge Maskalik

IPC分类号： H04L12/22 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0263

摘要： Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced).

摘要翻译： 本发明的一些实施例提供了一种用于指定防火墙规则的新方法。 在一些实施例中，该方法提供为特定防火墙规则指定特定防火墙应被强制执行的一组网络节点（也称为下面的一组强制点）的能力。 为了提供这种能力，一些实施例的方法将额外的元组（以下称为AppliedTo元组）添加到防火墙规则。 这个添加的应用程序元组列出了必须应用防火墙规则（即强制执行）的一组强制点。

公开(公告)号：US20150263946A1

公开(公告)日：2015-09-17

申请号：US14214561

申请日：2014-03-14

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/741 ,  H04L12/713 ,  H04L12/931

CPC分类号： H04L45/74 ,  H04L45/02 ,  H04L45/586 ,  H04L49/354

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

摘要翻译： 一些实施例提供网络系统。 网络系统包括用于托管通过逻辑网络彼此连接的虚拟机的第一组主机。 第一组主机包括用于在主机之间转发数据的托管转发元件。 网络系统包括用于托管虚拟化容器的第二组主机，其作为用于在虚拟机和外部网络之间转发数据的网关。 至少一个虚拟化容器与外部网络中的至少一个物理路由器对等，以便将虚拟机的地址通告给物理路由器。

公开(公告)号：US12068961B2

公开(公告)日：2024-08-20

申请号：US17385809

申请日：2021-07-26

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC分类号： H04L47/125 ,  H04L45/24 ,  H04L45/44 ,  H04L47/70 ,  H04L67/1001 ,  H04L67/1017 ,  H04L67/1025 ,  H04L67/1029 ,  H04L61/2521 ,  H04L61/5069 ,  H04L101/622

CPC分类号： H04L47/125 ,  H04L45/24 ,  H04L45/44 ,  H04L47/70 ,  H04L67/1001 ,  H04L67/1017 ,  H04L67/1025 ,  H04L67/1029 ,  H04L61/2521 ,  H04L61/5069 ,  H04L2101/622

摘要： Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

公开(公告)号：US12047286B2

公开(公告)日：2024-07-23

申请号：US17307999

申请日：2021-05-04

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L45/74 ,  H04L45/02 ,  H04L45/586 ,  H04L49/354

CPC分类号： H04L45/74 ,  H04L45/02 ,  H04L45/586 ,  H04L49/354

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

公开(公告)号：US10567283B2

公开(公告)日：2020-02-18

申请号：US16179976

申请日：2018-11-04

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/741 ,  H04L12/713 ,  H04L12/751 ,  H04L12/931

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

公开(公告)号：US10164881B2

公开(公告)日：2018-12-25

申请号：US15436714

申请日：2017-02-17

申请人： Nicira, Inc.

发明人： Ariel Tubaltsev ,  Ronghua Zhang ,  Benjamin C. Basler ,  Serge Maskalik ,  Rajiv Ramanathan ,  David J. Leroy ,  Srinivas Neginhal ,  Kai-Wei Fan ,  Ansis Atteka

IPC分类号： H04L12/741 ,  H04L12/713 ,  H04L12/751 ,  H04L12/931

摘要： Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

公开(公告)号：US20160094452A1

公开(公告)日：2016-03-31

申请号：US14557290

申请日：2014-12-01

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC分类号： H04L12/803 ,  H04L12/721 ,  H04L12/741

CPC分类号： H04L47/125 ,  H04L45/24 ,  H04L45/44 ,  H04L47/70 ,  H04L61/2069 ,  H04L61/2521 ,  H04L61/6022 ,  H04L67/1002 ,  H04L67/1017 ,  H04L67/1025 ,  H04L67/1029

摘要： Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

摘要翻译： 一些实施例提供了用于负载平衡由源计算节点（SCN）发送到一个或多个不同目的地计算节点（DCN）组的数据消息的新颖方法。 在一些实施例中，该方法在源计算节点的出口数据路径中部署负载均衡器。 该负载平衡器接收从源计算节点发送的每个数据消息，并且确定数据消息是否寻址到负载均衡器扩展数据流量以平衡负载的DCN组之一（例如，指向的数据流量） 组中的DCN。 当接收到的数据消息未被寻址到一个负载平衡DCN组时，负载平衡器将接收的数据消息转发到其寻址的目的地。 另一方面，当接收到的数据消息被寻址到负载平衡器的DCN组之一时，负载均衡器识别应该接收数据消息的寻址的DCN组中的DCN，并将数据消息引导到所识别的DCN。 为了将数据消息引导到所识别的DCN，在一些实施例中，负载平衡器从所识别的DCN组的地址改变数据消息中的目的地地址（例如，目的地IP地址，目的地端口，目的地MAC地址等） 到所识别的DCN的地址（例如，目的地IP地址）。

公开(公告)号：US09215213B2

公开(公告)日：2015-12-15

申请号：US14231683

申请日：2014-03-31

申请人： Nicira, Inc.

发明人： Kaushal Bansal ,  Uday Masurekar ,  Aravind Srinivasan ,  Shadab Shah ,  Serge Maskalik

IPC分类号： H04L12/24 ,  H04L29/06 ,  G06F21/85

CPC分类号： H04L63/20 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0263

摘要： Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced).

摘要翻译： 本发明的一些实施例提供了一种用于指定防火墙规则的新方法。 在一些实施例中，该方法提供为特定防火墙规则指定特定防火墙应被强制执行的一组网络节点（也称为下面的一组强制点）的能力。 为了提供这种能力，一些实施例的方法将额外的元组（以下称为AppliedTo元组）添加到防火墙规则中。 这个添加的应用程序元组列出了必须应用防火墙规则（即强制执行）的一组强制点。