Firewalls in logical networks
US-9015823-B2 · Apr 21, 2015 · US
Connection identifier assignment and source network address translation
US9306909B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9306909-B2 |
| Application number | US-201414549517-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 20, 2014 |
| Priority date | Nov 15, 2011 |
| Publication date | Apr 5, 2016 |
| Grant date | Apr 5, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second middlebox instance that associates an identifier in the second set with a second packet.
First claim
Opening claim text (preview).
What is claimed is: 1. A non-transitory machine readable medium of a controller of a network control system for configuring a logical middlebox in a plurality of hosts, the network control system comprising a plurality of controllers, the non-transitory machine readable medium storing sets of instructions for: receiving configuration data for configuring, in each host of the plurality of hosts, a middlebox instance to provide a source network address translation (SNAT) service to a virtual machine operating in the host; identifying a set of additional controllers of the network control system that manage the plurality of middlebox instances for implementing the configuration data; and sending the configuration data to the identified set of additional controllers for the additional controllers to subsequently distribute the configuration data to the plurality of middlebox instances. 2. The non-transitory machine readable medium of claim 1 , wherein the controller is a logical controller and the additional controllers are physical controllers. 3. The non-transitory machine readable medium of claim 1 , wherein the network control system is for generating physical control plane data for managing a set of managed forwarding elements that implements forwarding operations associated with a first logical datapath set, wherein the controller further comprises a set of instructions for converting logical control plane data for the first logical datapath set to physical control plane data. 4. The non-transitory machine readable medium of claim 3 , wherein the controller is a master controller for the first logical datapath set, wherein each of the additional controllers is a master controller for a set of managed forwarding elements that operate in the plurality of hosts to implement the first logical datapath set. 5. The non-transitory machine readable medium of claim 1 , wherein the configuration data comprise at least one mapping of a pair of addresses. 6. The non-transitory machine readable medium of claim 1 , wherein the configuration data comprise a set of connection identifiers, wherein the middlebox instance provides the SNAT service to the virtual machine operating in the same host by assigning connection identifiers in the set of connection identifiers to packets the middlebox instance receives from the virtual machine. 7. The non-transitory machine readable medium of claim 6 , wherein connection identifiers in the set of connection identifiers are assigned to packets in order for managed switching elements, operating in other hosts that receive the packets, to use the connection identifiers to send responses to the correct sources of the packets. 8. The non-transitory machine readable medium of claim 6 , wherein the middlebox instance is configured to associate a connection identifier in the set of connection identifiers with a first packet originating from the virtual machine operating in the host. 9. The non-transitory machine readable medium of claim 8 , wherein the middlebox instance associates the connection identifier with the first packet by replacing a source port number of the first packet with the connection identifier. 10. The non-transitory machine readable medium of claim 6 , wherein the set of connection identifiers is recorded as no longer available to prevent other middlebox instances from assigning connection identifiers in the set of connection identifiers to packets the other middlebox instances receive. 11. For a controller of network control system comprising a plurality of controllers, a method for configuring a logical middlebox in a plurality of hosts, the method comprising: receiving configuration data for configuring, in each host of the plurality of hosts, a middlebox instance to provide a source network address translation (SNAT) service to a virtual machine operating in the host; identifying a set of additional controllers of the network control system that manage the plurality of middlebox instances for implementing the configuration data; and sending the configuration data to the identified set of additional controllers for the additional controllers to subsequently distribute the configuration data to the plurality of middlebox instances. 12. The method of claim 11 , wherein the controller is a logical controller and the additional controllers are physical controllers. 13. The method of claim 11 , wherein the network control system is for generating physical control plane data for managing a set of managed forwarding elements that implements forwarding operations associated with a first logical datapath set, wherein the controller further comprises a set of instructions for converting logical control plane data for the first logical datapath set to physical control plane data. 14. The method of claim 13 , wherein the controller is a master controller for the first logical datapath set, wherein each of the additional controllers is a master controller for a set of managed forwarding elements that operate in the plurality of hosts to implement the first logical datapath set. 15. The method of claim 11 , wherein the configuration data comprise at least one mapping of a pair of addresses. 16. The method of claim 11 , wherein the configuration data comprises a set of connection identifiers, wherein the middlebox instance provides the SNAT service to the virtual machine operating in the same host by assigning connection identifiers in the set of connection identifiers to packets the middlebox instance receives from the virtual machine. 17. The method of claim 16 , wherein connection identifiers in the set of connection identifiers are assigned to packets in order for managed switching elements, operating in other hosts that receive the packets, to use the connection identifiers to send responses to the correct sources of the packets. 18. The method of claim 16 , wherein the middlebox instance is configured to associate a connection identifier in the set of connection identifiers with a first packet originating from the virtual machine operating in the host. 19. The method of claim 18 , wherein the middlebox instance associates the connection identifier with the first packet by replacing a source port number of the first packet with the connection identifier. 20. The method of claim 16 , wherein the set of connection identifiers is recorded as no longer available to prevent other middlebox instances from assigning connection identifiers in the set of connection identifiers to packets the other middlebox instances receive.
Assignees
Inventors
Classifications
Virtual switches · CPC title
Configuration setting · CPC title
NAT traversal · CPC title
using port numbers · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9306909B2 cover?
- A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller assigns a first set of identifiers to a first middlebox instance that associates an identifier in the first set with a first packet. The controller assigns a second set of identifiers to a second…
- Who is the assignee on this patent?
- Nicira Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).