Cross-cloud namespace management for multi-tenant environments
US-2016105393-A1 · Apr 14, 2016 · US
Cross-cloud namespace management for multi-tenant environments
US10757170B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10757170-B2 |
| Application number | US-201514664939-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 23, 2015 |
| Priority date | Oct 13, 2014 |
| Publication date | Aug 25, 2020 |
| Grant date | Aug 25, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Conditional address translation is performed in a multi-tenant cloud infrastructure to effectively support tenant-assigned addresses. For each tenant, the multi-tenant cloud infrastructure deploys both a private network used to communicate between the tenant and the cloud and a tenant-facing gateway to manage the private network. The multi-tenant cloud infrastructure also includes an externally-facing gateway used to communicate between the multi-tenant cloud and a public network. The tenant-facing gateways are configured to bypass address translation—providing consistent addressing across each private network irrespective of the physical location of resources linked by the private network. By contrast, the public-facing gateway is configured to translate source addresses in outgoing packets to addresses that are unique within the public network. Advantageously, discriminately mapping addresses enables multiple tenants to interact in a uniform fashion with both on-premises resources and cloud-hosted resources without incurring undesirable address collisions between tenants.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of supporting independent addressing for multiple tenants in a cloud computing system, comprising: for each tenant, configuring a private network between the tenant and the cloud computing system, wherein the private network is managed by a tenant-facing cloud gateway; configuring the tenant-facing cloud gateways to preserve source media access control (MAC) addresses of packets originating from the cloud computing system to the private networks of the multiple tenants and to not perform MAC address translation on the packets, thereby allowing packets for different tenants to have same source MAC address in the cloud computing system; configuring a multi-tenant cloud gateway to a public network to translate the source MAC addresses of packets originating from the cloud computing system to the public network to MAC addresses that are unique within the public network; migrating a container with a particular MAC address from a particular private network of the multiple tenants to the cloud computing system that includes an existing container with the same particular MAC address, wherein each of the containers is one of a virtual machine and an operating system-less container; using the tenant-facing cloud gateway for the particular private network to transmit the packets originating from the cloud computing system to the particular private network without performing the MAC address translation; and using the multi-tenant cloud gateway to the public network to transmit the packets originating from the cloud computing system to the public network by performing the MAC address translation. 2. The method of claim 1 , wherein the private network is delineated by a virtual network identifier (VNI) or a virtual local area network (VLAN) identifier. 3. The method of claim 1 , wherein configuring the private network comprises provisioning the private network for a virtualized computing system. 4. The method of claim 3 , wherein a first source address specifies a particular virtual machine that is included in the private network and is running in a host in the cloud computing system. 5. The method of claim 3 , wherein a particular virtual machine is running on a host in the virtualized computing system and a virtual network interface card of the particular virtual machine has a virtual media access control (MAC) address, and further comprising: migrating the particular virtual machine from the host in the virtualized computing system to a host in the cloud computing system, without altering the virtual MAC address of the virtual network interface card of the particular virtual machine. 6. The method of claim 1 , wherein the public network is the Internet, and translating comprises mapping the destination address to an Internet-facing address. 7. The method of claim 1 , wherein the private network is a layer-2 (L2) network that is provisioned for a virtualized computing system, and the private network spans both the virtualized computing system and a virtual data center within the cloud computing system. 8. A non-transitory computer readable storage medium comprising instructions, which when executed in a multi-tenant cloud computing system causes the computing system to carry out the steps of: for each tenant, configuring a private network between the tenant and the cloud computing system, wherein the private network is managed by a tenant-facing cloud gateway; configuring the tenant-facing cloud gateways to preserve source media access control (MAC) addresses of packets originating from the cloud computing system to the private networks of the multiple tenants and to not perform MAC address translation on the packets, thereby allowing packets for different tenants to have same source MAC address in the cloud computing system; configuring a multi-tenant cloud gateway to a public network to translate the source MAC addresses of packets originating from the cloud computing system to the public network to MAC addresses that are unique within the public network; migrating a container with a particular MAC address from a particular private network of the multiple tenants to the cloud computing system that includes an existing container with the same particular MAC address, wherein each of the containers is one of a virtual machine and an operating system-less container; using the tenant-facing cloud gateway for the particular private network to transmit the packets originating from the cloud computing system to the particular private network without performing the MAC address translation; and using the multi-tenant cloud gateway to the public network to transmit the packets originating from the cloud computing system to the public network by performing the MAC address translation. 9. The non-transitory computer readable storage medium of claim 8 , wherein the private network is delineated by a virtual network identifier (VNI) or a virtual local area network (VLAN) identifier. 10. The non-transitory computer readable storage medium of claim 8 , wherein configuring the private network comprises provisioning the private network for a virtualized computing system. 11. The non-transitory computer readable storage medium of claim 10 , wherein a first source address specifies a particular virtual machine that is included in the private network and is running in a host in the cloud computing system. 12. The non-transitory computer readable storage medium of claim 10 , wherein a particular virtual machine is running on a host in the virtualized computing system and a virtual network interface card of the particular virtual machine has a virtual media access control (MAC) address, and further comprising: migrating the particular virtual machine from the host in the virtualized computing system to a host in the multi-tenant cloud computing system, without altering the virtual MAC address of the virtual network interface card of the particular virtual machine. 13. The non-transitory computer readable storage medium of claim 8 , wherein the private network is a layer-2 (L2) network that is provisioned for a virtualized computing system, and the private network spans both the virtualized computing system and a virtual data center within the cloud computing system. 14. A hybrid cloud computing system comprising: virtualized computing systems that each include a plurality of physical host computers in which one or more virtual machines are running, wherein each virtualized computing system corresponds to a different tenant; a cloud computing system that includes a plurality of physical host computers in which one or more virtual machines are running; and a hybridity director that allocate resources of cloud computing system between the tenants, wherein the hybridity director is configured to: for each tenant, configure a private network between the corresponding virtualized computing system and the cloud computing system, wherein the private network is managed by a tenant-facing cloud gateway; configure the tenant-facing cloud gateways to preserve source media access control (MAC) addresses of packets originating from the cloud computing system to the private networks of the multiple tenants and to not perform MAC address translation on the packets, thereby allowing packets for different tenants to have same source MAC address in the cloud computing system; configure a multi-tenant cloud gateway to a public network to translate the source MAC addresses of packets originating from the cloud computing system to the public network to MAC addresses that are unique within the public network; migrate a virtual machine with a particul
Assignees
Inventors
Classifications
Layer-2 addresses, e.g. medium access control [MAC] addresses · CPC title
Pools of addresses · CPC title
for local use, e.g. in LAN or USB networks, or in a controller area network [CAN] · CPC title
Protocols · CPC title
Translation of addresses of the same type other than IP, e.g. translation from MAC to MAC addresses · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10757170B2 cover?
- Conditional address translation is performed in a multi-tenant cloud infrastructure to effectively support tenant-assigned addresses. For each tenant, the multi-tenant cloud infrastructure deploys both a private network used to communicate between the tenant and the cloud and a tenant-facing gateway to manage the private network. The multi-tenant cloud infrastructure also includes an externally…
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L67/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 25 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).