Flow Based Network Service Insertion
US-2015063102-A1 · Mar 5, 2015 · US
Distributed service chain across multiple clouds
US11140218B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11140218-B2 |
| Application number | US-201916668485-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 30, 2019 |
| Priority date | Oct 30, 2019 |
| Publication date | Oct 5, 2021 |
| Grant date | Oct 5, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some embodiments of the invention provide novel methods for performing services on data messages passing through a network connecting one or more datacenters, such as software defined datacenters (SDDCs). The method of some embodiments uses service containers executing on host computers to perform different chains (e.g., ordered sequences) of services on different data message flows. For a data message of a particular data message flow that is received or generated at a host computer, the method in some embodiments uses a service classifier executing on the host computer to identify a service chain that specifies several services to perform on the data message. For each service in the identified service chain, the service classifier identifies a service container for performing the service. The service classifier then forwards the data message to a service forwarding element to forward the data message through the service containers identified for the identified service chain. The service classifier and service forwarding element are implemented in some embodiments as processes that are defined as hooks in the virtual interface endpoints (e.g., virtual Ethernet ports) of the host computer's operating system (e.g., Linux operating system) over which the service containers execute.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of performing services on a data message, the method comprising: in a first datacenter; at a service classifier, (i) identifying, for the data message, a service chain comprising a set of two or more services to perform on the data message, (ii) identifying, for each service in the identified service chain, a service machine for performing the service, and (iii) specifying a service path identifier that uniquely identifies the service machines in the first datacenter and a second datacenter that have been identified for performing services in the identified service chain; using a first service machine executing in the first datacenter to perform a first service in the identified service chain; and using a service forwarding proxy to encapsulate the data message with an encapsulating header and to forward the encapsulated data message to the second datacenter for processing by a second machine to perform a second service in the identified service chain, the encapsulating header storing at least one parameter associated with the identified service chain to perform on the data message, wherein the service forwarding proxy includes the service path identifier in the encapsulating header as a parameter associated with the identified service chain. 2. The method of claim 1 further comprising using a third service machine executing in the first datacenter to perform a third service in the identified service chain after the first service but before the second service, wherein the service forwarding proxy forwards the encapsulated data message to the second datacenter after the third service is performed. 3. The method of claim 2 , wherein to perform the first and third services, the data message is not encapsulated as the data message is forwarded to the first and third service machines in the first datacenter. 4. The method of claim 1 further comprising: after identifying the service chain, forwarding the data message to a service forwarding element to forward the data message to the first service machine, said service forwarding element forwarding the data message to the first service machine without encapsulating the data message. 5. The method of claim 1 , wherein the service forwarding element uses a first type of forwarding to forward the data message to each service machine in the first datacenter, while the service forwarding proxy uses a different, second type of forwarding to forward the data message from the first datacenter to the second datacenter. 6. The method of claim 1 , wherein identifying a service machine for each service comprises using a service selector for that service to select the service machine for the service. 7. The method of claim 1 , wherein the first and second datacenters are part of two different public clouds, the service forwarding proxy is a cross-cloud forwarding proxy, and the service path identifier uniquely identifies the service path in both public clouds. 8. A method of performing services on a data message, the method comprising: at a service classifier in a first datacenter: identifying, for the data message, a service chain comprising a set of two or more services to perform on the data message; identifying, for each service in the identified service chain, a service machine for performing the service; and specifying a first service path identifier that identifies a set of service machines in the first datacenter that has been identified for performing a group of services in the identified service chain; using a first service machine in the set of service machines in the first datacenter to perform a first service in the identified service chain; and at a service forwarding proxy in the first datacenter: converting the first service path identifier into a globally unique second service path identifier that uniquely identifies the service path in the first datacenter and a second datacenter; encapsulating the data message with an encapsulating header that includes the second service path identifier as a parameter associated with the identified service chain to perform on the data message; and forwarding the encapsulated data message to the second datacenter for processing by a second machine to perform a second service in the identified service chain. 9. The method of claim 1 , wherein the service machines are service containers. 10. The method of claim 1 , wherein the service forwarding proxy forwards data messages associated with a plurality of service chains to the second datacenter, and processes data messages received from the second datacenter for the plurality of service chains. 11. The method of claim 10 , wherein: the plurality of service chains are a first plurality of service chains and the service forwarding proxy forwards data message associated with a second plurality of service chains from the first datacenter to a third datacenter and processes data messages received from the third datacenter for the second plurality of service chains in order for service machines in the first datacenter to process the received data messages. 12. A non-transitory machine readable medium storing a program for execution by a set of processors of a computer in a first datacenter to perform services on a data message, the program comprising sets of instructions for: at a service classifier, (i) identifying, for the data message, a service chain comprising a set of two or more services to perform on the data message, (ii) identifying, for each service in the identified service chain, a service machine for performing the service, and (iii) specifying a service path identifier that uniquely identifies the service machines in the first datacenter and a second datacenter that have been identified for performing services in the identified service chain; using a first service machine executing in the first datacenter to perform a first service in the identified service chain; and using a service forwarding proxy to encapsulate the data message with an encapsulating header and to forward the encapsulated data message to a second datacenter for processing by a second machine to perform a second service in the identified service chain, the encapsulating header storing at least one parameter associated with the identified service chain to perform on the data message, wherein the service forwarding proxy includes the service path identifier in the encapsulating header as a parameter associated with the identified service chain. 13. The non-transitory machine readable medium of claim 12 , wherein the program further comprises a set of instructions for using a third service machine executing in the first datacenter to perform a third service in the identified service chain after the first service but before the second service, wherein the service forwarding proxy forwards the encapsulated data message to the second datacenter after the third service is performed. 14. The non-transitory machine readable medium of claim 13 , wherein to perform the first and third services, the data message is not encapsulated as the data message is forwarded to the first and third service machines in the first datacenter. 15. The non-transitory machine readable medium of claim 12 , wherein the program further comprises a set of instructions for forwarding, after identifying the service chain, the data message to a service forwarding element to forward the data message to the first service machine, said service forwarding element forwarding the data message to the first service machine without encapsulating the data message. 16. The
Assignees
Inventors
Classifications
Discovery or management thereof, e.g. service location protocol [SLP] or web services · CPC title
for supporting traffic characterised by the type of applications · CPC title
- H04L67/1012Primary
based on compliance of requirements or conditions with available server resources · CPC title
Parsing or analysis of headers · CPC title
relying on flow classification, e.g. using integrated services [IntServ] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11140218B2 cover?
- Some embodiments of the invention provide novel methods for performing services on data messages passing through a network connecting one or more datacenters, such as software defined datacenters (SDDCs). The method of some embodiments uses service containers executing on host computers to perform different chains (e.g., ordered sequences) of services on different data message flows. For a data…
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L67/1012. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 05 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).