What technology area does this patent fall under?

Primary CPC classification H04L63/0272. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for integrating a service virtual machine

US9503427B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9503427-B2
Application number	US-201414231640-A
Country	US
Kind code	B2
Filing date	Mar 31, 2014
Priority date	Mar 31, 2014
Publication date	Nov 22, 2016
Grant date	Nov 22, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.

First claim

Opening claim text (preview).

We claim: 1. An apparatus for incorporating a service on a host, the apparatus comprising: a plurality of guest virtual machines (GVMs) executing on the host; a physical forwarding element (PFE) executing on the host, the PFE connecting to the GVMs to connect the GVMs to each other and to other devices outside of the host; a service virtual machine (SVM) that is a virtual machine that also executes on the host but not connected to the PFE, the SVM for providing the service to at least a subset of the GVMs; and an SVM interface (SVMI) through which the SVM receives data regarding GVM packets in order to perform the service for the subset of the GVMs. 2. The apparatus of claim 1 , wherein the GVM packets are incoming packets that are to be supplied to the GVMs. 3. The apparatus of claim 1 , wherein the GVM packets are outgoing packets that are sent by the GVMs. 4. The apparatus of claim 1 , wherein the GVM packets are incoming packets that are to be supplied to GVMs, and outgoing packets that are sent by the GVMs. 5. The apparatus of claim 1 , wherein the data that the SVM receives through the SVMI includes a set of attributes relating to the GVM packets. 6. The apparatus of claim 1 , wherein the PFE is a software switch. 7. The apparatus of claim 1 further comprising: a module for receiving the GVM packet data and forwarding the GVM packet data to the SVM through the SVMI. 8. The apparatus of claim 7 , wherein through the SVMI, the SVM supplies configuration data to the module to configure how the module is to interact with the SVM. 9. The apparatus of claim 8 , wherein said configuration data specifies when the module is to forward GVM packet data to the SVM. 10. The apparatus of claim 8 , wherein said configuration data specifies the subset of GVMs for which the SVM is to perform the service. 11. The apparatus of claim 8 , wherein said configuration data specifies the set of operations that the module has to perform to gather service state data of the SVM for a GVM that migrates to another host that has another SVM that provides the service for the migrating GVM. 12. A non-transitory machine readable medium storing a virtualization program for a host that executes a plurality of guest virtual machines (GVMs) and a service virtual machine (SVM) that is a virtual machine that also executes on the host for providing a service for one or more of the GVMs, the program comprising sets of instructions for: providing a physical forwarding element (PFE) executing on the host for connecting the GVMs to each other and to other devices outside of the host; and providing an SVM interface (SVMI) through which the SVM receives data regarding GVM packets in order to perform the service for the GVMs, said PFE not connecting to the SVM. 13. The machine readable medium of claim 12 , wherein the GVM packets are incoming packets that are to be supplied to GVMs, and outgoing packets that are sent by the GVMs. 14. The machine readable medium of claim 12 , wherein the program further comprises a set of instructions for providing a module for receiving the GVM packet data and forwarding the GVM packet data to the SVM through the SVMI. 15. The machine readable medium of claim 14 , wherein through the SVMI, the SVM supplies configuration data to the module to configure how the module is to interact with the SVM. 16. The machine readable medium of claim 15 , wherein said configuration data specifies when the module is to forward GVM packet data to the SVM. 17. The machine readable medium of claim 15 , wherein said configuration data specifies the subset of GVMs for which the SVM is to perform the service. 18. The machine readable medium of claim 15 , wherein said configuration data specifies the set of operations that the module has to perform to gather service state data of the SVM for a GVM that migrates to another host that has another SVM that provides the service for the migrating GVM. 19. A virtualization method comprising: on a host computing device: executing a plurality of guest virtual machines (GVMs); executing a physical forwarding element (PFE) for connecting the GVMs to each other and to other devices outside of the host; executing a service virtual machine (SVM) that is a virtual machine for providing a service for one or more of the GVMs, said SVM not connecting to the PFE; and providing an SVM interface (SVMI) through which the SVM receives data regarding GVM packets in order to perform the service for the GVMs. 20. The virtualization method of claim 19 further comprising: on the host, executing a module for receiving the GVM packet data and forwarding the GVM packet data to the SVM through the SVMI. 21. The virtualization method of claim 20 , wherein through the SVMI, the SVM supplies configuration data to the module to configure how the module is to interact with the SVM.

Assignees

Nicira Inc

Inventors

Classifications

G06F9/455
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
H04L63/0254
Stateful filtering · CPC title
G06F9/45533
Hypervisors; Virtual machine monitors · CPC title
H04L63/0272Primary
Virtual private networks · CPC title
H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title

Patent family

Related publications grouped by family.

View patent family 54191988

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9503427B2 cover?: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each …
Who is the assignee on this patent?: Nicira Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0272. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Migrating firewall connection state for a firewall service virtual machine

Configuring interactions with a firewall service virtual machine

Firewalls in logical networks

Method, Apparatus, Host, and Network System for Processing Packet

Firewall configured with dynamic collaboration from network services in a virtual network environment

Frequently asked questions