公开(公告)号：US08958292B2

公开(公告)日：2015-02-17

申请号：US13177546

申请日：2011-07-06

Applicant: Bryan J. Fulton ,  Pankaj Thakkar ,  Teemu Koponen ,  Peter J. Balland, III

Inventor： Bryan J. Fulton ,  Pankaj Thakkar ,  Teemu Koponen ,  Peter J. Balland, III

IPC: H04L12/26 ,  H04L12/931 ,  H04L12/24 ,  G06F11/07

CPC classification number: H04L41/0893 ,  G06F11/07 ,  G06F15/17312 ,  H04L12/4633 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0896 ,  H04L45/00 ,  H04L45/586 ,  H04L47/783 ,  H04L49/00 ,  H04L49/1546 ,  H04L49/3063 ,  H04L49/70 ,  H04L61/2007 ,  H04L61/6022

Abstract: Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions.

Abstract translation: 一些实施例中的端口安全性是应用于逻辑交换元件的特定端口的技术，使得通过特定逻辑端口进入和存在逻辑交换元件的网络数据具有某些地址，交换元件已经限制了要使用的逻辑端口 。 例如，逻辑交换单元可以将特定的逻辑端口限制到一个或多个特定的网络地址。为了实现用于端口安全的逻辑交换机的逻辑端口，一些实施例的控制应用接收指定特定逻辑端口的用户输入和 特定逻辑端口所属的逻辑交换机。 在一些实施例中，控制应用将用户输入格式化成指定指定的逻辑控制平面数据。 一些实施例中的控制应用随后将逻辑控制平面数据转换为指定端口安全功能的逻辑转发数据。

公开(公告)号：US20130058341A1

公开(公告)日：2013-03-07

申请号：US13177546

申请日：2011-07-06

Applicant: Bryan J. Fulton ,  Pankaj Thakkar ,  Teemu Koponen ,  Peter J. Balland, III

Inventor： Bryan J. Fulton ,  Pankaj Thakkar ,  Teemu Koponen ,  Peter J. Balland, III

IPC: H04L12/56

CPC classification number: H04L41/0893 ,  G06F11/07 ,  G06F15/17312 ,  H04L12/4633 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0896 ,  H04L45/00 ,  H04L45/586 ,  H04L47/783 ,  H04L49/00 ,  H04L49/1546 ,  H04L49/3063 ,  H04L49/70 ,  H04L61/2007 ,  H04L61/6022

Abstract: Port security in some embodiments is a technique to apply to a particular port of a logical switching element such that the network data entering and existing the logical switching element through the particular logical port have certain addresses that the switching element has restricted the logical port to use. For instance, a logical switching element may restrict a particular logical port to one or more certain network addresses. To enable a logical port of a logical switch for port security, the control application of some embodiments receives user inputs that designate a particular logical port and a logical switch to which the particular logical port belongs. The control application in some embodiments formats the user inputs into logical control plane data specifying the designation. The control application in some embodiments then converts the logical control plane data into logical forwarding data that specify port security functions.

Abstract translation: 一些实施例中的端口安全性是应用于逻辑交换元件的特定端口的技术，使得通过特定逻辑端口进入和存在逻辑交换元件的网络数据具有某些地址，交换元件已经限制了要使用的逻辑端口 。 例如，逻辑交换单元可以将特定逻辑端口限制为一个或多个特定网络地址。 为了启用用于端口安全性的逻辑交换机的逻辑端口，一些实施例的控制应用接收指定特定逻辑端口和特定逻辑端口所属的逻辑交换机的用户输入。 在一些实施例中，控制应用将用户输入格式化成指定指定的逻辑控制平面数据。 一些实施例中的控制应用随后将逻辑控制平面数据转换为指定端口安全功能的逻辑转发数据。

公开(公告)号：US20120147898A1

公开(公告)日：2012-06-14

申请号：US13269543

申请日：2011-10-07

Applicant: Teemu Koponen ,  Pankaj Thakkar ,  Bryan J. Fulton

Inventor： Teemu Koponen ,  Pankaj Thakkar ,  Bryan J. Fulton

IPC: H04L12/56

CPC classification number: H04L12/56 ,  H04L41/0893 ,  H04L45/42 ,  H04L47/50 ,  H04L49/254 ,  H04L49/70 ,  H04L61/6068

Abstract: A network controller for managing several managed switching elements that forward data in a network that includes the managed switching elements. The network controller is further for creating a logical switching element to be implemented in a set of managed switching elements. The network controller includes a set of modules for receiving input data specifying a logical switching element and for creating, based on the received input data, a set of logical switch constructs for the logical switching element by performing a set of database join operations. At least one of the logical switch constructs is for facilitating non-forwarding behavior of the logical switching element.

Abstract translation: 一种网络控制器，用于管理在网络中转发包括所述被管理的交换元件的数据的多个被管理的交换单元。 网络控制器还用于创建要在一组管理的交换元件中实现的逻辑交换元件。 网络控制器包括一组模块，用于接收指定逻辑交换元件的输入数据，并且用于通过执行一组数据库连接操作来创建基于所接收的输入数据的逻辑交换元件的一组逻辑交换结构。 逻辑交换结构中的至少一个用于促进逻辑交换元件的非转发行为。

公开(公告)号：US09525647B2

公开(公告)日：2016-12-20

申请号：US13269543

申请日：2011-10-07

Applicant: Teemu Koponen ,  Pankaj Thakkar ,  Bryan J. Fulton

Inventor： Teemu Koponen ,  Pankaj Thakkar ,  Bryan J. Fulton

IPC: H04L12/28 ,  H04L12/54 ,  H04L12/931 ,  H04L12/937 ,  H04L12/717 ,  H04L12/24

CPC classification number: H04L12/56 ,  H04L41/0893 ,  H04L45/42 ,  H04L47/50 ,  H04L49/254 ,  H04L49/70 ,  H04L61/6068

Abstract: A network controller for managing several managed switching elements that forward data in a network that includes the managed switching elements. The network controller is further for creating a logical switching element to be implemented in a set of managed switching elements. The network controller includes a set of modules for receiving input data specifying a logical switching element and for creating, based on the received input data, a set of logical switch constructs for the logical switching element by performing a set of database join operations. At least one of the logical switch constructs is for facilitating non-forwarding behavior of the logical switching element.

Abstract translation: 一种网络控制器，用于管理在网络中转发包括所述被管理的交换元件的数据的多个被管理的交换单元。 网络控制器还用于创建要在一组管理的交换元件中实现的逻辑交换元件。 网络控制器包括一组模块，用于接收指定逻辑交换元件的输入数据，并且用于通过执行一组数据库连接操作来创建基于所接收的输入数据的逻辑交换元件的一组逻辑交换结构。 逻辑交换结构中的至少一个用于促进逻辑交换元件的非转发行为。

公开(公告)号：US08717895B2

公开(公告)日：2014-05-06

申请号：US13177530

申请日：2011-07-06

Applicant: Teemu Koponen ,  Pankaj Thakkar ,  Martin Casado ,  W. Andrew Lambeth ,  Alexander Yip ,  Jeremy Stribling

Inventor： Teemu Koponen ,  Pankaj Thakkar ,  Martin Casado ,  W. Andrew Lambeth ,  Alexander Yip ,  Jeremy Stribling

IPC: H04L12/26 ,  H04L12/54 ,  G06F15/173 ,  G06F12/10

CPC classification number: H04L41/0893 ,  G06F11/07 ,  G06F15/17312 ,  H04L12/4633 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0896 ,  H04L45/00 ,  H04L45/586 ,  H04L47/783 ,  H04L49/00 ,  H04L49/1546 ,  H04L49/3063 ,  H04L49/70 ,  H04L61/2007 ,  H04L61/6022

Abstract: Some embodiments provide a virtualizer for managing a plurality of managed switching elements that forward data through a network. The virtualizer comprises a first set of tables for storing input logical forwarding plane data and a second set of tables for storing output physical control plane data. It also includes a table mapping engine for mapping the input logical forwarding plane data in the first set of tables to output physical control plane data in the second set of tables by performing a set of database join operations on the input logical forwarding plane data in the first set of tables. In some embodiments, the physical control plane data is subsequently translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements.

Abstract translation: 一些实施例提供了一种虚拟器，用于管理通过网络转发数据的多个被管理的交换元件。 虚拟器包括用于存储输入逻辑转发平面数据的第一组表和用于存储输出物理控制平面数据的第二组表。 它还包括一个表映射引擎，用于映射第一组表中的输入逻辑转发平面数据，以通过对输入的逻辑转发平面数据执行一组数据库连接操作来输出第二组表中的物理控制平面数据 第一套表。 在一些实施例中，物理控制平面数据随后被转换成物理转发行为，其指导被管理的交换元件转发数据。

公开(公告)号：US20130058215A1

公开(公告)日：2013-03-07

申请号：US13177530

申请日：2011-07-06

Applicant: Teemu Koponen ,  Pankaj Thakkar ,  Martin Casado ,  W. Andrew Lambeth ,  Alexander Yip ,  Jeremy Stribling

Inventor： Teemu Koponen ,  Pankaj Thakkar ,  Martin Casado ,  W. Andrew Lambeth ,  Alexander Yip ,  Jeremy Stribling

IPC: H04L12/56 ,  H04L12/26

CPC classification number: H04L41/0893 ,  G06F11/07 ,  G06F15/17312 ,  H04L12/4633 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0896 ,  H04L45/00 ,  H04L45/586 ,  H04L47/783 ,  H04L49/00 ,  H04L49/1546 ,  H04L49/3063 ,  H04L49/70 ,  H04L61/2007 ,  H04L61/6022

Abstract: Some embodiments provide a virtualizer for managing a plurality of managed switching elements that forward data through a network. The virtualizer comprises a first set of tables for storing input logical forwarding plane data and a second set of tables for storing output physical control plane data. It also includes a table mapping engine for mapping the input logical forwarding plane data in the first set of tables to output physical control plane data in the second set of tables by performing a set of database join operations on the input logical forwarding plane data in the first set of tables. In some embodiments, the physical control plane data is subsequently translated into physical forwarding behaviors that direct the forwarding of data by the managed switching elements.

Abstract translation: 一些实施例提供了一种虚拟器，用于管理通过网络转发数据的多个被管理的交换元件。 虚拟器包括用于存储输入逻辑转发平面数据的第一组表和用于存储输出物理控制平面数据的第二组表。 它还包括一个表映射引擎，用于映射第一组表中的输入逻辑转发平面数据，以通过对输入的逻辑转发平面数据执行一组数据库连接操作来输出第二组表中的物理控制平面数据 第一套表。 在一些实施例中，物理控制平面数据随后被转换成物理转发行为，其指导被管理的交换元件转发数据。

公开(公告)号：US09444651B2

公开(公告)日：2016-09-13

申请号：US13589043

申请日：2012-08-17

Applicant: Teemu Koponen ,  Martin Casado ,  Pankaj Thakkar ,  Ronghua Zhang ,  Daniel J. Wendlandt

Inventor： Teemu Koponen ,  Martin Casado ,  Pankaj Thakkar ,  Ronghua Zhang ,  Daniel J. Wendlandt

IPC: H04L12/54 ,  H04L12/66 ,  H04L12/931 ,  H04L12/715 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L12/66 ,  H04L41/044 ,  H04L45/04

Abstract: A network control system that includes a first set of network controllers for (i) receiving a logical control plane definition of a logical switching element that couples to both a first set of network hosts in a first domain and a second set of network hosts in a second domain, (ii) translating the logical control plane definition of the logical switching element into a first set of flow entries in a first logical forwarding plane, and (iii) translating the first set of flow entries into a second set of flow entries in a second logical forwarding plane. The network control system includes a second set of network controllers in the first domain for (i) receiving a portion of the second set of flow entries and (ii) translating the portion of the second set of flow entries into a third set of flow entries in a physical control plane.

Abstract translation: 一种网络控制系统，其包括第一组网络控制器，用于（i）接收逻辑交换元件的逻辑控制平面定义，所述逻辑交换元件耦合到第一域中的第一组网络主机和第二组网络主机 第二域，（ii）将逻辑交换元件的逻辑控制平面定义转换为第一逻辑转发平面中的第一组流条目，以及（iii）将第一组流条目转换为第二组流条目 第二个逻辑转发平面。 网络控制系统包括第一域中的第二组网络控制器，用于（i）接收第二组流条目的一部分，以及（ii）将第二组流条目的部分转换成第三组流条目 在物理控制平面。

公开(公告)号：US09137052B2

公开(公告)日：2015-09-15

申请号：US13589049

申请日：2012-08-17

Applicant: Teemu Koponen ,  Martin Casado ,  Pankaj Thakkar ,  Ronghua Zhang

Inventor： Teemu Koponen ,  Martin Casado ,  Pankaj Thakkar ,  Ronghua Zhang

IPC: H04L12/28 ,  H04L12/56 ,  G06F15/16 ,  G06F15/173 ,  H04L12/66 ,  H04L12/715 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L12/66 ,  H04L41/044 ,  H04L45/04

Abstract: A network control system for interconnecting several separate networks. The system includes i) several interconnection switching elements, each of which is for connecting one of the separate networks to a common interconnecting network, ii) a first set of network controllers for managing a first set of the interconnection switching elements at a first set of separate networks in order for machines at different networks within the first set to communicate with each other, iii) a second set of network controllers for managing a second set of interconnection switching elements at a second set of separate networks in order for machines at different networks within the second set to communicate with each other, and iv) a third set of network controllers for managing the first and second sets of network controllers in order for machines at networks in the first set to communicate with machines at networks in the second set.

Abstract translation: 用于互连几个单独网络的网络控制系统。 该系统包括：i）多个互连交换元件，每个互连开关元件用于将单独网络中的一个连接到公共互连网络; ii）第一组网络控制器，用于在第一组互连网络中管理第一组互连交换元件 单独的网络，以便在第一组内的不同网络上的机器彼此通信; iii）第二组网络控制器，用于在第二组不同网络处管理第二组互连交换元件，以便在不同网络处的机器 在第二组内相互通信，以及iv）用于管理第一组和第二组网络控制器的第三组网络控制器，以便第一组中的网络上的机器与第二组中网络处的机器进行通信。

公开(公告)号：US09049153B2

公开(公告)日：2015-06-02

申请号：US13218464

申请日：2011-08-26

Applicant: Martin Casado ,  Teemu Koponen ,  Pankaj Thakkar

Inventor： Martin Casado ,  Teemu Koponen ,  Pankaj Thakkar

IPC: H04L12/26 ,  H04L12/54 ,  G06F9/38 ,  G06F15/16 ,  H04L12/931 ,  H04L12/933 ,  H04L12/713 ,  H04L12/24 ,  H04L12/935 ,  G06F15/173 ,  G06F11/07

CPC classification number: H04L41/0893 ,  G06F11/07 ,  G06F15/17312 ,  H04L12/4633 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0896 ,  H04L45/00 ,  H04L45/586 ,  H04L47/783 ,  H04L49/00 ,  H04L49/1546 ,  H04L49/3063 ,  H04L49/70 ,  H04L61/2007 ,  H04L61/6022

Abstract: Some embodiments provide a method of processing a packet through a logical switching element implemented by several managed switching elements. The method receives a packet for processing through a processing pipeline of the logical switching element. The method processes the packet through the processing pipeline. The method stores state information in the packet for indicating that the packet has been processed through the processing pipeline in order to prevent other managed switching elements from processing the packet through the processing pipeline. The method forwards the processed packet to a managed switching element of the several managed switching elements.

Abstract translation: 一些实施例提供了通过由多个管理的交换元件实现的逻辑交换元件来处理分组的方法。 该方法通过逻辑交换元件的处理流水线接收处理数据包。 该方法通过处理流程处理数据包。 该方法将用于指示分组已经通过处理流水线处理的分组中的状态信息存储，以便防止其他被管理的交换单元通过处理流水线处理分组。 该方法将处理的分组转发到多个被管理的交换单元的被管理的交换单元。

公开(公告)号：US08964528B2

公开(公告)日：2015-02-24

申请号：US13218470

申请日：2011-08-26

Applicant: Martin Casado ,  Teemu Koponen ,  Pankaj Thakkar ,  W. Andrew Lambeth ,  Alexander Yip ,  Keith E. Amidon ,  Paul S. Ingram

Inventor： Martin Casado ,  Teemu Koponen ,  Pankaj Thakkar ,  W. Andrew Lambeth ,  Alexander Yip ,  Keith E. Amidon ,  Paul S. Ingram

IPC: H04J3/14 ,  H04L12/26 ,  H04L12/54 ,  G06F11/07 ,  G06F15/16 ,  H04L12/741

CPC classification number: H04L45/745

Abstract: For a network that includes several managed edge switching elements and several managed non-edge switching elements that are for implementing a logical switching element, some embodiments provide a method of distributing packet processing across the several managed non-edge switching elements. The method receives a packet for processing through the logical switching element. Based on a determination that the packet needs to be processed by a managed non-edge switching element, the method determines a particular managed non-edge switching element of the several managed non-edge switching elements to forward the packet. The method forwards the packet to the particular managed non-edge switching element for the particular managed non-edge switching element to process the packet.

Abstract translation: 对于包括若干管理边缘交换元件的网络和用于实现逻辑交换元件的若干受管理的非边缘交换元件，一些实施例提供跨多个受管理的非边缘交换元件分发分组处理的方法。 该方法通过逻辑交换元件接收用于处理的分组。 基于确定分组需要由被管理的非边缘切换元件来处理，该方法确定若干受管理的非边缘交换元件的特定的受管理非边缘交换元件以转发该分组。 该方法将分组转发到用于特定的受管理非边缘交换元件的特定的受管理的非边缘交换元件以处理分组。