In-service software upgrade of software-defined networking controller
US-10083026-B1 · Sep 25, 2018 · US
Hypervisor restart handling mechanism using random session numbers
US11526372B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11526372-B2 |
| Application number | US-202016871737-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 11, 2020 |
| Priority date | Mar 28, 2018 |
| Publication date | Dec 13, 2022 |
| Grant date | Dec 13, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Certain embodiments described herein are generally directed to handling a hypervisor restart event in a distributed network system. Embodiments include receiving, by a central controller, a session identifier from a first hypervisor. Embodiments further include comparing, by the central controller, the session identifier to a stored session identifier associated with the first hypervisor. Embodiments further include determining, by the central controller based on the session identifier not matching the stored session identifier associated with the first hypervisor, that the first hypervisor has restarted. Embodiments further include updating, by the central controller, the stored session identifier associated with the first hypervisor to match the session identifier. Embodiments further include identifying, by the central controller, a second hypervisor that is associated with the first hypervisor. Embodiments further include sending, by the central controller, a notification to the second hypervisor that the first hypervisor has restarted.
First claim
Opening claim text (preview).
We claim: 1. A method for handling a hypervisor restart event in a distributed network system, the method comprising: receiving, by a first hypervisor, a notification from a central controller that includes an identification of a second hypervisor that has restarted, wherein a security association has been established between the first hypervisor and the second hypervisor, wherein the security association comprises a security parameter index (SPI) value; and in response to receiving the notification: removing, by the first hypervisor, the security association with the second hypervisor and establishing, by the first hypervisor, a new security association with the second hypervisor. 2. The method of claim 1 , wherein the security association comprises a security policy that is shared between the first hypervisor and the second hypervisor. 3. The method of claim 2 , wherein the security policy comprises a distributed networking encryption (DNE) policy. 4. The method of claim 1 , further comprising: receiving, by the first hypervisor and from the central controller, a control message comprising a first session identifier in a header of the control message; comparing, by the first hypervisor, the first session identifier to a second session identifier stored by the first hypervisor; determining, by the first hypervisor, based on the comparing, that the first session identifier does not match the second session identifier; and discarding, by the first hypervisor, the control message based on the first session identifier not matching the second session identifier. 5. The method of claim 4 , further comprising sending, by the first hypervisor, to the central controller, a notification of the second session identifier. 6. The method of claim 1 , further comprising: determining, by the second hypervisor, that the second hypervisor has restarted; generating, by the second hypervisor, a session identifier; and sending, by the second hypervisor, the session identifier to the central controller. 7. The method of claim 1 , wherein the central controller stores an association between the first hypervisor and the second hypervisor. 8. The method of claim 1 , wherein the security association comprises an exclusive connection between the first hypervisor and the second hypervisor, and wherein the new security association comprises a new exclusive connection between the first hypervisor and the second hypervisor. 9. A system comprising: one or more processors; and at least one memory storing instructions that, when executed by the one or more processors, cause the system to perform operations for handling a hypervisor restart event in a distributed network system, the operations comprising: receiving, by a first hypervisor, a notification from a central controller that includes an identification of a second hypervisor that has restarted, wherein a security association has been established between the first hypervisor and the second hypervisor, wherein the security association comprises a security parameter index (SPI) value; and in response to receiving the notification: removing, by the first hypervisor, the security association with the second hypervisor and establishing, by the first hypervisor, a new security association with the second hypervisor. 10. The system of claim 9 , wherein the security association comprises a security policy that is shared between the first hypervisor and the second hypervisor. 11. The system of claim 10 , wherein the security policy comprises a distributed networking encryption (DNE) policy. 12. The system of claim 9 , wherein the operations further comprise: receiving, by the first hypervisor and from the central controller, a control message comprising a first session identifier in a header of the control message; comparing, by the first hypervisor, the first session identifier to a second session identifier stored by the first hypervisor; determining, by the first hypervisor, based on the comparing, that the first session identifier does not match the second session identifier; and discarding, by the first hypervisor, the control message based on the first session identifier not matching the second session identifier. 13. The system of claim 12 , wherein the operations further comprise sending, by the first hypervisor, to the central controller, a notification of the second session identifier. 14. The system of claim 9 , wherein the operations further comprise: determining, by the second hypervisor, that the second hypervisor has restarted; generating, by the second hypervisor, a session identifier; and sending, by the second hypervisor, the session identifier to the central controller. 15. The system of claim 9 , wherein the central controller stores an association between the first hypervisor and the second hypervisor. 16. A non-transitory computer readable medium comprising instructions that, when executed by one or more processors of a computer system, cause the computer system to perform a method for handling a hypervisor restart event in a distributed network system, the method comprising: receiving, by a first hypervisor, a notification from a central controller that includes an identification of a second hypervisor that has restarted, wherein a security association has been established between the first hypervisor and the second hypervisor, wherein the security association comprises a security parameter index (SPI) value; and in response to receiving the notification: removing, by the first hypervisor, the security association with the second hypervisor and establishing, by the first hypervisor, a new security association with the second hypervisor. 17. The non-transitory computer readable medium of claim 16 , wherein the security association comprises a security policy that is shared between the first hypervisor and the second hypervisor. 18. The non-transitory computer readable medium of claim 17 , wherein the security policy comprises a distributed networking encryption (DNE) policy. 19. The non-transitory computer readable medium of claim 16 , wherein the method further comprises: receiving, by the first hypervisor and from the central controller, a control message comprising a first session identifier in a header of the control message; comparing, by the first hypervisor, the first session identifier to a second session identifier stored by the first hypervisor; determining, by the first hypervisor, based on the comparing, that the first session identifier does not match the second session identifier; and discarding, by the first hypervisor, the control message based on the first session identifier not matching the second session identifier. 20. The non-transitory computer readable medium of claim 19 , wherein the method further comprises sending, by the first hypervisor, to the central controller, a notification of the second session identifier. 21. The non-transitory computer readable medium of claim 16 , wherein the method further comprises: determining, by the second hypervisor, that the second hypervisor has restarted; generating, by the second hypervisor, a session identifier; and sending, by the second hypervisor, the session identifier to the central controller.
Assignees
Inventors
Classifications
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Distribution of virtual machine instances; Migration and load balancing · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
Isolation or security of virtual machine instances · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11526372B2 cover?
- Certain embodiments described herein are generally directed to handling a hypervisor restart event in a distributed network system. Embodiments include receiving, by a central controller, a session identifier from a first hypervisor. Embodiments further include comparing, by the central controller, the session identifier to a stored session identifier associated with the first hypervisor. Embod…
- Who is the assignee on this patent?
- Nicira Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 13 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).