Multiple Active L3 Gateways for Logical Networks
US-2015063364-A1 · Mar 5, 2015 · US
Specifying service chains
US11249784B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11249784-B2 |
| Application number | US-201916445064-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 18, 2019 |
| Priority date | Feb 22, 2019 |
| Publication date | Feb 15, 2022 |
| Grant date | Feb 15, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of defining a plurality of services to perform on a data message flow, the method comprising: receiving a definition of a service chain that includes the plurality of services; receiving a definition of a service rule that includes (i) a rule identifier defined by reference to a set of attributes of the data message flow and (ii) a service chain identifier that identifies the defined service chain; identifying at least one service path that includes a plurality of service nodes to perform the plurality of services, and generating a service path identifier for the identified service path; and distributing, to a set of one or more host computers on which the service rule has to be enforced, the service rule, the service chain identifier, the service path identifier, a record mapping the service chain identifier to the service path identifier, and path forwarding data comprising a set of one or more network addresses associated with the service path identifier, wherein each of the plurality of service nodes (i) executes on the set of one or more host computers, (ii) uses the service chain identifier to identify a particular service to perform on the data message flow, and (iii) uses the service path identifier to identify a next hop network address of a subsequent service node in the plurality of service nodes for the data message flow. 2. The method of claim 1 , wherein the set of one or more network addresses comprises one network address that is the network address associated with a first hop service node in the service path. 3. The method of claim 1 further comprising: generating next hop forwarding rules that at each particular hop associated with a particular service node identify a next hop service node when the particular service node is not the last hop service node; and distributing the next hop forwarding rule to forwarding elements associated with the hops along the service path. 4. The method of claim 1 , wherein the set of one or more network addresses comprises the network addresses of all of the service nodes in the service path. 5. The method of claim 1 further comprising receiving a definition of multiple service rules each of which includes (i) a rule identifier defined by reference to a set of attributes of a data message flow and (ii) a service chain identifier that identifies the defined service chain. 6. The method of claim 1 further comprising receiving definitions of a plurality of service chains with each service chain specifying a set of services; receiving, for each particular service chain, a definition of at least one service rule that includes (i) a rule identifier defined by reference to a set of attributes of a data message flow and (ii) a service chain identifier that identifies the particular service chain; identifying at least one service path that includes a set of service nodes to perform the set of service for each service chain, and generating a service path identifier for each identified service path; and distributing, to at least one host computer on which the service rule has to be enforced, each service rule, the service chain identifier, the service path identifier, a record mapping the service chain identifier of the service rule to the service path identifier of the service path identified for the service chain, and path forwarding data comprising a set of one or more network addresses associated with the service path identifier of the service path identified for the service chain. 7. The method of claim 1 , wherein the receiving the service chain and service rule definitions comprises receiving the definitions through a user interface including at least one of an application programming interface or a graphical user interface. 8. The method of claim 1 , wherein receiving the service chain definition comprises receiving the definition by reference to at least one service defined through a vendor template of a service provider with service machines or appliances deployed in a datacenter. 9. The method of claim 8 , wherein receiving the definition by reference to the service defined through the vendor template comprises receiving a service profile that is provided to in the vendor template, the service profile associated with the service. 10. The method of claim 9 further comprising distributing data regarding the service profile to at least one host computer that executes at least one service node, the distributed service profile data used to configure how data messages are forwarded to the service node on the host computer. 11. The method of claim 1 , wherein the service chain identifier and the service path identifier are distributed to each host computer in the set of one or more host computers as part of the distributed record that maps the service chain identifier to the service path identifier. 12. A non-transitory machine readable medium storing a program for execution by at least one processing unit and for defining a plurality of services to perform on a data message flow, the program comprising sets of instructions for: receiving a definition of a service chain that includes the plurality of services; receiving a definition of a service rule that includes (i) a rule identifier defined by reference to a set of attributes of the data message flow and (ii) a service chain identifier that identifies the defined service chain; identifying at least one service path that includes a plurality of service nodes to perform the plurality of services, and generating a service path identifier for the identified service path; and distributing, to a set of one or more host computers on which the service rule has to be enforced, the service rule, the service chain identifier, the service path identifier, a record mapping the service chain identifier to the service path identifier, and path forwarding data comprising a set of one or more network addresses associated with the service path identifier, wherein each of the plurality of service nodes (i) executes on the set of one or more host computers, (ii) uses the service chain identifier to identify a particular service to perform on the data message flow, and (iii) uses the service path identifier to identify a next hop network address of a subsequent service node in the plurality of service nodes for the data message flow. 13. The non-transitory machine readable medium of claim 12 , wherein the set of one or more network addresses comprises one network address that is the network address associated with a first hop service node in the service path. 14. The non-transitory machine readable medium of claim 12 , wherein the program further comprises sets of instructions for: generating next hop forwarding rules that at each particular hop associated with a particular service node identify a next hop service node when the particular service node is not the last hop service node; and distributing the next hop forwarding rule to forwarding elements associated with the hops along the service path. 15. The non-transitory machine readable medium of claim 12 , wherein the set of one or more network addresses comprises the network addresses of all of the service nodes in the service path. 16. The non-transitory machine readable medium of claim 12 , wherein the program further comprises a set of instructions for receiving a definition of multiple service rules each of which includes (i) a rule identifier defined by reference to a set of attributes of a data message flow and (ii) a service chain identifier that identifies the defined service chain. 17. The
Assignees
Inventors
Classifications
Address table lookup; Address filtering · CPC title
Profiles · CPC title
Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements · CPC title
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
Assignment of logical groups to network elements · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11249784B2 cover?
- Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and perf…
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 15 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).