WO2021037358A1 - Présence locale virtuelle basée sur le mappage virtuel l3 de noeuds de réseau à distance - Google Patents

Présence locale virtuelle basée sur le mappage virtuel l3 de noeuds de réseau à distance Download PDF

Info

Publication number
WO2021037358A1
WO2021037358A1 PCT/EP2019/072989 EP2019072989W WO2021037358A1 WO 2021037358 A1 WO2021037358 A1 WO 2021037358A1 EP 2019072989 W EP2019072989 W EP 2019072989W WO 2021037358 A1 WO2021037358 A1 WO 2021037358A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
mapping
mapping agent
virtual
address
Prior art date
Application number
PCT/EP2019/072989
Other languages
English (en)
Inventor
Itamar OFEK
Omer ANSON
Eshed GAL-OR
Eduardo Warszawski
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/EP2019/072989 priority Critical patent/WO2021037358A1/fr
Priority to CN201980097584.XA priority patent/CN113994639B/zh
Publication of WO2021037358A1 publication Critical patent/WO2021037358A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2528Translation at a proxy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2592Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer

Definitions

  • the present disclosure in some embodiments thereof, relates to data packets transfer between remote hosts connected to separate networks and, more specifically, but not exclusively, to data packets transfer between remote hosts connected to separate networks using virtual Layer 3 (L3) mapping of the remote hosts.
  • L3 virtual Layer 3
  • Networked services are constantly evolving for a plurality of applications, services and platforms ranging over practically every aspect of modem life. These networked services hence present multiple ever increasing challenges for the underlying networks which become ever more complex. These challenges may further increase and become more apparent with the rapid deployment of cloud services utilizing Software Defined Networks (SDN) for switching and routing network traffic between cloud hosts.
  • SDN Software Defined Networks
  • An objective of the embodiments of the disclosure is to provide a solution which mitigates or solves the drawbacks and problems of conventional solutions.
  • the above and further objectives are solved by the subject matter of the independent claims. Further advantageous embodiments can be found in the dependent claims.
  • the disclosure aims at providing a solution for mapping, in a local network, a remote network node connected to a separate network by creating an L3 based virtual presence of the remote node in the local network to form a common multicast and/or broadcast domain shared between the two separate networks by deploying mapping agents configured to emulate the remote node as if connected to the local network.
  • an apparatus for transferring data comprising one or more processing circuitries connected to a first network and executing a first mapping agent having a Layer 3 (L3) address mapping of a destination node connected to a second network separated from the first network.
  • the first mapping agent comprising a code configured to:
  • a computer implemented method of transferring data comprising:
  • L3 Layer 3
  • mapping the destination node into the first network using the virtual L3 mapping may allow creating unified multicast and/or broadcast domains common to multiple separated networks without adjusting the network addressing schemes applied in each of the networks while verifying that no address conflicts or overlaps occurs.
  • the virtual mapping is done in L3 may allow use of high level networking and communication protocols relying on L3 addressing which are highly common in a plurality of applications and services.
  • the mapping agents are created, deployed, initiated and configured in software the effort, time and/or cost for creating the network domains may be significantly reduced while supporting high scalability.
  • each pair of source and destination nodes may be associated with a dedicated pair of mapping agents, collisions over the networks may be significantly reduced and potentially completely avoided.
  • the traffic descriptor of the encapsulation packet further comprising a virtual F3 address assigned to the first mapping agent for receiving a second packet transmitted from the destination node to the source node via the second mapping agent and the first mapping agent.
  • a virtual F3 address assigned to the first mapping agent for receiving a second packet transmitted from the destination node to the source node via the second mapping agent and the first mapping agent.
  • the encapsulation packet is forwarded using one or more Fayer 2 (F2) tunneling protocols, the traffic descriptor comprises an identifier of the second mapping agent in metadata defined by the F2 tunneling protocol(s).
  • F2 tunneling protocols may enable easy adoption and deployment of the virtual F2 mapping of remote network nodes (hosts) for applications, services and/or platforms utilizing such F2 tunneling protocols.
  • the encapsulation packet is forwarded using one or more L3 networking protocols, the traffic descriptor comprises an L3 address of the second mapping agent.
  • Supporting L3 networking protocols may enable easy adoption and deployment of the virtual L2 mapping of remote network nodes (hosts) for applications, services and/or platforms utilizing such L3 networking protocols.
  • the first network and the second network are virtual networks defined in a Software Defined Network (SDN), the first mapping agent is utilized in the first network by configuring a mapping record of the SDN to include the virtual L3 address mapping of the destination node in a list of virtual L3 addresses assigned to nodes connected to the first network.
  • SDN Software Defined Network
  • Supporting SDNs may allow for simple and reduced effort deployment, integration and adoption of the virtual L3 mapping in SDNs which are constantly expanding to support the ever increasing and developing cloud services.
  • the first network and the second network are physical networks connected to a common networking infrastructure via two respective network gateways.
  • Supporting physical networks may be to support simple and reduced effort deployment, integration and adoption of the virtual L3 mapping in such physical networks which constitute the backbone of any networking system.
  • the first mapping agent is executed by the network gateway connecting the first network to the common networking infrastructure. Since the gateway deployed to connect the network to the common network is typical component in the network using it to execute the mapping agent(s) may eliminate the need to add application specific hardware thus reducing cost and simplifying the deployment of the mapping agent(s).
  • the first mapping agent is executed by a dedicated network node connected to the first network.
  • Supporting dedicated network nodes for executing the mapping agent(s) may be efficient for supporting networks in which the gateway may be limited in resources and/or complex to configure.
  • using the dedicated network node having sufficient computing resources e.g. processing resources, storage resources, network resources, etc. may allow for initiating and executing a large number of mapping agent to map a plurality of remote destination network nodes.
  • the first network is a virtual network defined in a Software Defined Network (SDN) and the second network is a physical network connected via a network gateway to network abstracted by the virtual network, a virtual port is deployed in the network gateway to map the destination node in the SDN, the first mapping agent is utilized in the first network by configuring a mapping record of the SDN to include the virtual L3 address of the virtual port in a list of virtual L3 addresses assigned to nodes connected to the first network.
  • Supporting mixed networks constructed of both virtual and physical network segments may be essential to support simple and reduced effort deployment, integration and adoption of the virtual L3 mapping in such mixed networks.
  • the first packet includes a multicast packet destined to a group of nodes connected to the first network.
  • the first mapping agent is configured to be part of the group in response to a request received from the second mapping agent to include the destination node in the group such that the first mapping agent encapsulate and forwards the multicast packet to the second mapping agent for delivery to the destination node.
  • the first packet includes a broadcast packet destined to all nodes connected to the first network
  • the first mapping agent is configured to encapsulate and forwards the broadcast packet to the second mapping agent for delivery to the destination host.
  • Forming a unified broadcast domain stretching over the two separate networks may be highly desired and in some cases essential for a plurality of applications and services in which broadcasts are directed to nodes connected to separate networks.
  • a plurality of first mapping agents are deployed.
  • Each of the plurality of first mapping agents maps a respective one of a plurality of destination nodes connected to one or more second networks separated from the first network.
  • Multiple simultaneous connections and communication path between multiple networking nodes may be required for a plurality of networked applications and/or services. Supporting deployment of the plurality of source and destination nodes may therefore allow for increased adoption and/or simplified integration of the virtual L3 mapping in a plurality of such applications and/or services.
  • a single second mapping agent is deployed to map a destination node connected to the second network for a plurality of source nodes connected to one or more first networks separated from the second network.
  • Each of the plurality of source nodes is associated with a respective first mapping agent executed at a respective first network.
  • the respective first mapping agent of each source node which transmits the first packet to the second mapping agent is identified by tracking a connection of the respective first mapping agent.
  • the traffic descriptor is resolved according to a Uniform Resource Identifier (URI) of the destination node.
  • URI Uniform Resource Identifier
  • a third aspect of the disclosure suggests a computer program product comprising computer readable code instructions which, when run in a computer will cause the computer to perform the method according to the second aspect, or any one of optional implementation forms of the second aspect of the disclosure.
  • a fourth aspect of the disclosure suggests a computer readable storage medium comprising computer program code instructions, being executable by a computer, for performing a method according to the second aspect, or any one of optional implementation forms of the second aspect of the disclosure when the computer program code instructions runs on a computer.
  • the computer readable storage medium comprises of one or more from the group: ROM (Read-Only Memory), PROM (Programmable ROM), EPROM (Erasable PROM), Flash memory, EEPROM (Electrically EPROM) and hard disk drive.
  • the computer program product according to the third aspect or the computer readable storage medium according to the fourth aspect can be extended into implementation forms corresponding to the implementation forms of the first apparatus according to the first aspect.
  • an implementation form of the method comprises the feature(s) of the corresponding implementation form of the first apparatus.
  • FIG. 1 presents flow charts of exemplary processes of transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure
  • FIG. 2 is a schematic illustration of an exemplary networked system for transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure
  • FIG. 3A, FIG. 3B, FIG. 3C and FIG. 3D are schematic illustrations of exemplary virtual and physical networks deployments employing virtual L3 mapping for transferring packets between network nodes connected to separate networks, according to some embodiments of the present disclosure
  • FIG. 4 is a schematic illustration of an exemplary sequence for initializing a network to employ virtual L3 mapping for transferring packets from nodes connected to a local network and remote network nodes connected to separate networks, according to some embodiments of the present disclosure
  • FIG. 5 is a schematic illustration of an exemplary embodiment of a network employing virtual L3 mapping for transferring packets between network nodes connected to two separate networks, according to some embodiments of the present disclosure
  • FIG. 6 is a schematic illustration of an exemplary sequence applied by network nodes connected to two separate networks in an exemplary network embodiment to transfer packets to remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure
  • FIG. 7 is a schematic illustration of an exemplary networked system in which a single host network node is mapped to a plurality of client network nodes connected to separate networks using a single mapping agent for virtual L3 mapping of the network node for transferring packets between the host and client network nodes, according to some embodiments of the present disclosure
  • FIG. 7 is a schematic illustration of an exemplary networked system in which a single host network node is mapped to a plurality of client network nodes connected to separate networks using a single mapping agent for virtual L3 mapping of the network node for transferring packets between the host and client network nodes, according to some embodiments of the present disclosure
  • FIG. 7 is a schematic illustration of an exemplary networked system in which a single host network node is mapped to a plurality
  • FIG 8A and FIG 8B are schematic illustrations of an exemplary sequence applied by a single host network node and multiple client network nodes connected to separate networks for transferring packets between the host and client network nodes using a single mapping agent for virtual L3 mapping of the host network node, according to some embodiments of the present disclosure.
  • the embodiments of the present disclosure relates to data packets transfer between remote hosts connected to separate networks and, more specifically, but not exclusively, to data packets transfer between remote hosts connected to separate networks using virtual L3 mapping of the remote hosts.
  • the present disclosure presents devices, systems and methods for transferring data packets, for example, unicast, multicast and/or broadcast packets between network nodes (hosts) connected to separate (private) networks by virtually mapping the remote nodes to appear to each other as if connected to the same network.
  • the network nodes may include one or more physical network nodes (hosts), for example, a mobile device, a computer, a server, a computing node, a cluster of computing nodes and/or the like connected to physical networks via one or more gateways, for example, a switch, a router and/or the like.
  • the network nodes may also include one or more virtual network nodes (hosts), for example, a Virtual Machine (VM) and/or the like executed by one or more of the physical network nodes and utilizing their hardware resources.
  • the network nodes may be connected to one or more Software Defined Network s (SDN) via one or more SDN switches (gateways) as may typically be the case for cloud computing platforms, infrastructures and/or services.
  • SDN Software Defined Network s
  • a source network node connected to a first (private) network may transmit one or more (first) packets, for example, unicast, multicast and/or broadcast packets which are destined to network nodes connected to the first network. However, it may be desired that the transmitted packets are distributed to a remote destination network node which is connected to a second (private) network which is separated from the first network.
  • the first and second networks are connected via one or more of the physical and/or software implemented gateways to a common physical network infrastructure comprising one or more switching and/or routing devices for routing traffic between the first and second network.
  • the common network may include one or more network, for example, Local area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), the internet) and/or one or more SDNs deployed for cloud computing platforms and services. Since the destination node is not connected to the first network, direct L3 mapping and addressing between the source node and the destination node is impossible. The destination node is unable to receive and/or intercept data packets, for example, unicast, multicast and/or broadcast packets that are transmitted to network nodes having network addresses (e.g. L2 and/or L3 address) in an address range of the first network.
  • network addresses e.g. L2 and/or L3 address
  • the destination node may be mapped to the first network using a (first) mapping agent deployed in the first network and serving as a virtual presence of the destination node on the first network which thus appears as if connected to the first network.
  • the destination node is further associated with a second mapping agent deployed in the second network node.
  • the first mapping agent deployed in the first network is assigned a local L3 address in a range of L3 address of the first network to emulate a real network node for the L3 protocols used in the first network.
  • the second mapping agent deployed in the second network is assigned a local L3 address in a range of L3 address of the second network to emulate a real network node for the L3 protocols used in the second network.
  • the first mapping agent and the second mapping agent are further each assigned with a unique virtual L3 address in a range of virtual L3 addresses predefined to map a plurality of mapping agents associated with network nodes connected to separate networks which require direct mapping, in particular a source node connected to the first network and the destination node connected to the second network.
  • the first and second mapping agents are therefore uniquely mapped in the predefined virtual address range.
  • the first mapping agent may communicate with the second mapping agent using the L3 virtual addresses to forward one or more (first) packets transmitted by the source node to the second mapping agent which in turn forwards the packet(s) to the destination node.
  • the packet(s) are transferred from the source node to the destination node transparently to the two nodes which may appear to each other as if connected to the same network.
  • the first mapping agent may intercept each (first) packet transmitted by the source node that is destined to the destination node (unicast packet) or to one or more multicast groups (multicast) which the first mapping agent is included in (joined).
  • the first mapping agent may further intercept each broadcast message transmitted by the source node.
  • the first mapping agent then forwards (transmit) the intercepted unicast, multicast and/or broadcast packets to the second mapping agent deployed in the second network and associated with the destination node.
  • the first mapping agent first adjusts the intercepted (first) packet(s) to include the destination address of the destination node, or more accurately the address of the second mapping agent associated with the destination node. Specifically, the first mapping agent adjusts the destination address field of the intercepted packet(s) which currently include the local L3 address of the first mapping agent to include the virtual L3 address of the second mapping agent. In addition the first mapping agent may adjust the source address field of the intercepted packet(s) which currently include the local L3 address of the source node to include the virtual L3 address of the first mapping agent.
  • the first mapping agent may encapsulate the adjusted (first) packets in one or more encapsulation packets which are transmitted to the second mapping agent via the common network connecting the first and second networks.
  • the first mapping agent generates, adjusts and/or configures a traffic descriptor of the encapsulation packet(s) to indicate the second mapping agent, for example, include a network address of the second mapping agent.
  • the traffic descriptor is resolved according to the virtual L3 address of the second mapping agent.
  • the first mapping agent may use and/or access one or more Domain Name systems (DNS) which are configured and/or updated to provide association and/or translation between the virtual L3 addresses of the mapping agents and network addresses of the first and/or second networks, in particular, network addresses of the gateways connecting the first and/or second networks to the common network.
  • DNS Domain Name systems
  • the DNS may be further configured and/or updated to provide association and/or translation between the virtual L3 addresses of the mapping agents and the local L3 addresses of the mapping agents.
  • the DNS may be also configured and/or updated to resolve, associate and/or translate domain names to network addresses, in particular virtual L3 addresses of the mapping agents.
  • the first mapping agent may construct the encapsulation packet(s) including the traffic descriptor according to one or more protocols applied by the first mapping agent to forward network traffic to the second mapping agent.
  • the first mapping agent may construct the encapsulation packet(s) according to one or more tunneling protocols such as, for example, Virtual LAN (VLAN) tunneling, MPLS, GRE.geneve, STT, L2-vpn, Ethernet over IP, VXLAN, IP over IP, Pseudo-tunnels and/or the like.
  • the traffic descriptor may be inserted as metadata in one or more metadata fields defined by the tunneling protocol(s).
  • the first mapping agent may construct the encapsulation packet(s) according to one or more L3 networking protocols such as, for example, Internet Protocol (IP) (e.g. IPv4, IPv6, etc.), IPX/SPX and/or the like.
  • IP Internet Protocol
  • the traffic descriptor may be inserted in a destination address field defined by the L3 networking protocol(s).
  • the second mapping agent may receive the encapsulation packet(s) from the first mapping agent and de-capsulate the received encapsulation packet(s) to extract the unicast, multicast and/or broadcast packets originally transmitted by the source node over the first network.
  • the second mapping agent deployed and initiated in the second network to emulate a real network node connected to the second network may be therefore capable of transmitting network traffic directly to the destination node.
  • the second mapping agent may first adjust the extracted packet(s) to support such transmission of the extracted packet(s) to the destination node.
  • the second mapping agent adjusts the destination address and source address fields of the extracted packets.
  • the second mapping agent replaces the destination address field which currently includes the virtual L3 address of the second mapping agent to include the local L3 address of the destination node.
  • the second mapping agent may further replace the source address field which currently includes the virtual L3 address of the first mapping agent to include the local L3 address of the second mapping agent.
  • the second mapping agent may transmit the adjusted packet(s) to the destination node.
  • the first and second mapping agents may be further configured to support (second) packets transmission on the reverse path (response path), i.e., transmit one or more (second) packets from the destination node to the source node using the same methodology.
  • the second mapping agent performs the operations described herein above for the first mapping agent and complementary, the first mapping agent performs the operations described herein above for the second mapping agent.
  • the virtual L3 mapping may be scaled and extended to support a plurality of source and destination nodes pairs by deploying, configuring and initiating a plurality of first and second mapping agent pairs for a plurality of source and destination node pairs.
  • a single mapping agent may be associated with a certain destination node, for example, a host node, a service and/or the like serving a plurality of client source nodes each associate with a respective one of a plurality of mapping agents.
  • the mapping agents may follow the same methodology and concept described herein before for a single source node. However, in such deployments, the destination node (host node) may receive all packets from its associated single mapping agent regardless of the originating source node.
  • the mapping agent associated with the destination node may use one or more connection tracking provisions available from the forwarding protocols used by the first mapping agents associated with the source nodes to identify and track each received packet to its originating source node or more accurately to track each received packet to its originating mapping agent.
  • the first and second mapping agents may be deployed, configured, initiated and/or executed using one or more of a plurality of implementations which may depend on one or more operation characteristics and/or parameters of the first and/or the second networks (e.g. physical network, SDN), of the network nodes (e.g. physical nodes, virtual nodes, etc.) and/or the like.
  • the first and second mapping agents may be therefore deployed and applied for virtual networks, physical networks and/or a combination thereof.
  • the first and second mapping agents may be initiated by configuring, adjusting and/or creating one or more of the mapping records, for example, a mapping table, a switching table, a routing table and/or the like which define the switching and routing of network traffic via the SDN switch(s).
  • One or more controllers controlling, switching and/or routing the network traffic in the SDN may use the adjusted mapping record(s) and thus facilitate the first and second mapping agents.
  • the first and/or second mapping agents may be initiated as software modules executed by one or more computing devices connected to the first network and/or to the second network respectively.
  • the first mapping agent may be executed by a dedicated network node connected to the first network.
  • the first mapping agent may be executed by a gateway (e.g. switch, router, etc.) connected to the first network, in particular a gateway connecting the first network to the common network.
  • a gateway e.g. switch, router, etc.
  • the second mapping agent executed by a network node connected to the second network.
  • the virtual L3 mapping may present significant advantages compared to currently existing methods and systems for routing network traffic between remote network nodes connected to separate private networks.
  • Some of the exiting routing methods may employ L2 Virtual Private Networks (VPN) (Ethernet VPN) to create a unified broadcast domain for two or more separate networks (sites) which share network configuration and addressing.
  • VPN Virtual Private Networks
  • the L2 VPN which is commonly shared by all network nodes which are part of the L2 VPN may be highly prone to collisions on the network.
  • it may be impossible to modify the L2 VPN configuration by software thus forcing every such modification to be carried out by a user, for example, a system administrator, a network expert and/or the like making the L2 VPN.
  • the virtual L3 mapping assigns a dedicated pair of first and second mapping agents to each pair of source and destination nodes thus significantly reducing and potentially eliminating collisions.
  • each first mapping agent of each pair encapsulates and forwards to a respective second mapping agent only packets that are specifically directed to a corresponding destination node thus significantly reducing network traffic and hence collisions.
  • the first and second mapping agents may be easily deployed, configured and/or modified by software since they are software agents which may be easily established, terminated and/or modified.
  • adjusting these mapping agents may not impact the operation of other mapping agents deployed for mapping other source and/or destination nodes.
  • L3 VPNs may be employed to connect two or more separate networks (sites) as different sub-networks in which the network traffic is routed according to one or more routing rules.
  • L3 VPN implementations must naturally abide to the L3 protocols used by the network nodes for communicating with each other.
  • the L3 VPN may require customization for each L3 protocol thus requiring significant time and effort for adopting the L3 VPN thus significantly increasing cost. This may further significantly limit scalability of the L3 VPN across different L3 protocols.
  • the virtual L3 mapping on the other hand relies on the virtual L3 network addressing and is thus agnostic to the L3 protocols used by the network nodes. The may significantly reduce the effort, time and cost for deploying the virtual L2 mapping agents and may thus make the virtual L3 mapping highly scalable.
  • the network addresses of the network nodes must be unique across the VPNs such that none of the network addresses overlap. This may present major limitations since each private network typically employs its addressing scheme independently from any other network which is separated. Deploying the VPNs across private networks which are not synchronized with each other may result in network addressing overlaps which may render the VPN useless.
  • mapping agents deployed in the separate networks are not sharing common addressing domains and are therefore oblivious address mapping used in the other networks.
  • the identification and mapping of the mapping agents deployed in the separate networks is done exclusively according to the virtual L3 addresses assigned to each of the mapping agents.
  • the virtual L3 addresses are selected in a virtual L3 address range that is not used by any of the networks and therefore poses no address conflict issues.
  • the communication between the first and second mapping agents deployed in the separate networks is done using encapsulation packets which adhere to the communication protocols used for network traffic between the separate networks while containing the originally transmitted packets in the encapsulation packets’ payload.
  • the present disclosure may be a system, a method, and/or a computer program product.
  • the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present disclosure.
  • the computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.
  • the computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
  • a network for example, the Internet, a local area network, a wide area network and/or a wireless network.
  • the computer readable program instructions may execute entirely on the user's computer, partly on the user's computer such as the user equipment (UE), as a stand-alone software package, partly on the user's computer and partly on a remote computer such as the network apparatus or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
  • electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present disclosure.
  • FPGA field-programmable gate arrays
  • PLA programmable logic arrays
  • the functions noted in the block may occur out of the order noted in the figures.
  • two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.
  • FIG. 1 presents flow charts of exemplary processes of transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure.
  • Exemplary processes 100, 300 and 400 may be executed to support direct mapping, in particular, L3 mapping of network nodes connected to different and separated networks connected via a common network infrastructure to support data packets exchange between such nodes using virtual L3 address mapping. This may be done by assigning one or more nodes connected to one network virtual L3 addresses mapping this node(s) in one or more other, separate networks.
  • the exemplary process 100 may be executed to initialize a first mapping agent 200A (mapping agent A) deployed in a (first) network (site) associated with a source node connected the first network to apply virtual L3 mapping of a destination network node connected to another (second) network (site) which is separated from the first network.
  • the process 100 may further include initializing a second mapping agent 200B (mapping agent B) deployed in the second network and associated with the destination network node.
  • the first mapping agent 200A and the second mapping agent 200B may each comprise one or more software modules, for example, a process, a script, an application, an agent, a utility, a tool and/or the like.
  • Each of the software modules may include a plurality of program instructions executable by one or more processors to cause the processor(s) to carry out one or more operations.
  • Each of the first mapping agent 200A and the second mapping agent 200B are assigned virtual L3 address (e.g. IP addresses) in a range of a predefined L3 address range.
  • virtual L3 address e.g. IP addresses
  • the exemplary process 300 may be executed by the first mapping agent 200A to forward network traffic, for example, unicast, multicast and/or broadcast (first) packets transmitted from the source network node to the destination network node.
  • the first mapping agent 200A may adjust the L3 address of the (first) packets transmitted by the source node to the virtual L3 address assigned to the second mapping agent 200B and encapsulate the (first) packets in one or more encapsulation packets comprising a traffic indicator resolved according to the virtual L3 address of the second mapping agent 200B.
  • the first mapping agent 200A may then transmit the encapsulation packet(s) to the second mapping agent 200B via a common network infrastructure connecting the first network to the second network.
  • the first mapping agent 200A may forward (transmit) the encapsulation packet(s) to the second mapping agent 200B using one or more protocols, for example, an L2 tunneling protocol, an L3 networking protocol and/or the like
  • the exemplary process 400 may be executed by the second mapping agent 200B to receive the encapsulated packet(s) from the first mapping agent 200A, de-capsulate the encapsulated packet(s) to extract the (first) packets originally transmitted by the source node and transmit the extracted (first) packets to the destination node.
  • the first mapping agent 200A and the second mapping agent 200B may be further configured to support (second) data packets transfer on the response (reverse) path from the destination node to the source node.
  • FIG. 2 is a schematic illustration of an exemplary networked system for transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure.
  • An exemplary networked system 250 may include a first network 202A and a second network 202B which are separated from each while connected via a common network (infrastructure) 220, for example, an SDN, a Local Area Network (LAN), a Wide Area Network (WAN), a Municipal Area Network (MAN), a cellular network, the internet and/or the like.
  • LAN Local Area Network
  • WAN Wide Area Network
  • MAN Municipal Area Network
  • cellular network the internet and/or the like.
  • each of the networks 202A and 202B employs its local addressing scheme the nodes 210 connected to the different networks 202A and 202B cannot exchange data packets between them using direct L2 and/or L3 mapping.
  • a source node 210A connected to the first network 202A cannot directly communicate with a destination node 210B connected to the second network 202B.
  • the first network 202A and the second network 202B are connected to the network 220 via one or more gateways 212, for example, a router, a switch and/or the like.
  • the first network 202 A may include a gateway 212A to connect to the network 220 and the second network 202B may include a gateway 212B to connect to the network 220.
  • the source node 210A may transmit and/or receive packets to/from the destination node 210B.
  • traffic may typically involve one or more address translation protocols as known in the art typically applied by the gateway 212A and/or the gateway 212B. Due to this address translation, direct L2 (e.g. MAC address) and/or L3 mapping (e.g. IP address) the between these network nodes 210 as known in art is impossible.
  • address translation protocols e.g. MAC address
  • L3 mapping e.g. IP address
  • mapping agents such as the mapping agents 200A and 200B may be deployed in the first network 202A and in the second network 202B respectively to create a virtual presence of the destination node 210B in the first network 202A thus emulating a direct connection of the destination node 210B to the first network 202A completely transparently to the source node 210A and the destination node 210B.
  • the mapping agents 200A and 200B may be further configured to support the reverse (response) path for transmitting (second) packets from the destination node 210B to the source node 210A in a transparent manner for the destination node 210B and the source node 210A.
  • the first mapping agent 200A may be assigned a certain L3 address that may be directly mapped by the source node 210A. Upon reception of one or more data (first) packets destined for the destination node 210B, the first mapping agents 200A may adjust the (first) packet(s) to include a source virtual L3 address assigned to the first mapping agent 200A and a destination virtual L3 address assigned to the second mapping agent 200B.
  • the virtual L3 addresses may be assigned in a virtual L3 address range predefined to support direct mapping between the source node 202A and the destination node 202B and optionally one or more additional network nodes 202 connected to the first network 200A, the second network 200B and/or another separate network 200.
  • the first mapping agent 200A may then encapsulate (re-package) the received (first) packets to include a traffic identifier (e.g. an L2 identifier and/or an L3 identifier) indicating the second mapping agent 200B.
  • a traffic identifier e.g. an L2 identifier and/or an L3 identifier
  • the traffic identifier is resolved according to the destination virtual L3 address which is the virtual L3 address of the second mapping agent 200B.
  • the first mapping agent 200A may access and/or communicate with one or more DNS systems 230 to identify an address of the gateway 212B and the L3 address of the second mapping agent 200B according to the virtual L3 address of the second mapping agent 200B.
  • the DNS 230 may be updated to include the mapping of virtual L3 addresses assigned to the mapping agents 200A and 200B together with the network L2 and/or L3 addresses of the mapping agents 200A and 200B to support address translation to/from their respective virtual L3 addresses.
  • the DNS 230 may be deployed in one or more configuration, deployments and/or implementations as known in the art.
  • the DNS may be a distributed DNS comprising multiple local DNSs which are connected to one or more of the networks 202 and typically used by network nodes 210 connected to the respective network.
  • a local DNS 230A connected to the first network 202 A may serve the network node 210A and/or a local DNS 230B connected to the second network 202B may serve the network node 210B.
  • the DNS may be a global DNS 230G comprising one or more global DNSs not restricted to a single network such as the first network 202a and/or the second network 202B and as such may be used by one or more of the network nodes 210, for example, 210A and/or 210B.
  • the first mapping agents 200A may employ one or more transmission protocols as known in the art for transmitting the encapsulated packets to the second mapping agent 200B.
  • the first mapping agents 200A may use one or more L2 based tunneling protocols such as, for example, L2TP, SSTP, IPSec and/or the like to transmit the encapsulated packets to the second mapping agents 200B.
  • the first mapping agents 200A may use one or more L3 based networking protocols such as, for example, TCP, UDP and/or the like to transmit the encapsulated packets to the second mapping agents 200B.
  • the second mapping agent 200B receiving the encapsulated packets may de-capsulate the received encapsulation packets to extract the (first) packets originally transmitted by the source node 210A and transmit the extracted packets to the destination node 210B.
  • the second mapping agent 200B extracts the adjusted (first) packets which include the virtual L3 addresses of the first mapping agent 200A and the second mapping agent 200B.
  • mapping agents 200A and 100B may be deployed to support transmission of unicast, multicast and/or broadcast (first) packets transmitted by the source node 210A to the destination node 210B.
  • the first mapping agent 200A may be included in (join) one or more multicast groups created in the first network 202A.
  • the first mapping agent 200A may be further configured to adjust the L3 addresses of broadcast packets and/or multicast packets directed to these joined multicast group(s) to include the virtual L3 addresses and encapsulate the (first) packets in encapsulation packets having traffic descriptors resolved according to the virtual L3 addresses.
  • the first mapping agent 200A may then forward, to the second mapping agent 200B, one or more encapsulation packets which comprise the unicast, multicast and/or broadcast packets and have the traffic descriptor resolved according to the virtual L3 addresses.
  • the second mapping agent 200B may then de-capsule the received encapsulation packet(s) to extract the unicast, multicast and/or broadcast packets and transmit them to the destination node 210B.
  • FIG. 3A, FIG. 3B, FIG. 3C and FIG. 3D are schematic illustrations of exemplary virtual and physical networks deployments employing virtual L3 mapping for transferring packets between network nodes connected to separate networks, according to some embodiments of the present disclosure.
  • an exemplary SDN 250A such as the networked system 250 may be deployed for connecting a plurality of network nodes 210.
  • the SDN is typically deployed for cloud computing platforms to provide network abstraction for efficient network configuration and management in order to improve network performance and monitoring.
  • the SDN 250A may centralize network intelligence in few network components by disassociating the forwarding process of network packets (data plane) from the routing process (control plane).
  • the control plane may therefore consist of one or more SDN controllers which control the switching and routing of the network traffic.
  • the first network 202A hosting one or more network nodes 210 may be an SDN defined network segment which connects to the SDN 250A via an SDN switch 212A.
  • the second network 202B hosting one or more network nodes 210 for example, a network node 210B1 and a network node 210B2 may be another SDN defined network segment which connects to the SDN 250A via an SDN switch 212B.
  • the network nodes 210 connected to the SDN 250B may include one or more physical network nodes, for example, a computer, a server, a computing node, a cluster of computing nodes and/or the like.
  • Each of the physical network nodes 210 may include one or more processors (homogenous or heterogeneous) arranged for parallel processing, as clusters and/or as one or more distributed core processing units, one or more network interfaces for connecting to the network 202 A and/or 202B and a program store, for example, storage medium, either a volatile medium (e.g. a Random Access Memory (RAM), etc.) and/or a non-volatile medium (e.g. a hard drive, a Flash array, etc.) the storage medium may further include one or more local and/or remote network storage resources, for example, a storage server, a Network Attached Storage (NAS), a network drive, and/or the like accessible via one or more of the network interfaces.
  • processors homogenous or heterogeneous
  • a program store for example, storage medium, either a volatile medium (e.g. a Random Access Memory (RAM), etc.) and/or a non-volatile medium (e.g. a hard drive, a
  • the network nodes 210 may include a plurality of virtual nodes (hosts), for example, a Virtual Machine (VM) and/or the like executed by one or more of the physical network nodes and utilizing their hardware resources.
  • hosts for example, a Virtual Machine (VM) and/or the like executed by one or more of the physical network nodes and utilizing their hardware resources.
  • VM Virtual Machine
  • the SDN switches such as the SDN switch 212A and the SDN switch 212B typically utilize virtual switches deployed and executed by one or more nodes 210 of the SDN 250A, for example, OpenFlow, netflow, ebpf enabled, an Open vSwitch (OVS) with DragonFlow control and/or the like to support switching and routing of network traffic between the network nodes 210, in particular between the virtual hosts.
  • virtual switches deployed and executed by one or more nodes 210 of the SDN 250A, for example, OpenFlow, netflow, ebpf enabled, an Open vSwitch (OVS) with DragonFlow control and/or the like to support switching and routing of network traffic between the network nodes 210, in particular between the virtual hosts.
  • OFS Open vSwitch
  • the SDN switches may be configured to deploy the mapping agents 200 for virtual F3 mapping of the source network node 210A connected to the first network 202A and destination nodes 210B1 and/or 210B2 connected to the second network 202B.
  • each mapped destination node 210 may require deploying dedicated mapping agents 200 in both the first network 202A and in the second network 202B.
  • a first mapping agent 200A1 associated with the source network node 210A may be deployed in the first network 202A to communicate with an instance of the second mapping agent 200B1 deployed in the second network 202B and associated with the destination node 210B1.
  • a first mapping agent 200A2 associated with the source network node 210A may be deployed in the first network 202A to communicate with another instance of the second mapping agent 200B2 deployed in the second network 202B and associated with the destination node 210B2.
  • the first and second mapping agents 200A and 200B may be utilized by configuring one or more mapping record of the SDN.
  • the mapping record(s) defined for the SDN switch 212A and/or the SDN switch 212B may be adjusted to include the virtual L3 addresses assigned to the destination nodes 210B1 and/or 210B2 in a routing table of the first network 202A which typically includes the L3 addresses of the nodes 210 connected to the first network 202A.
  • an exemplary physical network 250B such as the networked system 250 may be deployed for connecting a plurality of network nodes 210.
  • the first network 202A hosting one or more of the network nodes 210 for example, the network node 210A may be private network (site) which connects to the network 220 via a gateway 212A, for example, a router, a switch and/or the like.
  • the second network 202B hosting one or more other network nodes 210, for example, the network node 210B1 and/or the network node 210B2 may be another private network (site) which connects to the network 220 via another gateway 212B, for example, a router, a switch and/or the like.
  • the network nodes 210 of the network 250B may include one or more physical network nodes, for example, a mobile device, a computer, a server, a computing node, a cluster of computing nodes and/or the like.
  • one or more of the physical network nodes may execute and/or host one or more virtual nodes (hosts).
  • hosts virtual nodes
  • the gateway 212A and the gateway 212B may be computing devices which similarly to the network nodes 210, may comprise one or more processors, storage and one or more network interfaces.
  • one or more destination nodes 210 may be mapped via virtual L3 mapping to the first network 202A by deploying one or more sets of the first mapping agent 200A and the second mapping agent 200B. This is because as stated before, each mapped destination node 210B may require a dedicated pair of the first mapping agent 200A and the second mapping agent 200B.
  • the first mapping agent 200A and the second mapping agents 200B1 and/or 200B2 may use one or more DNSs such as the DNS 230 either a local DNS such as the local DNS 230A and/or 230B or a global DNS such as the global DNS 230G to resolve the actual network addresses of the network nodes 210 according to the virtual L3 addresses assigned to their associated mapping agents 200.
  • DNSs such as the DNS 230 either a local DNS such as the local DNS 230A and/or 230B or a global DNS such as the global DNS 230G to resolve the actual network addresses of the network nodes 210 according to the virtual L3 addresses assigned to their associated mapping agents 200.
  • the first mapping agent 200A and the second mapping agent 200B may be deployed and executed in the first network 202A and/or in the second network 202B using one or more of a plurality of implementations, techniques and/or methods.
  • one or more network nodes 210 either physical or virtual, for example, a network node 210H comprising one or more processor and memory resources may execute the first mapping agent 200A1 for mapping the destination node 210B1 and/or a first mapping agent 200 A2 for mapping the destination node 210B2.
  • the gateway 212B may execute a first instance 200B1 of the second mapping agent 200B associated with the destination node 210B1 and/or a second instance 200B2 of the second mapping agent 200B associated with the destination node 210B2.
  • an exemplary mixed network 250C such as the networked system 250 may include a first network 202A which is facilitated by an SDN as described in the network 250A and a second network 202B which is a physical network 250B.
  • the physical second network 202B hosting one or more other network nodes 210 may be another private network (site) which connects to the network 220 via another gateway 212B, for example, a router, a switch and/or the like.
  • the gateway 212B may be regarded as an edge gateway (edge switch) located at the edge of the SDN and connecting the SDN to the network nodes 210 of the second network 202B, in particular the network node 210B.
  • Such mixed network deployments are common for connecting one or more physical nodes such as the network node 210B having no virtualization layer to an SDN.
  • VPC Virtual Private cloud
  • the network node 210B is therefore incapable of applying one or more of the virtual network encapsulation protocols, for example, Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Routing Encapsulation (NVGRE), Generic Network Virtualization Encapsulation (GENEVE), Stateless Transport Tunneling (STT) and/or the like.
  • VXLAN Virtual Extensible LAN
  • NVGRE Network Virtualization using Generic Routing Encapsulation
  • GEEVE Generic Network Virtualization Encapsulation
  • STT Stateless Transport Tunneling
  • a virtual port 240 may be deployed in the second network 202B as known in the art.
  • the virtual port 240 may be deployed to support encapsulation outgoing packets (egress traffic) from the network node 210B and de-capsulation of incoming packets (ingress traffic) according to the virtual network encapsulation protocol(s) used in the SDN first network 202A.
  • the virtual port 240 may include one or more software modules optionally supported by one or more hardware elements and may be deployed using one or more implementations and/or deployment schemes.
  • the virtual port 204 may be executed by the gateway 212B connecting the network node 210B to the network.
  • a first mapping agent 200A associated with the source network node 210A may be deployed in the first network 202A to communicate with a second mapping agent 200B deployed in the second network 202B and associated with the destination node 210B, in particular with the virtual port 240 mapping the physical destination node 210B.
  • the second mapping agent 200B may use one or more DNSs such as the DNS 230 to resolve network mapping and/or routing addresses of the first mapping agent 200A, for example, a local DNS such as the local DNS 230B and/or a global DNS such as the global DNS 230G.
  • DNSs such as the DNS 230 to resolve network mapping and/or routing addresses of the first mapping agent 200A, for example, a local DNS such as the local DNS 230B and/or a global DNS such as the global DNS 230G.
  • a single second mapping agent such as the second mapping agent 200B may be deployed in the second network 202B and associated with a single network node connected to the second network 202B which serves as a destination node 210B (e.g. host, service, etc.) for a plurality of (client) network nodes, for example, a source node 210A and a source node 2 IOC connected to one or more other networks 202 separated from the second network 202B, for example, the first network 202A and a third network 202C.
  • a destination node 210B e.g. host, service, etc.
  • Each of the plurality of source nodes 210 is associated with a respective first mapping agent such as the second mapping agent 202A executed at the network 202 to which the respective source node 210 is connected.
  • the source node 210A may be associated with a first mapping agent 200A executed in the first network 202A and the source node 2 IOC may be associated with a first mapping agent 200C executed in the third network 202C.
  • the destination node 210B may view all (first) packets received via the single second mapping agent 200B as received from a single source while in fact they may originate from multiple sources, for example, the source node 210A and/or the source node 2 IOC.
  • the second mapping agent 200B may apply one or more connection tracking methods, algorithms and/r techniques to identify the specific source node 210A and/or 210C from which each received (first) packet originated.
  • the process 100 starts with initiating a first mapping agent such as the first mapping agent 200A associated with a source node such as the source node 210A connected to a first network such as the first network 202 A.
  • the first mapping agent 200A is initiated for directly mapping, in the first network 202A, a destination node such as the destination node 210B connected to a second network such as the second network 202B such that the destination node 210B appears to be connected to the first network 202A.
  • the first mapping agent 200A is assigned with a unique local F3 address in an F3 address range of the first network 202A to map the first mapping agent 200A in the first network 202A.
  • the first mapping agent 200A is further assigned with a unique virtual F3 address to map the first mapping agent 200A with respect to other mapping agents associated with the network nodes 210 connected to separate networks 202 and requiring direct mapping, for example, the source node 210A and the destination node 210B.
  • the virtual F3 address assigned to the first mapping agent 200A is in an F3 address range predefined for mapping the network nodes 210 for which the direct mapping is setup, in particular the source node 210A and the destination node 210B.
  • the first mapping agent 200A may be configured to map the destination node 210B for unicast, multicast and/or broadcast packets.
  • the local F3 address assigned to the first mapping agent 200A may be included in one or more multicast groups thus mapping the destination node 210b in this multicast group(s).
  • the first mapping agent 200A may be initiated in a virtual network such as the SDN 250A, in a physical network such as the network 250B and/or in a combination thereof such as the mixed network 250C.
  • the first mapping agent 200A may be initiated by configuring, adjusting and/or creating one or more of the mapping records, for example, a mapping table, a switching table, a routing table and/or the like which define the switching and routing of network traffic in the SDN 250A used by one or more SDN controllers to control switching and/or routing of network traffic in the SDN 250A.
  • the first mapping agent 200A may be initiated by adding the local L3 address assigned to the first mapping agent 200A to the mapping record(s) defined for the SDN switch 212A such that the SDN switch 212A routes network traffic to the first mapping agent 200A as if it was connected to the first network 202A.
  • the mapping record(s) defined for the SDN switch 212A may be further adjusted, configured and/or updated to include the virtual L3 address of the first mapping agent 200A to identify the first mapping agent 200A with respect to other mapping agents 200 initiated to support the direct mapping of the network nodes 210A and 210B.
  • the SDN switch 212A adapted to support the first mapping agent 200B may intercept one or more first packets, for example, a unicast packet, and/or a multicast packet transmitted in the first network 202A and destined to the local L3 address mapping the first mapping agent 200A.
  • the SDN switch 212A may further intercept one or more (first) broadcast packets transmitted in the first network 202A.
  • the first mapping agent 200A may be initiated by instructing a network node such as the network node 21 OH and/or a gateway such as the gateway 212A to launce the first mapping agent 200A.
  • the executed first mapping agent 200A is assigned with the local L3 address to map the first mapping agent 200A in the first network 202A and with a virtual L3 address to map the first mapping agent 200A with respect to other mapping agents 200 associated the network nodes 210 for which the direct mapping is required, in particular the source node 210A and the destination node 210B.
  • the first mapping agent 200A may therefore intercept one or more (first) packets destined for the local L3 address.
  • the first mapping agent 200A may be further configured to join one or more multicast groups defined in the first network 202 A. Therefore, after executed, the first mapping agent 200A may intercept one or more (first) multicast packets destined for the multicast groups that the first mapping agent 200A is included in. Moreover, after executed, the first mapping agent 200A may intercept one or more (first) broadcast packets transmitted in the first network 202A.
  • the first mapping agent 200A may be initiated as described for the SDN 250A in case the first network 202A to which the source node 210A is connected is part of an SDN such as the SDN 250A.
  • the first network 202A is a physical network such as the physical network 250B
  • the first mapping agent 200A may be initiated as described for the physical network 250B.
  • the first mapping agent 200A may be initiated by one or more users, for example, a system administrator and/or the like authorized to configure, manipulate and/or adjust the SDN 250A, the physical network 250B and/or the mixed network 250C.
  • the first mapping agent 200B may be initiated by an SDN controller which may manipulate the mapping record(s) of the SDN switch 212A to include the local L3 address and the virtual L3 address assigned to the first mapping agent 200A.
  • one or more DNSs such as the local DNS 230A and/or the global DNS 230G may be adjusted and/or updated to associate the virtual L3 address assigned to the first mapping agent 200A with the local L3 address of the first mapping agent 200A.
  • a second mapping agent such as the second mapping agent 200A may be initiated and associated with the destination node 210B connected to the second network 202B to support the direct mapping of the destination node 210B in the first network 202A.
  • the second mapping agent 200B is initiated in the second network 202B and assigned with a unique local L3 address and a unique virtual L3 address.
  • the local L3 address selected in the L3 address range of the second network 202B maps the second mapping agent 200B in the second network 202B.
  • the virtual L3 address is selected in the virtual L3 address range predefined for mapping the mapping agents 200 associated with the directly mapped network nodes 210, in particular the source node 210A and the destination node 210B.
  • the virtual L3 address therefore uniquely maps the second mapping agent 200B with respect to the other mapping agents 200, for example, the first mapping agent 200A.
  • the second mapping agent 200B may be initiated in a virtual network such as the SDN 250A, in a physical network such as the physical network 250B and/or in a combination thereof such as the mixed network 250C.
  • the second mapping agent 200B may be initiated and configured in the SDN 250A, in the physical network 250B and/or in the mixed network 250C as described for the first mapping agent 200A with the exception of course that all is done in the second network 202B. Similarly to the first mapping agent 200A, the second mapping agent 200B may be initiated by one or more of the users adjusting the SDN 250A, the physical network 250B and/or the mixed network 250C.
  • the second mapping agent 200B may be initiated by one or more of the SDN controllers which may manipulate the mapping record(s) of the SDN switch 212B to include the local L3 address and the virtual L3 address assigned to the second mapping agent 200B.
  • one or more DNSs such as the local DNS 230A and/or the global DNS 230G may be adjusted and/or updated to associate the virtual L3 address assigned to the first mapping agent 200A with the local L3 address of the first mapping agent 200A.
  • first mapping agent 200A and the second mapping agent 200B may execute the processes 300 and 400 respectively.
  • the first mapping agent 200A may receive (intercept) one or more (first) packets destined for the destination node 210B transmitted in the first network 202A from one or more source nodes, for example, the source node 210A.
  • the source node 210A may be configured to define the destination node 210B as the destination node for the (first) packet(s) by including the local L3 address of the first mapping agent 200A in these packets.
  • the first mapping agent 200A may therefore intercept (first) unicast packets specifically directed to the destination node 210B which include the local L3 address of the first mapping agent 200A. However, the first mapping agent 200A may further intercept one or more (first) multicast packets transmitted to one or more multicast groups which the first mapping agent 200A joined in order to map the destination node 210B in this multicast group(s). The first mapping agent 200A may also intercept one or more (first) broadcast packets transmitted in the first network 202A.
  • the first mapping agent 200A may adjust the intercepted (first) packets to include the virtual L3 address of the second mapping agent 200B as the destination address.
  • the first mapping agent 200B may further adjust the intercepted (first) packets to include the virtual L3 address of the first mapping agent 200A as the source address.
  • the first mapping agent 200A may adjust the destination L3 address in the intercepted (first) packet(s) to replace the local L3 address of the first mapping agent 200A with the virtual L3 address of the second mapping agent 200B.
  • the first mapping agent 200A may adjust the source L3 address in the intercepted (first) packet(s) to replace the local L3 address of the source node 210A with the virtual L3 address of the first mapping agent 200A.
  • the first mapping agent 200A may encapsulate the intercepted (first) packet(s) in one or more encapsulation packets comprising a traffic descriptor generated by the first mapping agent 200A to identify (indicate) the second mapping agent 200B as the target (destination).
  • the traffic descriptor in particular the source and destination addresses in the traffic descriptor may be resolved according to the virtual L3 address of the second mapping agent 200B and optionally the virtual L3 address of the first mapping agent 200A. Resolving the traffic descriptor may be done using the one or more of the DNSs 230, for example, the local DNS 230A and/or the global DNS 230G which are configured to associated the virtual L3 addresses assigned to the mapping agent 200 with actual network addressing and routing addresses.
  • the traffic descriptor may therefore include the network routing and mapping information for transferring the encapsulation packet(s) to the second network 202B in which the second mapping agent 200B is executed.
  • the first mapping agent 200A may generate, construct and/or configure the traffic descriptor to include one or more destination addresses, for example, L2 address, L3 address and/or the according to the transfer protocol used to forward the encapsulation packet(s) to the second network 202B.
  • the first mapping agent 200A communicates with the second mapping agent 200B using one or more L2 tunneling protocols, for example, VLAN tunneling, MPLS, GRE.geneve, STT, L2-vpn, Ethernet over IP, VXLAN, IP over IP, Pseudo tunnels and/or the like.
  • the first mapping agent 200A may construct the traffic descriptor to include a destination L2 address of the second mapping agent 200B resolved using the DNS(s) 230.
  • the first mapping agent 200A may include the traffic descriptor as metadata associated with the L2 encapsulation packet(s) as available and supported by the L2 tunneling protocol(s).
  • the first mapping agent 200A communicates with the second mapping agent 200B using one or more L3 based networking protocols, for example, IP (e.g. IPv4, IPv6, etc.), IPX/SPX and/or the like.
  • the first mapping agent 200A may construct encapsulation packet(s) as L3 based packets assigned with the traffic descriptor comprising an L3 address of the second mapping agent 200A resolved using the DNS(s) 230.
  • the first mapping agent 200A may insert the traffic descriptor, for example, in the appropriate destination address field(s) of the L3 encapsulation packet(s).
  • the first mapping agent 200A may forward (transmit) the encapsulation packet(s) to the second mapping agent 200B using one or more of the L2 tunneling protocols and/or one or more of the L3 networking protocols.
  • the second mapping agent 200B may receive the encapsulation packet(s) transmitted by the first mapping agent 200A using the L2 tunneling protocol(s) and/or the L3 networking protocol(s).
  • the second mapping agent 200B may de-capsulate the received encapsulation packet(s) and extract the (first) packet(s) originally transmitted by the source node 210A and intercepted by the first mapping agent 200A at the first network 202A.
  • the (first) packet(s) extracted by the second mapping agent 200B from the encapsulation packet(s) are the adjusted (first) packets rather comprising the virtual L3 addresses of the first mapping agent 200A (source address) and the second mapping agent 200B (destination address).
  • the extracted (first) packet(s) originally transmitted by the source node 210A may include one or more unicast, multicast and/or broadcast packets.
  • the second mapping agent 200B may adjust the extracted (first) packet(s) to include the local L3 address of the destination node 210B as the destination address.
  • the first mapping agent 200B may further adjust the extracted (first) packets to include the local L3 address of the second mapping agent 200B as the source address.
  • the second mapping agent 200B may adjust the destination L3 address in the extracted (first) packet(s) to replace the virtual L3 address of the second mapping agent 200B with the local L3 address of the destination node 210B.
  • the second mapping agent 200B may adjust the source L3 address in the extracted (first) packet(s) to replace the virtual L3 address of the first mapping agent 200A with the local L3 address of the second mapping agent 200B.
  • the second mapping agent 200A may transmit the (first) packet(s) adjusted with the local L3 address of the destination node 210B which may thus intercept them.
  • the first mapping agent 200A and the second mapping agent 200B may be further configured to support a reverse transmission path, i.e., a response path to support transmission of one or more (second) packets, for example, unicast, multi -cast and/or broadcast packets from the destination node 20 IB to the source node 210A.
  • a reverse transmission path i.e., a response path to support transmission of one or more (second) packets, for example, unicast, multi -cast and/or broadcast packets from the destination node 20 IB to the source node 210A.
  • the first mapping agent 200A and the second mapping agent 200B may switch their operations modes such that the second mapping agent 200B may execute the process 300 while the first mapping agent 200A executes the process 400.
  • the virtual L3 mapping described in the processes 100, 300 and 400 may be scaled and extended to support a plurality of source and destination nodes pairs such as the source node 210A and the destination node 210B.
  • a plurality of pairs of the first mapping agent 200A and the second mapping agent 200B may be deployed such that each pair is associated with a respective specific pair of source node and a destination node.
  • FIG. 3B An exemplary such network is presented in FIG. 3B where tow destination nodes 210B1 and 210B2 are mapped into the first network 202A.
  • a respective pair of the first mapping agent 200A and the second mapping agent 200B is initiated for mapping each of the destination nodes 210B1 and 210B2.
  • a first mapping agent 200A1 and a second mapping agent 200B1 are initiated for mapping the destination nodes 210B1 for the source node 210A while a first mapping agent 200A2 and a second mapping agent 200B2 are initiated for mapping the destination nodes 210B2 for the source node 210A.
  • the traffic descriptor may be resolved according to name of the network nodes 210, for example, source node 210A and/or the destination node 210B.
  • the traffic descriptor may be resolved according to a Uniform Resource Identifier (URI) of the respective network node 210, for example, a Uniform Resource Locator (URL) and/or the like.
  • URI Uniform Resource Identifier
  • URL Uniform Resource Locator
  • one or more higher level protocols may be applied, for example, Layer 7 (L7) protocols, such as, for example, Hypertext Transfer Protocol (HTTP) and/or the like to resolve the traffic descriptor.
  • L7 protocols such as, for example, Hypertext Transfer Protocol (HTTP) and/or the like to resolve the traffic descriptor.
  • HTTP Hypertext Transfer Protocol
  • the address of the source node 210A and/or of the destination node 21 OB may be inferred from one or more parameters of one or more HTTP requests issued by the source node 210A and/or of the destination node 210
  • the first mapping agent 200A may forward the encapsulated packet(s) to the second mapping agent 200B using one or more tunneling protocols which support name (i.e., URI, URL, etc.) mapping.
  • name i.e., URI, URL, etc.
  • FIG. 4 is a schematic illustration of an exemplary sequence for initializing a network to employ virtual L3 mapping for transferring packets from nodes connected to a local network and remote network nodes connected to separate networks, according to some embodiments of the present disclosure.
  • An exemplary sequence 410 describes configuration and operation of a first mapping agent such as the first mapping agent 200A and a second mapping agent such as the second mapping agent 200B deployed and configured to map a destination node such as the destination node 210B connected to a second network such as the second network 202B for a source node such as the source node 210A connected to a first network such as the first network 202A and optionally vice versa.
  • a first mapping agent such as the first mapping agent 200A
  • a second mapping agent such as the second mapping agent 200B deployed and configured to map a destination node such as the destination node 210B connected to a second network such as the second network 202B for a source node such as the source node 210A connected to a first network such as
  • the sequence 410 includes a configuration phase for initiating and configuring the first and second mapping agents 200A and 200B and a traffic phase in which network traffic comprising one or more first packets, for example, a unicast packet, a multicast packet and/or a broadcast packet transmitted from the source node 210A to the destination node 210B.
  • network traffic comprising one or more first packets, for example, a unicast packet, a multicast packet and/or a broadcast packet transmitted from the source node 210A to the destination node 210B.
  • one or more controllers 402 may instruct initiation of the first mapping agent 200A at the first network 202A.
  • a user e.g. a system admin, etc.
  • an SDN controller and/or the like may instruct initiation of the first mapping agent 200A at the first network 202A.
  • the controller 402 initiates the first mapping agent 200A to be executed by a gateway such as the gateway 212A, for example, an SDN switch, a router and/or the like which connects the first network 202A to a common network such as the network 220.
  • the controller 402 assigns a local L3 address mapping the first mapping agent 200A in the first network 202 A for directly mapping the destination node 210 to the source node 210A.
  • the source node 210A may use the local L3 address of the first mapping agent 200A to transmit one or more (first) packets to the destination node 21 OB.
  • the controller 402 further configures the first mapping agent 200A to have a unique virtual L3 address in the address range predefined to support direct mapping of a plurality of network nodes 210, in particular the source node 210A and the destination node 210B.
  • the controller 402 may include /join) the local L3 address of the first mapping agent 200A in one or more multicast groups which the destination node 210B should be part of.
  • the controller 402 also configures the first mapping agent 200A to forward intercepted (first) packets having its local L3 address to the second mapping agent 200B using one or more of the L2 tunneling protocols and/or one or more of the L3 networking protocols as described in the processes 300 and 400.
  • the gateway 212A may initiate and execute the first mapping agent 200A.
  • the controller 402 may instruct initiation of the second mapping agent 200B at the second network 202B. For example, as presented in the exemplary sequence 410, the controller 402 initiates the second mapping agent 200B to be executed by a gateway such as the gateway
  • 212B for example, an SDN switch, a router and/or the like which connects the second network 202B to the network 220.
  • the controller 402 assigns a local L3 address mapping the second mapping agent 200B in the second network 202B and used for directly mapping the destination node 210 to the source node 210A. Using its local L3 address, the second mapping agent 200B may therefore transmit one or more packets to the destination node 210B.
  • the controller 402 further configures the second mapping agent 200B to have a unique virtual L3 address in the address range predefined to support direct mapping of a plurality of network nodes 210, in particular the source node 210A and the destination node 210B.
  • the controller 402 also configures the second mapping agent 200B to forward to the destination node 210B the (first) packets received from the first mapping agent 200A, in particular packets extracted from encapsulation packet(s) received from the first mapping agent 200A.
  • the gateway 212B may initiate and execute the second mapping agent 200B.
  • the source node 210A may transmit one or more (first) packets, for example, unicast, multicast and/or broadcast packets which may be intercepted by the first mapping agent 200A.
  • first packets for example, unicast, multicast and/or broadcast packets which may be intercepted by the first mapping agent 200A.
  • the first mapping agent 200A may intercept these unicast packet(s).
  • the first mapping agent 200A may intercept these multicast packet(s).
  • the first mapping agent 200A may intercept any broadcast packet transmitted by the source node 210A.
  • the first mapping agent 200A may encapsulate the intercepted (first) packet(s) in one or more encapsulation packets according to the L2 and/or L3 forwarding protocols that the first mapping agent 200A is configured to support.
  • the first mapping agent 200A may include in the encapsulation packet(s) a traffic descriptor indicating the L2 and/or L3 network address of the second mapping agent 200B where the traffic descriptor is resolved according to the virtual L3 address of the second mapping agent 200B.
  • the first mapping agent 200A may then transmit (forward) the encapsulation packet(s), which are routed via the gateway 212A to the network 220.
  • the encapsulation packet(s) comprising the traffic descriptor with the L2 and/or L3 network address of the second mapping agent 200B may be routed via the network 220 to the gateway 212B connecting the second network 202B to the network 220.
  • the gateway 212B may transfer the encapsulation packet(s) to the second network 202B where the second mapping agent 200B may intercept each encapsulation packet having the traffic descriptor with the L2 and/or L3 network address assigned to the second mapping agent 200B as described in step 402 of the process 400.
  • the second mapping agent 200B may de-capsulate the received encapsulation packet(s) and extract the unicast, multicast and/or broadcast packet(s) originally transmitted by the source node 210A via the first network 202 A.
  • the second mapping agent 200B may further adjust the extracted packets to include the L3 address of the destination node as described in step 406 of the process 400.
  • the second mapping agent 200B transmits via the second network 202B the unicast, multicast and/or broadcast packet(s) extracted from the encapsulation packet(s) and having the adjusted destination L3 address.
  • the destination node 210B may intercept these unicast, multicast and/or broadcast packet(s), which are assigned with the destination L3 address of the destination node 210B.
  • first and second mapping agents 200A and 200B allows the destination node 210B to receive the unicast, multicast and/or broadcast packets as if the destination node 210B is connected directly in the first network 202 A.
  • neither the source node 210A nor the first mapping agents 200A need to be familiar with the local network mapping applied in the second network 202B (i.e., the local L3 addresses) since the network traffic in particular the encapsulation packets are transmitted using the virtual L3 addresses of the second mapping agent 200B.
  • FIG. 5 is a schematic illustration of an exemplary embodiment of a network employing virtual L3 mapping for transferring packets between network nodes connected to two separate networks, according to some embodiments of the present disclosure.
  • FIG. 6 is a schematic illustration of an exemplary sequence applied by network nodes connected to two separate networks in an exemplary network embodiment to transfer packets to remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure.
  • An exemplary network 500 such as the network 250 includes a first network such as the first network 202A and a second network such as the second network 202B.
  • the first network 202A is connected to a common network such as the network 200 via a gateway such as the gateway 212A having an outer address, for example, an outer L3 address (IP address) 134.25.85.14.
  • the second network 202B is connected to the network 200 via a gateway such as the gateway 212B having an outer address, for example, an outer IP address 164.27.19.200.
  • a network node such as the source network node 210A is connected to the first network 202A and assigned with a local L3 address (IP address) 192.168.1.3.
  • a first mapping agent such as the first mapping agent 200A associated with the source node 210A is initiated in the first network 202A and assigned with a local L3 address 192.168.200.4.
  • the first mapping agent 200A is further assigned with a virtual L3 address to map the first mapping agent 200A with respect to the other mapping agents 200 to support the direct mapping of the network nodes 210A and 210B.
  • the first mapping agent 200A is assigned with a virtual L3 (IP address) 128.0.0.1 which is in a predefined L3 address range 128.0.x.x.
  • a network node such as the destination network node 210B is connected to the second network 202B and assigned with a local L3 address (IP address) 10.0.0.5.
  • a second mapping agent such as the second mapping agent 200B associated with the destination node 210B is initiated in the second network 202B and assigned with a local L3 address 10.0.7.3.
  • the second mapping agent 200B is further assigned with a virtual L3 address to map the second mapping agent 200B.
  • the second mapping agent 200B is assigned with a virtual L3 (IP address) 128.0.0.7 in the predefined L3 address range 128.0.x.x.
  • a local DNS such as the DNS 230A which is connected to the first network 202 A is configured to map the first mapping agent 200A in the network 500 by associating the first mapping agent 200A with its local L3 address (192.168.200.4), its virtual L3 address (128.0.0.1) and the outer address of the gateway 212A (134.25.85.14).
  • the local DNS 230A is further configured to map the second mapping agent 200B in the network 500 by associating the second mapping agent 200B with its local L3 address (10.0.7.3), its virtual L3 address (128.0.0.7) and the outer address of the gateway 212B (164.27.19.200).
  • a local DNS such as the DNS 230B which is connected to the second network 202B is also configured to map the first mapping agent 200A and the second mapping agent 200B in the network 500 as done for the DNS 230A.
  • An exemplary sequence 600 may be executed by the first mapping agent 200A and the second mapping agent 200B initiated in the networked system 500 and executing the processes 300 and 400 respectively.
  • the network node 210A being the source node may send (transmit) one or more (first) packet(s) destined for the network node 210B being the destination node.
  • the source node 210A may therefore construct the sent packet(s) to include the local L3 address (IP address) of the first mapping agent 200A, i.e., 192.168.200.4.
  • the first mapping agent 200A may discover the virtual L3 addresses assigned to itself and to the second mapping agent 200B.
  • the first mapping agent 200A and the second mapping agent 200B are each assigned with a unique virtual L3 address which may be assigned using one or more methods, techniques, tools and/or protocols.
  • the first mapping agent 200A and the second mapping agent 200B may be manually assigned with respective virtual L3 addresses.
  • the controller 402 may assign respective virtual L3 addresses to the first mapping agent 200A and the second mapping agent 200B. After each of the mapping agents 200 is assigned with a unique virtual L3 address, the assigned virtual L3 addresses may be published to the other mapping agent(s).
  • the virtual L3 address assigned to the second mapping agent 200B may be published to the first mapping agent 200A and vice versa, the virtual L3 address assigned to the first mapping agent 200A may be published to the second mapping agent 200B. Publishing the virtual L3 addresses may be done using one or more of the methods, techniques, tools and/or protocols used for assigning the virtual L3 addresses.
  • the first mapping agent 200A may then adjust the received (first) packet(s) as described in step 304 of the process 300. Specifically, the first mapping agent 200A replaces the local L3 address of the source node (192.168.1.3) in the source address field of the packet(s) to the virtual L3 address of first mapping agent 200A (128.0.0.1). The first mapping agent 200A further replaces the local L3 address of the first mapping agent 200A (192.168.200.4) in the destination address field of the (first) packet(s) to the virtual L3 address of second mapping agent 200B (128.0.0.7).
  • the first mapping agent 200A encapsulates the adjusted (first) packet(s) in one or more encapsulation packets(s) and includes in the encapsulation packets(s) a traffic descriptor resolved according to the virtual L3 address of the second mapping agent 200B as described in step 306 of the process 300.
  • the first mapping agent 200A may use and/or access the DNS 230A to resolve the network addresses of the gateway 212B and optionally of the destination node 210B based on the virtual L3 addresses of the second mapping agent.
  • the first mapping agent 200A may construct the traffic descriptor to include the outer L3 address (IP address) of the gateway 212B (164.27.19.200) in the destination field of the traffic descriptor.
  • the first mapping agent 200A includes the outer L3 address (IP address) of the gateway 212A (134.25.85.14) in the source field of the traffic descriptor.
  • the first mapping agent 200A may forward (transmit) the encapsulation packet(s) which are routed in the network 500 according to the network addresses indicated in their traffic descriptor(s) and may thus arrive to gateway 212B which may route these encapsulation packet(s) to the second mapping agent 200B.
  • the second mapping agent 200B may de-capsulate the received encapsulation packet(s) as described in step 404 of the process 400 to extract the (first) packet(s) originally transmitted by the source node 210A, in particular, the adjusted (first) packet(s).
  • the second mapping agent 200B may then adjust the extracted packet(s) as described in step 406 of the process 400 such that they indicate the destination node 210B as the destination of the packet(s).
  • the second mapping agent 200B replaces the virtual L3 address of the first mapping agent (128.0.0.1) in the source address field of the packet(s) to the local L3 address of second mapping agent 200B (10.0.7.3).
  • the second mapping agent 200B further replaces the virtual L3 address of the second mapping agent 200B (128.0.0.7) in the destination address field of the packet(s) to the local L3 address of destination node 210B (10.0.0.5).
  • the second mapping agent 200B may then transmit (send) the adjusted packet(s) to the destination node 210B via the second network 202B and since the destination address in the packet(s) indicate the destination node 210B, the destination node 210B intercepts these packet(s).
  • the first mapping agent 200A transmits the encapsulated packets using the virtual L3 address of the second mapping agent 200B and may therefore be completely unaware of the local network mapping of the second network 202B.
  • the second mapping agent 200B transmits encapsulated packets using the virtual L3 address of the first mapping agent 200A and may therefore be completely unaware of the local network mapping of the first network 202A.
  • a single second mapping agent such as the second mapping agent 200B may be deployed in a second network such as the second network 202B and associated with a single network node connected to the second network 202B which serves as a host destination node 210B for a plurality of client network nodes such as the source nodes 210A and 2 IOC connected to one or more other networks 202 separated from the second network 202B, for example, the first network 202A and/or the third network 202C.
  • FIG. 7 is a schematic illustration of an exemplary networked system in which a single host network node is mapped to a plurality of client network nodes connected to separate networks using a single mapping agent for virtual L3 mapping of the network node for transferring packets between the host and client network nodes, according to some embodiments of the present disclosure.
  • FIG. 8A and FIG 8B are schematic illustrations of an exemplary sequence applied by a single host network node and multiple client network nodes connected to separate networks for transferring packets between the host and client network nodes using a single mapping agent for virtual L3 mapping of the host network node, according to some embodiments of the present disclosure.
  • An exemplary network 700 such as the network 250, in particular the network 250D includes a first network such as the first network 202A, a second network such as the second network 202B and a third network such as the third network 202C.
  • the first network 202A is connected to a common network such as the network 200 via a gateway such as the gateway 212A having an outer address, for example, an outer L3 address (IP address) 134.25.85.14.
  • the second network 202B is connected to the network 200 via a gateway such as the gateway 212B having an outer address, for example, an outer IP address 164.27.19.200.
  • the third network 202C is connected to the network 200 via a gateway such as the gateway 212C having an outer address, for example, an outer IP address 19.85.44.3.
  • a network node such as the source network node 210A is connected to the first network 202A and assigned with a local L3 address (IP address) 192.168.1.3.
  • a first mapping agent such as the first mapping agent 200A associated with the source node 210A is initiated in the first network 202A and assigned with a local L3 address 192.168.200.4.
  • the first mapping agent 200A is further assigned with a virtual L3 address to map the first mapping agent 200A with respect to the other mapping agents 200, specifically the first mapping agent 200A initiated to support the direct mapping of the network nodes 210A and 210B.
  • the first mapping agent 200A is assigned with a virtual L3 (IP address) 128.0.0.1 which is in a predefined L3 address range 128.x.x.x.
  • a network node such as the destination network node 210B is connected to the second network 202B and assigned with a local L3 address (IP address) 10.0.0.5.
  • a second mapping agent such as the second mapping agent 200B associated with the destination node 210B is initiated in the second network 202B and assigned with a local L3 address 10.0.7.3.
  • the second mapping agent 200B is further assigned with a virtual L3 address to map the second mapping agent 200B.
  • the second mapping agent 200B is assigned with a virtual L3 (IP address) 128.0.0.7 in the predefined L3 address range 128.x.x.x.
  • a network node 2 IOC such as the source network node 210A is connected to the third network 202C and assigned with a local L3 address (IP address) 172.23.0.7.
  • a third mapping agent 200C such as the first mapping agent 200A associated with the source node 2 IOC is initiated in the third network 202B and assigned with a local L3 address 172.24.1.19.
  • the third mapping agent 200C is further assigned with a virtual L3 address to map the third mapping agent 200C.
  • the third mapping agent 200C is assigned with a virtual L3 (IP address) 128.0.0.19 in the predefined L3 address range 128.x.x.x.
  • a local DNS such as the DNS 230A which is connected to the first network 202 A is configured to map the first mapping agent 200A in the network 500 by associating the first mapping agent 200A with its local L3 address (192.168.200.4), its virtual L3 address (128.0.0.1) and the outer address of the gateway 212A (134.25.85.14).
  • the local DNS 230A is further configured to map the second mapping agent 200B in the network 500 by associating the second mapping agent 200B with its local L3 address (10.0.7.3), its virtual L3 address (128.0.0.7) and the outer address of the gateway 212B (164.27.19.200).
  • a local DNS 230C such as the DNS 230A which is connected to the third network 202C is configured to map the third mapping agent 200C and the second mapping agent 200B in the network 500 as done for the DNS 230A.
  • a local DNS such as the DNS 230B which is connected to the second network 202B is configured to map the first mapping agent 200A, the third mapping agent 200C and the second mapping agent 200B in the network 500.
  • An exemplary sequence 800 presented in FIG. 8A and continued in FIG. 8B may be executed by the first mapping agent 200A, the third mapping agent 200C and the second mapping agent 200B initiated in the networked system 500 and executing the processes 300 and 400 respectively.
  • the source network node 210A may send (transmit) one or more (first) packets destined for the network node 210B serving as the destination (host) node.
  • the source node 210A may therefore construct the sent packet(s) to include the local L3 address (IP address) of the first mapping agent 200A, i.e., 192.168.200.4.
  • the first mapping agent 200A may adjust the received (first) packet(s) and encapsulate the (first) packet(s) as described in steps 304 and 306 of the process 300 and as described for the sequence 600.
  • the first mapping agent 200A may adjust the source and destination address fields of the (first) packet(s).
  • the first mapping agent 200A replaces the local L3 address 192.168.1.3 in the source address field of the (first) packet(s) to the virtual L3 address 128.0.0.1.
  • the first mapping agent 200A further replaces the local L3 address 192.168.200.4 in the destination address field to the virtual L3 address 128.0.0.7.
  • the first mapping agent 200A encapsulates the adjusted (first) packet(s) in one or more encapsulation packets(s) having a traffic descriptor resolved according to the virtual L3 address of the second mapping agent 200B.
  • the traffic descriptor may include the outer IP address of the gateway 212B (164.27.19.200) in the destination field and the outer IP address of the gateway 212A (134.25.85.14) in the source field.
  • the first mapping agent 200A may then forward (transmit) the encapsulation packet(s) which are routed in the network 700 according to the network addresses indicated in their traffic descriptor(s) and may thus arrive to gateway 212B which may route these encapsulation packet(s) to the second mapping agent 200B.
  • the source network node 2 IOC may send (transmit) one or more (first) packets destined for the network node 21 OB serving as the destination (host) node.
  • the source node 2 IOC may therefore construct the sent (first) packet(s) to include the local L3 address (IP address) of the third mapping agent 200C, i.e., 172.24.1.19.
  • the third mapping agent 200C may adjust the received (first) packet(s) and encapsulate the (first) packet(s) as described in steps 304 and 306 of the process 300 and as described for the sequence 600.
  • the third mapping agent 200C may adjust the source and destination address fields of the (first) packet(s).
  • the third mapping agent 200C replaces the local L3 address 172.23.0.7 in the source address field of the (first) packet(s) to the virtual L3 address 128.0.0.19.
  • the third mapping agent 200C further replaces the local L3 address 172.24.1.19 in the destination address field to the virtual L3 address 128.0.0.7.
  • the third mapping agent 200C encapsulates the adjusted (first) packet(s) in one or more encapsulation packets(s) having a traffic descriptor resolved according to the virtual L3 address of the second mapping agent 200B.
  • the traffic descriptor may include the outer IP address of the gateway 212B (164.27.19.200) in the destination field and the outer IP address of the gateway 212C (19.85.44.3) in the source field.
  • the third mapping agent 200C may then forward (transmit) the encapsulation packet(s) which are routed in the network 700 according to the network addresses indicated in their traffic descriptor(s) and may thus arrive to gateway 212B which may route these encapsulation packet(s) to the second mapping agent 200B.
  • the encapsulation packet(s) transmitted by the first mapping agent 200A as well as the encapsulation packet(s) transmitted by the third mapping agent 200C arrive at the single second mapping agent 200B associated with the destination node 210B.
  • the second mapping agent 200B may therefore track every connection created for each packet(s) transfer with each mapping agent 200 associated with one of the plurality of source nodes 210.
  • the second mapping agent 200B may create and track a first connection (1) established with the first mapping agent 200A and a second connection (2) established with the third mapping agent 200C.
  • the second mapping agent 200B may use one or more connection tracking protocols, algorithms and/or tools supported by the forwarding protocols used by the first mapping agent 200A and/or the third mapping agent 200C to forward the encapsulation packet(s).
  • the second mapping agent 200B may use one or more provisions available in one or more Fayer 4 (F4) protocols, for example, TCP, UDP and/or the like to track the connections.
  • F4 Fayer 4
  • the second mapping agent 200B may identify and log the source F3 address of the encapsulation packets comprising the outer IP address of the originating gateway 212 to track the connection to the gateway 212A and/or the gateway 212C.
  • the second mapping agent 200B may identify and log the source F3 address of the (first) packet(s) extracted from the encapsulation packets comprising the virtual F3 address of the originating mapping agent to track the connection to the first mapping agent 200a and/or to the third mapping agent 200C.
  • the second mapping agent 200B may de-capsulate the received encapsulation packet(s) as described in step 404 of the process 400 to extract the (first) packet(s) originally transmitted by the source node 210A.
  • the second mapping agent 200B may then adjust the extracted (first) packet(s) as described in step 406 of the process 400 such that they indicate the destination node 210B as the destination of the (first) packet(s) and the second mapping agent 200B as the source of the (first) packet(s).
  • the second mapping agent 200B replaces the virtual F3 address 128.0.0.1 in the source address field to the local F3 address 10.0.7.3.
  • the second mapping agent 200B further replaces the virtual F3 address 128.0.0.7 in the destination address field to the local F3 address 10.0.0.5.
  • the second mapping agent 200B may then transmit (send) the adjusted (first) packet(s) to the destination node 210B via the second network 202B and since the destination address in the (first) packet(s) indicate the destination node 210B, the destination node 210B intercepts these (first) packet(s).
  • the second mapping agent 200B may execute the process 300 to forward to the mapping agents 200 associated with the source nodes 210A and/or 210C one or more (second) packets transmitted by the destination node 210B in response to the (first) packets received from the source nodes 210A and/or 2 IOC.
  • the second mapping agent 200B may use the connection information in order to identify the exact originating mapping agent 200.
  • the second mapping agent 200B may adjust the (second) packets received from the destination node 210 to include the virtual L3 address of the identified mapping agent 200A and/or 200C. Similarly, based on the identification of the originating mapping agent 200A and/or 200C, the second mapping agent 200B may resolve the outer IP address of the respective gateway 212 of the network 202 hosting the identified mapping agent 200A and/or 200C and may construct the traffic descriptor accordingly.
  • compositions comprising, “comprising”, “includes”, “including”, “having” and their conjugates mean “including but not limited to”. This term encompasses the terms “consisting of' and “consisting essentially of'.
  • Consisting essentially of' means that the composition or method may include additional ingredients and/or steps, but only if the additional ingredients and/or steps do not materially alter the basic and novel characteristics of the claimed composition or method.
  • a compound or “at least one compound” may include a plurality of compounds, including mixtures thereof.
  • range format is merely for convenience and brevity and should not be construed as an inflexible limitation on the scope of the disclosure. Accordingly, the description of a range should be considered to have specifically disclosed all the possible subranges as well as individual numerical values within that range. For example, description of a range such as from 1 to 6 should be considered to have specifically disclosed subranges such as from 1 to 3, from 1 to 4, from 1 to 5, from 2 to 4, from 2 to 6, from 3 to 6 etc., as well as individual numbers within that range, for example, 1, 2, 3, 4, 5, and 6. This applies regardless of the breadth of the range.
  • a numerical range is indicated herein, it is meant to include any cited numeral (fractional or integral) within the indicated range.
  • the phrases “ranging/ranges between” a first indicate number and a second indicate number and “ranging/ranges from” a first indicate number “to” a second indicate number are used herein interchangeably and are meant to include the first and second indicated numbers and all the fractional and integral numerals there between.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Appareil permettant de transférer des données, comprenant un ou plusieurs circuits de traitement connectés à un premier réseau et exécutant un premier agent de mappage ayant un mappage d'adresse de couche 3 (L3) d'un nœud de destination connecté à un second réseau séparé du premier réseau. Le premier agent de mappage est configuré pour recevoir, en provenance d'un noeud source par l'intermédiaire du premier réseau, un premier paquet destiné au noeud de destination, ajuster le premier paquet pour inclure une adresse L3 virtuelle attribuée à un second agent de mappage exécuté au niveau du second réseau et associé au noeud de destination, encapsuler le premier paquet ajusté dans un paquet d'encapsulation comprenant un descripteur de trafic résolu selon l'adresse L3 virtuelle, et transmettre le paquet d'encapsulation au second agent de mappage qui est configuré pour transmettre le premier paquet ajusté extrait du paquet d'encapsulation au noeud de destination par l'intermédiaire du second réseau.
PCT/EP2019/072989 2019-08-28 2019-08-28 Présence locale virtuelle basée sur le mappage virtuel l3 de noeuds de réseau à distance WO2021037358A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/EP2019/072989 WO2021037358A1 (fr) 2019-08-28 2019-08-28 Présence locale virtuelle basée sur le mappage virtuel l3 de noeuds de réseau à distance
CN201980097584.XA CN113994639B (zh) 2019-08-28 2019-08-28 基于远程网络节点的l3虚拟映射的数据传输方法及系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/072989 WO2021037358A1 (fr) 2019-08-28 2019-08-28 Présence locale virtuelle basée sur le mappage virtuel l3 de noeuds de réseau à distance

Publications (1)

Publication Number Publication Date
WO2021037358A1 true WO2021037358A1 (fr) 2021-03-04

Family

ID=67810599

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/072989 WO2021037358A1 (fr) 2019-08-28 2019-08-28 Présence locale virtuelle basée sur le mappage virtuel l3 de noeuds de réseau à distance

Country Status (2)

Country Link
CN (1) CN113994639B (fr)
WO (1) WO2021037358A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116708043A (zh) * 2023-08-08 2023-09-05 南京赛宁信息技术有限公司 一种网络靶场中用户流量追踪方法与系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3099022A1 (fr) * 2014-02-20 2016-11-30 Huawei Technologies Co., Ltd. Procédé et dispositif d'acheminement de paquets
EP3322135A1 (fr) * 2015-07-06 2018-05-16 ZTE Corporation Procédé et dispositif de transmission de paquets
EP3379806A1 (fr) * 2015-12-31 2018-09-26 Huawei Technologies Co., Ltd. Procédé de traitement de paquet, appareil associé et système de réseau nvo3

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110110377A1 (en) * 2009-11-06 2011-05-12 Microsoft Corporation Employing Overlays for Securing Connections Across Networks
CN102891903B (zh) * 2012-10-31 2015-12-09 杭州华三通信技术有限公司 一种nat转换方法及设备
JPWO2014142278A1 (ja) * 2013-03-14 2017-02-16 日本電気株式会社 制御装置、通信システム、通信方法及びプログラム
CN107800628B (zh) * 2016-09-07 2020-12-01 华为技术有限公司 用在软件定义网络中的数据转发装置及数据转发方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3099022A1 (fr) * 2014-02-20 2016-11-30 Huawei Technologies Co., Ltd. Procédé et dispositif d'acheminement de paquets
EP3322135A1 (fr) * 2015-07-06 2018-05-16 ZTE Corporation Procédé et dispositif de transmission de paquets
EP3379806A1 (fr) * 2015-12-31 2018-09-26 Huawei Technologies Co., Ltd. Procédé de traitement de paquet, appareil associé et système de réseau nvo3

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BLACK J HUDSON BROCADE L KREEGER CISCO M LASSERRE ALCATEL-LUCENT T NARTEN D: "An Architecture for Overlay Networks (NVO3); draft-ietf-nvo3-arch-01.txt", AN ARCHITECTURE FOR OVERLAY NETWORKS (NVO3); DRAFT-IETF-NVO3-ARCH-01.TXT, INTERNET ENGINEERING TASK FORCE, IETF; STANDARDWORKINGDRAFT, INTERNET SOCIETY (ISOC) 4, RUE DES FALAISES CH- 1205 GENEVA, SWITZERLAND, 14 February 2014 (2014-02-14), pages 1 - 32, XP015097013 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116708043A (zh) * 2023-08-08 2023-09-05 南京赛宁信息技术有限公司 一种网络靶场中用户流量追踪方法与系统
CN116708043B (zh) * 2023-08-08 2023-11-10 南京赛宁信息技术有限公司 一种网络靶场中用户流量追踪方法与系统

Also Published As

Publication number Publication date
CN113994639B (zh) 2023-09-22
CN113994639A (zh) 2022-01-28

Similar Documents

Publication Publication Date Title
CA3106407C (fr) Connectivite multi-nuages utilisant srv6 et bgp
US10116559B2 (en) Operations, administration and management (OAM) in overlay data center environments
JP6648308B2 (ja) パケット伝送
EP2759116B1 (fr) Intercepteur de flux basé sur une session à services contrôlés
Garg et al. NVGRE: Network virtualization using generic routing encapsulation
JP5410614B2 (ja) クラウドコンピューティングにおける企業のレイヤ2シームレスサイト拡張
EP2885898B1 (fr) Procédé et système pour intégration de réseau virtuel et physique
US8619779B2 (en) Scalable architecture for enterprise extension in a cloud topology
EP3219057B1 (fr) Déviation de route inter-vrf (routage et transfert virtuel) optimisée en environnements reposant sur une superposition de réseaux
US10009267B2 (en) Method and system for controlling an underlying physical network by a software defined network
US8830834B2 (en) Overlay-based packet steering
US20130173788A1 (en) Network access apparatus
US20150026362A1 (en) Dynamic Service Path Creation
US20150009992A1 (en) Communication Between Endpoints in Different VXLAN Networks
US9509603B2 (en) System and method for route health injection using virtual tunnel endpoints
US20130124750A1 (en) Network virtualization without gateway function
US10523464B2 (en) Multi-homed access
US20190123962A1 (en) Traffic replication in software-defined networking (sdn) environments
EP4033702A1 (fr) Procédé et système de fourniture de service, et passerelle d'accélération à distance
US20180270084A1 (en) Technique for exchanging datagrams between application modules
US9438475B1 (en) Supporting relay functionality with a distributed layer 3 gateway
CN113994639B (zh) 基于远程网络节点的l3虚拟映射的数据传输方法及系统
EP3605958B1 (fr) Virtual private lan avec routage ip
CN113647065B (zh) 虚拟网络拓扑
Shahrokhkhani An Analysis on Network Virtualization Protocols and Technologies

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19762121

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19762121

Country of ref document: EP

Kind code of ref document: A1