WO2018162058A1

WO2018162058A1 - Flattening l3 routing in sdn using proactive shortest path

Info

Publication number: WO2018162058A1
Application number: PCT/EP2017/055462
Authority: WO
Inventors: Omer ANSON; Lihi WISHNITZER
Original assignee: Huawei Technologies Co., Ltd.
Priority date: 2017-03-08
Filing date: 2017-03-08
Publication date: 2018-09-13
Also published as: CN110419199B; CN110419199A

Abstract

A system for network layer (L3) peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, comprising a direct packet carrier of a virtual network connecting a plurality of virtual peers, the direct packet carrier is adapted to receive from a source virtual peer of the plurality of virtual peers one or more data packets destined for a destination virtual peer of the plurality of virtual peers, access a mapping record comprising a plurality of virtual L3 peer-to-peer addresses each mapping a direct peer-to-peer path between a pair of the plurality of virtual peers, retrieve from the mapping record a respective one of the plurality of virtual L3 peer-to-peer addresses mapping the direct peer-to-peer path between the source peer and the destination peer and transfer the data packet(s) to the destination virtual peer using the retrieved virtual L3 peer-to-peer path.

Description

FLATTENING L3 ROUTING IN SDN USING PROACTIVE SHORTEST PATH

BACKGROUND

The present invention, in some embodiments thereof, relates to peer-to-peer data packets transfer over a virtual network and, more specifically, but not exclusively, to peer-to- peer data packets transfer over a virtual network using proactive mapping of the virtual network.

Network virtualization abstracts networking connectivity and services that have traditionally been delivered via hardware into a logical virtual network that is decoupled from and runs independently on top of a physical network.

The virtual networks may present multiple advantages in the ever growing complexity of modern computing, networking and data distribution. By abstracting the physical network, the virtual networks may efficiently serve for network separation, tunneling, security and/or the like. The virtual networks typically incorporated in Layers 4-7 of the Open Systems

Interconnection (OSI) model, may solve many networking challenges, supporting programming, provisioning, configuring, adjusting and/or the like of the virtual network without the need to physically alter or even touch the underlying hardware networking infrastructure. This may allow easy scaling and adaptation of the virtual network, on-demand, to adjust workloads and/or network resources according to dynamically changing computing and/or networking loads and requirements.

In addition, the virtual network may provide Layers 2-3 services, for example, switching and routing of data transferred between a plurality of virtual peers connected (residing on) the virtual network. Supporting switching and routing at the virtual network level may further simplify network maintenance, adjustment and/or configuration as the virtual network and/or part thereof may be easily adjusted by software means, typically remotely avoiding the need for configuring hardware networking equipment, infrastructure and/or the like. SUMMARY

According to a first aspect of the present invention there is provided a system for network layer (L3) peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, comprising a direct packet carrier of a virtual network connecting a plurality of virtual peers, the direct packet carrier is adapted to:

Receive from a source virtual peer of the plurality of virtual peers one or more data packets destined for a destination virtual peer of the plurality of virtual peers.

Access a mapping record comprising a plurality of virtual L3 peer-to-peer addresses. Each of the plurality of virtual L3 peer-to-peer addresses mapping a direct peer-to-peer path between a pair of the plurality of virtual peers.

Retrieve from the mapping record a respective one of the plurality of virtual L3 peer-to- peer addresses mapping the direct peer-to-peer path between the source peer and the destination peer.

Transfer the one or more data packets to the destination virtual peer using the retrieved virtual L3 peer-to-peer path.

The direct packet carrier connecting directly at least some of the virtual peers in the virtual network, for example, a Software Defined Network (SDN) and using the virtual L3 peer-peer address generated proactively (in advance) for transferring the data packet(s) may significantly reduce latency of the data packet(s) transfer since resolution of the next network address in the path during every HOP (pass through a router) may be avoided. As the address resolution may be a major latency contributor especially when the path comprises passing multiple routers, using the proactively generated peer-to-peer address may significantly reduce the latency of the overall data packet(s) transfer. The direct peer-to-peer mapping and data packets transfer may also significantly ease debugging and/or failure isolation of failures, problems and/or degraded operation scenarios detected in the virtual network since the data transfer paths through the direct packet carrier may be easily monitored and/or isolated.

According to a second aspect of the present invention there is provided a computer implemented method of L3 peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, comprising: Receiving, at a direct packet carrier of a virtual network conn.ecti.ng a plurality of virtual peers, one or more data packets from a source virtual peer of the plurality of virtual, peers, the one or more data packets is destined for a destination virtual peer of the plurality of virtual peers. - Accessing a mapping record comprising a plurality of virtual L3 peer-to-peer addresses.

Each of the plurality of virtual L3 peer-to-peer addresses mapping a direct peer-to-peer path between a pair of the plurality of virtual peers.

Retrieving from the mapping record a respective one of the plurality of virtual L3 peer-to- peer addresses mapping the direct peer-to-peer path between, the source peer and the destination peer.

Transferring the one or more data packets to the destination virtual, peer using the retrieved virtual. L3 peer-to-peer path.

According to a third aspect of the present invention there is provided a computer program product for L3 peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network. The computer program product which runs on one or more computers to execute a direct packet carrier of a virtual network connecting a plurality of virtual peers comprises:

Code instructions to receive one or more data packets from, a source virtual peer of the plurality of virtual, peers. The one or more data packets are destined for a destination virtual, peer of the plurality of virtual peers.

Code instructions to access a mapping record com.pri.sing a plurality of virtual L3 peer-to- peer addresses. Each of the plurality of virtual 1.3 peer-to-peer addresses mapping a direct peer-to-peer path between a pair of the plurality of virtual peers.

Code instructions to retrieve from the mapping record a respective one of the plurality of virtual L3 peer-to-peer addresses mapping the direct peer-to-peer path between the source peer and the destination peer.

Code instructions to transfer the one or more data packets to the destinatio virtual peer using the retrieved virtual. L3 peer-to-peer path. With reference to the first, the second and/or the third aspects of the invention, according to a first implementation, each o the plurality of virtual peers is a network element which is a member of a group consisting of:

A virtual host - A virtual router

A virtual router interface

A physical host mapped through a virtual endpoint A physical router mapped through a v irtual endpoint A container - Any virtual interface which maps one or more hardware and/or virtual resources.

Supporting a plurality of various types of virtual peers that may be present and/or connected to the virtual network may significantly simplify the architecture, interfaces and/or measures required to support connectivity and/or data transfer between the different network entities (virtual peers) residing on the virtual network. With reference to the first, the second and/or the third aspects of the invention and the fi st implementation, according to a second implementation, the direct packet carrier is constructed as a centralized carrier hosted by one of a plurality of computing nodes connected to the virtual network or as a distributed carrier hosted by at least some of the plurality of computing nodes. The direct packet carrier may be deployed i a plurality of different configurations, in particular having a centralized architecture and/or a distributed architecture to adapt to the virtual network in which it is deployed. Adapting the architecture of the direct packet carrier according to the virtual network characteristics, for example, topology, purpose, tasks, load, significance of virtual peers and/or the like may allow maximizing the benefits offered by the direct packet carrier in particular latency reduction for transferring the data packets.

With reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to a third implementation, wherein the plurality of virtual 1.3 peer-to-peer address are generated proactively by a controller of the virtual network adapted to support the direct packet carrier.

The virtual network controller which may provide the infrastructure, platform and/or functionality to establish the virtual network over the physical network may easily identify the topology of the virtual network and may therefore generate the plurality of v irtual L3 peer-to- peer address for mapping the path between pairs of virtual peers connected to the virtual network.

Optionally, with reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to a fourth implementation, the respective virtual L3 peer-to-peer address generated proactively for the direct peer-to-peer path between the source peer and the destination peer is updated in the mapping record at the first time the one or more data packets is received from the source virtual peer.

Updating the mapping record with a certain virtual L3 peer-to-peer address only when the certain virtual L3 peer-to-peer address is actually required by the direct packet carrier may serve to reduce the number of virtual L3 peer-to-peer address entries in the mapping record 224 by avoiding inclusion of entries of virtual L3 peer-to-peer addresses that may be unused and/or not previously used. This may significantly reduce the time required for the direct packet carrier to traverse the mapping record and may therefore reduce latency in finding a respective virtual L3 peer-to-peer address. Optionally, with reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to a fifth implementation, the virtual network is continuously monitored to detect one or more topology changes in the v irtual network, the topology change is a member of a group consisting of: adding one or more virtual peers, modifying one or more virtual peers and removing one or more virtual peers. Constantly monitoring the virtual network may allow early detection of any topology change in the virtual network and taking measures to adapt to the topology change as soon as possible.

With reference to the first, the second and/or the third aspects of the invention and the fifth implementation, according to a sixth implementation, the virtual 1.3 peer-to-peer address is re-generated for one or more of the plurality of virtual peers following detection of the one or more topology changes.

Updating the virtual 1.3 peer-to-peer address(s) following the virtual network topology change may be done to maintain updated virtual L3 peer-to-peer addresses for all paths between the virtual peers connected to the virtual network in order to assure proper, stable, robust and possibly optimal connectivity and data transfer paths between the virtual peers.

With reference to the first, the second and/or the third aspects of the invention and the fifth and/or sixth implementations, according to a seventh implementation, the mapping record is updated according to the one or more topology change, the update includes one or more members of a group consisting of: adding the virtual L3 peer-to-peer path generated for the one or more added virtual peers, updating the virtual L3 peer-to-peer path re-generated for the one or more modified virtual, peers and deleting the virtual L3 peer-to-peer path of the one or more removed virtual peers.

Maintaining the mapping record up to date with the latest virtual L3 peer-to-peer addresses to be used by the direct packet carrier may assure proper, stable, robust and possibly optimal connectivity and data transfer paths between the virtual peers.

Optionally, with reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to an eighth implementation, the one or more data packets are adjusted to emulate legacy routing over the virtual network. Maintaining backward compatibility with legacy routing may allow easily integrating virtual hosts which do not support the peer-to-peer mapping into the virtual network employing the direct packet carrier and the direct peer-to-peer mapping. This may allow for gradual migration from the legacy routing virtual networks to the peer-peer mapping virtual network and may therefore significantly simplify the migration and/or integration

complexity, effort and/or costs.

With reference to the first, the second and/or the third aspects of the invention and the eighth implementation, according to a ninth implementation, the adjusting of the one or more data packets is done by a member of a group consisting of: a host hosting the source virtual peer sending the one or more data packets, a host hosting the destination virtual peer to which the one or more data packets is sent, and one or more intermediate computing nodes that receives the one or more data packet from the source virtual peer and forwards the one or more data packet to the destination virtual, peer.

Supporting the data packet(s) manipulation at different points along the path of the data packet(s) may allow for simple and easy manipulation of the data packet(s) according to characteristics of the virtual network, attributes of the data packets and/or objectives of the data transfer.

With reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to a tenth implementation, one or more legacy network routers is mapped as a virtual peer supporting multiple virtual L3 peer-to-peer paths in a virtual L3 peer-to-peer address range each assigned to one of a plurality of legacy hosts not supporting 1.3 peer-to-peer mapping over the virtual network. Wherein the one or more legacy network routers is a member of a group consisting of: a physical router and a legacy virtual router.

Supporting a mixed virtual network deployment comprising both legacy routing and peer-to-peer mapping may allow integration of legacy hosts which do not support the peer-to- peer mapping into the virtual network. This allows maintaining and using legacy resources which may be complex, costly, essential and/or irreplaceable while deploying the peer-to- peer mapping virtual network implementation to improve performance for the other segments of the virtual network. This may also allow for gradual migration from the legacy routing virtual networks to the peer-peer mapping virtual network and may therefore significantly simplify the migration and/or integration complexity, effort and/or costs.

Optionally, with reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to an eleventh implementation, the one or more data packet are sent to one or more physical hosts through one or more border virtual peers connecting to the one or more physical hosts. The one or more data packets are sent using the virtual L3 peer-to-peer address of the one or more border virtual peers coupled with a remaining physical path address mapping a path to the one or more physical hosts from the one or more border virtual peers.

Supporting a mixed physical and virtual networks deployment comprising both legacy routing and peer-to-peer mapping may allow integration of physical hosts which do not support the peer-to-peer mapping into the virtual network. This allows maintaining and using physical resources which may be complex, costly, essential and/or irreplaceable while deploying the peer-to-peer- mapping virtual network implementation to improve performance for the other segments of the virtual network.

Optionally, with reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to a twelfth implementation, the virtual L3 peer-to-peer address employs a partial peer-to-peer address and a legacy address, wherein the partial peer-to-peer address maps one or more intermediate virtual peers and the legacy address maps a destination peer for sending the one or more data packets to the destination peer through the one or more intermediate virtual peers.

Supporting a mixed virtual network deployment comprising both legacy routing and peer-to-peer mapping may allow integration of legacy virtual hosts which do not support the peer-to-peer mapping into the virtual network. This allows maintaining and using legacy virtual resources which may be complex, costly, essential and/or irreplaceable while deploying the peer-to-peer- mapping virtual network implementation to improve performance for the other segments of the virtual network. In particular, the legacy virtual hosts may provide essential and/or irreplaceable network traffic management function(s), for example, Virtual Network function(s) (VNF).

Optionally, with reference to the first, the second and/or the third aspects of the invention and any of the previous implementations, according to a thirteenth implementation, one or more network traffic management functions are adapted for handling the one or more data packets mapped with the virtual L3 peer-to-peer address.

By adapting the network traffic management function(s) to operate natively with the direct peer-to-peer mapping and/or the direct packet carrier the need to direct network traffic to the legacy hosts may be significantly reduced and/or completely avoided. This may significantly increase performance of the data transfer by for example, reducing the latency while providing the network traffic management functionality, for example, firewall, traffic shaping, network Service Function Chaining (SFC) and/or the like.

Unless otherwise defined, all technical and/or scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the invention pertains. Although methods and materials similar or equivalent to those described herein can be used in the practice or testing of embodiments of the invention, exemplary methods and/or materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and are not intended to be necessarily limiting.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

Some embodiments of the invention are herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of embodiments of the invention. In this regard, the description taken with the drawings makes apparent to those skilled in the art how embodiments of the invention may be practiced.

FIG. 1 is a flow chart of an exemplary process of peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, according to some embodiments of the present invention; FIG. 2 is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, according to some embodiments of the present invention;

FIG. 3 is a schematic illustration of an embodiment of an exemplary system for peer- to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, according to some embodiments of the present invention;

FIG. 4 is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network comprising a legacy router, according to some embodiments of the present invention;

FIG. 5 is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network comprising physical hosts, according to some embodiments of the present invention; FIG. 6 is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network comprising legacy hosts providing VNF functionality, according to some embodiments of the present invention; and

FIG. 7 is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network facilitating VNF functionality adapted for the peer-to-peer mapping, according to some embodiments of the present invention.

DETAILED DESCRIPTION

The present invention presents devices, systems and methods for transferring data packets efficiently between a plurality of virtual peers connected through a virtual network, for example, an SDN providing a logical network abstraction over a physical network. The virtual peers may include a plurality of network entities, for example, a virtual host, a virtual router, a virtual router interface, a physical host mapped through a virtual endpoint, a physical router mapped through a virtual endpoint, a container, a virtual interface mapping one or more virtual and/or hardware resources and/or the like. A direct packet carrier implemented in the virtual network may directly transfer one or more data packets between the virtual peers which connect to it. The direct packet carrier may transfer the data packet(s) using virtual Layer 3 (L3) peer- to-peer addresses proactively (in advance) generated, for example, calculated, resolved, defined, set and/or the like according to the topology of the virtual network. Optionally, the generated virtual Layer 3 (L3) peer-to-peer addresses may be selected to be optimal paths between the respective pair of virtual peers presenting improved one or more network transfer characteristics, for example, a latency, a Quality of Service (QoS) and/or the like. Optionally, one or more of the virtual L3 peer-to-peer addresses is derived and/or similar to the (legacy) virtual address, for example, a virtual Internet Protocol (IP) address and/or the like. The direct packet carrier may create, update and/or maintain a mapping record, for example, a list, a file, a database, a table and/or the like for storing the generated virtual L3 peer-to-peer addresses. When receiving one or more data packets from a source virtual peer which are directed for a destination virtual peer, the direct packet carrier may access the mapping record and retrieve the virtual L3 peer-to-peer address that maps the path between the source virtual peer and the destination virtual peer. Using the retrieved virtual L3 peer-to-peer address, the direct packet carrier may directly transfer the data packet(s) to the destination virtual peer. Optionally, the virtual network is continuously monitored to detect change(s) in the topology. In case of a change to the topology, for example, one or more virtual peers added, one or more virtual peers removed and/or one or more virtual peers modified. In case of change detection, one or more of the virtual L3 peer-to-peer addresses which map that may be affected by the topology change may be re-generated to reflect the changed topology. Optionally, the direct packet carrier adjusts (manipulates) one or more of the data packets received from the source virtual peer before transferring the data packet(s) to the destination virtual peer. The direct packet carrier may adjust the data packet(s) to emulate legacy routing over the virtual network in order to maintain compatibility with legacy routing over the virtual network. According to some embodiments of the present invention, the direct packet carrier supports data packet(s) transfer to one or more legacy hosts which connect to a virtual network through one or more legacy routers, for example, a physical router and/or a virtual router where the legacy hosts do not support L3 peer-to-peer mapping. The legacy router may be assigned with a range of virtual L3 peer-to-peer addresses each mapping one of the legacy hosts such that the legacy router may translate a virtual L3 peer-to-peer address that is within the assigned range to a legacy address for accessing the corresponding legacy host.

According to some embodiments of the present invention, the direct packet carrier supports data packet(s) transfer to one or more physical hosts, for example, a computing node, a computer, a physical router and/or the like connected to the a border virtual peer residing on the virtual network. The direct packet carrier may use the virtual L3 peer-to-peer address of the border virtual peer and a physical address mapping the remaining path from the border virtual peer to one or the physical hosts.

According to some embodiments of the present invention, the direct packet carrier may use virtual L3 peer-to-peer address comprising a partial peer-to-peer address and a legacy address for communicating and/or transferring data packets to/from one or more destination peers, for example, a legacy virtual peer which do not operate directly with the direct packet carrier. In particular, the destination peer(s) may provide one or more network traffic management functions, for example, Virtual Network Functions (VNF) such as, for example, firewall, traffic shaping, network SFC and/or the like.

According to some embodiments of the present invention one or more of the network traffic management functions, for example, the VNF such as, for example, the firewall, the traffic shaping, the network SFC and/or the like are adapted to operate natively with the direct L3 peer-to-peer mapping and the direct L3 peer-to-peer data packet transfer employed by a direct packet carrier.

The direct data packets transfer over the virtual network may present significant advantages compared to currently existing implementations of the virtual networks. Typical virtual network implementation may use traditional methods for resolving network addresses, for example, virtual and/or physical IP addresses of the virtual peers connected to the virtual network. The existing virtual networks may therefore use virtual routers that may operate very similarly to physical routers such that at during every pass through a virtual router (HOP), the virtual router resolves the address for the next HOP.

By deploying the direct packet carrier connecting directly all the virtual peers in the virtual network and using the virtual L3 peer-peer address generated in advance for transferring the data packet(s), the latency of the data packet(s) transfer may be significantly reduced. In addition, due to the peer-to-peer mapping, the data transfer, reliability, stability and/or robustness of the data transfer may be significantly increased. The peer-to-peer mapping may further allow for easier debugging and/or failure isolation of failures, problems and/or degraded operation scenarios detected in the virtual networks since the data transfer paths may be easily isolated as the data is transferred through the direct packet carrier which may provide direct monitoring of each data transfer path. Moreover, the direct packet carrier and direct mapping implementation may provide compatibility with existing virtual network hosts. The direct packet carrier may maintain the compatibility by manipulating the data packet(s) to appear as data packets routed using the legacy routing. In order to maintain the compatibility, the direct packet carrier may further employ virtual L3 peer-to-peer addressing that combines peer-to-peer mapping with legacy mapping, physical mapping and/or the like. Maintaining the compatibility with the existing virtual and/or physical hosts may allow easy migration from the current virtual networks implementation to the direct peer-to-peer mapping virtual networks. This may also allow virtual peers using the direct peer-to-peer mapping to take advantage of services and/or functionality, for example, the network traffic management functions that may be provided by the legacy virtual and/or physical hosts. Furthermore, by adapting the network traffic management functions to operate natively with the direct peer-to-peer mapping, the virtual network employing the direct packet carrier with the direct peer-to-peer mapping may provide enhanced network functionality while maintaining its high performance data transfer rates.

Before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not necessarily limited in its application to the details of construction and the arrangement of the components and/or methods set forth in the following description and/or illustrated in the drawings and/or the Examples. The invention is capable of other embodiments or of being practiced or carried out in various ways.

The present invention may be a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.

Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.

The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer such as the user equipment (UE), as a stand-alone software package, partly on the user's computer and partly on a remote computer such as the network apparatus or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions. The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.

Reference is now made to FIG. 1, which is a flow chart of an exemplary process of peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, according to some embodiments of the present invention. A process 100 is executed to transfer data packets between a plurality of virtual peers connected through a virtual network, for example, an SDN providing a logical network abstraction over a physical network. The virtual peers may include a plurality of network entities, for example, a virtual host, a virtual router, a virtual router interface, a physical host mapped through a virtual endpoint, a physical router mapped through a virtual endpoint, a container, a virtual interface mapping one or more virtual and/or hardware resources and/or the like. A plurality of virtual Layer 3 (L3) peer-to- peer addresses may be proactively (in advance) generated, for example, calculated, resolved, defined, set and/or the like according to the topology of the virtual network. Each of the virtual Layer 3 (L3) peer-to-peer addresses maps a direct peer-to-peer path between a pair of the virtual peers according to the virtual network topology. As result each path between each pair of virtual peers in the virtual network is known in advance and available for the direct packet carrier. Optionally, the generated virtual Layer 3 (L3) peer-to-peer addresses may be optimal paths between the respective pair of virtual peers presenting improved one or more network transfer characteristics, for example, a latency, a QoS and/or the like. The direct packet carrier may further create, update and/or maintain a mapping record comprising the generated virtual L3 peer-to-peer addresses. When receiving one or more data packets from a source virtual peer which are directed for a destination virtual peer, the direct packet carrier may access the mapping record to retrieve the virtual L3 peer-to-peer address mapping the path between the source virtual peer and the destination virtual peer. Using the retrieved virtual L3 peer-to-peer address, the direct packet carrier may directly transfer the data packet(s) to the destination virtual peer. Reference is also made to FIG. 2, which is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, according to some embodiments of the present invention. An exemplary system 200 includes a virtual network 212 establishing a logical network abstraction over a physical network 204. The system 200 may include one or more computing nodes 202, for example, 202A, 202B through 202N. Each computing node 202 may include one or more processors (homogenous or heterogeneous), which may be arranged for parallel processing, as clusters and/or as one or more distributed core processing units, one or more network interfaces for connecting to the network 204 and a program store, for example, storage medium, either a volatile medium (e.g. a Random Access Memory (RAM), etc.) and/or a non-volatile medium (e.g. a hard drive, a Flash array, etc.).

Each computing node 202 may host one or more virtual peers 210, for example, a virtual host, a virtual router, a virtual router interface, a physical host mapped through a virtual endpoint, a physical router mapped through a virtual endpoint, a container, a virtual interface mapping one or more virtual and/or hardware resources and/or the like. One or more of the computing nodes 202 may implement a hypervisor for hosting, running and/or controlling one or more Virtual Machines (VM). The virtual network 212 may further include cloud computing and/or networking resources and/or services, for example, Software as a Service (SaaS), Platform as a Service (PaaS), networking-as-a-service (NaaS) and/or the like.

One or more of the computing nodes 202 may execute one or more software modules, for example, a process, an application, an agent, a utility, a service, a plug-in, a script, an addon software and/or the like each comprising a plurality of program instructions. The program instructions may be executed by the processor(s) of the computing nodes 202 from the program store.

The computing node(s) 202 may execute a virtual network controller 222 comprising one or more software modules, for example, Open Virtual Network (OVN), DragonFlow and/or the like for providing a platform, an infrastructure and/or the like for the virtual network 212 and controlling the virtual network 212. The virtual network controller 222 may be centralized, i.e. executed by one of the computing nodes 202, distributed, i.e. executed by a plurality of the computing nodes 202 and/or a combination thereof. The virtual network controller 222 may, for example, support network topology configuration, definition, setup and/or scaling, provide switching and/or routing services, resolve addresses, control QoS, transfer data and/or the like as known in the art.

The computing node(s) 202 may further execute a direct packet carrier 220 comprising one or more software modules for directly transferring data packets between the virtual peers 210. The direct packet carrier 220 directly connects to all the virtual peers 210 residing on (connected) the virtual network 212. The direct packet carrier 220 may be centralized, i.e. executed by one of the computing nodes 202, distributed, i.e. executed by a plurality of the computing nodes 202 and/or a combination thereof. The direct packet carrier 220 may create, update, maintain and/or the like a mapping record 224, for example, a list, a file, a database, a table and/or the like comprising a plurality of virtual L3 peer-to-peer addresses. Each of the virtual L3 peer-to-peer addresses maps a direct peer-to-peer path between a pair of the virtual peers 210 according to the topology of the virtual network 212. The direct packet carrier 220 and the virtual network controller 222 may interact and/or communicate with each other through one or more interfaces, for example, a system call, a function call, an Application Programming Interface (API) function, a messaging system and/or the like. As shown at 102, the process 100 starts with obtaining the topology of the virtual network 212. Identifying the topology of the virtual network 212 may typically be done as known in the art by the virtual network controller 222 which controls the virtual network 212. Optionally, the direct packet carrier 220 obtains the topology of the virtual network 212 from the virtual network controller 222. As shown at 104, the process 100 continues with proactively generating, for example, calculating, setting, defining and/or resolving the plurality of virtual L3 peer-to-peer addresses each mapping a direct peer-to-peer path between a pair of the virtual peers 210 according to the topology of the virtual network 212. Generating the plurality of virtual L3 peer-to-peer addresses may typically be done by the virtual network controller 222. The virtual network controller 222 may then provide the generated virtual L3 peer-to-peer addresses to the direct packet carrier 220. Optionally, the direct packet carrier 220 generates the plurality of virtual L3 peer-to-peer addresses according to the topology of the virtual network 212 obtained from the virtual network controller 222.

Optionally, the virtual network controller 222 constantly monitors the virtual network 212 to detect and/or is alerted of changes in the topology of the virtual network 212, for example, adding one or more virtual peers 210, removing one or more virtual peers 210, modifying one or more virtual peers 210 and/or the like. The monitoring may be done by the virtual network controller 222. At the detection of one or more changes in the topology of the virtual network 212, the virtual network controller 222 may generate, remove and/or update one or more of the virtual L3 peer-to-peer addresses to reflect the change(s) in the topology of the virtual network 212. For example, assuming one or more of the virtual peers 210 are removed, the virtual network controller 222 may remove one or more virtual L3 peer-to-peer addresses mapping the path between the removed virtual peer 210 and one or more other virtual peers 210. In another example, in case one or more virtual peers 210 are added, the virtual network controller 222 may calculate (generate) one or more virtual L3 peer-to-peer addresses mapping the path between the added virtual peer 210 and one or more other virtual peers 210. In another example, in case a virtual router 210 is added in the virtual network 212, the virtual network controller 222 may re-calculate (re-generate) one or more virtual L3 peer-to-peer addresses for paths between one or more of the virtual peers 210 which may be routed through the added virtual router 210.

In case the virtual L3 peer-to-peer addresses are generated by the direct packet carrier 220, the direct packet carrier 220 may calculate (generate) one or more virtual L3 peer-to-peer addresses to reflect the change(s) in the topology of the virtual network 212 detected by the virtual network controller 222 and reported to the direct packet carrier 220.

The direct packet carrier 220 may create, maintain and/or update the mapping record 224 with the generated virtual L3 peer-to-peer addresses mapping the paths between the virtual peers 210. The direct packet carrier 220 may update the mapping record 224 to reflect changes detected by the in the topology of the virtual network 212. For example, the direct packet carrier 220 may remove one or more virtual L3 peer-to-peer address entries mapping a path between the removed virtual peer 210 and one or more other virtual peers 210. The direct packet carrier 220 may also add one or more virtual L3 peer-to-peer address entries mapping a path between the added virtual peer 210 and one or more other virtual peers 210. The direct packet carrier 220 may further update one or more virtual L3 peer-to-peer address entries mapping a path between the virtual peers 210 in case the path is changed due to the topology change, for example, an addition and/or removal of one or more virtual routers 210.

As shown at 106, the direct packet carrier 220 receives one or more data packets from a source virtual peer of the virtual peers 210 for example, a source virtual peer 21 OA. The received data packet(s) are destined for a destination virtual peer of the virtual peers 210, for example, a destination virtual peer 210B.

As shown at 108, the direct packet carrier 220 may access the mapping record 224 comprising the virtual L3 peer-to-peer addresses mapping the paths between the virtual peers 210 to search for the virtual L3 peer-to-peer address mapping the path between the source virtual peer 210 and the destination virtual peer 210. To continue the previously presented example, the direct packet carrier 220 may access the mapping record 224 to search for the virtual L3 peer-to-peer address mapping the path between the source virtual peer 21 OA and the destination virtual peer 210B. Optionally, the virtual L3 peer-to-peer address that maps the path between the source virtual peer 210, for example, 21 OA and the destination virtual peer 210, for example, 210B is updated in the mapping record 224 only at the first time the direct packet carrier 220 requires this virtual L3 peer-to-peer address. This means that while the virtual L3 peer-to-peer address mapping the path from the source virtual peer 21 OA to the destination virtual peer 21 OB is generated in advance (proactively), this virtual L3 peer-to-peer address may not be already available (updated) in the mapping record 224. The direct packet carrier 220 may update this virtual L3 peer-to-peer address in the mapping record 224 at the first time the source virtual peer 21 OA sends the data packet(s) to the destination virtual peer 21 OB. This may serve to reduce the size of the mapping record 224, i.e. reduce the number of virtual L3 peer-to-peer address entries in the mapping record 224 by avoiding inclusion of entries of virtual L3 peer- to-peer addresses that may be unused and/or not previously used. Reducing the number of virtual L3 peer-to-peer address entries in the mapping record 224 may significantly reduce the time required for the direct packet carrier 220 to traverse the mapping record 224 and may therefore reduce latency in finding a respective virtual L3 peer-to-peer address. This may significantly reduce the overall latency in transferring the data packet(s) between a certain source virtual peer and certain destination virtual peer.

As shown at 110, the direct packet carrier 220 retrieves from the mapping record 224 the virtual L3 peer-to-peer address mapping the path from the source virtual peer 21 OA to the destination virtual peer 210B.

As shown at 112, the direct packet carrier 220 transfers the data packet(s) received from the source virtual peer 21 OA to the destination virtual peer 210B .

Optionally, the direct packet carrier 220 adjusts (manipulates) one or more of the data packets received from the source virtual peer 210, for example, 21 OA before transferring the data packet(s) to the destination virtual peer 210, for example, 210B. The direct packet carrier 220 may adjust the data packet(s) to emulate legacy routing over the virtual network 212. This may serve to maintain compatibility with the legacy routing and avoid possible modifications that may be required in the virtual peer 210B in order to adapt to operate with the direct packet carrier 220. By manipulating the data packet(s) to appear as data packet(s) transferred through the virtual network 212 using legacy routing, the virtual peer 210B receives the data packet(s) as expected to be received using the legacy routing and may therefore require no modifications to operate with the direct packet carrier 220. For example, in legacy routing, one or more legacy fields of the data packet(s) may indicate one or more attributes, characteristics and/or operational conditions relating to the legacy network. While one or more of the legacy fields may not serve any purpose when using the direct packet carrier 220 to transfer the data packet(s) from the source virtual peer 21 OA to the destination virtual peer 21 OB, the virtual peer 21 OB may require (expect) the legacy field(s) to maintain proper operation, for example, identifying the data packet(s) as valid. The legacy fields may include for example, a Time to Live (TTL) field indicating a number of HOPs, e.g. a router, a computer and/or a device along the network 204 and/or the (legacy) virtual network 212 the packet is allowed to pass before it dies. In another example, the legacy field(s) may include a field indicating a Media Access Control (MAC) address of the originating router the data packet(s) passed through, the router the data packet(s) passed through and/or the like. Manipulation of the fields in the data packet(s) may be done by the direct data carrier

220 or part thereof executing, for example, at the computing node 202A hosting the source virtual peer 21 OA, at the computing node 202N hosting the destination virtual peer 210B and/or at one or more intermediate computing nodes 202. The intermediate computing node(s) 202 may receive the data packet(s) from the source virtual peer 21 OA and forward them to the destination virtual peer 210B .

Reference is now made to FIG. 3, which is a schematic illustration of an embodiment of an exemplary system for peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, according to some embodiments of the present invention. An exemplary system 300 includes a virtual network such as the virtual network 212 establishing a logical network abstraction over a physical network 204A such as the physical network 204. The exemplary physical network 204A may include four sub-networks, a sub- networkl 204_1, a sub-network2 204_2, a sub-network3 204_3 and a sub-network4 204_4. The four sub-networks 204 1, 204 2, 204 3 and 204 4 are connected to each other through 3 routers, a routerl 302A connecting the sub-networkl 204 1 and the sub-network2 204 2, a router2 302B connecting the sub-network2 204 2 and the sub-network3 204 3 and a router3 302C connecting the sub-network3 204 3 and the sub-network4 204 4.

The system 300 may include one or more computing nodes such as the computing nodes 202, for example, 202C, 202D, 202E and 202F hosting one or more virtual peers such as the virtual peers 210, for example, a virtual peer 2 IOC, 210D, 210E and 21 OF respectively. The computing nodes 202C, 202D, 202E and 202F each reside on a different sub-network of the network 204 A. The computing node 202C connects to the sub-networkl 204 1, the computing node 202D connects to the sub-network2 204 2, the computing node 202E connects to the subnetworks 204 3 and the computing node 202F connects to the sub-network4 204 4.

The virtual network 212 may be provided, controlled and/or managed by a virtual network controller such as the virtual network controller 222. A direct packet carrier such as the direct packet carrier 220 may be executed for transferring one or more data packets between the virtual peers 2 IOC, 210D, 210E and/or 21 OF. The direct packet carrier 220 may further create, maintain and/or update a mapping record such as the mapping record 224.

As discussed before while the TTL field may not be required in the data packet(s) when transferred using the direct packet carrier 220, the virtual peers 2 IOC and/or 210D may require the TTL field for proper operation. The direct packet carrier 220 may therefore adjust the TTL field in one or more of the data packets transferred between the virtual peers 2 IOC and/or 210D to maintain compatibility with the legacy routing over the network 204A.

In a first example, the virtual network controller 222 providing the platform for the virtual network 212 and controlling it is the DragonFlow. The direct packet carrier 220 may apply a set of rules using the syntax conventions of the DragonFlow virtual network controller 222 and/or of an Open Virtual Switch (OVS) employed by the DragonFlow virtual network controller 222. The set of rules may indicate the adjustment(s) done to one or more of the transferred packet according to the source and destination virtual peers 210 as described in a rule set 1 below. It should be noted that the rule set 1 may be presenting partial exemplary settings.

Rule Set 1 :

(1) Source:202C,Dest:202F

Actions: src_eth^ROUTER3, dst_eth^202F, TTL<— TTL-3

(2) Source:202F,Dest:202C Actions: src_eth^ROUTERl,dst_eth^202C,TTL^TTL-3

(3) Source:202C,Dest:202D

Actions: src eth^ROUTERl ,dst_eth<— 202D,TTL<— TTL-1 (4) Source: 202D,Dest:202C

Actions: src eth^ROUTERl ,dst_eth<— 202C,TTL<— TTL- 1

(5) Source: 202C,Dest:202E

Actions: src_eth<— ROUTER2,dst_eth<— 202E,TTL<— TTL-2

(6) Source:202E,Dest:202C

Actions: src eth^ROUTERl ,dst_eth^202C,TTL^TTL-2

(7) Source:202F,Dest:202D

Actions: src_eth<— ROUTER2,dst_eth<— 202D,TTL<— TTL-2

(8) Source:202D,Dest:202F

Actions: src_eth<— ROUTER3,dst_eth<— 202F,TTL<— TTL-2

(9) Source: 202F,Dest:202E

Actions: src_eth<— ROUTER3,dst_eth<— 202E,TTL<— TTL- 1

(10) Source: 202E,Dest:202F

Actions: src_eth<— ROUTER3,dst_eth<— 202F,TTL<— TTL-1

(11) Source: 202D,Dest:202E

Actions: src_eth<— ROUTER2,dst_eth<— 202E,TTL<— TTL- 1

(12) Source: 202E,Dest:202D

Actions: src_eth<— ROUTER2,dst_eth<— 202D,TTL<— TTL-1

As shown, the topology of the network 204A is reflected in the rules specified in the rule set 1. In particular, the rule set 1 indicates the values of the TTL field expected by each virtual peer 210C-210F according to the source of the data packet(s). The direct data carrier 220 may therefore manipulate the TTL field in one or more data packet(s) according to rule set 1 after identifying the source and/or destination virtual peers 2 IOC, 210D, 210E and/or 21 OF. For example, the direct data carrier 220 may manipulate the TTL field to a value of TTL-3 in one or more data packets sent from the virtual peer 2 IOC hosted by the computing node 202C and destined for the virtual peer 21 OF hosted by the computing node 202F.

The rule set 1 may also specify the values for the originating router field for each of the virtual peers 210C-210F. The direct data carrier 220 may therefore manipulate the originating router field in one or more data packet(s) according to rule set 1 after identifying the source and/or destination virtual peers 2 IOC, 210D, 210E and/or 21 OF. For example, the direct data carrier 220 may manipulate the originating router field to a value of ROUTER2 in one or more data packets sent from the virtual peer 21 OF hosted by the computing node 202F and destined for the virtual peer 210D hosted by the computing node 202D.

In another example, the virtual network controller 222 providing the platform for the virtual network 212 and controlling it is the OVN. The direct packet carrier 220 may apply a set of rules using the syntax conventions of the OVN virtual network controller 222 and/or an OVS employed by the OVN virtual network controller 222. The set of rules may indicate the adjustment(s) done to one or more of the transferred packet according to the source and destination virtual peers 210 as described in a rule set 2 below. It should be noted that the rule set 2 may be presenting partial exemplary settings.

Rule Set 2:

Logical Flows: (1) Source:202C,Dest:202F table= 4( lr_in_ip_routing), priority= 24, match=(ip4.dst == <202F.ip>/255.255.255.255), action=(ip.ttl = ip.ttl - 3; regO = ip4.dst; regl = < ROUTER3.ip>; eth.src = <ROUTER3.MAC>; outport = <202F.port>; next;)

(2) Source:202F,Dest:202C table= 4( lr in ip routing), priority= 24,

match=(ip4.dst == <202C.ip>/255.255.255.255),

action=(ip.ttl = ip.ttl - 3; regO = ip4.dst; regl = <ROUTERl .ip>;

eth.src = < ROUTER 1.MAC>;

outport = <202C.port>;

next;)

OVS Flows:

(1) Source:202C,Dest:202F

cookie=0x0, duration=6.674s, table=20,

n_packets=0, n_bytes=0, idle_age=6,

priority=24 ,ip ,metadata=0x9 ,nw_dst=<202F . ip>/32

actions=TTL-3->TTL,move:NXM_OF_IP_DST[]->NXM_NX_REG0[],

load:<ROUTER3.ip>->NXM_NX_REGl [],mod_dl_src:<R3.MAC>, load:0x 1 ->NXM_NX_REG7[],resubmit(,21)

(2) Source:202F,Dest:202C

cookie=0x0, duration=6.674s, table=20,

n_packets=0, n_bytes=0, idle_age=6,

priority=24 ,ip ,metadata=0x9 ,nw_dst=<202C ip>/32

actions=TTL-3->TTL,move:NXM_OFJP_DST[]->NXM_NX_REG0[],

load:<ROUTERl .ip>->NXM_NX_REGl [],mod_dl_src:<ROUTERl .MAC>, load:0xl->NXM_NX_REG7[],resubmit(,21) Where the values in brackets < > are proactively generated and are available (known) while configuring the virtual network 212. For brevity only the rules for the virtual peers 2 IOC and 21 OF are provided while the rules for 202D and 210E are not presented.

As shown, the topology of the network 204A is reflected in the rules specified in the rule set 2. The direct data carrier 220 may apply the same technique for the OVN implementation as described for the DragonFlow implementation.

According to some embodiments of the present invention, a direct packet carrier such as the direct packet carrier 212 supports data packet(s) transfer to one or more legacy hosts which connect to a virtual network such as the virtual network 212 through one or more legacy routers, physical or virtual, where the legacy hosts do not support L3 peer-to-peer mapping. This may allow backward compliance with legacy virtual networks such as the virtual network 212 comprising one or more legacy hosts.

Reference is now made to FIG. 4, which is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network comprising a legacy router, according to some embodiments of the present invention. An exemplary system 400 includes a virtual network such as the virtual network 212 establishing a logical network abstraction over a physical network such as the physical network 204. The system 400 may include one or more computing nodes such as the computing nodes 202, for example, 202A through 202N each hosting one or more virtual peers such as the virtual peers 210. The virtual network 212 may be provided, controlled and/or managed by a virtual network controller such as the virtual network controller 222. A direct packet carrier such as the direct packet carrier 220 may be executed for transferring one or more data packets between the virtual peers 210. The direct packet carrier 220 may further create, maintain and/or update a mapping record such as the mapping record 224. The system 400 may further include one or more legacy hosts 402, for example ,a physical device, a physical router, a virtual host, a virtual router and/or the like which reside on (connect to) the network 204. While not supporting the direct data packet(s) transfer controlled by the direct packet carrier 220, the legacy host(s) 402 may be mapped to and/or from the virtual network 212 through one or more legacy network routers 210G, for example, a physical router, a legacy virtual router and/or the like. The legacy router 210G is a virtual peer such as the virtual peers 210 capable of operating with the direct packet carrier 220 for transferring data packet(s) to and/or from the other virtual peers 210. A range of virtual L3 peer-to-peer addresses may be generated by the direct packet carrier 220 and/or the virtual network controller 222 for mapping each of the legacy hosts 402 through the legacy router 210G. The direct packet carrier 220 and/or the virtual network controller 222 may further assign the legacy router 210G with the range of virtual L3 peer-to-peer addresses. The range of virtual L3 peer-to-peer addresses may be contiguous, non- contiguous and/or a combination thereof. The range of virtual L3 peer-to-peer addresses may further include one or more L3 peer-to-peer addresses that are sporadically allocated, i.e. discrete L3 peer-to-peer addresses. The legacy router 210G may be further configured to route data packet(s) destined for virtual L3 peer-to-peer addresses falling within the assigned range to the corresponding legacy host. As result when the legacy router 210G receives one or more data packets destined for a certain virtual L3 peer-to-peer address that falls within the assigned range, the legacy router 210G may forward the data packet(s) to the legacy host 402 associated with the certain virtual L3 peer-to-peer address. The legacy router 210G may map and/or route the data packets to one or more legacy host such as the legacy host 402 using one or more legacy mapping/routing mechanism, implementations and/or the like, for example, a physical-like routing, SDN controller such as, for example, an OVN controller, an OpenDaylight controller and/or the like.

According to some embodiments of the present invention, a direct packet carrier such as the direct packet carrier 212 supports data packet(s) transfer to one or more physical hosts, for example, a computing node, a computer, a physical router and/or the like connected to the a border virtual peer such as the virtual peer 210 connected to a virtual network such as the virtual network 212.

Reference is now made to FIG. 5, which is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network comprising physical hosts, according to some embodiments of the present invention. An exemplary system 500 includes a virtual network such as the virtual network 212 establishing a logical network abstraction over a physical network such as the physical network 204. The system 500 may include one or more computing nodes such as the computing nodes 202, for example, 202A through 202N each hosting one or more virtual peers such as the virtual peers 210. The virtual network 212 may be provided, controlled and/or managed by a virtual network controller such as the virtual network controller 222. A direct packet carrier such as the direct packet carrier 220 may be executed for transferring one or more data packets between the virtual peers 210. The direct packet carrier 220 may further create, maintain and/or update a mapping record such as the mapping record 224. The system 500 may further include one or more physical hosts 502, for example, a physical device, a computing node, a computer and/or the like which connect to the network 204. While not supporting the direct data packet(s) transfer controlled by the direct packet carrier 220, the physical host(s) 502 may connect to one or more border virtual peers 21 OH capable of operating with the direct packet carrier 220 for transferring data packet(s) to and/or from the other virtual peers 210. The direct packet carrier 220 may transfer one or more data packets to one or more of the physical hosts 502 by using the virtual L3 peer-to-peer address of the border virtual peer 21 OH to send the data packet(s) to the border virtual peer 21 OH coupled with a physical address of the destination physical host 502, for example, an IP address. The physical address of the destination physical host 502 may be generated, for example, resolved, calculated, set, defined and/or the like by the virtual network controller 222 that may report the generated physical address to the direct packet carrier 220.

According to some embodiments of the present invention, a direct packet carrier such as the direct packet carrier 212 may use virtual L3 peer-to-peer address comprising a partial peer-to-peer address and a legacy address for communicating and/or transferring data packets to/from one or more destination peers, for example, a legacy virtual peer which do not operate directly with the direct packet carrier 212. In particular, the destination peer(s) may provide one or more network traffic management functions, for example, VNF such as, for example, firewall, traffic shaping, network SFC and/or the like. This may allow virtual peers such as the virtual peers 210 to take advantage of the network traffic management functions even when provided by legacy virtual peers which do not operate directly with the direct packet carrier 212.

Reference is now made to FIG. 6, which is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network comprising legacy hosts providing Virtual Network function(s) (VNF), according to some embodiments of the present invention. An exemplary system 600 includes a virtual network such as the virtual network 212 establishing a logical network abstraction over a physical network such as the physical network 204. The system 600 may include one or more computing nodes such as the computing nodes 202, for example, 202A through 202N each hosting one or more virtual peers such as the virtual peers 210. The virtual network 212 may be provided, controlled and/or managed by a virtual network controller such as the virtual network controller 222. A direct packet carrier such as the direct packet carrier 220 may be executed for transferring one or more data packets between the virtual peers 210. The direct packet carrier 220 may further create, maintain and/or update a mapping record such as the mapping record 224. The system 600 may further include one or more destination peers, for example, a legacy virtual hosts 602A, in particular the legacy host 602A provides one or more of the network traffic management functions 620, for example, the VNF such as, for example, the firewall, the traffic shaping, the network SFC and/or the like. While the legacy virtual host 602A connects to the virtual network 212, the legacy virtual host 602 A may not directly operate with the direct packet carrier 220. However, the direct packet carrier 220 may communicate and/or transfer data packet(s) to/from the legacy virtual host 602 A through one or more intermediate virtual peers 2101. The direct packet carrier 220 may use generated virtual L3 peer-to-peer addresses comprising a partial peer-to-peer address and a legacy address. While the partial peer-to-peer address may map the intermediate virtual peers 2101, the legacy address may map the remaining path between the intermediate virtual peers 2101 and the legacy virtual host 602A. According to some embodiments of the present invention one or more of the network traffic management functions, for example, the VNF are adapted to operate with the direct L3 peer-to-peer addresses and the direct L3 peer-to-peer data packet transfer employed by a direct packet carrier such as the direct packet carrier 220. This may allow virtual peers such as the virtual peers 210 to take advantage of network traffic management functions which are adapted for the direct data packets transfer. The adapted network traffic management functions may be natively integrated, facilitated and/or implemented in the direct data packets transfer virtual network implementation and may therefore provide high transfer rates compared to legacy virtual and/or physical networks.

Reference is now made to FIG. 7, which is a schematic illustration of an exemplary system for peer-to-peer data packets transfer over a virtual network facilitating VNF functionality adapted for the peer-to-peer mapping, according to some embodiments of the present invention. An exemplary system 700 includes a virtual network such as the virtual network 212 establishing a logical network abstraction over a physical network such as the physical network 204. The system 700 may include one or more computing nodes such as the computing nodes 202, for example, 202A through 202N each hosting one or more virtual peers such as the virtual peers 210. The virtual network 212 may be provided, controlled and/or managed by a virtual network controller such as the virtual network controller 222. A direct packet carrier such as the direct packet carrier 220 may be executed for transferring one or more data packets between the virtual peers 210. The direct packet carrier 220 may further create, maintain and/or update a mapping record such as the mapping record 224.

One or more of the network traffic management functions such as the network traffic management functions 620, for example, the VNF such as, for example, the firewall, the traffic shaping, the network SFC and/or the like may be adapted to operate on one or more of the virtual peers 210, for example, a virtual peer 210J. The network traffic management function(s) 620A may be adapted to operate with the direct packet carrier 220, for example, using the virtual L3 peer-to-peer addresses. This may allow the virtual peers 210 to use direct packet carrier 220 to transfer data packet(s) to and/or from the virtual peer 210J hosting, executing, serving and/or providing the adapted network traffic management functions 620A.

The descriptions of the various embodiments of the present invention have been presented for purposes of illustration, but are not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen to best explain the principles of the embodiments, the practical application or technical improvement over technologies found in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

It is expected that during the life of a patent maturing from this application many relevant virtual networking technologies will be developed and the scope of the term virtual networking is intended to include all such new technologies a priori.

As used herein the term "about" refers to ± 10 %.

The terms "comprises", "comprising", "includes", "including", "having" and their conjugates mean "including but not limited to". This term encompasses the terms "consisting of and "consisting essentially of.

The phrase "consisting essentially of means that the composition or method may include additional ingredients and/or steps, but only if the additional ingredients and/or steps do not materially alter the basic and novel characteristics of the claimed composition or method. As used herein, the singular form "a", "an" and "the" include plural references unless the context clearly dictates otherwise. For example, the term "a compound" or "at least one compound" may include a plurality of compounds, including mixtures thereof.

The word "exemplary" is used herein to mean "serving as an example, instance or illustration". Any embodiment described as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments and/or to exclude the incorporation of features from other embodiments.

The word "optionally" is used herein to mean "is provided in some embodiments and not provided in other embodiments". Any particular embodiment of the invention may include a plurality of "optional" features unless such features conflict.

Throughout this application, various embodiments of this invention may be presented in a range format. It should be understood that the description in range format is merely for convenience and brevity and should not be construed as an inflexible limitation on the scope of the invention. Accordingly, the description of a range should be considered to have specifically disclosed all the possible subranges as well as individual numerical values within that range. For example, description of a range such as from 1 to 6 should be considered to have specifically disclosed subranges such as from 1 to 3, from 1 to 4, from 1 to 5, from 2 to 4, from 2 to 6, from 3 to 6 etc., as well as individual numbers within that range, for example, 1, 2, 3, 4, 5, and 6. This applies regardless of the breadth of the range.

Whenever a numerical range is indicated herein, it is meant to include any cited numeral (fractional or integral) within the indicated range. The phrases "ranging/ranges between" a first indicate number and a second indicate number and "ranging/ranges from" a first indicate number "to" a second indicate number are used herein interchangeably and are meant to include the first and second indicated numbers and all the fractional and integral numerals there between.

It is appreciated that certain features of the invention, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the invention, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable subcombination or as suitable in any other described embodiment of the invention. Certain features described in the context of various embodiments are not to be considered essential features of those embodiments, unless the embodiment is inoperative without those elements.

All publications, patents and patent applications mentioned in this specification are herein incorporated in their entirety by reference into the specification, to the same extent as if each individual publication, patent or patent application was specifically and individually indicated to be incorporated herein by reference. In addition, citation or identification of any reference in this application shall not be construed as an admission that such reference is available as prior art to the present invention. To the extent that section headings are used, they should not be construed as necessarily limiting.

Claims

1. A system for network layer (L3) peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, comprising:

a direct packet carrier of a virtual network connecting a plurality of virtual peers, the direct packet carrier is adapted to:

receive from a source virtual peer of the plurality of virtual peers at least one data packet destined for a destination virtual peer of the plurality of virtual peers; access a mapping record comprising a plurality of virtual L3 peer-to-peer addresses each mapping a direct peer-to-peer path between a pair of the plurality of virtual peers;

retrieve from the mapping record a respective one of the plurality of virtual. L3 peer-to-peer addresses mapping the direct peer-to-peer path between the source peer and the destination peer; and

transfer the at least one data packet to the destination virtual peer using the retrieved virtual L3 peer-to-peer address.

2. The system according to claim 1 , wherein each of the plurality of virtual peers is a network element which is a member of a group consisting of:

- a virtual, host,

- a virtual router.

- a virtual router interface,

- a physical host mapped through a virtual endpoint,

- a physical router mapped through a virtual endpoint,

- a container, and

- any virtual interface which maps at least one hardware and/or virtual resource.

3. The system according to any of the previous claims, wherein the direct packet carrier is constructed as:

a centralized carrier hosted by one of a plurality of computing nodes connected to the virtual network, or

as a distributed carrier hosted by at least some of the plurality of computing nodes.

4. The system according to any of the previous claims, wherein the plurality of virtual

L3 peer-to-peer address are generated proactively by a controller of the virtual network adapted to support the direct packet carrier.

5. The system according to any of the previous claims, further comprising the respective virtual L3 peer-to-peer address generated proactively for the direct peer-to-peer path between the source peer and the destination peer is updated in the mapping record at the first time the at least one data packet is received from the source virtual peer.

6. The system according to any of the previous claims, further comprising continuously monitoring the virtual network to detect at least one topology change in the virtual network, the topology change is a member of a group consisting of:

adding at least one virtual peer,

modifying at least one virtual peer, and

removing at least one virtual peer.

7. The system according to claim 6, wherein the virtual L3 peer-to-peer address is recalculated for at least one of the plurality of virtual peers following detection of the at least one topology change.

8. The system according to any of claims 6 and 7, wherein the mapping record is updated according to the at least one topology change, the update includes at least one member of a group consisting of: adding the virtual 1.3 peer-to-peer path generated for the at least one added virtual peer, updating the virtual 1.3 peer-to-peer path re-calculated for the at least one modified virtual peer and deleting the virtual L3 peer-to-peer path of the at least one removed virtual peer.

9. The system according to any of the previous claims, further comprising adjusting the at least one data packet to emulate legacy routing over the virtual network.

10. The system according to claim 9, wherein the adjusting of the at least one data packet is done by a member of a group consisting of:

a host hosting the source virtual peer sending the at least one data packet,

a host hosting the destination virtual peer to which the at least one data packet is sent, and at least one intermediate computing node that receives the at least one data packet from the source virtual peer and forwards the at least one data packet to the destination virtual peer.

11. The system according to any of the previous claims, wherein at least one legacy network router is mapped as a virtual peer supporting multiple virtual L3 peer-to-peer paths in a virtual L3 peer-to-peer address range each assigned to one of a plurality of legacy hosts not supporting L3 peer-to-peer mapping over the v irtual network,

wherein the at least one legacy network router is a member of a group consisting of: a physical router and a legacy virtual router.

12. The system according to any of the previous claims, further comprising sending the at least one data packet to at least one physical host through at least one border virtual peer connecting to the at least one physical host, the at least one data packet is sent using the virtual L3 peer-to-peer address of the at least one border virtual peer coupled with a remaining physical path address mapping a path to the at least one physical host from the at least one border virtual peer.

13. The system according to any of the previous claims, further comprising the virtual L3 peer-to-peer address employs a partial peer-to-peer address and a legacy address, wherein the partial peer-to-peer address maps at least one intermediate virtual peer and the legacy address maps a destination peer for sending the at least one data packet to the destination peer through the at least one intermediate virtual peer.

14. The system according to any of the previous claims, further comprising adapting at least one network traffic management function for handling the at least one data packet mapped with the virtual L3 peer-to-peer address.

15. A computer implemented method of network layer (L3) peer-to-peer data packets transfer over a virtual network using proactive mapping of the virtual network, comprising: receiving, at a direct packet carrier of a virtual network connecting a plurality of virtual peers, at least one data packet from, a source virtual, peer of the plurality of virtual peers, the at least one data packet is destined for a destination virtual peer of the plurality of vi.rtu.al peers; accessing a mapping record comprising a plurality of virtual L3 peer-to-peer addresses each, mapping a direct peer-to-peer path between a pair of the plurality of virtual peers;

retrieving from the mapping record a respective one of the plurality of virtual L3 peer- to-peer addresses mapping the direct peer-to-peer path between the source peer and the destination peer; and

transferring the at least one data packet to the destination virtual peer using the retrieved virtual L3 peer-to-peer address.

16. A computer program with a program code for performing a method according to claim 15, when the computer program runs on a computer.