What technology area does this patent fall under?

Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 17 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Scaling gateway to gateway traffic using flow hash

US11095617B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11095617-B2
Application number	US-201715831162-A
Country	US
Kind code	B2
Filing date	Dec 4, 2017
Priority date	Dec 4, 2017
Publication date	Aug 17, 2021
Grant date	Aug 17, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

First claim

Opening claim text (preview).

We claim: 1. A method for improving communication between gateway devices in different datacenters using multiple processing units of a set of central processing units (CPUs) of a first gateway computer in a first datacenter and multiple encryption-secured tunnels, the method comprising: defining a plurality of encryption-secured tunnels between a first set of interfaces of the first gateway computer and a second set of interfaces of a second gateway computer in a second datacenter; for each of a plurality of processing units of the set of CPUs of the first gateway computer, assigning a unique set of encryption-secured tunnels in the plurality of encryption secured tunnels for the processing unit to use as egress tunnels for encrypted egressing data messages forwarded to the second gateway computer from the first gateway computer, wherein different processing units have different unique sets of encryption-secured tunnels assigned to them; and for an egressing data message received at the first gateway computer for forwarding to the second gateway computer, selecting a particular processing unit of the first gateway computer to process the data message by selecting a particular encryption-secured tunnel in the set of encryption-secured tunnels assigned to the particular processing unit for forwarding the egressing data message to the second gateway computer, and encrypting the egressing data message for the selected particular encryption-secured tunnel. 2. The method of claim 1 , wherein selecting the particular processing unit for the received data message comprises selecting the particular processing unit based on a hash of a set of the data message's attributes. 3. The method of claim 2 , wherein the set of the data message's attributes is a set of header field values that define a data message flow, such that data messages in a same data message flow are encrypted by a same processing unit. 4. The method of claim 1 , wherein selecting the particular encryption-secured tunnel comprises selecting the particular encryption-secured tunnel based on a hash of a set of the data message's attributes. 5. The method of claim 4 , wherein the set of the data message's attributes is a set of header field values that define a data message flow, such that data messages in a same data message flow are transmitted over a same encryption-secured tunnel. 6. The method of claim 1 further comprising: using the egressing data message's source and destination addresses to determine whether the egressing data message matches a policy that requires the data message to be encrypted and sent along an encryption-secured tunnel; selecting the particular processing unit for the egressing data message based on a determination that the egressing data message matches the policy requiring encryption. 7. The method of claim 1 , wherein the plurality of encryption-secured tunnels is a first plurality of encryption-secured tunnels, the method further comprising: defining a second plurality of encryption-secured tunnels between a third set of interfaces of the first gateway computer and a fourth set of interfaces of a third gateway computer in a third datacenter; for each of the plurality of processing units of the set of CPUs of the first gateway computer, assigning a unique set of encryption-secured tunnels in the second plurality of encryption secured tunnels for the processing unit to use as egress tunnels for encrypted egressing data messages forwarded to the third gateway computer from the first gateway computer; and for another egressing data message received at the first gateway computer for forwarding to the third gateway computer, selecting another particular processing unit of the first gateway computer to encrypt the data message for transmission over one of the second plurality of encryption-secured tunnels assigned to the particular processing unit. 8. The method of claim 1 , wherein the processing units are processing cores of the set of CPUs. 9. The method of claim 1 , wherein the set of CPUs are a set of virtual CPUs (vCPUs) and the processing units are virtual processors of the set of vCPUs. 10. The method of claim 1 , wherein the processing units are virtual processing cores. 11. The method of claim 1 , wherein at least a plurality of different virtual processing cores corresponds to a plurality of different physical processing cores. 12. The method of claim 1 , wherein at least one set of tunnels assigned to one processing unit comprises at least two tunnels. 13. A non-transitory machine readable medium storing a program which when executed by a set of central processing units (CPUs) of a first gateway computer in a first datacenter improves communication between the first gateway computer and a second gateway computer in a second datacenter, the program comprising sets of instructions for: defining a plurality of encryption-secured tunnels between a first set of interfaces of the first gateway computer and a second set of interfaces of the second gateway computer in the second datacenter; for each of a plurality of processing units of the set of CPUs of the first gateway computer, assigning a unique set of encryption-secured tunnels in the plurality of encryption secured tunnels for the processing unit to use as egress tunnels for encrypted egressing data messages forwarded to the second gateway computer from the first gateway computer, wherein different processing units have different unique sets of encryption-secured tunnels assigned to them; and for an egressing data message received at the first gateway computer for forwarding to the second gateway computer, selecting a particular processing unit of the first gateway computer to process the data message by selecting a particular encryption-secured tunnel in the set of encryption-secured tunnels assigned to the particular processing unit for forwarding the egressing data message to the second gateway computer, and encrypting the egressing data message for the selected particular encryption-secured tunnel. 14. The non-transitory machine readable medium of claim 13 , wherein the set of instructions for selecting the particular processing unit for the received data message comprises a set of instructions for selecting the particular processing unit based on a hash of a set of the data message's attributes. 15. The non-transitory machine readable medium of claim 14 , wherein the set of the data message's attributes is a set of header field values that define a data message flow, such that data messages in a same data message flow are encrypted by a same processing unit. 16. The non-transitory machine readable medium of claim 13 , wherein the set of instructions for selecting the particular encryption-secured tunnel comprises a set of instructions for selecting the particular encryption-secured tunnel based on a hash of a set of the data message's attributes. 17. The non-transitory machine readable medium of claim 16 , wherein the set of the data message's attributes is a set of header field values that define a data message flow, such that data messages in a same data message flow are transmitted over a same encryption-secured tunnel. 18. The non-transitory machine readable medium of claim 13 , wherein the program further comprises sets of instructions for: using the egressing data message's source and destination addresses to determine whether the egressing data message matches a policy that requires the data message to be encrypted and sent along an encryption-secured tunnel; selecting the particular processing unit fo

Assignees

Nicira Inc

Inventors

Classifications

H04L45/745
Address table lookup; Address filtering · CPC title
H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L9/3215Primary
using a plurality of channels (network architectures or network communication protocols using different networks H04L63/18) · CPC title
H04L61/5038
for local use, e.g. in LAN or USB networks, or in a controller area network [CAN] · CPC title
H04L61/5007
Internet protocol [IP] addresses · CPC title

Patent family

Related publications grouped by family.

View patent family 66658299

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11095617B2 cover?: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data m…
Who is the assignee on this patent?: Nicira Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 17 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).