Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines. The context engine then provides the contextual attributes to the service engines, which, in turn, use these contextual attributes to identify service rules for processing.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 47/24 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS
An architecture is provided for capturing contextual attributes on host computers that execute one or more containers and/or virtual machines (VM), and for consuming the captured contextual attributes to perform services on the host computers. A guest- introspection (GI) agent on each container or VM is executable from which contextual attributes need to be captured. Embodiments also execute a context engine and one or more attribute-based service engines on each host computer. Through the GI agents on a host, the context engine of that host collects contextual attributes associated with network events and/or process events. The context engine may then provide the contextual attributes to the service engines.
H04L 51/21 - Surveillance ou traitement des messages
H04L 47/24 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
3.
EXTENSION OF NETWORK CONTROL SYSTEM INTO PUBLIC CLOUD
Sorne embodiments provide a rnethod for a first network controller that rnanages a logical network implemented in a datacenter including forwarding elements to which the first network controller does not have access. The method identifies a first data compute node (DCN) in the datacenter configured to execute a second network controller. The method distributes configuration data defining the logical network to the first DCN. The second network controller distributes sets of the configuration data to local agents executing on additional DCNs in the datacenter that send and receive messages through the logical network. Both manaysed forwarding elements and the local agents execute on each of the additional DCNs. Each local agent on a particular DCN is for receiving a set of configuration data from the second network controller and configuring the rnanaged forwarding elernent on the particular DCN to implement the logical network according to the set of configuration data.
Some embodiments provide a method for a first network controller that manages a logical network implemented in a datacenter including forwarding elements to which the first network controller does not have access. The method identifies a first data compute node (DCN) in the datacenter configured to execute a second network controller. The method distributes configuration data defining the logical network to the first DCN. The second network controller distributes sets of the configuration data to local agents executing on additional DCNs in the datacenter that send and receive messages through the logical network. Both managed forwarding elements and the local agents execute on each of the additional DCNs. Each local agent on a particular DCN is for receiving a set of configuration data from the second network controller and configuring the managed forwarding element on the particular DCN to implement the logical network according to the set of configuration data.
H04L 47/125 - Prévention de la congestion; Récupération de la congestion en équilibrant la charge, p.ex. par ingénierie de trafic
H04L 61/2592 - Traduction d'adresses de protocole Internet [IP] en utilisant la tunnelisation ou l'encapsulation
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
H04L 41/046 - Architectures ou dispositions de gestion de réseau comprenant des agents de gestion de réseau ou des agents mobiles à cet effet
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
5.
EXTENSION OF NETWORK CONTROL SYSTEM INTO PUBLIC CLOUD
Some embodiments provide a method for a first network controller that rnanages a logical network implemented in a datacenter including forwarding elements to which the first network controller does not have access. The method identifies a first data cornpute node (DCN) in the datacenter configured to execute a second network controller. The method distributes configuration data defining the logical network to the first DCN. The second network controller distributes sets of the configuration data to local agents executing on additional DCNs in the datacenter that send and receive messages through the logical network. Both managed forwarding elements and the local agents execute on each of the additional DCNs. Each local agent on a particular DCN is for receiving a set of configuration data from the second network controller and configuring the managed forwarding element on the particillar DCN to implement the logical network according to the set of configuration data.
Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. Upon receiving data that specifies the state of a logical entity of the logical network, the method publishes the logical entity state's data to the set of controllers. In some embodiments, the method queries the set of controllers for a realization status of the state data for a set of logical entities that is published to the set of controllers up to a particular point of time. The submitted query, in some embodiments, includes a particular value of the realization number associated with the particular point of time.
Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
H04L 45/50 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données utilisant l'échange d'étiquettes, p.ex. des commutateurs d'étiquette multi protocole [MPLS]
H04L 45/745 - Recherche de table d'adresses; Filtrage d'adresses
H04L 47/125 - Prévention de la congestion; Récupération de la congestion en équilibrant la charge, p.ex. par ingénierie de trafic
Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
Some embodiments provide a method for implementing a logical router in a logical network. In some embodiments, the method receives a configuration of a static route for the logical router, which includes several routing components with separate routing tables. The method identifies which of the routing components require addition of a route to a corresponding routing table to implement the configuration of the static route. The method adds the routes to the corresponding separate routing tables of the identified routing components.
Some embodiments provide a method for implementing a logical router in a logical network. In some embodiments, the method receives a configuration of a static route for the logical router, which includes several routing components with separate routing tables. The method identifies which of the routing components require addition of a route to a corresponding routing table to implement the configuration of the static route. The method adds the routes to the corresponding separate routing tables of the identified routing components.
A method for implementing a logical router in a network that comprises of receiving a definition of a logical router to serve as an interface between a logical first network and a second network external to the logical first network. To implement the logical router, define a plurality of routing components comprising (1) a distributed routing component and (2) a plurality of centralized routing components. The centralized routing components (1) to forward northbound packet flows from the logical first network to the second network, and (2) toward southbound packet flows from the second network to the logical first network. The distributed routing component to route packets (1) within the logical first network and (2) to and from the centralized routing components. The distributing definitions of the plurality of routing components to the first and second pluralities of computers to implement the distributed and centralized routing components.
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 41/0654 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
H04L 45/02 - Mise à jour ou découverte de topologie
H04L 49/25 - Routage ou recherche de route dans une matrice de commutation
H04L 49/354 - Interrupteurs spécialement adaptés à des applications spécifiques pour la prise en charge des réseaux locaux virtuels [VLAN]
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
H04L 45/28 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données en utilisant la reprise sur incident de routes
A method for implementing a logical router in a network that comprises of receiving a definition of a logical router to serve as an interface between a logical first network and a second network external to the logical first network. To implement the logical router, define a plurality of routing components comprising (1) a distributed routing component and (2) a plurality of centralized routing components. The centralized routing components (1) to forward northbound packet flows from the logical first network to the second network, and (2) toward southbound packet flows from the second network to the logical first network. The distributed routing component to route packets (1) within the logical first network and (2) to and from the centralized routing components. The distributing definitions of the plurality of routing components to the first and second pluralities of computers to implement the distributed and centralized routing components.
A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.
A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.
A network control system for generating physical control plane data for managing first and second managed forwarding elements that implement forwarding operations associated with a first logical datapath set is described. The system includes a first controller instance for converting logical control plane data for the first logical datapath set to universal physical control plane (UPCP) data. The system further includes a second controller instance for converting UPCP data to customized physical control plane (CPCP) data for the first managed forwarding element but not the second managed forwarding element. The system further includes a third controller instance for receiving UPCP data generated by the first controller instance, identifying the second controller instance as the controller instance responsible for generating the CPCP data for the first managed forward element, and supplying the received UPCP data to the second controller instance.
In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g., GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 41/0896 - Gestion de la bande passante ou de la capacité des réseaux, c. à d. augmentation ou diminution automatique des capacités
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 49/00 - TRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE Éléments de commutation de paquets
H04L 49/15 - Interconnexion de modules de commutation
H04L 49/25 - Routage ou recherche de route dans une matrice de commutation
In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g., GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 41/0896 - Gestion de la bande passante ou de la capacité des réseaux, c. à d. augmentation ou diminution automatique des capacités
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 49/00 - TRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE Éléments de commutation de paquets
H04L 49/15 - Interconnexion de modules de commutation
H04L 49/25 - Routage ou recherche de route dans une matrice de commutation
In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g., GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities.
19.
METHOD AND APPARATUS FOR IMPLEMENTING AND MANAGING VIRTUAL SWITCHES
In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g, GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 41/0896 - Gestion de la bande passante ou de la capacité des réseaux, c. à d. augmentation ou diminution automatique des capacités
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 49/00 - TRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE Éléments de commutation de paquets
H04L 49/15 - Interconnexion de modules de commutation
H04L 49/25 - Routage ou recherche de route dans une matrice de commutation
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
20.
METHOD AND APPARATUS FOR IMPLEMENTING AND MANAGING VIRTUAL SWITCHES
In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration.; According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g., GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 41/0896 - Gestion de la bande passante ou de la capacité des réseaux, c. à d. augmentation ou diminution automatique des capacités
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 49/00 - TRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE Éléments de commutation de paquets
H04L 49/15 - Interconnexion de modules de commutation
H04L 49/25 - Routage ou recherche de route dans une matrice de commutation
Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.
H04L 41/06 - Gestion des fautes, des événements, des alarmes ou des notifications
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p.ex. prêt à l’emploi [plug-and-play]
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04L 41/0853 - Récupération de la configuration du réseau; Suivi de l’historique de configuration du réseau en recueillant activement des informations de configuration ou en sauvegardant les informations de configuration
H04L 41/0859 - Récupération de la configuration du réseau; Suivi de l’historique de configuration du réseau en conservant l'historique des différentes générations de configuration ou en revenant aux versions de configuration précédentes
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 41/0213 - Protocoles de gestion de réseau normalisés, p.ex. protocole de gestion de réseau simple [SNMP]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
22.
NETWORK OPERATING SYSTEM FOR MANAGING AND SECURING NETWORKS
Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.
H04L 41/06 - Gestion des fautes, des événements, des alarmes ou des notifications
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p.ex. prêt à l’emploi [plug-and-play]
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04L 41/0853 - Récupération de la configuration du réseau; Suivi de l’historique de configuration du réseau en recueillant activement des informations de configuration ou en sauvegardant les informations de configuration
H04L 41/0859 - Récupération de la configuration du réseau; Suivi de l’historique de configuration du réseau en conservant l'historique des différentes générations de configuration ou en revenant aux versions de configuration précédentes
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 41/0213 - Protocoles de gestion de réseau normalisés, p.ex. protocole de gestion de réseau simple [SNMP]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau