USRE49663E1 - Virtual switching overlay for cloud computing - Google Patents
Virtual switching overlay for cloud computing Download PDFInfo
- Publication number
- USRE49663E1 USRE49663E1 US17/363,273 US202117363273A USRE49663E US RE49663 E1 USRE49663 E1 US RE49663E1 US 202117363273 A US202117363273 A US 202117363273A US RE49663 E USRE49663 E US RE49663E
- Authority
- US
- United States
- Prior art keywords
- virtual
- network
- data
- switch
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 238000000034 method Methods 0.000 claims abstract description 29
- 238000004891 communication Methods 0.000 claims abstract description 26
- 230000006870 function Effects 0.000 claims description 6
- 230000011664 signaling Effects 0.000 claims description 3
- 230000005641 tunneling Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims 2
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000006424 Flood reaction Methods 0.000 description 1
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- RGNPBRKPHBKNKX-UHFFFAOYSA-N hexaflumuron Chemical compound C1=C(Cl)C(OC(F)(F)C(F)F)=C(Cl)C=C1NC(=O)NC(=O)C1=C(F)C=CC=C1F RGNPBRKPHBKNKX-UHFFFAOYSA-N 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004557 technical material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
Definitions
- the present disclosure relates generally to communication networks, and more particularly, to cloud computing.
- IaaS Infrastructure as a Service
- IaaS delivers computer infrastructure, typically a platform virtualization environment, as a service. Rather than purchasing servers, software, data center space, or network equipment, customers instead purchase these resources as an outsourced service.
- Most IaaS providers do not disclose how their infrastructures are handled internally since they often view this as their competitive advantage. As a result, the enterprise has no visibility into the infrastructure within the cloud and is left with no assurance of security, reliability, or visibility. Even if the provider discloses how their internal operations are implemented, there is still no way for the enterprise to monitor or verify the infrastructure.
- FIG. 1 illustrates an example of a network in which embodiments described herein may be implemented.
- FIG. 2 is a diagram illustrating a virtual switch interconnecting an enterprise data center and a virtual private cloud data center in the network of FIG. 1 , in accordance with one embodiment.
- FIG. 3 is a diagram illustrating implementation of the virtual switch in the network of FIG. 1 , in accordance with one embodiment.
- FIG. 4 is a diagram illustrating details of the virtual switch located in a virtual machine in the network of FIG. 3 , in accordance with one embodiment.
- FIG. 5 is a flowchart illustrating an overview of a process for implementing a virtual switching overlay for cloud computing, in accordance with one embodiment.
- FIG. 6 depicts an example of a network device useful in implementing embodiments described herein.
- a method generally comprises receiving data at a virtual switch located at a network device in a cloud network.
- the data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network.
- the method further includes transmitting the data from the virtual switch to the virtual machine.
- the virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
- logic is encoded in one or more tangible media for execution and when executed operable to switch data between virtual machines located in a cloud network, forward data to an external network, perform access layer switch operations for the external network, and create a virtual switching overlay for secure communication between the virtual machines and the external network.
- Cloud computing is a model that provides resources and services that are abstracted from an underlying infrastructure and provided on demand and at scale in a multi-tenant environment.
- the clouds are typically accessed through web browsers or APIs (Application Programming Interfaces) and offer nearly unlimited capacity on demand, but with limited customer control.
- IaaS Infrastructure as a service
- a popular offering within IaaS is the Virtual Private Cloud (VPC).
- VPC Virtual Private Cloud
- the VPC includes a set of Virtual Machines (VMs) and networks that are connected to the enterprise and appear to be part of the enterprise (i.e., associated with the enterprise network).
- VMs Virtual Machines
- the network administrator has to extend the enterprise network into an insecure environment and therefore loses visibility into what is happening within the cloud, and control over security and enterprise-class features.
- the embodiments described herein address the above needs within the cloud computing environment.
- the embodiments provide a virtual switching overlay on top of the cloud infrastructure. This allows the network administrator to regain control of the network access layer within the virtual private cloud and provides full visibility into the cloud, secure communication within the cloud and from the cloud to the enterprise, and an interface to the cloud network that is independent of the service provider.
- FIG. 1 an example of a network 10 that may implement embodiments described herein is shown.
- the embodiments operate in the context of a data communication network including multiple network elements.
- Some of the elements in a network that employs the system may be network devices such as servers, switches, routers, or gateways.
- the network device may include, for example, a master central processing unit (CPU), interfaces, and a bus.
- the CPU preferably includes memory and a processor.
- the network device may be implemented on a general purpose network machine such as described below with respect to FIG. 6 . It is to be understood that the simplified network shown in FIG. 1 is only one example, and that the embodiments described herein may be employed in networks having different configurations and types of network devices.
- the network 10 shown in FIG. 1 includes a customer network (e.g., enterprise network) 12 in communication with a service provider network 14 through a public network (e.g., Internet) 16 .
- the customer network 12 includes a plurality of end users 18 at one or more locations.
- the service provider 14 includes a cloud network (e.g., virtual private cloud) 20 , which is an isolated portion of the service provider network.
- the VPC 20 may include any number of subnets 25 .
- the subnet 25 is a segment of the VPC's IP address range where the customer can place groups of isolated resources.
- the service provider network 14 may include any number of virtual private clouds 20 or subnets 25 associated with the customer network 12 or other customer networks. The customers are segmented within the virtual private cloud 20 by the service provider.
- the customer end users 18 communicate with the VPC 20 over a connection 22 (e.g., Virtual Private Network (VPN) connection) between a customer gateway 24 and VPN gateway 26 .
- the connection 22 passes through the public network 16 .
- the customer 18 may also communicate outside of the VPN connection 22 as shown at communication path 28 .
- the customer network 12 is located outside of the VPC 20 and may be referred to as an external network as viewed from the VPC.
- the VPC 20 includes a plurality of servers 40 which utilize virtualization technology.
- Virtualization allows one computer to do the job of multiple computers by sharing the resources of a single computer across multiple systems.
- Software is used to virtualize hardware resources of a computer, including, for example, the CPU, RAM, hard disk, and network controller, to create a virtual machine that can run its own operating system and applications.
- Multiple virtual machines on each server share hardware resources without interfering with each other so that several operating systems and applications can be run at the same time.
- the virtual machines are deployed within the cloud on demand with the IP addresses of the VMs controlled by the enterprise.
- a virtual switch 34 is located in the VPC 20 to provide a virtual switching overlay 18 on top of the cloud.
- the virtual switch 34 operates as an access layer switch for the customer so that the customer has control of the cloud network access layer.
- FIG. 2 illustrates the virtual switch 34 located in a VPC data center (cloud 20 in FIG. 1 ) and in communication with a virtual switch 36 located at an enterprise data center (customer network 12 in FIG. 1 ).
- the virtual switch 34 provides secure communication within the VPC data center 20 and to the enterprise data center 12 .
- Secure tunnel communication between the virtual switch 34 and the enterprise network 12 may be in the form of L2TPv3 (Layer 2 Tunneling Protocol version 3) over IPsec (Internet Protocol Security) so that the default gateway is in the enterprise network.
- Layer 3 (L3) VPN communication may also be used between the enterprise 12 and the VPC 20 .
- the virtual switch 34 operates as a default gateway at the VPC 20 . It is to be understood that other protocols may also be used to securely transfer data between the virtual switch 34 and enterprise 12 .
- the virtual switch 34 transmits data received from the enterprise 12 to virtual machines 30 located within the VPC 20 via encrypted links (virtual secure wires) 48 .
- the VPC data center 20 may also include more than one virtual switch 34 with an encrypted link between the virtual switches.
- L2TPv3 over IPsec may be used to encrypt packets transmitted between the virtual switch 34 and virtual machines 30 . It is to be understood that L2TPv3 over IPsec is only one example and that other protocols may be used to transfer data between the virtual switch 34 and virtual machines 30 .
- each virtual machine 30 includes an agent 32 .
- the agent 32 may be a VPN client, for example, or other application loaded in the virtual machine 30 by an enterprise server/application administrator.
- the agent 32 contains the IP address assigned by the service provider and port profile names.
- a port profile is used to define a common set of configuration policies (attributes) for multiple interfaces.
- the port profiles are associated with port configuration policies defined by the network administrator and applied to a large number of ports as they come online in a virtual environment.
- the VPN connection 22 may be used to signal VM MAC addresses back to the enterprise 12 to prevent flooding across the VPN connection 22 . Since traffic leaving the virtual private cloud 20 is often billed by the provider, stopping floods can reduce costs.
- the virtual switch 36 at the enterprise may also proxy ARP (Address Resolution Protocol) requests on behalf of the VMs 30 within the VPC 20 . As shown in FIG. 2 , the enterprise virtual switch 36 also has an unencrypted interface at link 35 which connects to the rest of the enterprise network.
- ARP Address Resolution Protocol
- FIG. 3 illustrates details of implementation of the virtual switch 34 in the network of FIG. 1 , in accordance with one embodiment.
- the virtual switch 34 is located in one of the virtual machines 30 .
- the servers 40 in the VPC 20 each include one or more virtual machines 30 .
- the virtual switch 34 is installed at VM A, which is located along with VM B at a first server.
- VM C and VM D are located at a second server, and VM E is located at a third server, each server being physically separate from the other servers.
- the virtual machines 30 may each be moved between servers 40 based on traffic patterns, hardware resources, or other criteria.
- the servers 40 are in communication with the network via switches 52 , 54 , (e.g., hardware implemented network switches or other network devices configured to perform switching or routing functions).
- the switches 52 , 54 may be in communication with a management station 56 (e.g., virtualization management platform such as VMware Virtual Center management station, available from VMware of Palo Alto, Calif.).
- the management station 56 or one or more management functions may also be integrated into the switches 52 , 54 .
- the virtual machines 30 communicate with the network via a virtual switch ( 45 , 46 ), such as NEXUS 1000V, available from Cisco Systems, Inc. of San Jose, Calif.
- the virtual switch is located in the service provider network 14 and includes components referred to as a Virtual Supervisor Module (VSM) 45 and Virtual Ethernet Module (VEM) 46 .
- VSM Virtual Supervisor Module
- VEM Virtual Ethernet Module
- the VSM 45 may be located in a physical appliance (e.g., server) in communication with the servers 40 and management station 56 via physical switches 52 , 54 .
- the VSM 45 may also be a virtual appliance (e.g., virtual machine) installed at one of the servers 40 or the VSM may be installed at one of the switches 52 , 54 .
- the VSM 45 is configured to provide control/management plane functionality for the virtual machines 30 and control multiple VEMs 46 .
- the VEM 46 provides switching capability at the server 40 and operates as a data plane associated with the control plane of the VSM 45 .
- the VSM 45 and VEM 46 operate together to form a distributed virtual switch as viewed by the management station 56 .
- the VSM 45 and VEM 46 may also be located together in a network device (e.g., switch 52 , 54 , server 40 or other network device in communication with the switches 52 , 54 and servers 40 ).
- the network shown in FIG. 3 is only one example, and that the virtual switching overlay 18 may be used in different networks having different network components.
- the virtual switching overlay 18 may run on top of VMWare, Xen hypervisor or any other hypervisor or platform virtualization model at the VPC 20 .
- the virtual switch (VSM 45 /VEM 46 ) is just one example of a virtualization model at the service provider network.
- FIG. 4 illustrates one example of the virtual switch 34 installed at VM A in FIG. 3 .
- the virtual switch 34 switches traffic between the secure virtual wires 48 connecting the virtual switch to the virtual machines 30 .
- the virtual wires 48 run from the virtual switch 34 to the agent 32 installed in the virtual machines 30 ( FIGS. 2 and 4 ).
- the virtual switch 34 includes a Virtual Supervisor Module (VSM) 58 and Virtual Ethernet Module (VEM) 60 .
- VSM Virtual Supervisor Module
- VEM Virtual Ethernet Module
- the VEM 60 supports a plurality (e.g., hundreds or thousands (or fewer or more)) of virtual Ethernet interfaces which communicate with the VMs 30 .
- the virtual wire 48 establishes a secure tunnel using L2 over IPSec (or other protocol) to the VSM IP address at the virtual switch 34 .
- the virtual switch 34 may encapsulate packets with an L2TPv3 header before transmitting the packets over the wire 48 .
- the virtual switch 34 allows the enterprise to gain control of the cloud network access layer. All traffic entering or leaving the cloud (e.g., VPC 20 or subnet 25 in VPC) associated with the enterprise passes through the virtual switch 34 .
- An administrator at the enterprise can access the virtual switch 34 and view the virtual Ethernet ports (interfaces), configure ACLs (Access Control Lists), manage port profiles, and perform other management functions typically performed at the access layer.
- the VPC 20 may include multiple virtual switches 34 connected to a central management plane.
- the central management plane is assigned an elastic IP address and spawns off virtual switches 34 as virtual Ethernet interfaces are created and limits at the virtual switch are reached.
- the port profiles may be configured in the central management plane with the virtual switches 34 pulling port profiles on demand when the associated virtual Ethernet interfaces connect to the virtual switch.
- the virtual switches 34 preferably create a full mesh of VPN tunnels to form a single logical switch to prevent loops and eliminate the need for spanning tree.
- FIG. 5 is a flowchart illustrating an overview of a process for implementing a virtual switching overlay for cloud computing, in accordance with one embodiment.
- the virtual switching overlay 18 is created by installing the virtual switch 34 at a network device (e.g., server 40 ) in the cloud network 20 .
- the virtual switch 34 operates as an access layer switch for an external network (e.g., customer network 12 located outside of the cloud network) and creates the virtual switching overlay 18 for secure communication between the virtual machines 30 and the external network 12 .
- the virtual switch 34 receives data from the external network at step 62 .
- the received data is destined for one or more of the virtual machines 30 located within the cloud network 20 and associated with the external network 12 .
- the virtual switch 34 transmits the data to the virtual machine 30 over virtual wire 48 (step 64 ).
- the data may be, for example, a packet or frame containing a request for data stored at one of the servers 40 or an update to data stored at one or more of the servers.
- FIG. 6 depicts a network device 70 that may be used to implement embodiments described herein.
- the network device 70 may be, for example, the server 40 containing the virtual switch 34 .
- Network device 70 is configured to implement all of the network protocols and extensions thereof described herein.
- network device 70 is a programmable machine that may be implemented in hardware, software, or any combination thereof.
- Logic may be encoded in one or more tangible media for execution by a processor 72 .
- processor 72 may execute codes stored in a program memory 74 .
- Program memory 74 is one example of a computer-readable medium.
- Program memory 74 can be a volatile memory.
- the processor 72 includes means for transmitting, receiving, and encapsulating data and signaling addresses.
- Network device 70 interfaces with physical media via a plurality of linecards (network interfaces) 76 .
- Linecards 76 may incorporate Ethernet interfaces, DSL interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, SONET interfaces, etc.
- packets As packets are received, processed, and forwarded by network device 70 , they may be stored in a packet memory 78 .
- linecards 76 may incorporate processing and memory resources similar to those discussed above in connection with the network device as a whole. It is to be understood that the network device 70 shown in FIG. 6 and described above is only one example and that different configurations of network devices may be used.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
In one embodiment, a method includes receiving data at a virtual switch located at a network device in a cloud network. The data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network. The method further includes transmitting the data from the virtual switch to the virtual machines. The virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network. Logic and an apparatus are also disclosed.
Description
The present disclosure relates generally to communication networks, and more particularly, to cloud computing.
The number of applications and amount of data in enterprise data centers continue to grow. Cloud computing is being proposed as one possibility to meet the increasing demands. Cloud computing enables network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort. Infrastructure as a Service (IaaS) is one area of cloud computing that has attracted a lot of interest. IaaS delivers computer infrastructure, typically a platform virtualization environment, as a service. Rather than purchasing servers, software, data center space, or network equipment, customers instead purchase these resources as an outsourced service. Most IaaS providers do not disclose how their infrastructures are handled internally since they often view this as their competitive advantage. As a result, the enterprise has no visibility into the infrastructure within the cloud and is left with no assurance of security, reliability, or visibility. Even if the provider discloses how their internal operations are implemented, there is still no way for the enterprise to monitor or verify the infrastructure.
Corresponding reference characters indicate corresponding parts throughout the several views of the drawings.
Overview
In one embodiment, a method generally comprises receiving data at a virtual switch located at a network device in a cloud network. The data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network. The method further includes transmitting the data from the virtual switch to the virtual machine. The virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
In another embodiment, logic is encoded in one or more tangible media for execution and when executed operable to switch data between virtual machines located in a cloud network, forward data to an external network, perform access layer switch operations for the external network, and create a virtual switching overlay for secure communication between the virtual machines and the external network.
Example Embodiments
The following description is presented to enable one of ordinary skill in the art to make and use the embodiments. Descriptions of specific embodiments and applications are provided only as examples and various modifications will be readily apparent to those skilled in the art. The general principles described herein may be applied to other applications without departing from the scope of the embodiments. Thus, the embodiments are not to be limited to the embodiments shown, but are to be accorded the widest scope consistent with the principles and features described herein. For purpose of clarity, features relating to technical material that is known in the technical fields related to the embodiments have not been described in detail.
Cloud computing is a model that provides resources and services that are abstracted from an underlying infrastructure and provided on demand and at scale in a multi-tenant environment. The clouds are typically accessed through web browsers or APIs (Application Programming Interfaces) and offer nearly unlimited capacity on demand, but with limited customer control. One area of cloud computing is Infrastructure as a service (IaaS), in which computing, network, and storage services are delivered over the network on a pay-as-you-go basis. A popular offering within IaaS is the Virtual Private Cloud (VPC). The VPC is hosted on a public cloud; therefore, it is not truly a private cloud. The VPC includes a set of Virtual Machines (VMs) and networks that are connected to the enterprise and appear to be part of the enterprise (i.e., associated with the enterprise network). With conventional implementations of virtual private clouds, there are concerns about security, reliability, and visibility. The network administrator has to extend the enterprise network into an insecure environment and therefore loses visibility into what is happening within the cloud, and control over security and enterprise-class features. Also, there is no consistent interface between all of the various cloud providers. Enterprises desire security, service-level guarantees, and compliance control, but with virtual private clouds, the service providers are in control of these requisite capabilities. These drawbacks prevent many enterprises from adopting cloud computing.
The embodiments described herein address the above needs within the cloud computing environment. The embodiments provide a virtual switching overlay on top of the cloud infrastructure. This allows the network administrator to regain control of the network access layer within the virtual private cloud and provides full visibility into the cloud, secure communication within the cloud and from the cloud to the enterprise, and an interface to the cloud network that is independent of the service provider.
Referring now to the drawings, and first to FIG. 1 , an example of a network 10 that may implement embodiments described herein is shown. The embodiments operate in the context of a data communication network including multiple network elements. Some of the elements in a network that employs the system may be network devices such as servers, switches, routers, or gateways. The network device may include, for example, a master central processing unit (CPU), interfaces, and a bus. The CPU preferably includes memory and a processor. The network device may be implemented on a general purpose network machine such as described below with respect to FIG. 6 . It is to be understood that the simplified network shown in FIG. 1 is only one example, and that the embodiments described herein may be employed in networks having different configurations and types of network devices.
The network 10 shown in FIG. 1 includes a customer network (e.g., enterprise network) 12 in communication with a service provider network 14 through a public network (e.g., Internet) 16. The customer network 12 includes a plurality of end users 18 at one or more locations. The service provider 14 includes a cloud network (e.g., virtual private cloud) 20, which is an isolated portion of the service provider network. The VPC 20 may include any number of subnets 25. The subnet 25 is a segment of the VPC's IP address range where the customer can place groups of isolated resources. The service provider network 14 may include any number of virtual private clouds 20 or subnets 25 associated with the customer network 12 or other customer networks. The customers are segmented within the virtual private cloud 20 by the service provider. The customer end users 18 communicate with the VPC 20 over a connection 22 (e.g., Virtual Private Network (VPN) connection) between a customer gateway 24 and VPN gateway 26. The connection 22 passes through the public network 16. The customer 18 may also communicate outside of the VPN connection 22 as shown at communication path 28. The customer network 12 is located outside of the VPC 20 and may be referred to as an external network as viewed from the VPC.
The VPC 20 includes a plurality of servers 40 which utilize virtualization technology. Virtualization allows one computer to do the job of multiple computers by sharing the resources of a single computer across multiple systems. Software is used to virtualize hardware resources of a computer, including, for example, the CPU, RAM, hard disk, and network controller, to create a virtual machine that can run its own operating system and applications. Multiple virtual machines on each server share hardware resources without interfering with each other so that several operating systems and applications can be run at the same time. The virtual machines are deployed within the cloud on demand with the IP addresses of the VMs controlled by the enterprise.
As described in detail below, a virtual switch 34 is located in the VPC 20 to provide a virtual switching overlay 18 on top of the cloud. The virtual switch 34 operates as an access layer switch for the customer so that the customer has control of the cloud network access layer.
The virtual switch 34 transmits data received from the enterprise 12 to virtual machines 30 located within the VPC 20 via encrypted links (virtual secure wires) 48. The VPC data center 20 may also include more than one virtual switch 34 with an encrypted link between the virtual switches. L2TPv3 over IPsec may be used to encrypt packets transmitted between the virtual switch 34 and virtual machines 30. It is to be understood that L2TPv3 over IPsec is only one example and that other protocols may be used to transfer data between the virtual switch 34 and virtual machines 30.
In one embodiment, each virtual machine 30 includes an agent 32. The agent 32 may be a VPN client, for example, or other application loaded in the virtual machine 30 by an enterprise server/application administrator. The agent 32 contains the IP address assigned by the service provider and port profile names. A port profile is used to define a common set of configuration policies (attributes) for multiple interfaces. The port profiles are associated with port configuration policies defined by the network administrator and applied to a large number of ports as they come online in a virtual environment.
The VPN connection 22 may be used to signal VM MAC addresses back to the enterprise 12 to prevent flooding across the VPN connection 22. Since traffic leaving the virtual private cloud 20 is often billed by the provider, stopping floods can reduce costs. The virtual switch 36 at the enterprise may also proxy ARP (Address Resolution Protocol) requests on behalf of the VMs 30 within the VPC 20. As shown in FIG. 2 , the enterprise virtual switch 36 also has an unencrypted interface at link 35 which connects to the rest of the enterprise network.
The servers 40 are in communication with the network via switches 52, 54, (e.g., hardware implemented network switches or other network devices configured to perform switching or routing functions). The switches 52, 54 may be in communication with a management station 56 (e.g., virtualization management platform such as VMware Virtual Center management station, available from VMware of Palo Alto, Calif.). The management station 56 or one or more management functions may also be integrated into the switches 52, 54.
In the embodiment shown in FIG. 3 , the virtual machines 30 communicate with the network via a virtual switch (45, 46), such as NEXUS 1000V, available from Cisco Systems, Inc. of San Jose, Calif. The virtual switch is located in the service provider network 14 and includes components referred to as a Virtual Supervisor Module (VSM) 45 and Virtual Ethernet Module (VEM) 46. The VSM 45 may be located in a physical appliance (e.g., server) in communication with the servers 40 and management station 56 via physical switches 52, 54. The VSM 45 may also be a virtual appliance (e.g., virtual machine) installed at one of the servers 40 or the VSM may be installed at one of the switches 52, 54.
The VSM 45 is configured to provide control/management plane functionality for the virtual machines 30 and control multiple VEMs 46. The VEM 46 provides switching capability at the server 40 and operates as a data plane associated with the control plane of the VSM 45. The VSM 45 and VEM 46 operate together to form a distributed virtual switch as viewed by the management station 56. The VSM 45 and VEM 46 may also be located together in a network device (e.g., switch 52, 54, server 40 or other network device in communication with the switches 52, 54 and servers 40).
It is to be understood that the network shown in FIG. 3 is only one example, and that the virtual switching overlay 18 may be used in different networks having different network components. For example, the virtual switching overlay 18 may run on top of VMWare, Xen hypervisor or any other hypervisor or platform virtualization model at the VPC 20. Thus, the virtual switch (VSM 45/VEM 46) is just one example of a virtualization model at the service provider network.
The virtual switch 34 allows the enterprise to gain control of the cloud network access layer. All traffic entering or leaving the cloud (e.g., VPC 20 or subnet 25 in VPC) associated with the enterprise passes through the virtual switch 34. An administrator at the enterprise can access the virtual switch 34 and view the virtual Ethernet ports (interfaces), configure ACLs (Access Control Lists), manage port profiles, and perform other management functions typically performed at the access layer.
The VPC 20 may include multiple virtual switches 34 connected to a central management plane. The central management plane is assigned an elastic IP address and spawns off virtual switches 34 as virtual Ethernet interfaces are created and limits at the virtual switch are reached. The port profiles may be configured in the central management plane with the virtual switches 34 pulling port profiles on demand when the associated virtual Ethernet interfaces connect to the virtual switch. The virtual switches 34 preferably create a full mesh of VPN tunnels to form a single logical switch to prevent loops and eliminate the need for spanning tree.
Although the method and apparatus have been described in accordance with the embodiments shown, one of ordinary skill in the art will readily recognize that there could be variations made without departing from the scope of the embodiments. Accordingly, it is intended that all matter contained in the above description and shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.
Claims (63)
1. A method comprising:
receiving data at a virtual switch located at a network device in a cloud network, said data received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network; and
transmitting said data from the virtual switch to said one or more virtual machines;
wherein the virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
2. The method of claim 1 wherein the external network is an enterprise network and the cloud network is a virtual private cloud in a service provider network.
3. The method of claim 1 wherein transmitting said data comprises encapsulating said data for transmittal over a layer 3 network.
4. The method of claim 1 wherein transmitting said data comprises transmitting said data over a virtual wire to an agent installed at one of the virtual machines.
5. The method of claim 1 wherein said data is received over a virtual private network connection between the cloud network and the external network.
6. The method of claim 1 wherein transmitting said data comprises utilizing a layer 2 tunneling protocol over a secure Internet protocol.
7. The method of claim 1 further comprising securely transmitting data received from one of the virtual machines to a virtual switch in the external network.
8. The method of claim 1 further comprising signaling MAC addresses of the virtual machines to the external network.
9. Logic encoded in one or more tangible non-transitory media for execution and when executed operable to:
switch data between virtual machines located in a cloud network;
forward data to an external network;
perform access layer switch operations for the external network; and
create a virtual switching overlay for secure communication of said data between the virtual machines and the external network.
10. The logic of claim 9 wherein the external network is an enterprise network and the cloud network is a virtual private cloud in a service provider network.
11. The logic of claim 9 wherein the logic is further operable to encapsulate said data for transmittal over a layer 3 network.
12. The logic of claim 9 wherein said data is forwarded to the external network over a virtual private network connection between the cloud network and the external network.
13. The logic of claim 9 wherein said data is forwarded utilizing a layer 2 tunneling protocol over a secure Internet protocol.
14. The logic of claim 9 wherein the logic is further operable to signal MAC addresses of the virtual machines to the external network.
15. An apparatus comprising
means for receiving data at a virtual switch in a cloud network, said data received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network; and
means for transmitting said data from the virtual switch to said one or more virtual machines;
wherein the virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network.
16. The apparatus of claim 15 wherein the external network is an enterprise network and the cloud network is a virtual private cloud in a service provider network.
17. The apparatus of claim 15 wherein means for transmitting said data comprises means for encapsulating said data for transmittal over a layer 3 network.
18. The apparatus of claim 15 wherein means for transmitting said data comprises means for transmitting said data over a virtual wire to an agent installed at the virtual machine.
19. The apparatus of claim 15 wherein said data is received over a virtual private network connection between the cloud network and the external network.
20. The apparatus of claim 15 further comprising means for signaling MAC addresses of the virtual machines to the external network.
21. The method of claim 1, wherein data transmitted between the virtual switch and the external network is transmitted via secure tunnel communication.
22. The method of claim 1, wherein data transmitted between the virtual switch and the one or more virtual machines is encapsulated.
23. The method of claim 22, wherein the one or more virtual machines and the external network are part of a single overlay network.
24. The method of claim 1, wherein the cloud network is in a first datacenter and the external network is in a second datacenter.
25. The method of claim 1, wherein the virtual switch is located in one of the one or more virtual machines located in the cloud network.
26. The method of claim 1, further comprising creating an additional virtual switch in response to a limit of the virtual switch being reached.
27. The method of claim 1, further comprising associating one or more agents with said one or more virtual machines.
28. The method of claim 27, wherein transmitting said data comprises transmitting said data over a secure connection to one of the one or more agents associated with one of said one or more virtual machines.
29. The method of claim 1, wherein each of the one or more virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the cloud network.
30. The method of claim 1, wherein the virtual switch further comprises a virtual supervisor module that provides control plane functionality.
31. The method of claim 1, wherein the virtual switch comprises a virtual Ethernet module that operates as a data plane.
32. The method of claim 1, wherein the virtual switch is connected to a central management station.
33. The method of claim 32, further comprising:
accessing and performing management functions on the virtual switch.
34. The method of claim 1, wherein the virtual switch comprises a virtual supervisor module and a virtual Ethernet module.
35. The logic of claim 9, wherein data forwarded to the external network is transmitted via secure tunnel communication.
36. The logic of claim 9, wherein the cloud network is in a first datacenter and the external network is in a second datacenter.
37. The logic of claim 9, wherein each of the virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the cloud network.
38. The apparatus of claim 15, wherein data transmitted between the virtual switch from the external network is transmitted via secure tunnel communication.
39. The apparatus of claim 38, wherein data transmitted between the virtual switch and the one or more virtual machines is encapsulated.
40. The apparatus of claim 39, wherein the one or more virtual machines and the external network are part of a single overlay network.
41. The apparatus of claim 15, wherein the cloud network is in a first datacenter and the external network is in a second datacenter.
42. The apparatus of claim 15, wherein the virtual switch is located in a virtual machine located in the cloud network.
43. The apparatus of claim 15, wherein an additional virtual switch is created in response to a limit of the virtual switch being reached.
44. The apparatus of claim 15, wherein one or more agents are associated with said one or more virtual machines.
45. The apparatus of claim 44, wherein the means for transmitting said data causes transmission of said data over a secure connection to one of the one or more agents associated with one of said one or more virtual machines.
46. The apparatus of claim 15, wherein each of the one or more virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the cloud network.
47. The apparatus of claim 15, wherein the virtual switch comprises a virtual supervisor module that provides control plane functionality.
48. The apparatus of claim 15, wherein the virtual switch comprises a virtual Ethernet module that operates as a data plane.
49. The apparatus of claim 15, wherein the virtual switch is connected to a central management station.
50. The apparatus of claim 49, wherein the virtual switch is configured to enable access by an administrator to perform management functions on the virtual switch.
51. A system comprising:
a first data center associated with an enterprise; and
a second data center that includes a virtual switch and one or more virtual machines in a cloud network associated with the enterprise;
wherein the virtual switch is configured to:
receive data from the first data center and destined for the one or more virtual machines; and
operate as an access layer switch for the first data center and create a virtual switching overlay for secure communication between the one or more virtual machines and the first data center by encapsulating said data for transmission to said one or more virtual machines.
52. The system of claim 51, wherein data transmitted between the virtual switch and the first data center is transmitted via secure tunnel communication.
53. The system of claim 51, wherein the one or more virtual machines and the first data center are part of a single overlay network.
54. The system of claim 51, wherein the virtual switch is located in one of the one or more virtual machines located in the second data center.
55. The system of claim 51, further comprising an additional virtual switch that is created in response to a limit of the virtual switch being reached.
56. The system of claim 51, further comprising one or more agents associated with the one or more virtual machines.
57. The system of claim 56, wherein the virtual switch is configured to transmit said data over a secure connection to one of the one or more agents associated with one of said one or more virtual machines.
58. The system of claim 51, wherein each of the one or more virtual machines has a set of policies and/or attributes that are applied as the virtual machine comes online in the second data center.
59. The system of claim 51, wherein the virtual switch further comprises a virtual supervisor module that provides control plane functionality.
60. The system of claim 51, wherein the virtual switch comprises a virtual Ethernet module that operates as a data plane.
61. The system of claim 51, further comprising a central management station that is in communication with the virtual switch.
62. The system of claim 61, wherein the central management station is configured to access and perform management functions on the virtual switch.
63. The system of claim 51, wherein the virtual switch comprises a virtual supervisor module and a virtual Ethernet module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/363,273 USRE49663E1 (en) | 2010-04-27 | 2021-06-30 | Virtual switching overlay for cloud computing |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/799,557 US8345692B2 (en) | 2010-04-27 | 2010-04-27 | Virtual switching overlay for cloud computing |
US17/363,273 USRE49663E1 (en) | 2010-04-27 | 2021-06-30 | Virtual switching overlay for cloud computing |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/799,557 Reissue US8345692B2 (en) | 2010-04-27 | 2010-04-27 | Virtual switching overlay for cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
USRE49663E1 true USRE49663E1 (en) | 2023-09-19 |
Family
ID=44358202
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/799,557 Ceased US8345692B2 (en) | 2010-04-27 | 2010-04-27 | Virtual switching overlay for cloud computing |
US17/363,273 Active 2031-03-04 USRE49663E1 (en) | 2010-04-27 | 2021-06-30 | Virtual switching overlay for cloud computing |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/799,557 Ceased US8345692B2 (en) | 2010-04-27 | 2010-04-27 | Virtual switching overlay for cloud computing |
Country Status (4)
Country | Link |
---|---|
US (2) | US8345692B2 (en) |
EP (1) | EP2564564B1 (en) |
CN (1) | CN102884761B (en) |
WO (1) | WO2011139333A1 (en) |
Families Citing this family (253)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8811431B2 (en) | 2008-11-20 | 2014-08-19 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data |
US8489562B1 (en) * | 2007-11-30 | 2013-07-16 | Silver Peak Systems, Inc. | Deferred data storage |
US8885632B2 (en) | 2006-08-02 | 2014-11-11 | Silver Peak Systems, Inc. | Communications scheduler |
US8307115B1 (en) | 2007-11-30 | 2012-11-06 | Silver Peak Systems, Inc. | Network memory mirroring |
US9069599B2 (en) | 2008-06-19 | 2015-06-30 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US9489647B2 (en) | 2008-06-19 | 2016-11-08 | Csc Agility Platform, Inc. | System and method for a cloud computing abstraction with self-service portal for publishing resources |
US10411975B2 (en) | 2013-03-15 | 2019-09-10 | Csc Agility Platform, Inc. | System and method for a cloud computing abstraction with multi-tier deployment policy |
US8514868B2 (en) * | 2008-06-19 | 2013-08-20 | Servicemesh, Inc. | Cloud computing gateway, cloud computing hypervisor, and methods for implementing same |
US9717021B2 (en) | 2008-07-03 | 2017-07-25 | Silver Peak Systems, Inc. | Virtual network overlay |
US10164861B2 (en) | 2015-12-28 | 2018-12-25 | Silver Peak Systems, Inc. | Dynamic monitoring and visualization for network health characteristics |
US10805840B2 (en) | 2008-07-03 | 2020-10-13 | Silver Peak Systems, Inc. | Data transmission via a virtual wide area network overlay |
US8665886B2 (en) | 2009-03-26 | 2014-03-04 | Brocade Communications Systems, Inc. | Redundant host connection in a routed network |
US8369335B2 (en) | 2010-03-24 | 2013-02-05 | Brocade Communications Systems, Inc. | Method and system for extending routing domain to non-routing end stations |
US8345692B2 (en) * | 2010-04-27 | 2013-01-01 | Cisco Technology, Inc. | Virtual switching overlay for cloud computing |
US9461840B2 (en) | 2010-06-02 | 2016-10-04 | Brocade Communications Systems, Inc. | Port profile management for virtual cluster switching |
US9769016B2 (en) | 2010-06-07 | 2017-09-19 | Brocade Communications Systems, Inc. | Advanced link tracking for virtual cluster switching |
US9716672B2 (en) | 2010-05-28 | 2017-07-25 | Brocade Communications Systems, Inc. | Distributed configuration management for virtual cluster switching |
US9231890B2 (en) | 2010-06-08 | 2016-01-05 | Brocade Communications Systems, Inc. | Traffic management for virtual cluster switching |
US9001824B2 (en) | 2010-05-18 | 2015-04-07 | Brocade Communication Systems, Inc. | Fabric formation for virtual cluster switching |
US8867552B2 (en) | 2010-05-03 | 2014-10-21 | Brocade Communications Systems, Inc. | Virtual cluster switching |
US8625616B2 (en) | 2010-05-11 | 2014-01-07 | Brocade Communications Systems, Inc. | Converged network extension |
US8989186B2 (en) | 2010-06-08 | 2015-03-24 | Brocade Communication Systems, Inc. | Virtual port grouping for virtual cluster switching |
US9270486B2 (en) | 2010-06-07 | 2016-02-23 | Brocade Communications Systems, Inc. | Name services for virtual cluster switching |
US8634308B2 (en) | 2010-06-02 | 2014-01-21 | Brocade Communications Systems, Inc. | Path detection in trill networks |
US8885488B2 (en) | 2010-06-02 | 2014-11-11 | Brocade Communication Systems, Inc. | Reachability detection in trill networks |
US8446914B2 (en) | 2010-06-08 | 2013-05-21 | Brocade Communications Systems, Inc. | Method and system for link aggregation across multiple switches |
US9806906B2 (en) | 2010-06-08 | 2017-10-31 | Brocade Communications Systems, Inc. | Flooding packets on a per-virtual-network basis |
US9246703B2 (en) | 2010-06-08 | 2016-01-26 | Brocade Communications Systems, Inc. | Remote port mirroring |
US9628293B2 (en) | 2010-06-08 | 2017-04-18 | Brocade Communications Systems, Inc. | Network layer multicasting in trill networks |
US9608833B2 (en) | 2010-06-08 | 2017-03-28 | Brocade Communications Systems, Inc. | Supporting multiple multicast trees in trill networks |
US9342367B2 (en) * | 2010-06-16 | 2016-05-17 | Computer Associates Think, Inc. | System and method for selecting cloud services |
US9680750B2 (en) | 2010-07-06 | 2017-06-13 | Nicira, Inc. | Use of tunnels to hide network addresses |
US8817620B2 (en) | 2010-07-06 | 2014-08-26 | Nicira, Inc. | Network virtualization apparatus and method |
US9807031B2 (en) | 2010-07-16 | 2017-10-31 | Brocade Communications Systems, Inc. | System and method for network configuration |
US8613004B2 (en) * | 2010-12-07 | 2013-12-17 | Nec Laboratories America, Inc. | System and method for cloud infrastructure data sharing through a uniform communication framework |
US8699499B2 (en) * | 2010-12-08 | 2014-04-15 | At&T Intellectual Property I, L.P. | Methods and apparatus to provision cloud computing network elements |
US20120163164A1 (en) * | 2010-12-27 | 2012-06-28 | Brocade Communications Systems, Inc. | Method and system for remote load balancing in high-availability networks |
US8934483B2 (en) | 2011-01-20 | 2015-01-13 | Broadcom Corporation | Data center switch |
US10009315B2 (en) * | 2011-03-09 | 2018-06-26 | Amazon Technologies, Inc. | Outside live migration |
US9270572B2 (en) | 2011-05-02 | 2016-02-23 | Brocade Communications Systems Inc. | Layer-3 support in TRILL networks |
US9253252B2 (en) * | 2011-05-06 | 2016-02-02 | Citrix Systems, Inc. | Systems and methods for cloud bridging between intranet resources and cloud resources |
CN103650426B (en) * | 2011-05-06 | 2016-10-05 | 思杰系统有限公司 | For carrying out the system and method that cloud bridge connects between public cloud and privately owned cloud |
US8924542B1 (en) | 2011-05-31 | 2014-12-30 | Amazon Technologies, Inc. | Methods and apparatus for scalable private services |
US9736065B2 (en) | 2011-06-24 | 2017-08-15 | Cisco Technology, Inc. | Level of hierarchy in MST for traffic localization and load balancing |
US8879549B2 (en) | 2011-06-28 | 2014-11-04 | Brocade Communications Systems, Inc. | Clearing forwarding entries dynamically and ensuring consistency of tables across ethernet fabric switch |
US8948056B2 (en) | 2011-06-28 | 2015-02-03 | Brocade Communication Systems, Inc. | Spanning-tree based loop detection for an ethernet fabric switch |
US9401861B2 (en) | 2011-06-28 | 2016-07-26 | Brocade Communications Systems, Inc. | Scalable MAC address distribution in an Ethernet fabric switch |
US9407533B2 (en) | 2011-06-28 | 2016-08-02 | Brocade Communications Systems, Inc. | Multicast in a trill network |
US9007958B2 (en) | 2011-06-29 | 2015-04-14 | Brocade Communication Systems, Inc. | External loop detection for an ethernet fabric switch |
US8885641B2 (en) | 2011-06-30 | 2014-11-11 | Brocade Communication Systems, Inc. | Efficient trill forwarding |
US20130036213A1 (en) * | 2011-08-02 | 2013-02-07 | Masum Hasan | Virtual private clouds |
US9736085B2 (en) | 2011-08-29 | 2017-08-15 | Brocade Communications Systems, Inc. | End-to end lossless Ethernet in Ethernet fabric |
US8966499B2 (en) * | 2011-09-09 | 2015-02-24 | Microsoft Technology Licensing, Llc | Virtual switch extensibility |
US9319272B1 (en) * | 2011-09-21 | 2016-04-19 | Amazon Technologies, Inc. | Methods and apparatus for providing composed appliance services in virtualized private networks |
US9130991B2 (en) | 2011-10-14 | 2015-09-08 | Silver Peak Systems, Inc. | Processing data packets in performance enhancing proxy (PEP) environment |
US9626224B2 (en) | 2011-11-03 | 2017-04-18 | Silver Peak Systems, Inc. | Optimizing available computing resources within a virtual environment |
US9699117B2 (en) | 2011-11-08 | 2017-07-04 | Brocade Communications Systems, Inc. | Integrated fibre channel support in an ethernet fabric switch |
US9450870B2 (en) | 2011-11-10 | 2016-09-20 | Brocade Communications Systems, Inc. | System and method for flow management in software-defined networks |
US9313100B1 (en) | 2011-11-14 | 2016-04-12 | Amazon Technologies, Inc. | Remote browsing session management |
US20130142201A1 (en) | 2011-12-02 | 2013-06-06 | Microsoft Corporation | Connecting on-premise networks with public clouds |
US9330188B1 (en) | 2011-12-22 | 2016-05-03 | Amazon Technologies, Inc. | Shared browsing sessions |
US8908698B2 (en) | 2012-01-13 | 2014-12-09 | Cisco Technology, Inc. | System and method for managing site-to-site VPNs of a cloud managed network |
US9336321B1 (en) | 2012-01-26 | 2016-05-10 | Amazon Technologies, Inc. | Remote browsing and searching |
US8839087B1 (en) | 2012-01-26 | 2014-09-16 | Amazon Technologies, Inc. | Remote browsing and searching |
US8995272B2 (en) | 2012-01-26 | 2015-03-31 | Brocade Communication Systems, Inc. | Link aggregation in software-defined networks |
US9137210B1 (en) | 2012-02-21 | 2015-09-15 | Amazon Technologies, Inc. | Remote browsing session management |
US9742693B2 (en) | 2012-02-27 | 2017-08-22 | Brocade Communications Systems, Inc. | Dynamic service insertion in a fabric switch |
US9286444B2 (en) * | 2012-02-28 | 2016-03-15 | Verizon Patent And Licensing Inc. | Next generation secure gateway |
US9270523B2 (en) | 2012-02-28 | 2016-02-23 | International Business Machines Corporation | Reconfiguring interrelationships between components of virtual computing networks |
US8861403B2 (en) | 2012-03-15 | 2014-10-14 | Cisco Technology, Inc. | Interconnecting segmented layer two network for cloud switching |
US9154416B2 (en) | 2012-03-22 | 2015-10-06 | Brocade Communications Systems, Inc. | Overlay tunnel in a fabric switch |
US8856339B2 (en) * | 2012-04-04 | 2014-10-07 | Cisco Technology, Inc. | Automatically scaled network overlay with heuristic monitoring in a hybrid cloud environment |
US9201704B2 (en) * | 2012-04-05 | 2015-12-01 | Cisco Technology, Inc. | System and method for migrating application virtual machines in a network environment |
US9203784B2 (en) * | 2012-04-24 | 2015-12-01 | Cisco Technology, Inc. | Distributed virtual switch architecture for a hybrid cloud |
US9438556B1 (en) | 2012-05-01 | 2016-09-06 | Amazon Technologies, Inc | Flexibly configurable remote network identities |
US9294437B1 (en) * | 2012-05-01 | 2016-03-22 | Amazon Technologies, Inc. | Remotely configured network appliances and services |
US9450967B1 (en) | 2012-05-01 | 2016-09-20 | Amazon Technologies, Inc. | Intelligent network service provisioning and maintenance |
US9407450B2 (en) * | 2012-05-01 | 2016-08-02 | Cisco Technnology, Inc. | Method and apparatus for providing tenant information for network flows |
US9288182B1 (en) * | 2012-05-01 | 2016-03-15 | Amazon Technologies, Inc. | Network gateway services and extensions |
US9223634B2 (en) | 2012-05-02 | 2015-12-29 | Cisco Technology, Inc. | System and method for simulating virtual machine migration in a network environment |
US9374301B2 (en) | 2012-05-18 | 2016-06-21 | Brocade Communications Systems, Inc. | Network feedback in software-defined networks |
US9237188B1 (en) * | 2012-05-21 | 2016-01-12 | Amazon Technologies, Inc. | Virtual machine based content processing |
US10277464B2 (en) | 2012-05-22 | 2019-04-30 | Arris Enterprises Llc | Client auto-configuration in a multi-switch link aggregation |
US10454760B2 (en) | 2012-05-23 | 2019-10-22 | Avago Technologies International Sales Pte. Limited | Layer-3 overlay gateways |
US10177957B1 (en) | 2012-07-06 | 2019-01-08 | Cradlepoint, Inc. | Connecting a cloud network to the internet |
US9992062B1 (en) | 2012-07-06 | 2018-06-05 | Cradlepoint, Inc. | Implicit traffic engineering |
US10135677B1 (en) * | 2012-07-06 | 2018-11-20 | Cradlepoint, Inc. | Deployment of network-related features over cloud network |
US10880162B1 (en) | 2012-07-06 | 2020-12-29 | Cradlepoint, Inc. | Linking logical broadcast domains |
US10601653B2 (en) | 2012-07-06 | 2020-03-24 | Cradlepoint, Inc. | Implicit traffic engineering |
US10560343B1 (en) | 2012-07-06 | 2020-02-11 | Cradlepoint, Inc. | People centric management of cloud networks via GUI |
US10110417B1 (en) * | 2012-07-06 | 2018-10-23 | Cradlepoint, Inc. | Private networks overlaid on cloud infrastructure |
US9210079B2 (en) * | 2012-08-14 | 2015-12-08 | Vmware, Inc. | Method and system for virtual and physical network integration |
US9602430B2 (en) | 2012-08-21 | 2017-03-21 | Brocade Communications Systems, Inc. | Global VLANs for fabric switches |
US9331940B2 (en) * | 2012-08-28 | 2016-05-03 | Alcatel Lucent | System and method providing distributed virtual routing and switching (DVRS) |
US8837476B2 (en) * | 2012-09-07 | 2014-09-16 | International Business Machines Corporation | Overlay network capable of supporting storage area network (SAN) traffic |
US9548920B2 (en) | 2012-10-15 | 2017-01-17 | Cisco Technology, Inc. | System and method for efficient use of flow table space in a network environment |
US9401872B2 (en) | 2012-11-16 | 2016-07-26 | Brocade Communications Systems, Inc. | Virtual link aggregations across multiple fabric switches |
US9350680B2 (en) | 2013-01-11 | 2016-05-24 | Brocade Communications Systems, Inc. | Protection switching over a virtual link aggregation |
US9413691B2 (en) | 2013-01-11 | 2016-08-09 | Brocade Communications Systems, Inc. | MAC address synchronization in a fabric switch |
US9548926B2 (en) | 2013-01-11 | 2017-01-17 | Brocade Communications Systems, Inc. | Multicast traffic load balancing over virtual link aggregation |
US9565113B2 (en) | 2013-01-15 | 2017-02-07 | Brocade Communications Systems, Inc. | Adaptive link aggregation and virtual link aggregation |
US9356884B2 (en) | 2013-01-17 | 2016-05-31 | Cisco Technology, Inc. | MSDC scaling through on-demand path update |
US9060025B2 (en) * | 2013-02-05 | 2015-06-16 | Fortinet, Inc. | Cloud-based security policy configuration |
US9565099B2 (en) | 2013-03-01 | 2017-02-07 | Brocade Communications Systems, Inc. | Spanning tree in fabric switches |
US9306837B1 (en) | 2013-03-08 | 2016-04-05 | Cisco Technology, Inc. | Source IP-based pruning of traffic toward dually-connected overlay hosts in a data communications environment |
US9331998B2 (en) | 2013-03-14 | 2016-05-03 | Forty Cloud Ltd. | Dynamic secured network in a cloud environment |
US9043439B2 (en) | 2013-03-14 | 2015-05-26 | Cisco Technology, Inc. | Method for streaming packet captures from network access devices to a cloud server over HTTP |
US9401818B2 (en) | 2013-03-15 | 2016-07-26 | Brocade Communications Systems, Inc. | Scalable gateways for a fabric switch |
CN103220235B (en) * | 2013-04-26 | 2017-03-15 | 华为技术有限公司 | The management method of the distributed virtual switch and relevant apparatus and system |
US9584445B2 (en) * | 2013-05-07 | 2017-02-28 | Equinix, Inc. | Direct connect virtual private interface for a one to many connection with multiple virtual private clouds |
US9565028B2 (en) | 2013-06-10 | 2017-02-07 | Brocade Communications Systems, Inc. | Ingress switch multicast distribution in a fabric switch |
US9699001B2 (en) | 2013-06-10 | 2017-07-04 | Brocade Communications Systems, Inc. | Scalable and segregated network virtualization |
US9578137B1 (en) | 2013-06-13 | 2017-02-21 | Amazon Technologies, Inc. | System for enhancing script execution performance |
US9135042B2 (en) * | 2013-06-13 | 2015-09-15 | International Business Machines Corporation | Provisioning a secure customer domain in a virtualized multi-tenant environment |
US10152463B1 (en) | 2013-06-13 | 2018-12-11 | Amazon Technologies, Inc. | System for profiling page browsing interactions |
US9270619B2 (en) | 2013-06-24 | 2016-02-23 | Microsoft Technology Licensing, Llc | Logical switch |
US9806949B2 (en) | 2013-09-06 | 2017-10-31 | Brocade Communications Systems, Inc. | Transparent interconnection of Ethernet fabric switches |
US9912612B2 (en) | 2013-10-28 | 2018-03-06 | Brocade Communications Systems LLC | Extended ethernet fabric switches |
US9294524B2 (en) | 2013-12-16 | 2016-03-22 | Nicira, Inc. | Mapping virtual machines from a private network to a multi-tenant public datacenter |
US9807057B1 (en) | 2013-12-17 | 2017-10-31 | Amazon Technologies, Inc. | Private network peering in virtual network environments |
US9602344B1 (en) * | 2013-12-30 | 2017-03-21 | Cloudvelox, Inc. | Automated establishment of access to remote services |
US10924340B1 (en) | 2013-12-30 | 2021-02-16 | Vmware, Inc. | Extending computing capacity via cloud replication |
US9548873B2 (en) | 2014-02-10 | 2017-01-17 | Brocade Communications Systems, Inc. | Virtual extensible LAN tunnel keepalives |
US9590901B2 (en) | 2014-03-14 | 2017-03-07 | Nicira, Inc. | Route advertisement by managed gateways |
EP3117561B1 (en) * | 2014-03-14 | 2018-10-17 | Nicira Inc. | Route advertisement by managed gateways |
US10581758B2 (en) | 2014-03-19 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | Distributed hot standby links for vLAG |
US10476698B2 (en) | 2014-03-20 | 2019-11-12 | Avago Technologies International Sales Pte. Limited | Redundent virtual link aggregation group |
US9813258B2 (en) | 2014-03-31 | 2017-11-07 | Tigera, Inc. | Data center networks |
US10176005B2 (en) * | 2014-03-31 | 2019-01-08 | Cypherpath, Inc. | Environment virtualization |
US9559950B2 (en) | 2014-03-31 | 2017-01-31 | Tigera, Inc. | Data center networks |
US9344364B2 (en) | 2014-03-31 | 2016-05-17 | Metaswitch Networks Ltd. | Data center networks |
US9755858B2 (en) | 2014-04-15 | 2017-09-05 | Cisco Technology, Inc. | Programmable infrastructure gateway for enabling hybrid cloud services in a network environment |
TWI531908B (en) * | 2014-04-24 | 2016-05-01 | A method of supporting virtual machine migration with Software Defined Network (SDN) | |
US10063473B2 (en) | 2014-04-30 | 2018-08-28 | Brocade Communications Systems LLC | Method and system for facilitating switch virtualization in a network of interconnected switches |
US9473365B2 (en) | 2014-05-08 | 2016-10-18 | Cisco Technology, Inc. | Collaborative inter-service scheduling of logical resources in cloud platforms |
US9800471B2 (en) | 2014-05-13 | 2017-10-24 | Brocade Communications Systems, Inc. | Network extension groups of global VLANs in a fabric switch |
US10019278B2 (en) | 2014-06-22 | 2018-07-10 | Cisco Technology, Inc. | Framework for network technology agnostic multi-cloud elastic extension and isolation |
US10305726B2 (en) | 2014-06-22 | 2019-05-28 | Cisco Technology, Inc. | Cloud framework for multi-cloud extension |
US9742881B2 (en) | 2014-06-30 | 2017-08-22 | Nicira, Inc. | Network virtualization using just-in-time distributed capability for classification encoding |
US10122605B2 (en) | 2014-07-09 | 2018-11-06 | Cisco Technology, Inc | Annotation of network activity through different phases of execution |
US10616108B2 (en) | 2014-07-29 | 2020-04-07 | Avago Technologies International Sales Pte. Limited | Scalable MAC address virtualization |
US9948496B1 (en) | 2014-07-30 | 2018-04-17 | Silver Peak Systems, Inc. | Determining a transit appliance for data traffic to a software service |
US9544219B2 (en) | 2014-07-31 | 2017-01-10 | Brocade Communications Systems, Inc. | Global VLAN services |
US9807007B2 (en) | 2014-08-11 | 2017-10-31 | Brocade Communications Systems, Inc. | Progressive MAC address learning |
US9875344B1 (en) | 2014-09-05 | 2018-01-23 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
US9787499B2 (en) | 2014-09-19 | 2017-10-10 | Amazon Technologies, Inc. | Private alias endpoints for isolated virtual networks |
US9825878B2 (en) | 2014-09-26 | 2017-11-21 | Cisco Technology, Inc. | Distributed application framework for prioritizing network traffic using application priority awareness |
US9524173B2 (en) | 2014-10-09 | 2016-12-20 | Brocade Communications Systems, Inc. | Fast reboot for a switch |
US9699029B2 (en) | 2014-10-10 | 2017-07-04 | Brocade Communications Systems, Inc. | Distributed configuration management in a switch group |
US10594659B2 (en) * | 2014-11-07 | 2020-03-17 | British Telecommunications Public Limited Company | Method and system for secure communication with shared cloud services |
US9832118B1 (en) | 2014-11-14 | 2017-11-28 | Amazon Technologies, Inc. | Linking resource instances to virtual networks in provider network environments |
US10212161B1 (en) | 2014-11-19 | 2019-02-19 | Amazon Technologies, Inc. | Private network layering in provider network environments |
US9602544B2 (en) * | 2014-12-05 | 2017-03-21 | Viasat, Inc. | Methods and apparatus for providing a secure overlay network between clouds |
US9628407B2 (en) | 2014-12-31 | 2017-04-18 | Brocade Communications Systems, Inc. | Multiple software versions in a switch group |
US9626255B2 (en) | 2014-12-31 | 2017-04-18 | Brocade Communications Systems, Inc. | Online restoration of a switch snapshot |
US9942097B2 (en) | 2015-01-05 | 2018-04-10 | Brocade Communications Systems LLC | Power management in a network of interconnected switches |
US10003552B2 (en) | 2015-01-05 | 2018-06-19 | Brocade Communications Systems, Llc. | Distributed bidirectional forwarding detection protocol (D-BFD) for cluster of interconnected switches |
US9853873B2 (en) | 2015-01-10 | 2017-12-26 | Cisco Technology, Inc. | Diagnosis and throughput measurement of fibre channel ports in a storage area network environment |
US10050862B2 (en) | 2015-02-09 | 2018-08-14 | Cisco Technology, Inc. | Distributed application framework that uses network and application awareness for placing data |
US10708342B2 (en) | 2015-02-27 | 2020-07-07 | Cisco Technology, Inc. | Dynamic troubleshooting workspaces for cloud and network management systems |
US10037617B2 (en) | 2015-02-27 | 2018-07-31 | Cisco Technology, Inc. | Enhanced user interface systems including dynamic context selection for cloud-based networks |
US9807005B2 (en) | 2015-03-17 | 2017-10-31 | Brocade Communications Systems, Inc. | Multi-fabric manager |
US10038592B2 (en) | 2015-03-17 | 2018-07-31 | Brocade Communications Systems LLC | Identifier assignment to a new switch in a switch group |
US9900250B2 (en) | 2015-03-26 | 2018-02-20 | Cisco Technology, Inc. | Scalable handling of BGP route information in VXLAN with EVPN control plane |
US10038628B2 (en) | 2015-04-04 | 2018-07-31 | Nicira, Inc. | Route server mode for dynamic routing between logical and physical networks |
US10382534B1 (en) | 2015-04-04 | 2019-08-13 | Cisco Technology, Inc. | Selective load balancing of network traffic |
US10579406B2 (en) | 2015-04-08 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | Dynamic orchestration of overlay tunnels |
US10222986B2 (en) | 2015-05-15 | 2019-03-05 | Cisco Technology, Inc. | Tenant-level sharding of disks with tenant-specific storage modules to enable policies per tenant in a distributed storage system |
US10476982B2 (en) | 2015-05-15 | 2019-11-12 | Cisco Technology, Inc. | Multi-datacenter message queue |
US11588783B2 (en) | 2015-06-10 | 2023-02-21 | Cisco Technology, Inc. | Techniques for implementing IPV6-based distributed storage space |
US10021196B1 (en) | 2015-06-22 | 2018-07-10 | Amazon Technologies, Inc. | Private service endpoints in isolated virtual networks |
US10034201B2 (en) | 2015-07-09 | 2018-07-24 | Cisco Technology, Inc. | Stateless load-balancing across multiple tunnels |
US10778765B2 (en) | 2015-07-15 | 2020-09-15 | Cisco Technology, Inc. | Bid/ask protocol in scale-out NVMe storage |
US10439929B2 (en) | 2015-07-31 | 2019-10-08 | Avago Technologies International Sales Pte. Limited | Graceful recovery of a multicast-enabled switch |
US9860214B2 (en) | 2015-09-10 | 2018-01-02 | International Business Machines Corporation | Interconnecting external networks with overlay networks in a shared computing environment |
US10171303B2 (en) | 2015-09-16 | 2019-01-01 | Avago Technologies International Sales Pte. Limited | IP-based interconnection of switches with a logical chassis |
US11005682B2 (en) | 2015-10-06 | 2021-05-11 | Cisco Technology, Inc. | Policy-driven switch overlay bypass in a hybrid cloud network environment |
US10067780B2 (en) | 2015-10-06 | 2018-09-04 | Cisco Technology, Inc. | Performance-based public cloud selection for a hybrid cloud environment |
US10462136B2 (en) | 2015-10-13 | 2019-10-29 | Cisco Technology, Inc. | Hybrid cloud security groups |
US10075304B2 (en) | 2015-10-30 | 2018-09-11 | Microsoft Technology Licensing, Llc | Multiple gateway operation on single operating system |
CN105262668A (en) * | 2015-10-31 | 2016-01-20 | 四川理工学院 | Firewall configuration for cloud computing network |
US10523657B2 (en) | 2015-11-16 | 2019-12-31 | Cisco Technology, Inc. | Endpoint privacy preservation with cloud conferencing |
US10205677B2 (en) | 2015-11-24 | 2019-02-12 | Cisco Technology, Inc. | Cloud resource placement optimization and migration execution in federated clouds |
US10084703B2 (en) | 2015-12-04 | 2018-09-25 | Cisco Technology, Inc. | Infrastructure-exclusive service forwarding |
US9912614B2 (en) | 2015-12-07 | 2018-03-06 | Brocade Communications Systems LLC | Interconnection of switches based on hierarchical overlay tunneling |
US9892075B2 (en) | 2015-12-10 | 2018-02-13 | Cisco Technology, Inc. | Policy driven storage in a microserver computing environment |
US10367914B2 (en) | 2016-01-12 | 2019-07-30 | Cisco Technology, Inc. | Attaching service level agreements to application containers and enabling service assurance |
US10367655B2 (en) | 2016-01-25 | 2019-07-30 | Alibaba Group Holding Limited | Network system and method for connecting a private network with a virtual private network |
US10333849B2 (en) | 2016-04-28 | 2019-06-25 | Nicira, Inc. | Automatic configuration of logical routers on edge nodes |
US10140172B2 (en) | 2016-05-18 | 2018-11-27 | Cisco Technology, Inc. | Network-aware storage repairs |
US10129177B2 (en) | 2016-05-23 | 2018-11-13 | Cisco Technology, Inc. | Inter-cloud broker for hybrid cloud networks |
US20170351639A1 (en) | 2016-06-06 | 2017-12-07 | Cisco Technology, Inc. | Remote memory access using memory mapped addressing among multiple compute nodes |
US10432484B2 (en) | 2016-06-13 | 2019-10-01 | Silver Peak Systems, Inc. | Aggregating select network traffic statistics |
WO2017214883A1 (en) * | 2016-06-15 | 2017-12-21 | Alibaba Group Holding Limited | Network system and method for cross region virtual private network peering |
US10664169B2 (en) | 2016-06-24 | 2020-05-26 | Cisco Technology, Inc. | Performance of object storage system by reconfiguring storage devices based on latency that includes identifying a number of fragments that has a particular storage device as its primary storage device and another number of fragments that has said particular storage device as its replica storage device |
US10659283B2 (en) | 2016-07-08 | 2020-05-19 | Cisco Technology, Inc. | Reducing ARP/ND flooding in cloud environment |
US10432532B2 (en) | 2016-07-12 | 2019-10-01 | Cisco Technology, Inc. | Dynamically pinning micro-service to uplink port |
US10263898B2 (en) | 2016-07-20 | 2019-04-16 | Cisco Technology, Inc. | System and method for implementing universal cloud classification (UCC) as a service (UCCaaS) |
US10382597B2 (en) | 2016-07-20 | 2019-08-13 | Cisco Technology, Inc. | System and method for transport-layer level identification and isolation of container traffic |
US10142346B2 (en) | 2016-07-28 | 2018-11-27 | Cisco Technology, Inc. | Extension of a private cloud end-point group to a public cloud |
US9967056B1 (en) | 2016-08-19 | 2018-05-08 | Silver Peak Systems, Inc. | Forward packet recovery with constrained overhead |
US10567344B2 (en) | 2016-08-23 | 2020-02-18 | Cisco Technology, Inc. | Automatic firewall configuration based on aggregated cloud managed information |
US11563695B2 (en) | 2016-08-29 | 2023-01-24 | Cisco Technology, Inc. | Queue protection using a shared global memory reserve |
US20190222539A1 (en) * | 2016-08-31 | 2019-07-18 | 5x5 Industries, LLC | Network System |
US10523592B2 (en) | 2016-10-10 | 2019-12-31 | Cisco Technology, Inc. | Orchestration system for migrating user data and services based on user information |
US10237090B2 (en) | 2016-10-28 | 2019-03-19 | Avago Technologies International Sales Pte. Limited | Rule-based network identifier mapping |
US11044162B2 (en) | 2016-12-06 | 2021-06-22 | Cisco Technology, Inc. | Orchestration of cloud and fog interactions |
US10326817B2 (en) | 2016-12-20 | 2019-06-18 | Cisco Technology, Inc. | System and method for quality-aware recording in large scale collaborate clouds |
US10334029B2 (en) | 2017-01-10 | 2019-06-25 | Cisco Technology, Inc. | Forming neighborhood groups from disperse cloud providers |
US10545914B2 (en) | 2017-01-17 | 2020-01-28 | Cisco Technology, Inc. | Distributed object storage |
US10552191B2 (en) | 2017-01-26 | 2020-02-04 | Cisco Technology, Inc. | Distributed hybrid cloud orchestration model |
US10320683B2 (en) | 2017-01-30 | 2019-06-11 | Cisco Technology, Inc. | Reliable load-balancer using segment routing and real-time application monitoring |
US10671571B2 (en) | 2017-01-31 | 2020-06-02 | Cisco Technology, Inc. | Fast network performance in containerized environments for network function virtualization |
US10771394B2 (en) | 2017-02-06 | 2020-09-08 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows on a first packet from DNS data |
US10257082B2 (en) | 2017-02-06 | 2019-04-09 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows |
US10892978B2 (en) | 2017-02-06 | 2021-01-12 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows from first packet data |
US11044202B2 (en) | 2017-02-06 | 2021-06-22 | Silver Peak Systems, Inc. | Multi-level learning for predicting and classifying traffic flows from first packet data |
US10243823B1 (en) | 2017-02-24 | 2019-03-26 | Cisco Technology, Inc. | Techniques for using frame deep loopback capabilities for extended link diagnostics in fibre channel storage area networks |
US10713203B2 (en) | 2017-02-28 | 2020-07-14 | Cisco Technology, Inc. | Dynamic partition of PCIe disk arrays based on software configuration / policy distribution |
US10254991B2 (en) | 2017-03-06 | 2019-04-09 | Cisco Technology, Inc. | Storage area network based extended I/O metrics computation for deep insight into application performance |
US11005731B2 (en) | 2017-04-05 | 2021-05-11 | Cisco Technology, Inc. | Estimating model parameters for automatic deployment of scalable micro services |
US10498810B2 (en) | 2017-05-04 | 2019-12-03 | Amazon Technologies, Inc. | Coordinating inter-region operations in provider network environments |
US10783235B1 (en) * | 2017-05-04 | 2020-09-22 | Amazon Technologies, Inc. | Secure remote access of computing resources |
BR112019026003A2 (en) * | 2017-06-13 | 2020-06-23 | Equinix, Inc. | SERVICE PAIRING CENTER |
US10439877B2 (en) | 2017-06-26 | 2019-10-08 | Cisco Technology, Inc. | Systems and methods for enabling wide area multicast domain name system |
US10382274B2 (en) | 2017-06-26 | 2019-08-13 | Cisco Technology, Inc. | System and method for wide area zero-configuration network auto configuration |
US10666606B2 (en) * | 2017-06-28 | 2020-05-26 | Amazon Technologies, Inc. | Virtual private network service endpoints |
US10303534B2 (en) | 2017-07-20 | 2019-05-28 | Cisco Technology, Inc. | System and method for self-healing of application centric infrastructure fabric memory |
US10425288B2 (en) | 2017-07-21 | 2019-09-24 | Cisco Technology, Inc. | Container telemetry in data center environments with blade servers and switches |
US10892940B2 (en) | 2017-07-21 | 2021-01-12 | Cisco Technology, Inc. | Scalable statistics and analytics mechanisms in cloud networking |
US10601693B2 (en) | 2017-07-24 | 2020-03-24 | Cisco Technology, Inc. | System and method for providing scalable flow monitoring in a data center fabric |
US10541866B2 (en) | 2017-07-25 | 2020-01-21 | Cisco Technology, Inc. | Detecting and resolving multicast traffic performance issues |
US11595372B1 (en) * | 2017-08-28 | 2023-02-28 | Amazon Technologies, Inc. | Data source driven expected network policy control |
US11212210B2 (en) | 2017-09-21 | 2021-12-28 | Silver Peak Systems, Inc. | Selective route exporting using source type |
US10404596B2 (en) | 2017-10-03 | 2019-09-03 | Cisco Technology, Inc. | Dynamic route profile storage in a hardware trie routing table |
US10942666B2 (en) | 2017-10-13 | 2021-03-09 | Cisco Technology, Inc. | Using network device replication in distributed storage clusters |
US10353800B2 (en) | 2017-10-18 | 2019-07-16 | Cisco Technology, Inc. | System and method for graph based monitoring and management of distributed systems |
US11481362B2 (en) | 2017-11-13 | 2022-10-25 | Cisco Technology, Inc. | Using persistent memory to enable restartability of bulk load transactions in cloud databases |
US10705882B2 (en) | 2017-12-21 | 2020-07-07 | Cisco Technology, Inc. | System and method for resource placement across clouds for data intensive workloads |
US11595474B2 (en) | 2017-12-28 | 2023-02-28 | Cisco Technology, Inc. | Accelerating data replication using multicast and non-volatile memory enabled nodes |
US10637721B2 (en) | 2018-03-12 | 2020-04-28 | Silver Peak Systems, Inc. | Detecting path break conditions while minimizing network overhead |
US10511534B2 (en) | 2018-04-06 | 2019-12-17 | Cisco Technology, Inc. | Stateless distributed load-balancing |
US10728361B2 (en) | 2018-05-29 | 2020-07-28 | Cisco Technology, Inc. | System for association of customer information across subscribers |
US10904322B2 (en) | 2018-06-15 | 2021-01-26 | Cisco Technology, Inc. | Systems and methods for scaling down cloud-based servers handling secure connections |
US10764266B2 (en) | 2018-06-19 | 2020-09-01 | Cisco Technology, Inc. | Distributed authentication and authorization for rapid scaling of containerized services |
US11019083B2 (en) | 2018-06-20 | 2021-05-25 | Cisco Technology, Inc. | System for coordinating distributed website analysis |
US10819571B2 (en) | 2018-06-29 | 2020-10-27 | Cisco Technology, Inc. | Network traffic optimization using in-situ notification system |
US10904342B2 (en) | 2018-07-30 | 2021-01-26 | Cisco Technology, Inc. | Container networking using communication tunnels |
US10979345B2 (en) * | 2018-11-06 | 2021-04-13 | Cox Communications, Inc. | Remote medium access control (MAC) based networks |
US11057348B2 (en) | 2019-08-22 | 2021-07-06 | Saudi Arabian Oil Company | Method for data center network segmentation |
US11611618B2 (en) | 2020-12-31 | 2023-03-21 | Nutanix, Inc. | Orchestrating allocation of shared resources in a datacenter |
US11734044B2 (en) | 2020-12-31 | 2023-08-22 | Nutanix, Inc. | Configuring virtualization system images for a computing cluster |
CN114172750B (en) * | 2022-02-14 | 2022-05-13 | 南京易科腾信息技术有限公司 | Network communication method, device and storage medium based on encryption mechanism |
Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6490273B1 (en) * | 1998-08-05 | 2002-12-03 | Sprint Communications Company L.P. | Asynchronous transfer mode architecture migration |
US20030014524A1 (en) | 2001-07-11 | 2003-01-16 | Alexander Tormasov | Balancing shared servers in virtual environments |
US20050063395A1 (en) * | 2003-09-18 | 2005-03-24 | Cisco Technology, Inc. | Virtual network device |
US7055171B1 (en) * | 2000-05-31 | 2006-05-30 | Hewlett-Packard Development Company, L.P. | Highly secure computer system architecture for a heterogeneous client environment |
US20060230407A1 (en) | 2005-04-07 | 2006-10-12 | International Business Machines Corporation | Method and apparatus for using virtual machine technology for managing parallel communicating applications |
US20070028244A1 (en) | 2003-10-08 | 2007-02-01 | Landis John A | Computer system para-virtualization using a hypervisor that is implemented in a partition of the host system |
US20070147279A1 (en) | 2005-12-27 | 2007-06-28 | Cisco Technology, Inc. | Satellite switch communication over a network |
US20080148386A1 (en) | 2006-10-27 | 2008-06-19 | Kreuk Volkert Nm | Network packet inspection and forwarding |
US20090063706A1 (en) * | 2007-08-30 | 2009-03-05 | International Business Machines Corporation | Combined Layer 2 Virtual MAC Address with Layer 3 IP Address Routing |
US7516211B1 (en) | 2003-08-05 | 2009-04-07 | Cisco Technology, Inc. | Methods and apparatus to configure a communication port |
US7567510B2 (en) | 2003-02-13 | 2009-07-28 | Cisco Technology, Inc. | Security groups |
US20090249438A1 (en) * | 2008-03-27 | 2009-10-01 | Moshe Litvin | Moving security for virtual machines |
US20090296726A1 (en) * | 2008-06-03 | 2009-12-03 | Brocade Communications Systems, Inc. | ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT |
US20090327462A1 (en) * | 2008-06-27 | 2009-12-31 | International Business Machines Corporation | Method, system and program product for managing assignment of mac addresses in a virtual machine environment |
US20100027420A1 (en) * | 2008-07-31 | 2010-02-04 | Cisco Technology, Inc. | Dynamic distribution of virtual machines in a communication network |
US20100027442A1 (en) | 2008-07-31 | 2010-02-04 | International Business Machines Corporation | Constructing scalable overlays for pub-sub with many topics: the greedy join-leave algorithm |
US20100131636A1 (en) * | 2008-11-24 | 2010-05-27 | Vmware, Inc. | Application delivery control module for virtual network switch |
US20110090911A1 (en) * | 2009-10-21 | 2011-04-21 | Fang Hao | Method and apparatus for transparent cloud computing with a virtualized network infrastructure |
US20110134793A1 (en) * | 2009-12-03 | 2011-06-09 | Christian Elsen | Preventing loops on network topologies built with virtual switches and vms |
US20110194404A1 (en) * | 2010-02-11 | 2011-08-11 | Nokia Siemens Networks Ethernet Solutions Ltd. | System and method for fast protection of dual-homed virtual private lan service (vpls) spokes |
US8055789B2 (en) * | 2007-03-27 | 2011-11-08 | Amazon Technologies, Inc. | Configuring intercommunications between computing nodes |
US8345692B2 (en) * | 2010-04-27 | 2013-01-01 | Cisco Technology, Inc. | Virtual switching overlay for cloud computing |
US8705513B2 (en) * | 2009-12-15 | 2014-04-22 | At&T Intellectual Property I, L.P. | Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks |
US9338024B2 (en) * | 2007-04-11 | 2016-05-10 | Arris Enterprises, Inc. | Extended layer two tunneling protocol applications and architectures |
US20220321499A1 (en) * | 2019-03-18 | 2022-10-06 | Brightways Corporation | Switch flow module on an integrated circuit for aggregation in data center network switching |
-
2010
- 2010-04-27 US US12/799,557 patent/US8345692B2/en not_active Ceased
-
2011
- 2011-04-20 CN CN201180020902.6A patent/CN102884761B/en active Active
- 2011-04-20 EP EP11717791.5A patent/EP2564564B1/en active Active
- 2011-04-20 WO PCT/US2011/000701 patent/WO2011139333A1/en active Application Filing
-
2021
- 2021-06-30 US US17/363,273 patent/USRE49663E1/en active Active
Patent Citations (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6490273B1 (en) * | 1998-08-05 | 2002-12-03 | Sprint Communications Company L.P. | Asynchronous transfer mode architecture migration |
US7055171B1 (en) * | 2000-05-31 | 2006-05-30 | Hewlett-Packard Development Company, L.P. | Highly secure computer system architecture for a heterogeneous client environment |
US20030014524A1 (en) | 2001-07-11 | 2003-01-16 | Alexander Tormasov | Balancing shared servers in virtual environments |
US7567510B2 (en) | 2003-02-13 | 2009-07-28 | Cisco Technology, Inc. | Security groups |
US7516211B1 (en) | 2003-08-05 | 2009-04-07 | Cisco Technology, Inc. | Methods and apparatus to configure a communication port |
US20050063395A1 (en) * | 2003-09-18 | 2005-03-24 | Cisco Technology, Inc. | Virtual network device |
US20070028244A1 (en) | 2003-10-08 | 2007-02-01 | Landis John A | Computer system para-virtualization using a hypervisor that is implemented in a partition of the host system |
US20060230407A1 (en) | 2005-04-07 | 2006-10-12 | International Business Machines Corporation | Method and apparatus for using virtual machine technology for managing parallel communicating applications |
US20070147279A1 (en) | 2005-12-27 | 2007-06-28 | Cisco Technology, Inc. | Satellite switch communication over a network |
US20080148386A1 (en) | 2006-10-27 | 2008-06-19 | Kreuk Volkert Nm | Network packet inspection and forwarding |
US7660265B2 (en) * | 2006-10-27 | 2010-02-09 | International Business Machines Corporation | Network packet inspection and forwarding |
US8055789B2 (en) * | 2007-03-27 | 2011-11-08 | Amazon Technologies, Inc. | Configuring intercommunications between computing nodes |
US9338024B2 (en) * | 2007-04-11 | 2016-05-10 | Arris Enterprises, Inc. | Extended layer two tunneling protocol applications and architectures |
US20090063706A1 (en) * | 2007-08-30 | 2009-03-05 | International Business Machines Corporation | Combined Layer 2 Virtual MAC Address with Layer 3 IP Address Routing |
US20090249438A1 (en) * | 2008-03-27 | 2009-10-01 | Moshe Litvin | Moving security for virtual machines |
US20090296726A1 (en) * | 2008-06-03 | 2009-12-03 | Brocade Communications Systems, Inc. | ACCESS CONTROL LIST MANAGEMENT IN AN FCoE ENVIRONMENT |
US20090327462A1 (en) * | 2008-06-27 | 2009-12-31 | International Business Machines Corporation | Method, system and program product for managing assignment of mac addresses in a virtual machine environment |
US20100027442A1 (en) | 2008-07-31 | 2010-02-04 | International Business Machines Corporation | Constructing scalable overlays for pub-sub with many topics: the greedy join-leave algorithm |
US20100027420A1 (en) * | 2008-07-31 | 2010-02-04 | Cisco Technology, Inc. | Dynamic distribution of virtual machines in a communication network |
US20100131636A1 (en) * | 2008-11-24 | 2010-05-27 | Vmware, Inc. | Application delivery control module for virtual network switch |
US20110090911A1 (en) * | 2009-10-21 | 2011-04-21 | Fang Hao | Method and apparatus for transparent cloud computing with a virtualized network infrastructure |
US8369333B2 (en) * | 2009-10-21 | 2013-02-05 | Alcatel Lucent | Method and apparatus for transparent cloud computing with a virtualized network infrastructure |
US20110134793A1 (en) * | 2009-12-03 | 2011-06-09 | Christian Elsen | Preventing loops on network topologies built with virtual switches and vms |
US8705513B2 (en) * | 2009-12-15 | 2014-04-22 | At&T Intellectual Property I, L.P. | Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks |
US20110194404A1 (en) * | 2010-02-11 | 2011-08-11 | Nokia Siemens Networks Ethernet Solutions Ltd. | System and method for fast protection of dual-homed virtual private lan service (vpls) spokes |
US8345692B2 (en) * | 2010-04-27 | 2013-01-01 | Cisco Technology, Inc. | Virtual switching overlay for cloud computing |
US20220321499A1 (en) * | 2019-03-18 | 2022-10-06 | Brightways Corporation | Switch flow module on an integrated circuit for aggregation in data center network switching |
Non-Patent Citations (16)
Title |
---|
Armbrust, Michael et al. "Above the Clouds: A Berkeley View of Cloud Computing", Technical Report No. UCB/EECS-2009-28, http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html, Feb. 10, 2009. (Year: 2009). * |
AWS, "Amazon Virtual Private Cloud (VPC) (beta)," http://aws.amazon.com/vpc/, Jul. 24, 2010, 7 pages. |
Cisco | VMware, "Virtual Networking Features of the VMware vNetwork Distributed Switch and Cisco Nexus 1000V Switches," http://www.cisco.com/en/prod/collateral/swithces/ps9441/ps9902/solution_overview_c22-526262.pdf, Dec. 15, 2009, 6 pages. |
Cisco, "Cisco VN-Link: Virtualization-Aware Networking," White Paper, http://www.cisco.com/en/US/solutions/collateral/ns340/ns224/ns892/ns894/white_paper_c11-525307.pdf, Mar. 1, 2009, 10 pages. |
Cohen, Reuven "Virtual Private Cloud (VPC)", Elastic Vapor Blog Post, http://elasticvapor.com/2008/05/virtual-private-cloud-vpc.html, May 8, 2008. (Year: 2008). * |
CohesiveFT, "VPN-Cubed IPsec to EC2 (Free Edition) v20090827," http://www.cohesiveft.com/dnld/VPN-Cubed_IPsec_toEC2_Free_Edition_v20090827.pdf, Aug. 27, 2009, 41 pages. |
CohesiveFT, "VPN-Cubed SSL to Cloud (Free Edition) v20091207," http://www.cohesiveft.com/dnld/VPN-Cubed_051_SSL-to-Cloud_Free-Edition_20091207.pdf, Dec. 7, 2009, 47 pages. |
CohesiveFT:"VPN-Cubed IPsec to EC2 Free Edition v20090827",Aug. 28, 2009,XP000002657094, URL:http://www.cohesiveft.com/dnld/VPN-Cubed_IPsec_toEC2_Free_Edition_v20090827.pdf. |
English Translation of Office Action in counterpart Chinese Patent Application No. 201180020902.6, dated Feb. 16, 2015, 5 pages. |
English Translation of Office Action in counterpart Chinese Patent Application No. 201180020902.6, dated Jul. 11, 2014, 12 pages. |
First Examination Report in counterpart Indian Patent Application No. 3020/KOLNP/2012, dated Dec. 6, 2018, 6 pages. |
http://aws.amazon/com/vpc. |
International Preliminary Report on Patentability in counterpart International Application No. PCT/US2011/000701, dated Oct. 30, 2012, 7 pages. |
International Search Report and Written Opinion in counterpart International Application No. PCT/US2011/000701, dated Sep. 9, 2011, 9 pages. |
Wood, et al., "The Case for Enterprise-Ready Virtual Private Clouds," https://www.usenix.org/legacy/event/hotcloud09/tech/full_papers/wood.pdf, Jun. 2009, 5 pages. |
Wood, Timothy, Prashant Shenoy, Alexandre Gerber, K.K. Ramakrishnan, and Jacobus Van der Merwe "The Case for Enterprise-Ready Virtual Private Clouds", Proceedings of the 2009 Conference on Hot Topics in Cloud Computing HotCloud'09, Jun. 15, 2009. (Year: 2009). * |
Also Published As
Publication number | Publication date |
---|---|
WO2011139333A1 (en) | 2011-11-10 |
EP2564564B1 (en) | 2018-09-12 |
CN102884761A (en) | 2013-01-16 |
US8345692B2 (en) | 2013-01-01 |
CN102884761B (en) | 2015-12-16 |
US20110261828A1 (en) | 2011-10-27 |
EP2564564A1 (en) | 2013-03-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE49663E1 (en) | Virtual switching overlay for cloud computing | |
US20210344692A1 (en) | Providing a virtual security appliance architecture to a virtual cloud infrastructure | |
CN110838975B (en) | Secure forwarding of tenant workloads in virtual networks | |
US11385929B2 (en) | Migrating workloads in multicloud computing environments | |
US10728288B2 (en) | Policy-driven workload launching based on software defined networking encryption policies | |
US10148500B2 (en) | User-configured on-demand virtual layer-2 network for Infrastructure-as-a-Service (IaaS) on a hybrid cloud network | |
CA3034809C (en) | Extension of network control system into public cloud | |
JP5976942B2 (en) | System and method for providing policy-based data center network automation | |
EP2845346B1 (en) | System and method for secure provisioning of virtualized images in a network environment | |
CN116366449A (en) | System and method for user customization and automation operations on a software defined network | |
Battula | Network security function virtualization (nsfv) towards cloud computing with nfv over openflow infrastructure: Challenges and novel approaches | |
US10116622B2 (en) | Secure communication channel using a blade server | |
US20230023429A1 (en) | Overlay broadcast network for management traffic | |
US11546242B2 (en) | Logical overlay tunnel monitoring | |
US20240244036A1 (en) | Flow based breakout of firewall usage based on trust | |
Salomoni et al. | A dynamic virtual networks solution for cloud computing | |
Chandramouli | Deployment-driven Security Configuration for Virtual Networks | |
OpenStack | Mellanox Reference Architecture for Red Hat Enterprise Linux OpenStack Platform 4.0 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SMITH, MICHAEL;REEL/FRAME:063730/0016 Effective date: 20100426 |