US20160330110A1 - System for steering data packets in communication network - Google Patents
System for steering data packets in communication network Download PDFInfo
- Publication number
- US20160330110A1 US20160330110A1 US14/704,988 US201514704988A US2016330110A1 US 20160330110 A1 US20160330110 A1 US 20160330110A1 US 201514704988 A US201514704988 A US 201514704988A US 2016330110 A1 US2016330110 A1 US 2016330110A1
- Authority
- US
- United States
- Prior art keywords
- data packet
- vlan
- service
- traffic steering
- records
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 claims description 33
- 230000006870 function Effects 0.000 claims description 22
- 238000012545 processing Methods 0.000 claims description 21
- 230000015654 memory Effects 0.000 claims description 15
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims 2
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 101100263760 Caenorhabditis elegans vms-1 gene Proteins 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/56—Routing software
- H04L45/566—Routing instructions carried by the data packet, e.g. active networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
- The present invention generally relates to communication networks, and, more particularly, to a system for steering data packets in a communication network.
- A communication network typically includes multiple digital systems such as gateways, switches, and access points. In a cloud computing environment, multiple computers are connected to each other and to servers via the communication network to exchange data packets, e.g., the World Wide Web (WWW) or the Internet. Generally, compute nodes are used as servers to service the computers. The compute nodes include processors for executing multiple application and service virtual machines.
- A virtual machine (VM) is an operating system that runs on a processor of a compute node and uses the same hardware resources as the compute node. Application VMs executed on the compute nodes include user-defined applications and are based on a transmission control internet protocol (TCP-IP) or a user datagram protocol (UDP), while the service VMs executed on the compute node include network services such as network security services such as firewall (FW), distributed denial of security service (DDoS), intrusion detection system (IDS), and web application firewall (WAF).
- A compute node running multiple application and service VMs will receive data packets from one of the application VMs being executed thereon or from another compute node in the network. The data packets need to be serviced by a set of network services defined by a network administrator. To service a data packet with the set of network services, the data packet must be steered through a set of network service VMs corresponding to the set of network services. Steering the data packets through the set of network service VMs based on the traffic steering rules and the set of network services assigned to the data packet is called traffic steering.
- One known technique for steering data packets includes utilization of a perimeter switch. The perimeter switch includes two types of ports: input and output ports. Each of the input and output ports includes node ports and transit ports. A data packet thus is received at the node ports of the perimeter switch. Based on a classification operation, the data packet is assigned a service chain that identifies the services and corresponding service VMs required for processing the data packet. The node ports are used for determining the position or the service stage of the data packet in the service chain and the next service in the service chain. Based on the next service to process the data packet, a new destination address of a next service VM is assigned to the data packet. Subsequently, the data packet is transmitted on a node port associated with the next service in the service chain.
- The total number of services required for servicing the data packet is variable. Further, to identify the node ports of the service VMs for additional services that may be added for scalability, the hardware in the compute nodes must be upgraded. Thus, the utilization of ports to detect the position of the data packet in the service chain does not provide a scalable solution as the use of ports to determine the position of the data packet in the service chain will include multiple ports, eventually requiring a hardware upgrade for each compute node.
- Another technique for steering data packets involves the introduction of new network protocols in the packet header to identify the next service VM for processing the data packet. This too will involve upgrading the software for identifying the protocol information in the data packet.
- Therefore, it would be advantageous to have a system and method for steering data packets that is scalable and doesn't require hardware or software upgrades at the compute nodes.
- The following detailed description of the preferred embodiments of the present invention will be better understood when read in conjunction with the appended drawings. The present invention is illustrated by way of example, and not limited by the accompanying figures, in which like references indicate similar elements.
-
FIG. 1 is a schematic block diagram of a system for steering data packets in a communication network in accordance with an embodiment of the present invention; -
FIG. 2 is a schematic block diagram of the system ofFIG. 1 for steering a data packet from a first compute node to a second compute node in accordance with an embodiment of the present invention; -
FIG. 3 is a diagram illustrating first through twelfth packet specifications and an overlay tunnel packet specification of a first data packet in accordance with an embodiment of the present invention; -
FIG. 4 is a flow chart illustrating a method for steering data packets in a communication network in accordance with an embodiment of the present invention; -
FIG. 5 is a flow chart illustrating a method for processing a data packet 2 by a first service VM in accordance with an embodiment of the present invention; -
FIG. 6 is a flow chart illustrating a method for processing a data packet by a first traffic steering accelerator in accordance with an embodiment of the present invention; -
FIG. 7 is a flow chart illustrating a method for determining a destination for a data packet based on an input VLAN-ID in accordance with an embodiment of the present invention; -
FIG. 8 is a flow chart Illustrating a method of processing a data packet by a second service VM in accordance with an embodiment of the present invention; and -
FIGS. 9A and 9B are a flow chart illustrating a method of determining a destination for a data packet by a traffic steering accelerator in accordance with an embodiment of the present invention. - The detailed description of the appended drawings is intended as a description of the currently preferred embodiments of the present invention, and is not intended to represent the only form in which the present invention may be practiced. It is to be understood that the same or equivalent functions may be accomplished by different embodiments that are intended to be encompassed within the spirit and scope of the present invention.
- In an embodiment of the present invention, a system for steering a plurality of data packets in a communication network is provided. The system includes a plurality of compute nodes having a corresponding plurality of processors for executing a plurality of application and service VMs and a corresponding plurality of traffic steering accelerators. A first one of the compute nodes includes a first processor configured for executing a first one of the application VMs and a first set of the service VMs, a first traffic steering accelerator, a virtual local area network-identifier (VLAN-ID) assignment module, a service-chaining module, and a traffic steering controller. The first application VM outputs a first data packet and the first traffic steering accelerator receives the first data packet. The VLAN-ID assignment module generates a plurality of records and associates these records with the service VMs. Each of the records includes a VLAN-ID set and a port number of a corresponding one of the service VMs. The VLAN-ID set includes input and output VLAN-IDs of the corresponding service VM. The service-chaining module receives the records and generates a plurality of service chaining rules associated with a plurality of n-Tuples configured for the application VMs. The traffic steering controller receives the first data packet and the service chaining rules and the corresponding records, sequences the records based on the service chaining rules for generating a plurality of chained records, and outputs a first chain of the chained records corresponding to a first one of the n-Tuples based on the first data packet to the first traffic steering accelerator. The first traffic steering accelerator receives the first chained records, retrieves a first record of the first chained records, retrieves a first input VLAN-ID of the first record, adds the first input VLAN-ID to the first data packet, and transmits the first data packet to at least one of a first one of the service VMs and a second one of the traffic steering accelerators based on the first input VLAN-ID.
- In another embodiment of the present invention, a method for steering data packets in a communication network is provided. The communication network includes a VLAN-ID assignment module, a service-chaining module, a traffic steering controller, and a plurality of compute nodes having a corresponding plurality of processors for executing a plurality of application and service VMs and a corresponding plurality of traffic steering accelerators. A first one of the compute nodes includes a first one of the processors and a first one of the traffic steering accelerators. The method includes generating a plurality of records by the VLAN-ID assignment module, where each of the records includes a VLAN-ID set and a port number of a corresponding service VM of the plurality of service VMs, and wherein the VLAN-ID set includes input and output VLAN-IDs of the corresponding service VM. The records are associated with the service VMs. The service chaining module receives the records and generates a plurality of service chaining rules associated with a plurality of n-Tuples configured for the application VMs. The traffic steering controller receives the service chaining rules and the corresponding records and sequences the records based on the service chaining rules for generating a plurality of chained records. The first processor executes a first one of the application VMs and a first set of the service VMs, where the first application VM outputs a first one of the data packets. The first traffic steering accelerator receives the first data packet and provides it to the traffic steering controller. The first traffic steering controller provides a first chain of the chained records corresponding to a first one of the n-Tuples based on the first data packet to the first traffic steering accelerator. The first traffic steering accelerator retrieves a first record of the first chained records, retrieves a first input VLAN-ID of the first record, adds the first input VLAN-ID to the first data packet, and transmits the first data packet to at least one of a first service VM of the first set of service VMs and a second one of the traffic steering accelerators based on the first input VLAN-ID.
- Various embodiments of the present invention provide a system for steering data packets in a communication network. The system includes a plurality of compute nodes, a VLAN-ID assignment module, a service-chaining module, and a traffic steering controller. The compute nodes execute a application and service VMs and a corresponding plurality of traffic steering accelerators. The VLAN-ID assignment module generates records and associates the records with the service VMs. Each record includes a VLAN-ID set and a port number of a corresponding service VM. The VLAN-ID set includes input and output VLAN-IDs of the corresponding service VM. The service-chaining module generates service chaining rules associated with a plurality of n-Tuples configured for the application VMs based on the records. The traffic steering controller sequences the records based on the service chaining rules for generating a plurality of chained records.
- A first one of the compute nodes executes a first application VM, a first set of service VMs, and a first traffic steering accelerator. The first application VM outputs a first one of the data packets. The traffic steering controller outputs a first chain of the chained records corresponding to a first one of the n-Tuples based on the first data packet to the first traffic steering accelerator. The first traffic steering accelerator receives the first data packet and the first chain of records, retrieves a first record of the first chain, retrieves a first input VLAN-ID of the first record, adds the first input VLAN-ID to the first data packet, and transmits the first data packet to at least one of a first one of the service VMs and a second one of the traffic steering accelerator based on the first input VLAN-ID.
- Thus, the data packets are steered in the communication network based on the input and output VLAN-IDs in the data packet. One of the VLAN-IDs is associated with the first data packet, thereby enabling identification of the first service VM for processing the first data packet. Thus, hardware or software implemented in the compute nodes does not need to be upgraded. Furthermore, since the servicing of the data packets is evenly distributed across the communication network based on the instances generated by the service VMs, the processing load due to steering of the data packets is reduced.
- Referring now to
FIG. 1 , a schematic block diagram of asystem 100 for steering data packets in a communication network (not shown) in accordance with an embodiment of the present invention is shown. Thesystem 100 is included in a cloud computing environment for providing various cloud-based solutions such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Thesystem 100 includes first andsecond compute nodes cloud orchestration controller 106, and atraffic steering controller 108. - The
first compute node 102 includes afirst processor 110 and afirst memory 112. Thesecond compute node 104 includes asecond processor 114 and asecond memory 116. Thecloud orchestration controller 106 includes athird processor 118 and athird memory 120. Thefirst processor 110 executes a first set ofapplication VMs 122, a first set ofservice VMs 124, and a firsttraffic steering accelerator 126. Thesecond processor 114 executes a second set ofapplication VMs 128, a second set ofservice VMs 130, and a secondtraffic steering accelerator 132. Thethird processor 118 executes a virtual local area network-identifier (VLAN-ID)assignment module 134 and a service-chainingmodule 136. - The first set of
application VMs 122 includes afirst application VM 138. The first set ofservice VMs 124 includes afirst service VM 140. The second set ofservice VMs 130 includes second through fifth service VMs 142-148. The second set ofapplication VMs 128 includes asecond application VM 150. Thesystem 100 further includes multiple compute nodes (not shown) that include multiple processors (not shown) and multiple traffic steering accelerators (not shown). The multiple processors execute multiple application and service VMs (not shown). - The first and
second compute nodes application VMs service VMs second compute nodes second processors second compute nodes - The
cloud orchestration controller 106 acts as an interconnector in the cloud computing environment for managing and coordinating multiple user-defined applications and network service functions corresponding to the multiple VMs executed by the compute nodes. In one embodiment, thecloud orchestration controller 106 is an OpenStack controller. - The first and
second processors second processors second processors second memories second processors second memories - The
third processor 118 further executes software modules that associate and store the identification information of the multiple VMs as well as provide service chaining rules associated with the data packets to thetraffic steering controller 108. Thethird processor 118 includes at least one of a single and multi-core processor. Thethird memory 120 is connected to thethird processor 118 and includes at least one of a cache memory and a RAM. In another embodiment of the present invention, the first, second, andthird memories third processors - The first and second sets of
application VMs service VMs - The
third processor 118 executes the VLAN-ID assignment module 134 for generating multiple records and associating the multiple records with the multiple service VMs. Each record of the multiple records includes a VLAN-ID set and a port number of a corresponding service VM of the multiple service VMs. The VLAN-ID set includes input and output VLAN-IDs of the corresponding service VM. A first set of records of the multiple records is associated with the first set ofservice VMs 124 by the VLAN-ID assignment module 134. Thus, the first set of records corresponds to the first set ofservice VMs 124 that are executed by thefirst processor 110. As a result, a first record of the first set of records corresponds to thefirst service VM 140. The first record includes a first input VLAN-ID, a first output VLAN-ID, and a first port number. Subsequently, a second set of records is associated with the second set ofservice VMs 130. As a result, a second record of the second set of records corresponds to thesecond service VM 142. The second record includes a second input VLAN-ID, a second output VLAN-ID, and a second port number. The VLAN-ID assignment module 134 further stores a mapping between multiple port numbers corresponding to the multiple service VMs, corresponding multiple virtual networks, and corresponding multiple VLAN-ID sets in thethird memory 120. - Table A represents the mapping between service VMs and the corresponding virtual networks and the VLAN-ID sets.
-
TABLE A Virtual VLAN-ID set Service VM (VM) Network assigned to the name/ID (VN) service VM Service VM - 1 VN - 1 VLAN-ID-IN = 2 VLAN-ID-OUT = 3 Service VM - 2 VN - 1 VLAN-ID-IN = 4 VLAN-ID-OUT = 5 Service VM - 3 VN - 2 VLAN-ID-IN = 2 VLAN-ID-OUT = 3 Service VM - 4 VN - 1 VLAN-ID-IN = 6 VLAN-ID-OUT = 7 - The service VMs include the multiple sets of service VMs that are executed by the multiple processors. Each virtual network identifier (VNI) is used to represent a corresponding virtual network. The corresponding application and service VMs in the first set of application and
service VMs service VMs traffic steering accelerators - The
first processor 110 executes a network service configuration module (not shown) for configuring VLAN interfaces of the first set ofservice VMs 124 based on the corresponding first set of records. The first record corresponding to thefirst service VM 140 is included in a VLAN-ID file and is accessed from a pre-defined path ‘/fileinject’ of thefirst service VM 140. The VLAN-ID file is injected by the VLAN-ID assignment module 134 in thefirst service VM 140. Utilizing the input and output VLAN-IDs from the first record, the network service configuration module thus configures the VLAN interfaces for ingress and egress of the data packets to and from thefirst service VM 140, respectively. In an example, the network service configuration module configures Eth 1.4 and Eth 1.5 virtual interfaces for ingress and egress data packets, respectively. Subsequently, the VLAN-ID assignment module 134 injects multiple VLAN-ID files including the corresponding multiple VLAN-ID sets in the multiple service VMs. - The
third processor 118 executes the service-chainingmodule 136 for receiving the multiple records and generating multiple service chaining rules associated with multiple n-Tuples configured for the multiple application VMs. Each n-Tuple of the multiple n-Tuples includes a 5-Tuple that includes a source internet protocol (IP) address, a destination IP address, a source port number, a destination port number, and a protocol information of an application VM that outputs the data packet and an application VM that receives the data packet processed with a set of network services. - The first and second
traffic steering accelerators traffic steering accelerators service VMs traffic steering accelerators - The first and second
traffic steering accelerators second memories traffic steering accelerators service VMs traffic steering accelerators traffic steering controller 108 for receiving corresponding chain of records and to determine the service VMs based on the VLAN-IDs embedded in the data packets. The first and secondtraffic steering accelerators service VMs - The first and second
traffic steering accelerators traffic steering accelerators service VMs service VMs second compute nodes traffic steering accelerators traffic steering accelerators service VMs service VMs - The
traffic steering controller 108 is a centrally located controller in the cloud computing environment and is configured with the service chaining rules. OpenStack hosts a dashboard horizon user interface module (not shown) that allows a user or a network administrator to configure the service chaining rules in thetraffic steering controller 108. In an example, thetraffic steering controller 108 is an OpenFlow controller. In another example, thetraffic steering controller 108 is a software module that is executed by a fourth processor (not shown). - The
traffic steering controller 108 is connected to the multiple traffic steering accelerators and thethird processor 118 for receiving the data packets and the multiple service chaining rules and the corresponding multiple records, respectively. Thetraffic steering controller 108 sequences the multiple records based on the multiple service chaining rules for generating multiple chain of records. - In an example, the
first application VM 138 outputs a first data packet. When the firsttraffic steering accelerator 126 receives the first data packet from thefirst application VM 138, the firsttraffic steering accelerator 126 transmits the first data packet to thetraffic steering controller 108. Thetraffic steering controller 108 receives the first data packet and identifies a first n-Tuple corresponding to the first data packet. On identifying the first n-Tuple, thetraffic steering controller 108 retrieves a first chain of records based on the first n-Tuple and outputs the first chain of records to the firsttraffic steering accelerator 126. - On receiving the first chain of records, the first
traffic steering accelerator 126 retrieves the first record of the first chain. It further retrieves the first input VLAN-ID of the first record. On retrieving the first input VLAN-ID, the firsttraffic steering accelerator 126 adds the first input VLAN-ID to the first data packet. Based on the first input VLAN-ID, the firsttraffic steering accelerator 126 transmits the first data packet to at least one of a service VM of the first set ofservice VMs 124 and a traffic steering accelerator of the multiple traffic steering accelerators. - Since the first input VLAN-ID corresponds to the
first service VM 140, the firsttraffic steering accelerator 126 transmits the first data packet having the first input VLAN-ID to thefirst service VM 140 through a virtual port that corresponds to the first port number. On receiving the first data packet from the firsttraffic steering accelerator 126, thefirst service VM 140 removes the first input VLAN-ID added to the first data packet. The first data packet is then processed with a first service function. In one embodiment, thefirst service VM 140 is configured for servicing the data packets with firewall services. Thus, the first service function corresponds to the firewall servicing function of thefirst service VM 140. After servicing the first data packet with the first service function, thefirst service VM 140 adds the first output VLAN-ID to the first data packet. The first data packet is transmitted on the virtual port to the firsttraffic steering accelerator 126. - The first
traffic steering accelerator 126 receives the first data packet from thefirst service VM 140. The first data packet is now processed with the first service function and has the associated first output VLAN-ID. The firsttraffic steering accelerator 126 removes the first output VLAN-ID and based on the first output VLAN-ID identifies the first record in the first chain of records. The firsttraffic steering accelerator 126 checks to determine if the first chain of records includes the second record. When the firsttraffic steering accelerator 126 determines that the second record is included in the first chain of records, it retrieves the second record that is subsequent to the first record from the first chain of records. The firsttraffic steering accelerator 126 retrieves the second input VLAN-ID of the second record and adds the second input VLAN-ID to the first data packet. Since the second input VLAN-ID corresponds to the input VLAN-ID of thesecond service VM 142, the firsttraffic steering accelerator 126 transmits the first data packet to the secondtraffic steering accelerator 132 in thesecond compute node 104 by way of an overlay network tunnel (not shown). - The second
traffic steering accelerator 132 receives the first data packet from the firsttraffic steering accelerator 126 and provides the first data packet to thetraffic steering controller 108. Thetraffic steering controller 108 configures the first chain of records for the first data packet in the secondtraffic steering accelerator 132. The secondtraffic steering accelerator 132 retrieves the second record from the first chain of records based on the second input VLAN-ID of the first data packet. On identifying a match between the second input VLAN-ID of the second record and the second input VLAN-ID of the first data packet, the secondtraffic steering accelerator 132 transmits the first data packet to at least one of a service VM of the second set ofservice VMs 130. - Since the second input VLAN-ID corresponds to the
second service VM 142, the secondtraffic steering accelerator 132 thus transmits the first data packet to thesecond service VM 142. Thesecond service VM 142 receives the first data packet from the secondtraffic steering accelerator 132, removes the second input VLAN-ID added to the first data packet, processes the first data packet with a second service function, adds the second output VLAN-ID to the first data packet, and transmits the first data packet to the secondtraffic steering accelerator 132. - The second
traffic steering accelerator 132 further receives the first data packet from thesecond service VM 142. The secondtraffic steering accelerator 132 removes the second output VLAN-ID from the first data packet. The secondtraffic steering accelerator 132 identifies the second record from the first chain of records based on the second output VLAN-ID. The secondtraffic steering accelerator 132 checks for any more records associated in the first chain of records. If a third record is included in the first chain of records, the secondtraffic steering accelerator 132 retrieves a third input VLAN-ID from the third record, adds the third input VLAN-ID to the first data packet, and transmits the first data packet to at least one of a service VM of the second set ofservice VMs 130 and another traffic steering accelerator (not shown) of the multiple traffic steering accelerators. If a third record is not included in the first chain of records, the secondtraffic steering accelerator 132 transmits the first data packet to at least one of an application VM of the second set ofapplication VMs 128 without applying further network services. - Referring now to
FIG. 2 , a schematic block diagram of thesystem 100 for steering the first data packet from thefirst application VM 138 being executed on thefirst compute node 102 to thesecond application VM 150 being executed on thesecond compute node 104 is shown. In an example, the first data packet needs to be serviced by the first, third, andfourth service VMs second application VM 150. InFIG. 2 , thesystem 100 ofFIG. 1 further includes anoverlay network tunnel 202. -
FIG. 2 will be explained in conjunction withFIG. 3 , which illustrates first through third packet specifications (PS1-PS3) 300-304, a first overlay tunnel packet specification (OT1) 306, and fourth through twelfth packet specifications (PS4-PSc) 308-324 of the first data packet. - The VLAN-
ID assignment module 134 associates the first set of records with the first set ofservice VMs 124. The first record in the first set of records includes the first input VLAN-ID, the first output VLAN-ID, and the first port number. In the example, the first input VLAN-ID (also referred to as “VID-I1”) has a value 02 and the first output VLAN-ID (also referred to as “VID-O1”) has a value 03. Thus, thefirst service VM 140 is identified using the first input VLAN-ID value as 02 and the first output VLAN-ID value as 03. Subsequently, the VLAN-ID assignment module 134 associates the second set of records with the second set ofservice VMs 130. The second set of records includes the second record, the third record, a fourth record, and a fifth record. The second record in the second set of records includes the second input VLAN-ID (also referred to as “VID-I2”=04), the second output VLAN-ID (also referred to as “VID-O2”=05) and the second port number. Thus, thesecond service VM 142 is identified using the second input VLAN-ID value as 04 and the second output VLAN-ID value as 05. The third record includes a third input VLAN-ID (also referred to as “VID-I3”=06), a third output VLAN-ID (also referred to as “VID-O3”=07), and a third port number. The fourth record includes a fourth input VLAN-ID (also referred to as “VID-I4”=08), a fourth output VLAN-ID (also referred to as “VID-O4”=09), and a fourth port number. The fifth record includes a fifth input VLAN-ID (also referred to as “VID-I5”=0a), a fifth output VLAN-ID (also referred to as “VID-O5”=0b), and a fifth port number. Therefore, the third, fourth, andfifth service VMs - The
first application VM 138 outputs the first data packet having the first packet specification (PS1) 300. The first data packet having the first packet specification (PS1) 300 includes a media access control (MAC)header 326 and an internet protocol (IP)packet 328. TheIP packet 328 is the first data packet and theMAC header 326 includes a source MAC address and a destination MAC address. The source MAC address includes a MAC address of thefirst application VM 138 and the destination MAC address includes a MAC address of the firsttraffic steering accelerator 126. The firsttraffic steering accelerator 126 receives the first data packet having the first packet specification (PS1) 300. Since the firsttraffic steering accelerator 126 does not have any service chaining rules configured for theIP packet 328, the firsttraffic steering accelerator 126 transmits theIP packet 328 to thetraffic steering controller 108. Thetraffic steering controller 108 identifies the first chain of records associated with the first n-tuple and outputs the first chain of records to the firsttraffic steering accelerator 126. In the example, the first chain of records includes the first record, the third record, and the fourth record. The firsttraffic steering accelerator 126 receives the first chain of records and retrieves the first record of the first chain of records. The firsttraffic steering accelerator 126 further retrieves the first input VLAN-ID (02) of the first record, adds the first input VLAN-ID (02) to the first data packet, and generates the first data packet having the second packet specification (PS2) 302. Since the first record is associated with thefirst service VM 140, the firsttraffic steering accelerator 126 transmits the first data packet having the second packet specification (PS2) 302 to thefirst service VM 140 utilizing the virtual port which corresponds to the first port number. - The first data packet having the second packet specification (PS2) 302 includes a
MAC header 330, the VLANprotocol identifier field 332, a VLAN-ID field 334, and theIP packet 328. TheMAC header 330 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the firsttraffic steering accelerator 126 and the destination MAC address is a MAC address of thefirst service VM 140. The VLANprotocol identifier field 332 is given by 0x8100 that conforms to the IEEE 802.1Q standard. The VLAN-ID field 334 includes the first input VLAN ID (0x1002). - The
first service VM 140 receives the first data packet having the second packet specification (PS2) 302, removes the first input VLAN-ID (02) from the second packet specification (PS2) 302, processes theIP packet 328 with the first service function, adds the first output VLAN-ID (03) to the first data packet, and generates the first data packet having the third packet specification (PS3) 304. The first data packet having the third packet specification (PS3) 304 includes aMAC header 336, the VLANprotocol identifier field 332, a VLAN-ID field 338, and theIP packet 328. TheMAC header 336 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of thefirst service VM 140 and the destination MAC address is the MAC address of the firsttraffic steering accelerator 126. The VLAN-ID field 338 includes the first output VLAN ID (0x1003). Thefirst service VM 140 transmits the first data packet having the third packet specification (PS3) 304 to the firsttraffic steering accelerator 126. - The first
traffic steering accelerator 126 receives the first data packet having the third packet specification (PS3) 304 and removes the first output VLAN-ID (03) from the first data packet having the third packet specification (PS3) 304. The firsttraffic steering accelerator 126 identifies the first record of the first chain of records based on the first output VLAN-ID (03) and checks to determine if a next record is included in the first chain of records that is subsequent to the first record. When the subsequent record is identified as the third record, the firsttraffic steering accelerator 126 further retrieves the third input VLAN-ID (06) of the third record and adds the third input VLAN-ID (06) to the first data packet. Since the third record is associated with thethird service VM 144, the firsttraffic steering accelerator 126 transmits the first data packet utilizing theoverlay network tunnel 202. To transmit the first data packet on theoverlay network tunnel 202, the firsttraffic steering accelerator 126 further adds an overlay network header to the first data packet, thereby generating the first data packet having the first overlay tunnel packet specification (OT1) 308. The first data packet having the first overlay tunnel packet specification (OT1) 308 includes aMAC header 340, theoverlay network header 342, the VLANprotocol identifier field 332, a VLAN-ID field 344, and theIP packet 328. TheMAC header 340 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the firsttraffic steering accelerator 126 and the destination MAC address is a MAC address of the secondtraffic steering accelerator 132. The VLAN-ID field 344 includes the third input VLAN ID (0x1006). Theoverlay network header 342 includes the protocol specification based on the protocol that is used for transmitting the first data packet having the first overlay tunnel packet specification (OT1) 308 through theoverlay network tunnel 202. - The second
traffic steering accelerator 132 receives the first data packet having the first overlay tunnel packet specification (OT1) 308 from the firsttraffic steering accelerator 126. Since the secondtraffic steering accelerator 132 does not have any chain of records associated with theIP packet 328, the secondtraffic steering accelerator 132 transmits the first data packet to thetraffic steering controller 108. Thetraffic steering controller 108 programs the first chain of records in the secondtraffic steering accelerator 132. The secondtraffic steering accelerator 132 retrieves the third record from the first chain of records based on the third input VLAN-ID (06) of the first data packet. Since the third record corresponds to thethird service VM 144, the secondtraffic steering accelerator 132 generates the first data packet having the sixth packet specification (PS6) 312. - The first data packet having the sixth packet specification (PS6) 312 includes a
MAC header 346, the VLANprotocol identifier field 332, a VLAN-ID field 348, and theIP packet 328. TheMAC header 346 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the secondtraffic steering accelerator 132 and the destination MAC address is a MAC address of thethird service VM 144. The VLAN-ID field 348 includes the third input VLAN ID (0x1006). The secondtraffic steering accelerator 132 transmits the first data packet having the sixth packet specification (PS6) 312 to thethird service VM 144 of the second set ofservice VMs 130 based on the third input VLAN-ID (06). Since thesecond processor 114 executes the second, third, fourth, andfifth service VMs traffic steering accelerator 132 determines the service VM out of the second set ofservice VMs 130 that receives the first data packet based on the input VLAN-ID. Thus, based on the input VLAN-ID added to the first data packet, the secondtraffic steering accelerator 132 precisely identifies the service VM for processing the first data packet. - The
third service VM 144 receives the first data packet having the sixth packet specification (PS6) 312 from the secondtraffic steering accelerator 132. Thethird service VM 144 removes the third input VLAN-ID (06) from the first data packet having the sixth packet specification (PS6) 312, processes theIP packet 328 with a third service function, adds the third output VLAN-ID (07) to the first data packet, and generates the first data packet having the seventh packet specification (PS7) 314. Thethird service VM 144 transmits the first data packet having the seventh packet specification (PS7) 314 to the secondtraffic steering accelerator 132. The first data packet having the seventh packet specification (PS7) 314 includes aMAC header 350, the VLANprotocol identifier field 332, a VLAN-ID field 352, and the firstdata packet field 328. TheMAC header 350 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of thethird service VM 144 and the destination MAC address is the MAC address of the secondtraffic steering accelerator 132. The VLAN-ID field 352 includes the third output VLAN ID (0x1007). The secondtraffic steering accelerator 132 receives the first data packet having the seventh packet specification (PS7) 314 and removes the third output VLAN-ID (07) from the first data packet having the seventh packet specification (PS7) 314. The secondtraffic steering accelerator 132 identifies the third record of the first chain of records based on the third output VLAN-ID (07) and checks to determine if the first chain of records includes another record subsequent to the third record. On identifying the fourth record as the subsequent record, the secondtraffic steering accelerator 132 retrieves the fourth input VLAN-ID (08) of the fourth record, adds the fourth input VLAN-ID (08) to the first data packet, and generates the first data packet having the eighth packet specification (PS8) 316. Since the fourth record is associated with thefourth service VM 146, the secondtraffic steering accelerator 132 transmits the first data packet having the eighth packet specification (PS8) 316 utilizing a virtual port that corresponds to the fourth port number. - Thus, the first data packet having the eighth packet specification (PS8) 316 includes a
MAC header 354, the VLANprotocol identifier field 332, a VLAN-ID field 356, and the firstdata packet field 328. TheMAC header 354 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the secondtraffic steering accelerator 132 and the destination MAC address is a MAC address of thefourth service VM 146. The VLAN-ID field 356 includes the fourth input VLAN ID (0x1008). - The
fourth service VM 146 receives the first data packet having the eighth packet specification (PS8) 316 from the secondtraffic steering accelerator 132. Thefourth service VM 146 removes the fourth input VLAN-ID (08) from the first data packet having the eighth packet specification (PS8) 316, processes theIP packet 328 with a fourth service function, adds the fourth output VLAN-ID (09) to the first data packet, and generates the first data packet having the ninth packet specification (PS9) 318. The first data packet having the ninth packet specification (PS9) 318 includes the fourth output VLAN-ID (09). Thefourth service VM 146 transmits the first data packet having the ninth packet specification (PS9) 318 to the secondtraffic steering accelerator 132. - Thus, the first data packet having the ninth packet specification (PS9) 318 includes a
MAC header 358, the VLANprotocol identifier field 332, a VLAN-ID field 360, and the firstdata packet field 328. TheMAC header 358 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of thefourth service VM 146 and the destination MAC address is the MAC address of the secondtraffic steering accelerator 132. The VLAN-ID field 360 includes the fourth output VLAN ID (0x1009). - The second
traffic steering accelerator 132 receives the first data packet having the ninth packet specification (PS9) 318 and removes the fourth output VLAN-ID (09) from the first data packet having the ninth packet specification (PS9) 318. The secondtraffic steering accelerator 132 identifies the fourth record of the first chain of records based on the fourth output VLAN-ID (09) and checks to determine if the first chain of records includes yet another record subsequent to the fourth record. On determining that no more records are included in the first chain of records, the secondtraffic steering accelerator 132 generates the first data packet having the twelfth packet specification (PSc) 324 and transmits the first data packet having the twelfth packet specification (PSc) 324 to thesecond application VM 150. - The first data packet having the twelfth packet specification (PSc) 324 includes a
MAC header 362 and theIP packet 328. TheMAC header 362 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the secondtraffic steering accelerator 132 and the destination MAC address is a MAC address of thesecond application VM 150. - In another example, the first data packet has to be processed with the first, second, and
fifth service VMs IP packet 328. The second chain of records includes the first record, the second record, and the fifth record. Thus, when thefirst application VM 138 outputs the first data packet having the first packet specification (PS1) 302 to the firsttraffic steering accelerator 126, the firsttraffic steering accelerator 126 provides theIP packet 328 to thetraffic steering controller 108. Thetraffic steering controller 108 configures the second chain of records in the firsttraffic steering accelerator 126. The firsttraffic steering accelerator 126 thus retrieves the first input VLAN-ID (02) from the first record, adds the first input VLAN-ID (02) to the first data packet, generates the first data packet having the second packet specification (PS2) 302, and transmits the first data packet having the second packet specification (PS2) 302 to thefirst service VM 140. Thefirst service VM 140 removes the first input VLAN-ID (02) from the first data packet having the second packet specification (PS2) 302, processes theIP packet 328 with the first service function, adds the first output VLAN-ID (03) to the first data packet, generates the first data packet having the third packet specification (PS3) 304, and transmits the first data packet having the third packet specification (PS3) 304 to the firsttraffic steering accelerator 126. - The first
traffic steering accelerator 126 receives the first data packet having the third packet specification (PS3) 304, identifies the subsequent record as the second record in the second chain of records based on the first record, adds the second input VLAN-ID (04) to the first data packet, generates the first data packet having a second overlay network tunnel packet specification (OT2) (not shown), and transmits the first data packet having the second overlay tunnel packet specification (OT2) to the secondtraffic steering accelerator 132. The secondtraffic steering accelerator 132 receives the first data packet having the second overlay tunnel packet specification (OT2), transmits theIP packet 328 to thetraffic steering controller 108, receives the second chain of records from thetraffic steering controller 108, adds the second input VLAN-ID (04) to the first data packet, generates the first data packet having the fourth packet specification (PS4) 308, and transmits the first data packet having the fourth packet specification (PS4) 308 to thesecond service VM 142. - Thus, the first data packet having the fourth packet specification (PS4) 308 includes a
MAC header 364, the VLANprotocol identifier field 332, a VLAN-ID field 366, and theIP packet 328. TheMAC header 364 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the secondtraffic steering accelerator 132 and the destination MAC address is a MAC address of thesecond service VM 142. The VLAN-ID field 366 includes the second input VLAN ID (0x1004). - The
second service VM 142 receives the first data packet having the fourth packet specification (PS4) 308, removes the second input VLAN-ID (04) from the first data packet having the fourth packet specification (PS4) 308, processes theIP packet 328 with the second service function, adds the second output VLAN-ID (05) to the first data packet, and generates the first data packet having the fifth packet specification (PS5) 310. - Thus, the first data packet having the fifth packet specification (PS5) 310 includes a
MAC header 368, the VLANprotocol identifier field 332, a VLAN-ID field 370, and theIP packet 328. TheMAC header 368 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of thesecond service VM 142 and the destination MAC address is the MAC address of the secondtraffic steering accelerator 132. The VLAN-ID field 370 includes the second output VLAN ID (0x1005). - The second
traffic steering accelerator 132 receives the first data packet having the fifth packet specification (PS5) 310 and removes the second output VLAN-ID (05) from the first data packet having the fifth packet specification (PS5) 310. The secondtraffic steering accelerator 132 identifies the fifth record of the second chain of records based on the second output VLAN-ID (05). On identifying the fifth record, the secondtraffic steering accelerator 132 retrieves the fifth input VLAN-ID (0a) of the fifth record, adds the fifth input VLAN-ID (0a) to the first data packet, and generates the first data packet having the tenth packet specification (PSa) 320. Since the fifth record is associated with thefifth service VM 148, the secondtraffic steering accelerator 132 transmits the first data packet having the tenth packet specification (PSa) 320 utilizing the fifth port number. - Thus, the first data packet having the tenth packet specification (PSa) 320 includes a
MAC header 372, the VLANprotocol identifier field 332, a VLAN-ID field 374, and theIP packet 328. TheMAC header 372 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of the secondtraffic steering accelerator 132 and the destination MAC address is a MAC address of thefifth service VM 148. The VLAN-ID field 374 includes the fifth input VLAN ID (0x100a). - The
fifth service VM 148 receives the first data packet having the tenth packet specification (PSa) 320, removes the fifth input VLAN-ID (0a) from the first data packet having the fifth packet specification (PSa) 320, processes theIP packet 328 with a fifth service function, adds the fifth output VLAN-ID (0b) to the first data packet, and generates the first data packet having the eleventh packet specification (PSb) 322. - Thus, the first data packet having the eleventh packet specification (PSb) 322 includes a
MAC header 376, the VLANprotocol identifier field 332, a VLAN-ID field 378, and theIP packet 328. TheMAC header 376 includes a source MAC address and a destination MAC address. The source MAC address is the MAC address of thefifth service VM 148 and the destination MAC address is the MAC address of the secondtraffic steering accelerator 132. The VLAN-ID field 378 includes the fifth output VLAN ID (0x100b). - The second
traffic steering accelerator 132 receives the first data packet having the eleventh packet specification (PSb) 322 and removes the fifth output VLAN-ID (0b) from the first data packet having the eleventh packet specification (PSb) 322. The secondtraffic steering accelerator 132 identifies the fifth record of the second chain of records based on the fifth output VLAN-ID (0b) and checks to determine if the second chain of records includes yet another record subsequent to the fifth record. On determining that no more records are included in the second chain of records, the secondtraffic steering accelerator 132 generates the first data packet having the twelfth packet specification (PSc) 324 and transmits the first data packet having the twelfth packet specification (PSc) 324 to thesecond application VM 150. - Referring now to
FIG. 4 , a flow chart illustrating a method for steering the data packets in accordance with an embodiment of the present invention is shown. Atstep 402, the VLAN-ID assignment module 134 generates the multiple records. Atstep 404, the VLAN-ID assignment module 134 associates the multiple records with the multiple service VMs. Atstep 406, theservice chaining module 136 receives the multiple records. Atstep 408, theservice chaining module 136 generates the multiple service chaining rules associated with the multiple n-Tuples. Atstep 410, thetraffic steering controller 108 receives the multiple service chaining rules and the corresponding multiple records from theservice chaining module 136. Atstep 412, thetraffic steering controller 108 sequences the multiple records based on the multiple service chaining rules and generates the multiple chain of records. Atstep 414, thefirst processor 110 executes thefirst application VM 138 of the first set ofapplication VMs 122 and thefirst service VM 140 of the first set ofservice VMs 124. Atstep 416, the firsttraffic steering accelerator 126 receives the first data packet. Atstep 418, the firsttraffic steering accelerator 126 receives the first chain of records corresponding to the first n-Tuple. Atstep 420, the firsttraffic steering accelerator 126 retrieves and adds the first input VLAN-ID of the first record of the first chain of records with the first data packet. Atstep 422, the firsttraffic steering accelerator 126 identifies a destination based on the first input VLAN-ID. Atstep 424, the firsttraffic steering accelerator 126 checks to determine whether the destination of the first data packet is thefirst service VM 140. If the firsttraffic steering accelerator 126 determines that the destination of the first data packet is thefirst service VM 140,step 502 is executed. If atstep 424, the firsttraffic steering accelerator 126 determines that the destination of the first data packet is not thefirst service VM 140,step 426 is executed. Atstep 426, the first data packet is transmitted to the secondtraffic steering accelerator 132 by way of theoverlay network tunnel 202. - Referring now to
FIG. 5 , a flow chart illustrating a method of processing the first data packet by thefirst service VM 140 is shown. Atstep 502, thefirst service VM 140 receives the first record from the VLAN-ID assignment module 134. Atstep 504, thefirst service VM 140 receives the first data packet from the firsttraffic steering accelerator 126. Atstep 506, thefirst service VM 140 removes the first input VLAN-ID added to the first data packet. Atstep 508, the first data packet is processed with the first service function. Atstep 510, the first output VLAN-ID is added to the first data packet. Atstep 512, the first data packet is transmitted to the firsttraffic steering accelerator 126. - Referring now to
FIG. 6 , a flow chart illustrating a method of processing the first data packet by the firsttraffic steering accelerator 126 on receiving the first data packet from thefirst service VM 140 is shown. Atstep 602, the first data packet is received by the firsttraffic steering accelerator 126. Atstep 604, the firsttraffic steering accelerator 126 removes the first output VLAN-ID added to the first data packet. Atstep 606, the first record of the first chain of records is identified based on the first output VLAN-ID. Atstep 608, the firsttraffic steering accelerator 126 determines if the second record is available from the first chain of records. If atstep 608, the firsttraffic steering accelerator 126 determines that the second record is not available from the first chain of records,step 610 is executed. Atstep 610, the first data packet is sent to a destination application VM in the first set ofapplication VMs 122. However, if atstep 608, the firsttraffic steering accelerator 126 determines that the second record is available from the first chain of records,step 612 is executed. Atstep 612, the firsttraffic steering accelerator 126 determines the second record of the first chain of records subsequent to the first record. Atstep 614, the second input VLAN-ID of the second record is added to the first data packet. Atstep 616, the firsttraffic steering accelerator 126 determines if the destination of the first data packet is the secondtraffic steering accelerator 132. If atstep 616, the firsttraffic steering accelerator 126 determines that the destination of the first data packet is the secondtraffic steering accelerator 132, step 702 is executed. However, if atstep 616, the firsttraffic steering accelerator 126 determines that the destination of the first data packet is not the secondtraffic steering accelerator 132,step 620 is executed. Atstep 620, the first data packet is sent to a service VM of the first set ofservice VMs 124. - Referring now to
FIG. 7 , a flow chart illustrating a method for determining a destination for theIP packet 328 based on a second input VLAN-ID thereof by the secondtraffic steering accelerator 132 in accordance with an embodiment of the present invention is shown. At step 702, the first data packet is received at the secondtraffic steering accelerator 132. Atstep 704, the secondtraffic steering accelerator 132 provides the first data packet to thetraffic steering controller 108. Atstep 706, the first chain of records is received by the secondtraffic steering accelerator 132 from thetraffic steering controller 108. Atstep 708, the secondtraffic steering accelerator 132 retrieves the second record from the first chain of records based on the second input VLAN-ID of the first data packet. Atstep 710, a destination is identified based on the second input VLAN-ID. Atstep 712, the secondtraffic steering accelerator 132 determines if the destination of the first data packet is thesecond service VM 142. If atstep 712, the secondtraffic steering accelerator 132 determines that the destination of the first data packet is not thesecond service VM 142,step 714 is executed. Atstep 714, the first data packet is transmitted to the third traffic steering accelerator (not shown). However, if atstep 712, the secondtraffic steering accelerator 132 determines that the destination of the first data packet is thesecond service VM 142,step 802 is executed. - Referring now to
FIG. 8 , a flow chart illustrating a method of processing the first data packet by thesecond service VM 142 in accordance with an embodiment of the present invention is shown. Atstep 802, thesecond service VM 142 receives the second record from the VLAN-ID assignment module 134. The second record includes the second input VLAN-ID, the second output VLAN-ID, and the second port number. Atstep 804, thesecond service VM 142 receives the first data packet from the secondtraffic steering accelerator 132. Atstep 806, the secondtraffic steering accelerator 132 removes the second input VLAN-ID added to the first data packet. Atstep 808, the first data packet is processed with the second service function. Atstep 810, the second output VLAN-ID is added to the first data packet. Atstep 812, the first data packet is transmitted to the secondtraffic steering accelerator 132. - Referring now to
FIGS. 9A and 9B , flow charts illustrating a method of determining a destination for the first data packet by the secondtraffic steering accelerator 132 on receiving the first data packet from thesecond service VM 142 is shown. Atstep 902, the first data packet is received at the secondtraffic steering accelerator 132. Atstep 904, the secondtraffic steering accelerator 132 determines if the third record is available from the first chain of records. If atstep 904, the secondtraffic steering accelerator 132 determines that the third record is not available from the first chain of records,step 906 is executed. Atstep 906, the first data packet is transmitted to thesecond application VM 150. However, if atstep 904, the secondtraffic steering accelerator 132 determines that the third record is available from the first chain of records,step 908 is executed. Atstep 908, the secondtraffic steering accelerator 132 retrieves the third record from the first chain of records based on the second output VLAN-ID of the first data packet. Atstep 910, a destination based on the third input VLAN-ID is identified for the first data packet. - Thus, by embedding the VLAN-IDs in the data packet, the subsequent service VM amongst the multiple service VMs hosted by a given single compute node for the layer 2 transparent networks can be determined. The
system 100 does not define any new network protocols in the header of the data packets to identify the subsequent service VM in the service chain. Thesystem 100 also eliminates the need of upgrading software and hardware in the compute node and utilizes existing networking mechanisms for configuring the VLAN-ID information. Since the records in the service chain are ordered, the time required for determining the subsequent service VM for processing the data packet is less. Moreover, thetraffic steering controller 108 evenly distributes and assigns the data packets to be processed by the multiple service VMs, thereby reducing the processing load caused due to the transmission of the data packets in the communication network. Since thesystem 100 does not use any network ports to identify the next service VM, thesystem 100 provides a scalable solution for steering data packets. Furthermore, thesystem 100 provides excellent performance characteristics and provides easy implementation in fast path accelerators for the L2 transparent networks. - While various embodiments of the present invention have been illustrated and described, it will be clear that the present invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the present invention, as described in the claims.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/704,988 US9473396B1 (en) | 2015-05-06 | 2015-05-06 | System for steering data packets in communication network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/704,988 US9473396B1 (en) | 2015-05-06 | 2015-05-06 | System for steering data packets in communication network |
Publications (2)
Publication Number | Publication Date |
---|---|
US9473396B1 US9473396B1 (en) | 2016-10-18 |
US20160330110A1 true US20160330110A1 (en) | 2016-11-10 |
Family
ID=57120286
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/704,988 Active 2035-06-30 US9473396B1 (en) | 2015-05-06 | 2015-05-06 | System for steering data packets in communication network |
Country Status (1)
Country | Link |
---|---|
US (1) | US9473396B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170180308A1 (en) * | 2015-12-18 | 2017-06-22 | Bluedata Software, Inc. | Allocation of port addresses in a large-scale processing environment |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9749243B2 (en) * | 2015-09-25 | 2017-08-29 | University Of Vigo | Systems and methods for optimizing network traffic |
US10193940B2 (en) * | 2017-02-07 | 2019-01-29 | Microsoft Technology Licensing, Llc | Adding recorded content to an interactive timeline of a teleconference session |
US10785189B2 (en) * | 2018-03-01 | 2020-09-22 | Schweitzer Engineering Laboratories, Inc. | Selective port mirroring and in-band transport of network communications for inspection |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8284664B1 (en) | 2007-09-28 | 2012-10-09 | Juniper Networks, Inc. | Redirecting data units to service modules based on service tags and a redirection table |
US8743885B2 (en) | 2011-05-03 | 2014-06-03 | Cisco Technology, Inc. | Mobile service routing in a network environment |
US10097452B2 (en) | 2012-04-16 | 2018-10-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Chaining of inline services using software defined networking |
US9081603B2 (en) | 2012-07-09 | 2015-07-14 | Cisco Technology, Inc. | Packet forwarding optimization with virtual machine mobility by comparing device identifiers to determine VM movement |
US9497281B2 (en) * | 2013-04-06 | 2016-11-15 | Citrix Systems, Inc. | Systems and methods to cache packet steering decisions for a cluster of load balancers |
US9178812B2 (en) | 2013-06-05 | 2015-11-03 | Cisco Technology, Inc. | Stacking metadata contexts for service chains |
US20150263960A1 (en) * | 2014-03-14 | 2015-09-17 | Avni Networks Inc. | Method and apparatus for cloud bursting and cloud balancing of instances across clouds |
US9705775B2 (en) * | 2014-11-20 | 2017-07-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Passive performance measurement for inline service chaining |
-
2015
- 2015-05-06 US US14/704,988 patent/US9473396B1/en active Active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170180308A1 (en) * | 2015-12-18 | 2017-06-22 | Bluedata Software, Inc. | Allocation of port addresses in a large-scale processing environment |
Also Published As
Publication number | Publication date |
---|---|
US9473396B1 (en) | 2016-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10728288B2 (en) | Policy-driven workload launching based on software defined networking encryption policies | |
US10812378B2 (en) | System and method for improved service chaining | |
US20220124077A1 (en) | Secure forwarding of tenant workloads in virtual networks | |
US11025647B2 (en) | Providing a virtual security appliance architecture to a virtual cloud infrastructure | |
US10122629B2 (en) | Systems and methods for externalizing network functions via packet trunking | |
US9674088B1 (en) | Receive packet steering for virtual networks | |
EP3039833B1 (en) | System and method for providing a data service in an engineered system for middleware and application execution | |
US20200344088A1 (en) | Network interoperability support for non-virtualized entities | |
US9729441B2 (en) | Service function bundling for service function chains | |
US10666617B2 (en) | Intercepting network traffic routed by virtual switches for selective security processing | |
US20190273718A1 (en) | Intercepting network traffic routed by virtual switches for selective security processing | |
US20190158541A1 (en) | Scalable policy management for virtual networks | |
US11329966B2 (en) | System and method for transferring packets between kernel modules in different network stacks | |
US9473396B1 (en) | System for steering data packets in communication network | |
US11496599B1 (en) | Efficient flow management utilizing control packets | |
EP4141666A1 (en) | Dual user space-kernel space datapaths for packet processing operations | |
WO2023114184A1 (en) | Encrypted data packet forwarding | |
US20200351286A1 (en) | Configuring an island virtual switch for provisioning of network security services | |
US20180241670A1 (en) | Software switch for providing network function and operation method thereof | |
US20190268353A1 (en) | Systems and methods for preventing malicious network traffic from accessing trusted network resources | |
US20230412614A1 (en) | Horizontal scaling of virtual network security functions | |
US20240061796A1 (en) | Multi-tenant aware data processing units |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FREESCALE SEMICONDUCTOR,INC, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MURTHY NITTALA, SATYA SRINIVASA;ADDEPALLI, SRINIVASA R.;PADNALA, BALAJI;SIGNING DATES FROM 20150318 TO 20150320;REEL/FRAME:035570/0665 |
|
AS | Assignment |
Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YORK Free format text: SUPPLEMENT TO IP SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:036284/0339 Effective date: 20150724 Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YORK Free format text: SUPPLEMENT TO IP SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:036284/0363 Effective date: 20150724 Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YORK Free format text: SUPPLEMENT TO IP SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:036284/0105 Effective date: 20150724 Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YOR Free format text: SUPPLEMENT TO IP SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:036284/0105 Effective date: 20150724 Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YOR Free format text: SUPPLEMENT TO IP SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:036284/0339 Effective date: 20150724 Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YOR Free format text: SUPPLEMENT TO IP SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:036284/0363 Effective date: 20150724 |
|
AS | Assignment |
Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037357/0859 Effective date: 20151207 |
|
AS | Assignment |
Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:037565/0510 Effective date: 20151207 Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:037565/0527 Effective date: 20151207 |
|
AS | Assignment |
Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: SUPPLEMENT TO THE SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:039138/0001 Effective date: 20160525 |
|
AS | Assignment |
Owner name: NXP, B.V., F/K/A FREESCALE SEMICONDUCTOR, INC., NETHERLANDS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:040925/0001 Effective date: 20160912 Owner name: NXP, B.V., F/K/A FREESCALE SEMICONDUCTOR, INC., NE Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:040925/0001 Effective date: 20160912 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: NXP B.V., NETHERLANDS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:040928/0001 Effective date: 20160622 |
|
AS | Assignment |
Owner name: NXP USA, INC., TEXAS Free format text: MERGER;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:041144/0363 Effective date: 20161107 |
|
AS | Assignment |
Owner name: NXP B.V., NETHERLANDS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:050744/0097 Effective date: 20190903 |
|
AS | Assignment |
Owner name: NXP B.V., NETHERLANDS Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVEAPPLICATION 11759915 AND REPLACE IT WITH APPLICATION11759935 PREVIOUSLY RECORDED ON REEL 040928 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITYINTEREST;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:052915/0001 Effective date: 20160622 |
|
AS | Assignment |
Owner name: NXP, B.V. F/K/A FREESCALE SEMICONDUCTOR, INC., NETHERLANDS Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVEAPPLICATION 11759915 AND REPLACE IT WITH APPLICATION11759935 PREVIOUSLY RECORDED ON REEL 040925 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITYINTEREST;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:052917/0001 Effective date: 20160912 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |