USRE49663E1 - Virtual switching overlay for cloud computing - Google Patents

Virtual switching overlay for cloud computing Download PDF

Info

Publication number
USRE49663E1
USRE49663E1 US17/363,273 US202117363273A USRE49663E US RE49663 E1 USRE49663 E1 US RE49663E1 US 202117363273 A US202117363273 A US 202117363273A US RE49663 E USRE49663 E US RE49663E
Authority
US
United States
Prior art keywords
virtual
network
data
switch
external network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US17/363,273
Inventor
Michael Smith
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Priority to US17/363,273 priority Critical patent/USRE49663E1/en
Assigned to CISCO TECHNOLOGY, INC. reassignment CISCO TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SMITH, MICHAEL
Application granted granted Critical
Publication of USRE49663E1 publication Critical patent/USRE49663E1/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Definitions

  • the present disclosure relates generally to communication networks, and more particularly, to cloud computing.
  • IaaS Infrastructure as a Service
  • IaaS delivers computer infrastructure, typically a platform virtualization environment, as a service. Rather than purchasing servers, software, data center space, or network equipment, customers instead purchase these resources as an outsourced service.
  • Most IaaS providers do not disclose how their infrastructures are handled internally since they often view this as their competitive advantage. As a result, the enterprise has no visibility into the infrastructure within the cloud and is left with no assurance of security, reliability, or visibility. Even if the provider discloses how their internal operations are implemented, there is still no way for the enterprise to monitor or verify the infrastructure.
  • FIG. 1 illustrates an example of a network in which embodiments described herein may be implemented.
  • FIG. 2 is a diagram illustrating a virtual switch interconnecting an enterprise data center and a virtual private cloud data center in the network of FIG. 1 , in accordance with one embodiment.
  • FIG. 3 is a diagram illustrating implementation of the virtual switch in the network of FIG. 1 , in accordance with one embodiment.
  • FIG. 4 is a diagram illustrating details of the virtual switch located in a virtual machine in the network of FIG. 3 , in accordance with one embodiment.
  • FIG. 5 is a flowchart illustrating an overview of a process for implementing a virtual switching overlay for cloud computing, in accordance with one embodiment.
  • FIG. 6 depicts an example of a network device useful in implementing embodiments described herein.
  • a method generally comprises receiving data at a virtual switch located at a network device in a cloud network.
  • the data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network.
  • the method further includes transmitting the data from the virtual switch to the virtual machine.
  • the virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
  • logic is encoded in one or more tangible media for execution and when executed operable to switch data between virtual machines located in a cloud network, forward data to an external network, perform access layer switch operations for the external network, and create a virtual switching overlay for secure communication between the virtual machines and the external network.
  • Cloud computing is a model that provides resources and services that are abstracted from an underlying infrastructure and provided on demand and at scale in a multi-tenant environment.
  • the clouds are typically accessed through web browsers or APIs (Application Programming Interfaces) and offer nearly unlimited capacity on demand, but with limited customer control.
  • IaaS Infrastructure as a service
  • a popular offering within IaaS is the Virtual Private Cloud (VPC).
  • VPC Virtual Private Cloud
  • the VPC includes a set of Virtual Machines (VMs) and networks that are connected to the enterprise and appear to be part of the enterprise (i.e., associated with the enterprise network).
  • VMs Virtual Machines
  • the network administrator has to extend the enterprise network into an insecure environment and therefore loses visibility into what is happening within the cloud, and control over security and enterprise-class features.
  • the embodiments described herein address the above needs within the cloud computing environment.
  • the embodiments provide a virtual switching overlay on top of the cloud infrastructure. This allows the network administrator to regain control of the network access layer within the virtual private cloud and provides full visibility into the cloud, secure communication within the cloud and from the cloud to the enterprise, and an interface to the cloud network that is independent of the service provider.
  • FIG. 1 an example of a network 10 that may implement embodiments described herein is shown.
  • the embodiments operate in the context of a data communication network including multiple network elements.
  • Some of the elements in a network that employs the system may be network devices such as servers, switches, routers, or gateways.
  • the network device may include, for example, a master central processing unit (CPU), interfaces, and a bus.
  • the CPU preferably includes memory and a processor.
  • the network device may be implemented on a general purpose network machine such as described below with respect to FIG. 6 . It is to be understood that the simplified network shown in FIG. 1 is only one example, and that the embodiments described herein may be employed in networks having different configurations and types of network devices.
  • the network 10 shown in FIG. 1 includes a customer network (e.g., enterprise network) 12 in communication with a service provider network 14 through a public network (e.g., Internet) 16 .
  • the customer network 12 includes a plurality of end users 18 at one or more locations.
  • the service provider 14 includes a cloud network (e.g., virtual private cloud) 20 , which is an isolated portion of the service provider network.
  • the VPC 20 may include any number of subnets 25 .
  • the subnet 25 is a segment of the VPC's IP address range where the customer can place groups of isolated resources.
  • the service provider network 14 may include any number of virtual private clouds 20 or subnets 25 associated with the customer network 12 or other customer networks. The customers are segmented within the virtual private cloud 20 by the service provider.
  • the customer end users 18 communicate with the VPC 20 over a connection 22 (e.g., Virtual Private Network (VPN) connection) between a customer gateway 24 and VPN gateway 26 .
  • the connection 22 passes through the public network 16 .
  • the customer 18 may also communicate outside of the VPN connection 22 as shown at communication path 28 .
  • the customer network 12 is located outside of the VPC 20 and may be referred to as an external network as viewed from the VPC.
  • the VPC 20 includes a plurality of servers 40 which utilize virtualization technology.
  • Virtualization allows one computer to do the job of multiple computers by sharing the resources of a single computer across multiple systems.
  • Software is used to virtualize hardware resources of a computer, including, for example, the CPU, RAM, hard disk, and network controller, to create a virtual machine that can run its own operating system and applications.
  • Multiple virtual machines on each server share hardware resources without interfering with each other so that several operating systems and applications can be run at the same time.
  • the virtual machines are deployed within the cloud on demand with the IP addresses of the VMs controlled by the enterprise.
  • a virtual switch 34 is located in the VPC 20 to provide a virtual switching overlay 18 on top of the cloud.
  • the virtual switch 34 operates as an access layer switch for the customer so that the customer has control of the cloud network access layer.
  • FIG. 2 illustrates the virtual switch 34 located in a VPC data center (cloud 20 in FIG. 1 ) and in communication with a virtual switch 36 located at an enterprise data center (customer network 12 in FIG. 1 ).
  • the virtual switch 34 provides secure communication within the VPC data center 20 and to the enterprise data center 12 .
  • Secure tunnel communication between the virtual switch 34 and the enterprise network 12 may be in the form of L2TPv3 (Layer 2 Tunneling Protocol version 3) over IPsec (Internet Protocol Security) so that the default gateway is in the enterprise network.
  • Layer 3 (L3) VPN communication may also be used between the enterprise 12 and the VPC 20 .
  • the virtual switch 34 operates as a default gateway at the VPC 20 . It is to be understood that other protocols may also be used to securely transfer data between the virtual switch 34 and enterprise 12 .
  • the virtual switch 34 transmits data received from the enterprise 12 to virtual machines 30 located within the VPC 20 via encrypted links (virtual secure wires) 48 .
  • the VPC data center 20 may also include more than one virtual switch 34 with an encrypted link between the virtual switches.
  • L2TPv3 over IPsec may be used to encrypt packets transmitted between the virtual switch 34 and virtual machines 30 . It is to be understood that L2TPv3 over IPsec is only one example and that other protocols may be used to transfer data between the virtual switch 34 and virtual machines 30 .
  • each virtual machine 30 includes an agent 32 .
  • the agent 32 may be a VPN client, for example, or other application loaded in the virtual machine 30 by an enterprise server/application administrator.
  • the agent 32 contains the IP address assigned by the service provider and port profile names.
  • a port profile is used to define a common set of configuration policies (attributes) for multiple interfaces.
  • the port profiles are associated with port configuration policies defined by the network administrator and applied to a large number of ports as they come online in a virtual environment.
  • the VPN connection 22 may be used to signal VM MAC addresses back to the enterprise 12 to prevent flooding across the VPN connection 22 . Since traffic leaving the virtual private cloud 20 is often billed by the provider, stopping floods can reduce costs.
  • the virtual switch 36 at the enterprise may also proxy ARP (Address Resolution Protocol) requests on behalf of the VMs 30 within the VPC 20 . As shown in FIG. 2 , the enterprise virtual switch 36 also has an unencrypted interface at link 35 which connects to the rest of the enterprise network.
  • ARP Address Resolution Protocol
  • FIG. 3 illustrates details of implementation of the virtual switch 34 in the network of FIG. 1 , in accordance with one embodiment.
  • the virtual switch 34 is located in one of the virtual machines 30 .
  • the servers 40 in the VPC 20 each include one or more virtual machines 30 .
  • the virtual switch 34 is installed at VM A, which is located along with VM B at a first server.
  • VM C and VM D are located at a second server, and VM E is located at a third server, each server being physically separate from the other servers.
  • the virtual machines 30 may each be moved between servers 40 based on traffic patterns, hardware resources, or other criteria.
  • the servers 40 are in communication with the network via switches 52 , 54 , (e.g., hardware implemented network switches or other network devices configured to perform switching or routing functions).
  • the switches 52 , 54 may be in communication with a management station 56 (e.g., virtualization management platform such as VMware Virtual Center management station, available from VMware of Palo Alto, Calif.).
  • the management station 56 or one or more management functions may also be integrated into the switches 52 , 54 .
  • the virtual machines 30 communicate with the network via a virtual switch ( 45 , 46 ), such as NEXUS 1000V, available from Cisco Systems, Inc. of San Jose, Calif.
  • the virtual switch is located in the service provider network 14 and includes components referred to as a Virtual Supervisor Module (VSM) 45 and Virtual Ethernet Module (VEM) 46 .
  • VSM Virtual Supervisor Module
  • VEM Virtual Ethernet Module
  • the VSM 45 may be located in a physical appliance (e.g., server) in communication with the servers 40 and management station 56 via physical switches 52 , 54 .
  • the VSM 45 may also be a virtual appliance (e.g., virtual machine) installed at one of the servers 40 or the VSM may be installed at one of the switches 52 , 54 .
  • the VSM 45 is configured to provide control/management plane functionality for the virtual machines 30 and control multiple VEMs 46 .
  • the VEM 46 provides switching capability at the server 40 and operates as a data plane associated with the control plane of the VSM 45 .
  • the VSM 45 and VEM 46 operate together to form a distributed virtual switch as viewed by the management station 56 .
  • the VSM 45 and VEM 46 may also be located together in a network device (e.g., switch 52 , 54 , server 40 or other network device in communication with the switches 52 , 54 and servers 40 ).
  • the network shown in FIG. 3 is only one example, and that the virtual switching overlay 18 may be used in different networks having different network components.
  • the virtual switching overlay 18 may run on top of VMWare, Xen hypervisor or any other hypervisor or platform virtualization model at the VPC 20 .
  • the virtual switch (VSM 45 /VEM 46 ) is just one example of a virtualization model at the service provider network.
  • FIG. 4 illustrates one example of the virtual switch 34 installed at VM A in FIG. 3 .
  • the virtual switch 34 switches traffic between the secure virtual wires 48 connecting the virtual switch to the virtual machines 30 .
  • the virtual wires 48 run from the virtual switch 34 to the agent 32 installed in the virtual machines 30 ( FIGS. 2 and 4 ).
  • the virtual switch 34 includes a Virtual Supervisor Module (VSM) 58 and Virtual Ethernet Module (VEM) 60 .
  • VSM Virtual Supervisor Module
  • VEM Virtual Ethernet Module
  • the VEM 60 supports a plurality (e.g., hundreds or thousands (or fewer or more)) of virtual Ethernet interfaces which communicate with the VMs 30 .
  • the virtual wire 48 establishes a secure tunnel using L2 over IPSec (or other protocol) to the VSM IP address at the virtual switch 34 .
  • the virtual switch 34 may encapsulate packets with an L2TPv3 header before transmitting the packets over the wire 48 .
  • the virtual switch 34 allows the enterprise to gain control of the cloud network access layer. All traffic entering or leaving the cloud (e.g., VPC 20 or subnet 25 in VPC) associated with the enterprise passes through the virtual switch 34 .
  • An administrator at the enterprise can access the virtual switch 34 and view the virtual Ethernet ports (interfaces), configure ACLs (Access Control Lists), manage port profiles, and perform other management functions typically performed at the access layer.
  • the VPC 20 may include multiple virtual switches 34 connected to a central management plane.
  • the central management plane is assigned an elastic IP address and spawns off virtual switches 34 as virtual Ethernet interfaces are created and limits at the virtual switch are reached.
  • the port profiles may be configured in the central management plane with the virtual switches 34 pulling port profiles on demand when the associated virtual Ethernet interfaces connect to the virtual switch.
  • the virtual switches 34 preferably create a full mesh of VPN tunnels to form a single logical switch to prevent loops and eliminate the need for spanning tree.
  • FIG. 5 is a flowchart illustrating an overview of a process for implementing a virtual switching overlay for cloud computing, in accordance with one embodiment.
  • the virtual switching overlay 18 is created by installing the virtual switch 34 at a network device (e.g., server 40 ) in the cloud network 20 .
  • the virtual switch 34 operates as an access layer switch for an external network (e.g., customer network 12 located outside of the cloud network) and creates the virtual switching overlay 18 for secure communication between the virtual machines 30 and the external network 12 .
  • the virtual switch 34 receives data from the external network at step 62 .
  • the received data is destined for one or more of the virtual machines 30 located within the cloud network 20 and associated with the external network 12 .
  • the virtual switch 34 transmits the data to the virtual machine 30 over virtual wire 48 (step 64 ).
  • the data may be, for example, a packet or frame containing a request for data stored at one of the servers 40 or an update to data stored at one or more of the servers.
  • FIG. 6 depicts a network device 70 that may be used to implement embodiments described herein.
  • the network device 70 may be, for example, the server 40 containing the virtual switch 34 .
  • Network device 70 is configured to implement all of the network protocols and extensions thereof described herein.
  • network device 70 is a programmable machine that may be implemented in hardware, software, or any combination thereof.
  • Logic may be encoded in one or more tangible media for execution by a processor 72 .
  • processor 72 may execute codes stored in a program memory 74 .
  • Program memory 74 is one example of a computer-readable medium.
  • Program memory 74 can be a volatile memory.
  • the processor 72 includes means for transmitting, receiving, and encapsulating data and signaling addresses.
  • Network device 70 interfaces with physical media via a plurality of linecards (network interfaces) 76 .
  • Linecards 76 may incorporate Ethernet interfaces, DSL interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, SONET interfaces, etc.
  • packets As packets are received, processed, and forwarded by network device 70 , they may be stored in a packet memory 78 .
  • linecards 76 may incorporate processing and memory resources similar to those discussed above in connection with the network device as a whole. It is to be understood that the network device 70 shown in FIG. 6 and described above is only one example and that different configurations of network devices may be used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In one embodiment, a method includes receiving data at a virtual switch located at a network device in a cloud network. The data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network. The method further includes transmitting the data from the virtual switch to the virtual machines. The virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network. Logic and an apparatus are also disclosed.

Description

BACKGROUND
The present disclosure relates generally to communication networks, and more particularly, to cloud computing.
The number of applications and amount of data in enterprise data centers continue to grow. Cloud computing is being proposed as one possibility to meet the increasing demands. Cloud computing enables network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort. Infrastructure as a Service (IaaS) is one area of cloud computing that has attracted a lot of interest. IaaS delivers computer infrastructure, typically a platform virtualization environment, as a service. Rather than purchasing servers, software, data center space, or network equipment, customers instead purchase these resources as an outsourced service. Most IaaS providers do not disclose how their infrastructures are handled internally since they often view this as their competitive advantage. As a result, the enterprise has no visibility into the infrastructure within the cloud and is left with no assurance of security, reliability, or visibility. Even if the provider discloses how their internal operations are implemented, there is still no way for the enterprise to monitor or verify the infrastructure.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates an example of a network in which embodiments described herein may be implemented.
FIG. 2 is a diagram illustrating a virtual switch interconnecting an enterprise data center and a virtual private cloud data center in the network of FIG. 1 , in accordance with one embodiment.
FIG. 3 is a diagram illustrating implementation of the virtual switch in the network of FIG. 1 , in accordance with one embodiment.
FIG. 4 is a diagram illustrating details of the virtual switch located in a virtual machine in the network of FIG. 3 , in accordance with one embodiment.
FIG. 5 is a flowchart illustrating an overview of a process for implementing a virtual switching overlay for cloud computing, in accordance with one embodiment.
FIG. 6 depicts an example of a network device useful in implementing embodiments described herein.
Corresponding reference characters indicate corresponding parts throughout the several views of the drawings.
DESCRIPTION OF EXAMPLE EMBODIMENTS
Overview
In one embodiment, a method generally comprises receiving data at a virtual switch located at a network device in a cloud network. The data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network. The method further includes transmitting the data from the virtual switch to the virtual machine. The virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
In another embodiment, logic is encoded in one or more tangible media for execution and when executed operable to switch data between virtual machines located in a cloud network, forward data to an external network, perform access layer switch operations for the external network, and create a virtual switching overlay for secure communication between the virtual machines and the external network.
Example Embodiments
The following description is presented to enable one of ordinary skill in the art to make and use the embodiments. Descriptions of specific embodiments and applications are provided only as examples and various modifications will be readily apparent to those skilled in the art. The general principles described herein may be applied to other applications without departing from the scope of the embodiments. Thus, the embodiments are not to be limited to the embodiments shown, but are to be accorded the widest scope consistent with the principles and features described herein. For purpose of clarity, features relating to technical material that is known in the technical fields related to the embodiments have not been described in detail.
Cloud computing is a model that provides resources and services that are abstracted from an underlying infrastructure and provided on demand and at scale in a multi-tenant environment. The clouds are typically accessed through web browsers or APIs (Application Programming Interfaces) and offer nearly unlimited capacity on demand, but with limited customer control. One area of cloud computing is Infrastructure as a service (IaaS), in which computing, network, and storage services are delivered over the network on a pay-as-you-go basis. A popular offering within IaaS is the Virtual Private Cloud (VPC). The VPC is hosted on a public cloud; therefore, it is not truly a private cloud. The VPC includes a set of Virtual Machines (VMs) and networks that are connected to the enterprise and appear to be part of the enterprise (i.e., associated with the enterprise network). With conventional implementations of virtual private clouds, there are concerns about security, reliability, and visibility. The network administrator has to extend the enterprise network into an insecure environment and therefore loses visibility into what is happening within the cloud, and control over security and enterprise-class features. Also, there is no consistent interface between all of the various cloud providers. Enterprises desire security, service-level guarantees, and compliance control, but with virtual private clouds, the service providers are in control of these requisite capabilities. These drawbacks prevent many enterprises from adopting cloud computing.
The embodiments described herein address the above needs within the cloud computing environment. The embodiments provide a virtual switching overlay on top of the cloud infrastructure. This allows the network administrator to regain control of the network access layer within the virtual private cloud and provides full visibility into the cloud, secure communication within the cloud and from the cloud to the enterprise, and an interface to the cloud network that is independent of the service provider.
Referring now to the drawings, and first to FIG. 1 , an example of a network 10 that may implement embodiments described herein is shown. The embodiments operate in the context of a data communication network including multiple network elements. Some of the elements in a network that employs the system may be network devices such as servers, switches, routers, or gateways. The network device may include, for example, a master central processing unit (CPU), interfaces, and a bus. The CPU preferably includes memory and a processor. The network device may be implemented on a general purpose network machine such as described below with respect to FIG. 6 . It is to be understood that the simplified network shown in FIG. 1 is only one example, and that the embodiments described herein may be employed in networks having different configurations and types of network devices.
The network 10 shown in FIG. 1 includes a customer network (e.g., enterprise network) 12 in communication with a service provider network 14 through a public network (e.g., Internet) 16. The customer network 12 includes a plurality of end users 18 at one or more locations. The service provider 14 includes a cloud network (e.g., virtual private cloud) 20, which is an isolated portion of the service provider network. The VPC 20 may include any number of subnets 25. The subnet 25 is a segment of the VPC's IP address range where the customer can place groups of isolated resources. The service provider network 14 may include any number of virtual private clouds 20 or subnets 25 associated with the customer network 12 or other customer networks. The customers are segmented within the virtual private cloud 20 by the service provider. The customer end users 18 communicate with the VPC 20 over a connection 22 (e.g., Virtual Private Network (VPN) connection) between a customer gateway 24 and VPN gateway 26. The connection 22 passes through the public network 16. The customer 18 may also communicate outside of the VPN connection 22 as shown at communication path 28. The customer network 12 is located outside of the VPC 20 and may be referred to as an external network as viewed from the VPC.
The VPC 20 includes a plurality of servers 40 which utilize virtualization technology. Virtualization allows one computer to do the job of multiple computers by sharing the resources of a single computer across multiple systems. Software is used to virtualize hardware resources of a computer, including, for example, the CPU, RAM, hard disk, and network controller, to create a virtual machine that can run its own operating system and applications. Multiple virtual machines on each server share hardware resources without interfering with each other so that several operating systems and applications can be run at the same time. The virtual machines are deployed within the cloud on demand with the IP addresses of the VMs controlled by the enterprise.
As described in detail below, a virtual switch 34 is located in the VPC 20 to provide a virtual switching overlay 18 on top of the cloud. The virtual switch 34 operates as an access layer switch for the customer so that the customer has control of the cloud network access layer.
FIG. 2 illustrates the virtual switch 34 located in a VPC data center (cloud 20 in FIG. 1 ) and in communication with a virtual switch 36 located at an enterprise data center (customer network 12 in FIG. 1 ). The virtual switch 34 provides secure communication within the VPC data center 20 and to the enterprise data center 12. Secure tunnel communication between the virtual switch 34 and the enterprise network 12 may be in the form of L2TPv3 (Layer 2 Tunneling Protocol version 3) over IPsec (Internet Protocol Security) so that the default gateway is in the enterprise network. Layer 3 (L3) VPN communication may also be used between the enterprise 12 and the VPC 20. In this case, the virtual switch 34 operates as a default gateway at the VPC 20. It is to be understood that other protocols may also be used to securely transfer data between the virtual switch 34 and enterprise 12.
The virtual switch 34 transmits data received from the enterprise 12 to virtual machines 30 located within the VPC 20 via encrypted links (virtual secure wires) 48. The VPC data center 20 may also include more than one virtual switch 34 with an encrypted link between the virtual switches. L2TPv3 over IPsec may be used to encrypt packets transmitted between the virtual switch 34 and virtual machines 30. It is to be understood that L2TPv3 over IPsec is only one example and that other protocols may be used to transfer data between the virtual switch 34 and virtual machines 30.
In one embodiment, each virtual machine 30 includes an agent 32. The agent 32 may be a VPN client, for example, or other application loaded in the virtual machine 30 by an enterprise server/application administrator. The agent 32 contains the IP address assigned by the service provider and port profile names. A port profile is used to define a common set of configuration policies (attributes) for multiple interfaces. The port profiles are associated with port configuration policies defined by the network administrator and applied to a large number of ports as they come online in a virtual environment.
The VPN connection 22 may be used to signal VM MAC addresses back to the enterprise 12 to prevent flooding across the VPN connection 22. Since traffic leaving the virtual private cloud 20 is often billed by the provider, stopping floods can reduce costs. The virtual switch 36 at the enterprise may also proxy ARP (Address Resolution Protocol) requests on behalf of the VMs 30 within the VPC 20. As shown in FIG. 2 , the enterprise virtual switch 36 also has an unencrypted interface at link 35 which connects to the rest of the enterprise network.
FIG. 3 illustrates details of implementation of the virtual switch 34 in the network of FIG. 1 , in accordance with one embodiment. The virtual switch 34 is located in one of the virtual machines 30. The servers 40 in the VPC 20 each include one or more virtual machines 30. In the example of FIG. 3 , the virtual switch 34 is installed at VM A, which is located along with VM B at a first server. VM C and VM D are located at a second server, and VM E is located at a third server, each server being physically separate from the other servers. The virtual machines 30 may each be moved between servers 40 based on traffic patterns, hardware resources, or other criteria.
The servers 40 are in communication with the network via switches 52, 54, (e.g., hardware implemented network switches or other network devices configured to perform switching or routing functions). The switches 52, 54 may be in communication with a management station 56 (e.g., virtualization management platform such as VMware Virtual Center management station, available from VMware of Palo Alto, Calif.). The management station 56 or one or more management functions may also be integrated into the switches 52, 54.
In the embodiment shown in FIG. 3 , the virtual machines 30 communicate with the network via a virtual switch (45, 46), such as NEXUS 1000V, available from Cisco Systems, Inc. of San Jose, Calif. The virtual switch is located in the service provider network 14 and includes components referred to as a Virtual Supervisor Module (VSM) 45 and Virtual Ethernet Module (VEM) 46. The VSM 45 may be located in a physical appliance (e.g., server) in communication with the servers 40 and management station 56 via physical switches 52, 54. The VSM 45 may also be a virtual appliance (e.g., virtual machine) installed at one of the servers 40 or the VSM may be installed at one of the switches 52, 54.
The VSM 45 is configured to provide control/management plane functionality for the virtual machines 30 and control multiple VEMs 46. The VEM 46 provides switching capability at the server 40 and operates as a data plane associated with the control plane of the VSM 45. The VSM 45 and VEM 46 operate together to form a distributed virtual switch as viewed by the management station 56. The VSM 45 and VEM 46 may also be located together in a network device (e.g., switch 52, 54, server 40 or other network device in communication with the switches 52, 54 and servers 40).
It is to be understood that the network shown in FIG. 3 is only one example, and that the virtual switching overlay 18 may be used in different networks having different network components. For example, the virtual switching overlay 18 may run on top of VMWare, Xen hypervisor or any other hypervisor or platform virtualization model at the VPC 20. Thus, the virtual switch (VSM 45/VEM 46) is just one example of a virtualization model at the service provider network.
FIG. 4 illustrates one example of the virtual switch 34 installed at VM A in FIG. 3 . The virtual switch 34 switches traffic between the secure virtual wires 48 connecting the virtual switch to the virtual machines 30. The virtual wires 48 run from the virtual switch 34 to the agent 32 installed in the virtual machines 30 (FIGS. 2 and 4 ). In one embodiment, the virtual switch 34 includes a Virtual Supervisor Module (VSM) 58 and Virtual Ethernet Module (VEM) 60. As described above with respect to the service provider network in FIG. 3 , the VSM 58 provides control plane functionality and the VEM 60 operates as a datapath associated with the control plane of the VSM. The VEM 60 supports a plurality (e.g., hundreds or thousands (or fewer or more)) of virtual Ethernet interfaces which communicate with the VMs 30. The virtual wire 48 establishes a secure tunnel using L2 over IPSec (or other protocol) to the VSM IP address at the virtual switch 34. For example, the virtual switch 34 may encapsulate packets with an L2TPv3 header before transmitting the packets over the wire 48.
The virtual switch 34 allows the enterprise to gain control of the cloud network access layer. All traffic entering or leaving the cloud (e.g., VPC 20 or subnet 25 in VPC) associated with the enterprise passes through the virtual switch 34. An administrator at the enterprise can access the virtual switch 34 and view the virtual Ethernet ports (interfaces), configure ACLs (Access Control Lists), manage port profiles, and perform other management functions typically performed at the access layer.
The VPC 20 may include multiple virtual switches 34 connected to a central management plane. The central management plane is assigned an elastic IP address and spawns off virtual switches 34 as virtual Ethernet interfaces are created and limits at the virtual switch are reached. The port profiles may be configured in the central management plane with the virtual switches 34 pulling port profiles on demand when the associated virtual Ethernet interfaces connect to the virtual switch. The virtual switches 34 preferably create a full mesh of VPN tunnels to form a single logical switch to prevent loops and eliminate the need for spanning tree.
FIG. 5 is a flowchart illustrating an overview of a process for implementing a virtual switching overlay for cloud computing, in accordance with one embodiment. At step 61, the virtual switching overlay 18 is created by installing the virtual switch 34 at a network device (e.g., server 40) in the cloud network 20. The virtual switch 34 operates as an access layer switch for an external network (e.g., customer network 12 located outside of the cloud network) and creates the virtual switching overlay 18 for secure communication between the virtual machines 30 and the external network 12. The virtual switch 34 receives data from the external network at step 62. The received data is destined for one or more of the virtual machines 30 located within the cloud network 20 and associated with the external network 12. The virtual switch 34 transmits the data to the virtual machine 30 over virtual wire 48 (step 64). The data may be, for example, a packet or frame containing a request for data stored at one of the servers 40 or an update to data stored at one or more of the servers.
FIG. 6 depicts a network device 70 that may be used to implement embodiments described herein. The network device 70 may be, for example, the server 40 containing the virtual switch 34. Network device 70 is configured to implement all of the network protocols and extensions thereof described herein. In one embodiment, network device 70 is a programmable machine that may be implemented in hardware, software, or any combination thereof. Logic may be encoded in one or more tangible media for execution by a processor 72. For example, processor 72 may execute codes stored in a program memory 74. Program memory 74 is one example of a computer-readable medium. Program memory 74 can be a volatile memory. Another form of computer-readable medium storing the same codes is a type of non-volatile storage such as floppy disks, CD-ROMs, DVD-ROMs, hard disks, flash memory, etc. The processor 72 includes means for transmitting, receiving, and encapsulating data and signaling addresses.
Network device 70 interfaces with physical media via a plurality of linecards (network interfaces) 76. Linecards 76 may incorporate Ethernet interfaces, DSL interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, SONET interfaces, etc. As packets are received, processed, and forwarded by network device 70, they may be stored in a packet memory 78. To implement functionality according to the system, linecards 76 may incorporate processing and memory resources similar to those discussed above in connection with the network device as a whole. It is to be understood that the network device 70 shown in FIG. 6 and described above is only one example and that different configurations of network devices may be used.
Although the method and apparatus have been described in accordance with the embodiments shown, one of ordinary skill in the art will readily recognize that there could be variations made without departing from the scope of the embodiments. Accordingly, it is intended that all matter contained in the above description and shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.

Claims (63)

What is claimed is:
1. A method comprising:
receiving data at a virtual switch located at a network device in a cloud network, said data received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network; and
transmitting said data from the virtual switch to said one or more virtual machines;
wherein the virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
2. The method of claim 1 wherein the external network is an enterprise network and the cloud network is a virtual private cloud in a service provider network.
3. The method of claim 1 wherein transmitting said data comprises encapsulating said data for transmittal over a layer 3 network.
4. The method of claim 1 wherein transmitting said data comprises transmitting said data over a virtual wire to an agent installed at one of the virtual machines.
5. The method of claim 1 wherein said data is received over a virtual private network connection between the cloud network and the external network.
6. The method of claim 1 wherein transmitting said data comprises utilizing a layer 2 tunneling protocol over a secure Internet protocol.
7. The method of claim 1 further comprising securely transmitting data received from one of the virtual machines to a virtual switch in the external network.
8. The method of claim 1 further comprising signaling MAC addresses of the virtual machines to the external network.
9. Logic encoded in one or more tangible non-transitory media for execution and when executed operable to:
switch data between virtual machines located in a cloud network;
forward data to an external network;
perform access layer switch operations for the external network; and
create a virtual switching overlay for secure communication of said data between the virtual machines and the external network.
10. The logic of claim 9 wherein the external network is an enterprise network and the cloud network is a virtual private cloud in a service provider network.
11. The logic of claim 9 wherein the logic is further operable to encapsulate said data for transmittal over a layer 3 network.
12. The logic of claim 9 wherein said data is forwarded to the external network over a virtual private network connection between the cloud network and the external network.
13. The logic of claim 9 wherein said data is forwarded utilizing a layer 2 tunneling protocol over a secure Internet protocol.
14. The logic of claim 9 wherein the logic is further operable to signal MAC addresses of the virtual machines to the external network.
15. An apparatus comprising
means for receiving data at a virtual switch in a cloud network, said data received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network; and
means for transmitting said data from the virtual switch to said one or more virtual machines;
wherein the virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
16. The apparatus of claim 15 wherein the external network is an enterprise network and the cloud network is a virtual private cloud in a service provider network.
17. The apparatus of claim 15 wherein means for transmitting said data comprises means for encapsulating said data for transmittal over a layer 3 network.
18. The apparatus of claim 15 wherein means for transmitting said data comprises means for transmitting said data over a virtual wire to an agent installed at the virtual machine.
19. The apparatus of claim 15 wherein said data is received over a virtual private network connection between the cloud network and the external network.
20. The apparatus of claim 15 further comprising means for signaling MAC addresses of the virtual machines to the external network.
21. The method of claim 1, wherein data transmitted between the virtual switch and the external network is transmitted via secure tunnel communication.
22. The method of claim 1, wherein data transmitted between the virtual switch and the one or more virtual machines is encapsulated.
23. The method of claim 22, wherein the one or more virtual machines and the external network are part of a single overlay network.
24. The method of claim 1, wherein the cloud network is in a first datacenter and the external network is in a second datacenter.
25. The method of claim 1, wherein the virtual switch is located in one of the one or more virtual machines located in the cloud network.
26. The method of claim 1, further comprising creating an additional virtual switch in response to a limit of the virtual switch being reached.
27. The method of claim 1, further comprising associating one or more agents with said one or more virtual machines.
28. The method of claim 27, wherein transmitting said data comprises transmitting said data over a secure connection to one of the one or more agents associated with one of said one or more virtual machines.
29. The method of claim 1, wherein each of the one or more virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the cloud network.
30. The method of claim 1, wherein the virtual switch further comprises a virtual supervisor module that provides control plane functionality.
31. The method of claim 1, wherein the virtual switch comprises a virtual Ethernet module that operates as a data plane.
32. The method of claim 1, wherein the virtual switch is connected to a central management station.
33. The method of claim 32, further comprising:
accessing and performing management functions on the virtual switch.
34. The method of claim 1, wherein the virtual switch comprises a virtual supervisor module and a virtual Ethernet module.
35. The logic of claim 9, wherein data forwarded to the external network is transmitted via secure tunnel communication.
36. The logic of claim 9, wherein the cloud network is in a first datacenter and the external network is in a second datacenter.
37. The logic of claim 9, wherein each of the virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the cloud network.
38. The apparatus of claim 15, wherein data transmitted between the virtual switch from the external network is transmitted via secure tunnel communication.
39. The apparatus of claim 38, wherein data transmitted between the virtual switch and the one or more virtual machines is encapsulated.
40. The apparatus of claim 39, wherein the one or more virtual machines and the external network are part of a single overlay network.
41. The apparatus of claim 15, wherein the cloud network is in a first datacenter and the external network is in a second datacenter.
42. The apparatus of claim 15, wherein the virtual switch is located in a virtual machine located in the cloud network.
43. The apparatus of claim 15, wherein an additional virtual switch is created in response to a limit of the virtual switch being reached.
44. The apparatus of claim 15, wherein one or more agents are associated with said one or more virtual machines.
45. The apparatus of claim 44, wherein the means for transmitting said data causes transmission of said data over a secure connection to one of the one or more agents associated with one of said one or more virtual machines.
46. The apparatus of claim 15, wherein each of the one or more virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the cloud network.
47. The apparatus of claim 15, wherein the virtual switch comprises a virtual supervisor module that provides control plane functionality.
48. The apparatus of claim 15, wherein the virtual switch comprises a virtual Ethernet module that operates as a data plane.
49. The apparatus of claim 15, wherein the virtual switch is connected to a central management station.
50. The apparatus of claim 49, wherein the virtual switch is configured to enable access by an administrator to perform management functions on the virtual switch.
51. A system comprising:
a first data center associated with an enterprise; and
a second data center that includes a virtual switch and one or more virtual machines in a cloud network associated with the enterprise;
wherein the virtual switch is configured to:
receive data from the first data center and destined for the one or more virtual machines; and
operate as an access layer switch for the first data center and create a virtual switching overlay for secure communication between the one or more virtual machines and the first data center by encapsulating said data for transmission to said one or more virtual machines.
52. The system of claim 51, wherein data transmitted between the virtual switch and the first data center is transmitted via secure tunnel communication.
53. The system of claim 51, wherein the one or more virtual machines and the first data center are part of a single overlay network.
54. The system of claim 51, wherein the virtual switch is located in one of the one or more virtual machines located in the second data center.
55. The system of claim 51, further comprising an additional virtual switch that is created in response to a limit of the virtual switch being reached.
56. The system of claim 51, further comprising one or more agents associated with the one or more virtual machines.
57. The system of claim 56, wherein the virtual switch is configured to transmit said data over a secure connection to one of the one or more agents associated with one of said one or more virtual machines.
58. The system of claim 51, wherein each of the one or more virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the second data center.
59. The system of claim 51, wherein the virtual switch further comprises a virtual supervisor module that provides control plane functionality.
60. The system of claim 51, wherein the virtual switch comprises a virtual Ethernet module that operates as a data plane.
61. The system of claim 51, further comprising a central management station that is in communication with the virtual switch.
62. The system of claim 61, wherein the central management station is configured to access and perform management functions on the virtual switch.
63. The system of claim 51, wherein the virtual switch comprises a virtual supervisor module and a virtual Ethernet module.
US17/363,273 2010-04-27 2021-06-30 Virtual switching overlay for cloud computing Active 2031-03-04 USRE49663E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/363,273 USRE49663E1 (en) 2010-04-27 2021-06-30 Virtual switching overlay for cloud computing

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/799,557 US8345692B2 (en) 2010-04-27 2010-04-27 Virtual switching overlay for cloud computing
US17/363,273 USRE49663E1 (en) 2010-04-27 2021-06-30 Virtual switching overlay for cloud computing

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/799,557 Reissue US8345692B2 (en) 2010-04-27 2010-04-27 Virtual switching overlay for cloud computing

Publications (1)

Publication Number Publication Date
USRE49663E1 true USRE49663E1 (en) 2023-09-19

Family

ID=44358202

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/799,557 Ceased US8345692B2 (en) 2010-04-27 2010-04-27 Virtual switching overlay for cloud computing
US17/363,273 Active 2031-03-04 USRE49663E1 (en) 2010-04-27 2021-06-30 Virtual switching overlay for cloud computing

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/799,557 Ceased US8345692B2 (en) 2010-04-27 2010-04-27 Virtual switching overlay for cloud computing

Country Status (4)

Country Link
US (2) US8345692B2 (en)
EP (1) EP2564564B1 (en)
CN (1) CN102884761B (en)
WO (1) WO2011139333A1 (en)

Families Citing this family (253)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8811431B2 (en) 2008-11-20 2014-08-19 Silver Peak Systems, Inc. Systems and methods for compressing packet data
US8489562B1 (en) * 2007-11-30 2013-07-16 Silver Peak Systems, Inc. Deferred data storage
US8885632B2 (en) 2006-08-02 2014-11-11 Silver Peak Systems, Inc. Communications scheduler
US8307115B1 (en) 2007-11-30 2012-11-06 Silver Peak Systems, Inc. Network memory mirroring
US10411975B2 (en) 2013-03-15 2019-09-10 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with multi-tier deployment policy
US9489647B2 (en) 2008-06-19 2016-11-08 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with self-service portal for publishing resources
WO2009155574A1 (en) 2008-06-19 2009-12-23 Servicemesh, Inc. Cloud computing gateway, cloud computing hypervisor, and methods for implementing same
US9069599B2 (en) 2008-06-19 2015-06-30 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US10164861B2 (en) 2015-12-28 2018-12-25 Silver Peak Systems, Inc. Dynamic monitoring and visualization for network health characteristics
US9717021B2 (en) 2008-07-03 2017-07-25 Silver Peak Systems, Inc. Virtual network overlay
US10805840B2 (en) 2008-07-03 2020-10-13 Silver Peak Systems, Inc. Data transmission via a virtual wide area network overlay
US8665886B2 (en) 2009-03-26 2014-03-04 Brocade Communications Systems, Inc. Redundant host connection in a routed network
US8369335B2 (en) 2010-03-24 2013-02-05 Brocade Communications Systems, Inc. Method and system for extending routing domain to non-routing end stations
US8345692B2 (en) * 2010-04-27 2013-01-01 Cisco Technology, Inc. Virtual switching overlay for cloud computing
US9769016B2 (en) 2010-06-07 2017-09-19 Brocade Communications Systems, Inc. Advanced link tracking for virtual cluster switching
US9716672B2 (en) 2010-05-28 2017-07-25 Brocade Communications Systems, Inc. Distributed configuration management for virtual cluster switching
US8989186B2 (en) 2010-06-08 2015-03-24 Brocade Communication Systems, Inc. Virtual port grouping for virtual cluster switching
US9461840B2 (en) 2010-06-02 2016-10-04 Brocade Communications Systems, Inc. Port profile management for virtual cluster switching
US9001824B2 (en) 2010-05-18 2015-04-07 Brocade Communication Systems, Inc. Fabric formation for virtual cluster switching
US8625616B2 (en) 2010-05-11 2014-01-07 Brocade Communications Systems, Inc. Converged network extension
US9270486B2 (en) 2010-06-07 2016-02-23 Brocade Communications Systems, Inc. Name services for virtual cluster switching
US8867552B2 (en) 2010-05-03 2014-10-21 Brocade Communications Systems, Inc. Virtual cluster switching
US9231890B2 (en) 2010-06-08 2016-01-05 Brocade Communications Systems, Inc. Traffic management for virtual cluster switching
US8634308B2 (en) 2010-06-02 2014-01-21 Brocade Communications Systems, Inc. Path detection in trill networks
US8885488B2 (en) 2010-06-02 2014-11-11 Brocade Communication Systems, Inc. Reachability detection in trill networks
US9628293B2 (en) 2010-06-08 2017-04-18 Brocade Communications Systems, Inc. Network layer multicasting in trill networks
US9806906B2 (en) 2010-06-08 2017-10-31 Brocade Communications Systems, Inc. Flooding packets on a per-virtual-network basis
US9608833B2 (en) 2010-06-08 2017-03-28 Brocade Communications Systems, Inc. Supporting multiple multicast trees in trill networks
US8446914B2 (en) 2010-06-08 2013-05-21 Brocade Communications Systems, Inc. Method and system for link aggregation across multiple switches
US9246703B2 (en) 2010-06-08 2016-01-26 Brocade Communications Systems, Inc. Remote port mirroring
US9342367B2 (en) * 2010-06-16 2016-05-17 Computer Associates Think, Inc. System and method for selecting cloud services
US8842679B2 (en) 2010-07-06 2014-09-23 Nicira, Inc. Control system that elects a master controller instance for switching elements
US9680750B2 (en) 2010-07-06 2017-06-13 Nicira, Inc. Use of tunnels to hide network addresses
US9807031B2 (en) 2010-07-16 2017-10-31 Brocade Communications Systems, Inc. System and method for network configuration
US8613004B2 (en) * 2010-12-07 2013-12-17 Nec Laboratories America, Inc. System and method for cloud infrastructure data sharing through a uniform communication framework
US8699499B2 (en) * 2010-12-08 2014-04-15 At&T Intellectual Property I, L.P. Methods and apparatus to provision cloud computing network elements
US20120163164A1 (en) * 2010-12-27 2012-06-28 Brocade Communications Systems, Inc. Method and system for remote load balancing in high-availability networks
US8934483B2 (en) * 2011-01-20 2015-01-13 Broadcom Corporation Data center switch
US10009315B2 (en) * 2011-03-09 2018-06-26 Amazon Technologies, Inc. Outside live migration
US9270572B2 (en) 2011-05-02 2016-02-23 Brocade Communications Systems Inc. Layer-3 support in TRILL networks
US9253252B2 (en) * 2011-05-06 2016-02-02 Citrix Systems, Inc. Systems and methods for cloud bridging between intranet resources and cloud resources
EP2705632B8 (en) * 2011-05-06 2018-09-12 Citrix Systems, Inc. Systems and methods for cloud bridging between public and private clouds
US8924542B1 (en) 2011-05-31 2014-12-30 Amazon Technologies, Inc. Methods and apparatus for scalable private services
US9736065B2 (en) 2011-06-24 2017-08-15 Cisco Technology, Inc. Level of hierarchy in MST for traffic localization and load balancing
US9401861B2 (en) 2011-06-28 2016-07-26 Brocade Communications Systems, Inc. Scalable MAC address distribution in an Ethernet fabric switch
US8948056B2 (en) 2011-06-28 2015-02-03 Brocade Communication Systems, Inc. Spanning-tree based loop detection for an ethernet fabric switch
US8879549B2 (en) 2011-06-28 2014-11-04 Brocade Communications Systems, Inc. Clearing forwarding entries dynamically and ensuring consistency of tables across ethernet fabric switch
US9407533B2 (en) 2011-06-28 2016-08-02 Brocade Communications Systems, Inc. Multicast in a trill network
US9007958B2 (en) 2011-06-29 2015-04-14 Brocade Communication Systems, Inc. External loop detection for an ethernet fabric switch
US8885641B2 (en) 2011-06-30 2014-11-11 Brocade Communication Systems, Inc. Efficient trill forwarding
US20130036213A1 (en) * 2011-08-02 2013-02-07 Masum Hasan Virtual private clouds
US9736085B2 (en) 2011-08-29 2017-08-15 Brocade Communications Systems, Inc. End-to end lossless Ethernet in Ethernet fabric
US8966499B2 (en) * 2011-09-09 2015-02-24 Microsoft Technology Licensing, Llc Virtual switch extensibility
US9319272B1 (en) * 2011-09-21 2016-04-19 Amazon Technologies, Inc. Methods and apparatus for providing composed appliance services in virtualized private networks
US9130991B2 (en) 2011-10-14 2015-09-08 Silver Peak Systems, Inc. Processing data packets in performance enhancing proxy (PEP) environment
US9626224B2 (en) 2011-11-03 2017-04-18 Silver Peak Systems, Inc. Optimizing available computing resources within a virtual environment
US9699117B2 (en) 2011-11-08 2017-07-04 Brocade Communications Systems, Inc. Integrated fibre channel support in an ethernet fabric switch
US9450870B2 (en) 2011-11-10 2016-09-20 Brocade Communications Systems, Inc. System and method for flow management in software-defined networks
US9313100B1 (en) 2011-11-14 2016-04-12 Amazon Technologies, Inc. Remote browsing session management
US20130142201A1 (en) * 2011-12-02 2013-06-06 Microsoft Corporation Connecting on-premise networks with public clouds
US9330188B1 (en) 2011-12-22 2016-05-03 Amazon Technologies, Inc. Shared browsing sessions
US8908698B2 (en) 2012-01-13 2014-12-09 Cisco Technology, Inc. System and method for managing site-to-site VPNs of a cloud managed network
US8839087B1 (en) 2012-01-26 2014-09-16 Amazon Technologies, Inc. Remote browsing and searching
US9336321B1 (en) 2012-01-26 2016-05-10 Amazon Technologies, Inc. Remote browsing and searching
US8995272B2 (en) 2012-01-26 2015-03-31 Brocade Communication Systems, Inc. Link aggregation in software-defined networks
US9137210B1 (en) * 2012-02-21 2015-09-15 Amazon Technologies, Inc. Remote browsing session management
US9742693B2 (en) 2012-02-27 2017-08-22 Brocade Communications Systems, Inc. Dynamic service insertion in a fabric switch
US9270523B2 (en) 2012-02-28 2016-02-23 International Business Machines Corporation Reconfiguring interrelationships between components of virtual computing networks
US9286444B2 (en) * 2012-02-28 2016-03-15 Verizon Patent And Licensing Inc. Next generation secure gateway
US8861403B2 (en) 2012-03-15 2014-10-14 Cisco Technology, Inc. Interconnecting segmented layer two network for cloud switching
US9154416B2 (en) 2012-03-22 2015-10-06 Brocade Communications Systems, Inc. Overlay tunnel in a fabric switch
US8856339B2 (en) * 2012-04-04 2014-10-07 Cisco Technology, Inc. Automatically scaled network overlay with heuristic monitoring in a hybrid cloud environment
US9201704B2 (en) * 2012-04-05 2015-12-01 Cisco Technology, Inc. System and method for migrating application virtual machines in a network environment
US9203784B2 (en) * 2012-04-24 2015-12-01 Cisco Technology, Inc. Distributed virtual switch architecture for a hybrid cloud
US9288182B1 (en) * 2012-05-01 2016-03-15 Amazon Technologies, Inc. Network gateway services and extensions
US9450967B1 (en) 2012-05-01 2016-09-20 Amazon Technologies, Inc. Intelligent network service provisioning and maintenance
US9407450B2 (en) 2012-05-01 2016-08-02 Cisco Technnology, Inc. Method and apparatus for providing tenant information for network flows
US9294437B1 (en) * 2012-05-01 2016-03-22 Amazon Technologies, Inc. Remotely configured network appliances and services
US9438556B1 (en) 2012-05-01 2016-09-06 Amazon Technologies, Inc Flexibly configurable remote network identities
US9223634B2 (en) 2012-05-02 2015-12-29 Cisco Technology, Inc. System and method for simulating virtual machine migration in a network environment
US9374301B2 (en) 2012-05-18 2016-06-21 Brocade Communications Systems, Inc. Network feedback in software-defined networks
US9237188B1 (en) 2012-05-21 2016-01-12 Amazon Technologies, Inc. Virtual machine based content processing
US10277464B2 (en) 2012-05-22 2019-04-30 Arris Enterprises Llc Client auto-configuration in a multi-switch link aggregation
EP2853066B1 (en) 2012-05-23 2017-02-22 Brocade Communications Systems, Inc. Layer-3 overlay gateways
US9992062B1 (en) 2012-07-06 2018-06-05 Cradlepoint, Inc. Implicit traffic engineering
US10880162B1 (en) 2012-07-06 2020-12-29 Cradlepoint, Inc. Linking logical broadcast domains
US10110417B1 (en) * 2012-07-06 2018-10-23 Cradlepoint, Inc. Private networks overlaid on cloud infrastructure
US10177957B1 (en) 2012-07-06 2019-01-08 Cradlepoint, Inc. Connecting a cloud network to the internet
US10560343B1 (en) 2012-07-06 2020-02-11 Cradlepoint, Inc. People centric management of cloud networks via GUI
US10135677B1 (en) * 2012-07-06 2018-11-20 Cradlepoint, Inc. Deployment of network-related features over cloud network
US10601653B2 (en) 2012-07-06 2020-03-24 Cradlepoint, Inc. Implicit traffic engineering
US9210079B2 (en) 2012-08-14 2015-12-08 Vmware, Inc. Method and system for virtual and physical network integration
US9602430B2 (en) 2012-08-21 2017-03-21 Brocade Communications Systems, Inc. Global VLANs for fabric switches
US9331940B2 (en) 2012-08-28 2016-05-03 Alcatel Lucent System and method providing distributed virtual routing and switching (DVRS)
US8837476B2 (en) 2012-09-07 2014-09-16 International Business Machines Corporation Overlay network capable of supporting storage area network (SAN) traffic
US9548920B2 (en) 2012-10-15 2017-01-17 Cisco Technology, Inc. System and method for efficient use of flow table space in a network environment
US9401872B2 (en) 2012-11-16 2016-07-26 Brocade Communications Systems, Inc. Virtual link aggregations across multiple fabric switches
US9548926B2 (en) 2013-01-11 2017-01-17 Brocade Communications Systems, Inc. Multicast traffic load balancing over virtual link aggregation
US9413691B2 (en) 2013-01-11 2016-08-09 Brocade Communications Systems, Inc. MAC address synchronization in a fabric switch
US9350680B2 (en) 2013-01-11 2016-05-24 Brocade Communications Systems, Inc. Protection switching over a virtual link aggregation
US9565113B2 (en) 2013-01-15 2017-02-07 Brocade Communications Systems, Inc. Adaptive link aggregation and virtual link aggregation
US9356884B2 (en) 2013-01-17 2016-05-31 Cisco Technology, Inc. MSDC scaling through on-demand path update
US9060025B2 (en) * 2013-02-05 2015-06-16 Fortinet, Inc. Cloud-based security policy configuration
US9565099B2 (en) 2013-03-01 2017-02-07 Brocade Communications Systems, Inc. Spanning tree in fabric switches
US9306837B1 (en) 2013-03-08 2016-04-05 Cisco Technology, Inc. Source IP-based pruning of traffic toward dually-connected overlay hosts in a data communications environment
US9331998B2 (en) 2013-03-14 2016-05-03 Forty Cloud Ltd. Dynamic secured network in a cloud environment
US9043439B2 (en) 2013-03-14 2015-05-26 Cisco Technology, Inc. Method for streaming packet captures from network access devices to a cloud server over HTTP
US9401818B2 (en) 2013-03-15 2016-07-26 Brocade Communications Systems, Inc. Scalable gateways for a fabric switch
CN103220235B (en) * 2013-04-26 2017-03-15 华为技术有限公司 The management method of the distributed virtual switch and relevant apparatus and system
US9584445B2 (en) * 2013-05-07 2017-02-28 Equinix, Inc. Direct connect virtual private interface for a one to many connection with multiple virtual private clouds
US9699001B2 (en) 2013-06-10 2017-07-04 Brocade Communications Systems, Inc. Scalable and segregated network virtualization
US9565028B2 (en) 2013-06-10 2017-02-07 Brocade Communications Systems, Inc. Ingress switch multicast distribution in a fabric switch
US9578137B1 (en) 2013-06-13 2017-02-21 Amazon Technologies, Inc. System for enhancing script execution performance
US9135042B2 (en) * 2013-06-13 2015-09-15 International Business Machines Corporation Provisioning a secure customer domain in a virtualized multi-tenant environment
US10152463B1 (en) 2013-06-13 2018-12-11 Amazon Technologies, Inc. System for profiling page browsing interactions
US9270619B2 (en) 2013-06-24 2016-02-23 Microsoft Technology Licensing, Llc Logical switch
US9806949B2 (en) 2013-09-06 2017-10-31 Brocade Communications Systems, Inc. Transparent interconnection of Ethernet fabric switches
US9912612B2 (en) 2013-10-28 2018-03-06 Brocade Communications Systems LLC Extended ethernet fabric switches
US9294524B2 (en) 2013-12-16 2016-03-22 Nicira, Inc. Mapping virtual machines from a private network to a multi-tenant public datacenter
US9807057B1 (en) 2013-12-17 2017-10-31 Amazon Technologies, Inc. Private network peering in virtual network environments
US10924340B1 (en) 2013-12-30 2021-02-16 Vmware, Inc. Extending computing capacity via cloud replication
US9602344B1 (en) * 2013-12-30 2017-03-21 Cloudvelox, Inc. Automated establishment of access to remote services
US9548873B2 (en) 2014-02-10 2017-01-17 Brocade Communications Systems, Inc. Virtual extensible LAN tunnel keepalives
US9590901B2 (en) 2014-03-14 2017-03-07 Nicira, Inc. Route advertisement by managed gateways
EP3435596B1 (en) * 2014-03-14 2020-04-15 Nicira Inc. Route advertisement by managed gateways
US10581758B2 (en) 2014-03-19 2020-03-03 Avago Technologies International Sales Pte. Limited Distributed hot standby links for vLAG
US10476698B2 (en) 2014-03-20 2019-11-12 Avago Technologies International Sales Pte. Limited Redundent virtual link aggregation group
US10176005B2 (en) * 2014-03-31 2019-01-08 Cypherpath, Inc. Environment virtualization
US9813258B2 (en) 2014-03-31 2017-11-07 Tigera, Inc. Data center networks
US9344364B2 (en) 2014-03-31 2016-05-17 Metaswitch Networks Ltd. Data center networks
US9559950B2 (en) 2014-03-31 2017-01-31 Tigera, Inc. Data center networks
US9755858B2 (en) 2014-04-15 2017-09-05 Cisco Technology, Inc. Programmable infrastructure gateway for enabling hybrid cloud services in a network environment
TWI531908B (en) * 2014-04-24 2016-05-01 A method of supporting virtual machine migration with Software Defined Network (SDN)
US10063473B2 (en) 2014-04-30 2018-08-28 Brocade Communications Systems LLC Method and system for facilitating switch virtualization in a network of interconnected switches
US9473365B2 (en) 2014-05-08 2016-10-18 Cisco Technology, Inc. Collaborative inter-service scheduling of logical resources in cloud platforms
US9800471B2 (en) 2014-05-13 2017-10-24 Brocade Communications Systems, Inc. Network extension groups of global VLANs in a fabric switch
US10305726B2 (en) 2014-06-22 2019-05-28 Cisco Technology, Inc. Cloud framework for multi-cloud extension
US10019278B2 (en) 2014-06-22 2018-07-10 Cisco Technology, Inc. Framework for network technology agnostic multi-cloud elastic extension and isolation
US9742881B2 (en) 2014-06-30 2017-08-22 Nicira, Inc. Network virtualization using just-in-time distributed capability for classification encoding
US10122605B2 (en) 2014-07-09 2018-11-06 Cisco Technology, Inc Annotation of network activity through different phases of execution
US10616108B2 (en) 2014-07-29 2020-04-07 Avago Technologies International Sales Pte. Limited Scalable MAC address virtualization
US9948496B1 (en) 2014-07-30 2018-04-17 Silver Peak Systems, Inc. Determining a transit appliance for data traffic to a software service
US9544219B2 (en) 2014-07-31 2017-01-10 Brocade Communications Systems, Inc. Global VLAN services
US9807007B2 (en) 2014-08-11 2017-10-31 Brocade Communications Systems, Inc. Progressive MAC address learning
US9875344B1 (en) 2014-09-05 2018-01-23 Silver Peak Systems, Inc. Dynamic monitoring and authorization of an optimization device
US9787499B2 (en) 2014-09-19 2017-10-10 Amazon Technologies, Inc. Private alias endpoints for isolated virtual networks
US9825878B2 (en) 2014-09-26 2017-11-21 Cisco Technology, Inc. Distributed application framework for prioritizing network traffic using application priority awareness
US9524173B2 (en) 2014-10-09 2016-12-20 Brocade Communications Systems, Inc. Fast reboot for a switch
US9699029B2 (en) 2014-10-10 2017-07-04 Brocade Communications Systems, Inc. Distributed configuration management in a switch group
EP3215939B1 (en) * 2014-11-07 2019-04-24 British Telecommunications public limited company Method and device for secure communication with shared cloud services
US9832118B1 (en) 2014-11-14 2017-11-28 Amazon Technologies, Inc. Linking resource instances to virtual networks in provider network environments
US10212161B1 (en) 2014-11-19 2019-02-19 Amazon Technologies, Inc. Private network layering in provider network environments
US9602544B2 (en) * 2014-12-05 2017-03-21 Viasat, Inc. Methods and apparatus for providing a secure overlay network between clouds
US9628407B2 (en) 2014-12-31 2017-04-18 Brocade Communications Systems, Inc. Multiple software versions in a switch group
US9626255B2 (en) 2014-12-31 2017-04-18 Brocade Communications Systems, Inc. Online restoration of a switch snapshot
US9942097B2 (en) 2015-01-05 2018-04-10 Brocade Communications Systems LLC Power management in a network of interconnected switches
US10003552B2 (en) 2015-01-05 2018-06-19 Brocade Communications Systems, Llc. Distributed bidirectional forwarding detection protocol (D-BFD) for cluster of interconnected switches
US9853873B2 (en) 2015-01-10 2017-12-26 Cisco Technology, Inc. Diagnosis and throughput measurement of fibre channel ports in a storage area network environment
US10050862B2 (en) 2015-02-09 2018-08-14 Cisco Technology, Inc. Distributed application framework that uses network and application awareness for placing data
US10708342B2 (en) 2015-02-27 2020-07-07 Cisco Technology, Inc. Dynamic troubleshooting workspaces for cloud and network management systems
US10037617B2 (en) 2015-02-27 2018-07-31 Cisco Technology, Inc. Enhanced user interface systems including dynamic context selection for cloud-based networks
US9807005B2 (en) 2015-03-17 2017-10-31 Brocade Communications Systems, Inc. Multi-fabric manager
US10038592B2 (en) 2015-03-17 2018-07-31 Brocade Communications Systems LLC Identifier assignment to a new switch in a switch group
US9900250B2 (en) 2015-03-26 2018-02-20 Cisco Technology, Inc. Scalable handling of BGP route information in VXLAN with EVPN control plane
US10382534B1 (en) 2015-04-04 2019-08-13 Cisco Technology, Inc. Selective load balancing of network traffic
US10038628B2 (en) 2015-04-04 2018-07-31 Nicira, Inc. Route server mode for dynamic routing between logical and physical networks
US10579406B2 (en) 2015-04-08 2020-03-03 Avago Technologies International Sales Pte. Limited Dynamic orchestration of overlay tunnels
US10476982B2 (en) 2015-05-15 2019-11-12 Cisco Technology, Inc. Multi-datacenter message queue
US10222986B2 (en) 2015-05-15 2019-03-05 Cisco Technology, Inc. Tenant-level sharding of disks with tenant-specific storage modules to enable policies per tenant in a distributed storage system
US11588783B2 (en) 2015-06-10 2023-02-21 Cisco Technology, Inc. Techniques for implementing IPV6-based distributed storage space
US10021196B1 (en) 2015-06-22 2018-07-10 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks
US10034201B2 (en) 2015-07-09 2018-07-24 Cisco Technology, Inc. Stateless load-balancing across multiple tunnels
US10778765B2 (en) 2015-07-15 2020-09-15 Cisco Technology, Inc. Bid/ask protocol in scale-out NVMe storage
US10439929B2 (en) 2015-07-31 2019-10-08 Avago Technologies International Sales Pte. Limited Graceful recovery of a multicast-enabled switch
US9860214B2 (en) 2015-09-10 2018-01-02 International Business Machines Corporation Interconnecting external networks with overlay networks in a shared computing environment
US10171303B2 (en) 2015-09-16 2019-01-01 Avago Technologies International Sales Pte. Limited IP-based interconnection of switches with a logical chassis
US10067780B2 (en) 2015-10-06 2018-09-04 Cisco Technology, Inc. Performance-based public cloud selection for a hybrid cloud environment
US11005682B2 (en) 2015-10-06 2021-05-11 Cisco Technology, Inc. Policy-driven switch overlay bypass in a hybrid cloud network environment
US10462136B2 (en) 2015-10-13 2019-10-29 Cisco Technology, Inc. Hybrid cloud security groups
US10075304B2 (en) 2015-10-30 2018-09-11 Microsoft Technology Licensing, Llc Multiple gateway operation on single operating system
CN105262668A (en) * 2015-10-31 2016-01-20 四川理工学院 Firewall configuration for cloud computing network
US10523657B2 (en) 2015-11-16 2019-12-31 Cisco Technology, Inc. Endpoint privacy preservation with cloud conferencing
US10205677B2 (en) 2015-11-24 2019-02-12 Cisco Technology, Inc. Cloud resource placement optimization and migration execution in federated clouds
US10084703B2 (en) 2015-12-04 2018-09-25 Cisco Technology, Inc. Infrastructure-exclusive service forwarding
US9912614B2 (en) 2015-12-07 2018-03-06 Brocade Communications Systems LLC Interconnection of switches based on hierarchical overlay tunneling
US9892075B2 (en) 2015-12-10 2018-02-13 Cisco Technology, Inc. Policy driven storage in a microserver computing environment
US10367914B2 (en) 2016-01-12 2019-07-30 Cisco Technology, Inc. Attaching service level agreements to application containers and enabling service assurance
US10367655B2 (en) 2016-01-25 2019-07-30 Alibaba Group Holding Limited Network system and method for connecting a private network with a virtual private network
US10333849B2 (en) 2016-04-28 2019-06-25 Nicira, Inc. Automatic configuration of logical routers on edge nodes
US10140172B2 (en) 2016-05-18 2018-11-27 Cisco Technology, Inc. Network-aware storage repairs
US10129177B2 (en) 2016-05-23 2018-11-13 Cisco Technology, Inc. Inter-cloud broker for hybrid cloud networks
US20170351639A1 (en) 2016-06-06 2017-12-07 Cisco Technology, Inc. Remote memory access using memory mapped addressing among multiple compute nodes
US10432484B2 (en) 2016-06-13 2019-10-01 Silver Peak Systems, Inc. Aggregating select network traffic statistics
US20190097940A1 (en) * 2016-06-15 2019-03-28 Alibaba Group Holding Limited Network system and method for cross region virtual private network peering
US10664169B2 (en) 2016-06-24 2020-05-26 Cisco Technology, Inc. Performance of object storage system by reconfiguring storage devices based on latency that includes identifying a number of fragments that has a particular storage device as its primary storage device and another number of fragments that has said particular storage device as its replica storage device
US10659283B2 (en) 2016-07-08 2020-05-19 Cisco Technology, Inc. Reducing ARP/ND flooding in cloud environment
US10432532B2 (en) 2016-07-12 2019-10-01 Cisco Technology, Inc. Dynamically pinning micro-service to uplink port
US10382597B2 (en) 2016-07-20 2019-08-13 Cisco Technology, Inc. System and method for transport-layer level identification and isolation of container traffic
US10263898B2 (en) 2016-07-20 2019-04-16 Cisco Technology, Inc. System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
US10142346B2 (en) 2016-07-28 2018-11-27 Cisco Technology, Inc. Extension of a private cloud end-point group to a public cloud
US9967056B1 (en) 2016-08-19 2018-05-08 Silver Peak Systems, Inc. Forward packet recovery with constrained overhead
US10567344B2 (en) 2016-08-23 2020-02-18 Cisco Technology, Inc. Automatic firewall configuration based on aggregated cloud managed information
US11563695B2 (en) 2016-08-29 2023-01-24 Cisco Technology, Inc. Queue protection using a shared global memory reserve
US20190222539A1 (en) * 2016-08-31 2019-07-18 5x5 Industries, LLC Network System
US10523592B2 (en) 2016-10-10 2019-12-31 Cisco Technology, Inc. Orchestration system for migrating user data and services based on user information
US10237090B2 (en) 2016-10-28 2019-03-19 Avago Technologies International Sales Pte. Limited Rule-based network identifier mapping
US11044162B2 (en) 2016-12-06 2021-06-22 Cisco Technology, Inc. Orchestration of cloud and fog interactions
US10326817B2 (en) 2016-12-20 2019-06-18 Cisco Technology, Inc. System and method for quality-aware recording in large scale collaborate clouds
US10334029B2 (en) 2017-01-10 2019-06-25 Cisco Technology, Inc. Forming neighborhood groups from disperse cloud providers
US10545914B2 (en) 2017-01-17 2020-01-28 Cisco Technology, Inc. Distributed object storage
US10552191B2 (en) 2017-01-26 2020-02-04 Cisco Technology, Inc. Distributed hybrid cloud orchestration model
US10320683B2 (en) 2017-01-30 2019-06-11 Cisco Technology, Inc. Reliable load-balancer using segment routing and real-time application monitoring
US10671571B2 (en) 2017-01-31 2020-06-02 Cisco Technology, Inc. Fast network performance in containerized environments for network function virtualization
US10257082B2 (en) 2017-02-06 2019-04-09 Silver Peak Systems, Inc. Multi-level learning for classifying traffic flows
US10771394B2 (en) 2017-02-06 2020-09-08 Silver Peak Systems, Inc. Multi-level learning for classifying traffic flows on a first packet from DNS data
US11044202B2 (en) 2017-02-06 2021-06-22 Silver Peak Systems, Inc. Multi-level learning for predicting and classifying traffic flows from first packet data
US10892978B2 (en) 2017-02-06 2021-01-12 Silver Peak Systems, Inc. Multi-level learning for classifying traffic flows from first packet data
US10243823B1 (en) 2017-02-24 2019-03-26 Cisco Technology, Inc. Techniques for using frame deep loopback capabilities for extended link diagnostics in fibre channel storage area networks
US10713203B2 (en) 2017-02-28 2020-07-14 Cisco Technology, Inc. Dynamic partition of PCIe disk arrays based on software configuration / policy distribution
US10254991B2 (en) 2017-03-06 2019-04-09 Cisco Technology, Inc. Storage area network based extended I/O metrics computation for deep insight into application performance
US11005731B2 (en) 2017-04-05 2021-05-11 Cisco Technology, Inc. Estimating model parameters for automatic deployment of scalable micro services
US10783235B1 (en) * 2017-05-04 2020-09-22 Amazon Technologies, Inc. Secure remote access of computing resources
US10498810B2 (en) * 2017-05-04 2019-12-03 Amazon Technologies, Inc. Coordinating inter-region operations in provider network environments
CN115941391A (en) * 2017-06-13 2023-04-07 环球互连及数据中心公司 Serving peer-to-peer switching
US10382274B2 (en) 2017-06-26 2019-08-13 Cisco Technology, Inc. System and method for wide area zero-configuration network auto configuration
US10439877B2 (en) 2017-06-26 2019-10-08 Cisco Technology, Inc. Systems and methods for enabling wide area multicast domain name system
US10666606B2 (en) * 2017-06-28 2020-05-26 Amazon Technologies, Inc. Virtual private network service endpoints
US10303534B2 (en) 2017-07-20 2019-05-28 Cisco Technology, Inc. System and method for self-healing of application centric infrastructure fabric memory
US10892940B2 (en) 2017-07-21 2021-01-12 Cisco Technology, Inc. Scalable statistics and analytics mechanisms in cloud networking
US10425288B2 (en) 2017-07-21 2019-09-24 Cisco Technology, Inc. Container telemetry in data center environments with blade servers and switches
US10601693B2 (en) 2017-07-24 2020-03-24 Cisco Technology, Inc. System and method for providing scalable flow monitoring in a data center fabric
US10541866B2 (en) 2017-07-25 2020-01-21 Cisco Technology, Inc. Detecting and resolving multicast traffic performance issues
US11595372B1 (en) * 2017-08-28 2023-02-28 Amazon Technologies, Inc. Data source driven expected network policy control
US11212210B2 (en) 2017-09-21 2021-12-28 Silver Peak Systems, Inc. Selective route exporting using source type
US10404596B2 (en) 2017-10-03 2019-09-03 Cisco Technology, Inc. Dynamic route profile storage in a hardware trie routing table
US10942666B2 (en) 2017-10-13 2021-03-09 Cisco Technology, Inc. Using network device replication in distributed storage clusters
US10353800B2 (en) 2017-10-18 2019-07-16 Cisco Technology, Inc. System and method for graph based monitoring and management of distributed systems
US11481362B2 (en) 2017-11-13 2022-10-25 Cisco Technology, Inc. Using persistent memory to enable restartability of bulk load transactions in cloud databases
US10705882B2 (en) 2017-12-21 2020-07-07 Cisco Technology, Inc. System and method for resource placement across clouds for data intensive workloads
US11595474B2 (en) 2017-12-28 2023-02-28 Cisco Technology, Inc. Accelerating data replication using multicast and non-volatile memory enabled nodes
US10637721B2 (en) 2018-03-12 2020-04-28 Silver Peak Systems, Inc. Detecting path break conditions while minimizing network overhead
US10511534B2 (en) 2018-04-06 2019-12-17 Cisco Technology, Inc. Stateless distributed load-balancing
US10728361B2 (en) 2018-05-29 2020-07-28 Cisco Technology, Inc. System for association of customer information across subscribers
US10904322B2 (en) 2018-06-15 2021-01-26 Cisco Technology, Inc. Systems and methods for scaling down cloud-based servers handling secure connections
US10764266B2 (en) 2018-06-19 2020-09-01 Cisco Technology, Inc. Distributed authentication and authorization for rapid scaling of containerized services
US11019083B2 (en) 2018-06-20 2021-05-25 Cisco Technology, Inc. System for coordinating distributed website analysis
US10819571B2 (en) 2018-06-29 2020-10-27 Cisco Technology, Inc. Network traffic optimization using in-situ notification system
US10904342B2 (en) 2018-07-30 2021-01-26 Cisco Technology, Inc. Container networking using communication tunnels
US10979345B2 (en) * 2018-11-06 2021-04-13 Cox Communications, Inc. Remote medium access control (MAC) based networks
US11057348B2 (en) 2019-08-22 2021-07-06 Saudi Arabian Oil Company Method for data center network segmentation
US11734044B2 (en) 2020-12-31 2023-08-22 Nutanix, Inc. Configuring virtualization system images for a computing cluster
US11611618B2 (en) 2020-12-31 2023-03-21 Nutanix, Inc. Orchestrating allocation of shared resources in a datacenter
CN114172750B (en) * 2022-02-14 2022-05-13 南京易科腾信息技术有限公司 Network communication method, device and storage medium based on encryption mechanism

Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490273B1 (en) * 1998-08-05 2002-12-03 Sprint Communications Company L.P. Asynchronous transfer mode architecture migration
US20030014524A1 (en) 2001-07-11 2003-01-16 Alexander Tormasov Balancing shared servers in virtual environments
US20050063395A1 (en) * 2003-09-18 2005-03-24 Cisco Technology, Inc. Virtual network device
US7055171B1 (en) * 2000-05-31 2006-05-30 Hewlett-Packard Development Company, L.P. Highly secure computer system architecture for a heterogeneous client environment
US20060230407A1 (en) 2005-04-07 2006-10-12 International Business Machines Corporation Method and apparatus for using virtual machine technology for managing parallel communicating applications
US20070028244A1 (en) 2003-10-08 2007-02-01 Landis John A Computer system para-virtualization using a hypervisor that is implemented in a partition of the host system
US20070147279A1 (en) 2005-12-27 2007-06-28 Cisco Technology, Inc. Satellite switch communication over a network
US20080148386A1 (en) 2006-10-27 2008-06-19 Kreuk Volkert Nm Network packet inspection and forwarding
US20090063706A1 (en) * 2007-08-30 2009-03-05 International Business Machines Corporation Combined Layer 2 Virtual MAC Address with Layer 3 IP Address Routing
US7516211B1 (en) 2003-08-05 2009-04-07 Cisco Technology, Inc. Methods and apparatus to configure a communication port
US7567510B2 (en) 2003-02-13 2009-07-28 Cisco Technology, Inc. Security groups
US20090249438A1 (en) * 2008-03-27 2009-10-01 Moshe Litvin Moving security for virtual machines
US20090296726A1 (en) * 2008-06-03 2009-12-03 Brocade Communications Systems, Inc. ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT
US20090327462A1 (en) * 2008-06-27 2009-12-31 International Business Machines Corporation Method, system and program product for managing assignment of mac addresses in a virtual machine environment
US20100027420A1 (en) * 2008-07-31 2010-02-04 Cisco Technology, Inc. Dynamic distribution of virtual machines in a communication network
US20100027442A1 (en) 2008-07-31 2010-02-04 International Business Machines Corporation Constructing scalable overlays for pub-sub with many topics: the greedy join-leave algorithm
US20100131636A1 (en) * 2008-11-24 2010-05-27 Vmware, Inc. Application delivery control module for virtual network switch
US20110090911A1 (en) * 2009-10-21 2011-04-21 Fang Hao Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US20110134793A1 (en) * 2009-12-03 2011-06-09 Christian Elsen Preventing loops on network topologies built with virtual switches and vms
US20110194404A1 (en) * 2010-02-11 2011-08-11 Nokia Siemens Networks Ethernet Solutions Ltd. System and method for fast protection of dual-homed virtual private lan service (vpls) spokes
US8055789B2 (en) * 2007-03-27 2011-11-08 Amazon Technologies, Inc. Configuring intercommunications between computing nodes
US8345692B2 (en) * 2010-04-27 2013-01-01 Cisco Technology, Inc. Virtual switching overlay for cloud computing
US8705513B2 (en) * 2009-12-15 2014-04-22 At&T Intellectual Property I, L.P. Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks
US9338024B2 (en) * 2007-04-11 2016-05-10 Arris Enterprises, Inc. Extended layer two tunneling protocol applications and architectures
US20220321499A1 (en) * 2019-03-18 2022-10-06 Brightways Corporation Switch flow module on an integrated circuit for aggregation in data center network switching

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490273B1 (en) * 1998-08-05 2002-12-03 Sprint Communications Company L.P. Asynchronous transfer mode architecture migration
US7055171B1 (en) * 2000-05-31 2006-05-30 Hewlett-Packard Development Company, L.P. Highly secure computer system architecture for a heterogeneous client environment
US20030014524A1 (en) 2001-07-11 2003-01-16 Alexander Tormasov Balancing shared servers in virtual environments
US7567510B2 (en) 2003-02-13 2009-07-28 Cisco Technology, Inc. Security groups
US7516211B1 (en) 2003-08-05 2009-04-07 Cisco Technology, Inc. Methods and apparatus to configure a communication port
US20050063395A1 (en) * 2003-09-18 2005-03-24 Cisco Technology, Inc. Virtual network device
US20070028244A1 (en) 2003-10-08 2007-02-01 Landis John A Computer system para-virtualization using a hypervisor that is implemented in a partition of the host system
US20060230407A1 (en) 2005-04-07 2006-10-12 International Business Machines Corporation Method and apparatus for using virtual machine technology for managing parallel communicating applications
US20070147279A1 (en) 2005-12-27 2007-06-28 Cisco Technology, Inc. Satellite switch communication over a network
US20080148386A1 (en) 2006-10-27 2008-06-19 Kreuk Volkert Nm Network packet inspection and forwarding
US7660265B2 (en) * 2006-10-27 2010-02-09 International Business Machines Corporation Network packet inspection and forwarding
US8055789B2 (en) * 2007-03-27 2011-11-08 Amazon Technologies, Inc. Configuring intercommunications between computing nodes
US9338024B2 (en) * 2007-04-11 2016-05-10 Arris Enterprises, Inc. Extended layer two tunneling protocol applications and architectures
US20090063706A1 (en) * 2007-08-30 2009-03-05 International Business Machines Corporation Combined Layer 2 Virtual MAC Address with Layer 3 IP Address Routing
US20090249438A1 (en) * 2008-03-27 2009-10-01 Moshe Litvin Moving security for virtual machines
US20090296726A1 (en) * 2008-06-03 2009-12-03 Brocade Communications Systems, Inc. ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT
US20090327462A1 (en) * 2008-06-27 2009-12-31 International Business Machines Corporation Method, system and program product for managing assignment of mac addresses in a virtual machine environment
US20100027442A1 (en) 2008-07-31 2010-02-04 International Business Machines Corporation Constructing scalable overlays for pub-sub with many topics: the greedy join-leave algorithm
US20100027420A1 (en) * 2008-07-31 2010-02-04 Cisco Technology, Inc. Dynamic distribution of virtual machines in a communication network
US20100131636A1 (en) * 2008-11-24 2010-05-27 Vmware, Inc. Application delivery control module for virtual network switch
US20110090911A1 (en) * 2009-10-21 2011-04-21 Fang Hao Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US8369333B2 (en) * 2009-10-21 2013-02-05 Alcatel Lucent Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US20110134793A1 (en) * 2009-12-03 2011-06-09 Christian Elsen Preventing loops on network topologies built with virtual switches and vms
US8705513B2 (en) * 2009-12-15 2014-04-22 At&T Intellectual Property I, L.P. Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks
US20110194404A1 (en) * 2010-02-11 2011-08-11 Nokia Siemens Networks Ethernet Solutions Ltd. System and method for fast protection of dual-homed virtual private lan service (vpls) spokes
US8345692B2 (en) * 2010-04-27 2013-01-01 Cisco Technology, Inc. Virtual switching overlay for cloud computing
US20220321499A1 (en) * 2019-03-18 2022-10-06 Brightways Corporation Switch flow module on an integrated circuit for aggregation in data center network switching

Non-Patent Citations (16)

* Cited by examiner, † Cited by third party
Title
Armbrust, Michael et al. "Above the Clouds: A Berkeley View of Cloud Computing", Technical Report No. UCB/EECS-2009-28, http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html, Feb. 10, 2009. (Year: 2009). *
AWS, "Amazon Virtual Private Cloud (VPC) (beta)," http://aws.amazon.com/vpc/, Jul. 24, 2010, 7 pages.
Cisco | VMware, "Virtual Networking Features of the VMware vNetwork Distributed Switch and Cisco Nexus 1000V Switches," http://www.cisco.com/en/prod/collateral/swithces/ps9441/ps9902/solution_overview_c22-526262.pdf, Dec. 15, 2009, 6 pages.
Cisco, "Cisco VN-Link: Virtualization-Aware Networking," White Paper, http://www.cisco.com/en/US/solutions/collateral/ns340/ns224/ns892/ns894/white_paper_c11-525307.pdf, Mar. 1, 2009, 10 pages.
Cohen, Reuven "Virtual Private Cloud (VPC)", Elastic Vapor Blog Post, http://elasticvapor.com/2008/05/virtual-private-cloud-vpc.html, May 8, 2008. (Year: 2008). *
CohesiveFT, "VPN-Cubed IPsec to EC2 (Free Edition) v20090827," http://www.cohesiveft.com/dnld/VPN-Cubed_IPsec_toEC2_Free_Edition_v20090827.pdf, Aug. 27, 2009, 41 pages.
CohesiveFT, "VPN-Cubed SSL to Cloud (Free Edition) v20091207," http://www.cohesiveft.com/dnld/VPN-Cubed_051_SSL-to-Cloud_Free-Edition_20091207.pdf, Dec. 7, 2009, 47 pages.
CohesiveFT:"VPN-Cubed IPsec to EC2 Free Edition v20090827",Aug. 28, 2009,XP000002657094, URL:http://www.cohesiveft.com/dnld/VPN-Cubed_IPsec_toEC2_Free_Edition_v20090827.pdf.
English Translation of Office Action in counterpart Chinese Patent Application No. 201180020902.6, dated Feb. 16, 2015, 5 pages.
English Translation of Office Action in counterpart Chinese Patent Application No. 201180020902.6, dated Jul. 11, 2014, 12 pages.
First Examination Report in counterpart Indian Patent Application No. 3020/KOLNP/2012, dated Dec. 6, 2018, 6 pages.
http://aws.amazon/com/vpc.
International Preliminary Report on Patentability in counterpart International Application No. PCT/US2011/000701, dated Oct. 30, 2012, 7 pages.
International Search Report and Written Opinion in counterpart International Application No. PCT/US2011/000701, dated Sep. 9, 2011, 9 pages.
Wood, et al., "The Case for Enterprise-Ready Virtual Private Clouds," https://www.usenix.org/legacy/event/hotcloud09/tech/full_papers/wood.pdf, Jun. 2009, 5 pages.
Wood, Timothy, Prashant Shenoy, Alexandre Gerber, K.K. Ramakrishnan, and Jacobus Van der Merwe "The Case for Enterprise-Ready Virtual Private Clouds", Proceedings of the 2009 Conference on Hot Topics in Cloud Computing HotCloud'09, Jun. 15, 2009. (Year: 2009). *

Also Published As

Publication number Publication date
CN102884761B (en) 2015-12-16
US8345692B2 (en) 2013-01-01
EP2564564B1 (en) 2018-09-12
EP2564564A1 (en) 2013-03-06
US20110261828A1 (en) 2011-10-27
WO2011139333A1 (en) 2011-11-10
CN102884761A (en) 2013-01-16

Similar Documents

Publication Publication Date Title
USRE49663E1 (en) Virtual switching overlay for cloud computing
US20210344692A1 (en) Providing a virtual security appliance architecture to a virtual cloud infrastructure
CN110838975B (en) Secure forwarding of tenant workloads in virtual networks
US11385929B2 (en) Migrating workloads in multicloud computing environments
US10728288B2 (en) Policy-driven workload launching based on software defined networking encryption policies
US10148500B2 (en) User-configured on-demand virtual layer-2 network for Infrastructure-as-a-Service (IaaS) on a hybrid cloud network
US10924431B2 (en) Distributed processing of north-south traffic for logical network in public cloud
JP5976942B2 (en) System and method for providing policy-based data center network automation
EP2845346B1 (en) System and method for secure provisioning of virtualized images in a network environment
CN116366449A (en) System and method for user customization and automation operations on a software defined network
EP3485610A1 (en) Extension of network control system into public cloud
US10116622B2 (en) Secure communication channel using a blade server
US20230023429A1 (en) Overlay broadcast network for management traffic
US11546242B2 (en) Logical overlay tunnel monitoring
US20240244036A1 (en) Flow based breakout of firewall usage based on trust
Salomoni et al. A dynamic virtual networks solution for cloud computing
Chandramouli Deployment-driven Security Configuration for Virtual Networks
OpenStack Mellanox Reference Architecture for Red Hat Enterprise Linux OpenStack Platform 4.0

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SMITH, MICHAEL;REEL/FRAME:063730/0016

Effective date: 20100426