To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not delayed due to multiple requests causing one or more components to stall. In addition, each of these RIC components also has an internal architecture that is designed to operate in a non-blocking manner so that no one process of a component can block the operation of another process of the component. All of these low latency features allow the near RT RIC to serve as a high speed IO between the E2 nodes and the xApps.
Some embodiments of the invention provide a method for providing flow processing offload (FPO) for a host computer at a physical network interface card (pNIC) connected to the host computer. A set of compute nodes executing on the host computer are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of interfaces that are assigned physical port identifiers (PPIDs) by the pNIC. The method includes receiving a data message at an interface of the pNIC and matching the data message to a stored flow entry that specifies a destination using a VPID. The method also includes identifying, using the VPID, a PPID as a destination of the received data message by performing a lookup in a mapping table storing a set of VPIDs and a corresponding set of PPIDs and forwarding the data message to an interface of the pNIC associated with the identified PPID.
Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.
H04L 43/0805 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p.ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 43/0882 - Utilisation de la capacité de la liaison
H04L 41/0826 - Réglages de configuration caractérisés par les objectifs d’un changement de paramètres, p.ex. l’optimisation de la configuration pour améliorer la fiabilité pour la réduction des coûts du réseau
Some embodiments provide a method for establishing multiple virtual service networks over multiple datacenters. The method configures, for each virtual service network of the plurality of virtual service networks, a set of machines distributed across the datacenters to implement an ordered set of network services for the virtual service network. The method configures multiple service network selectors executing within the datacenters to receive a data message, select one of the virtual service networks for the data message based on analysis of contents of the data message, determine a location within the datacenters for a machine implementing a first network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the machine implementing the first network service.
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 67/51 - Découverte ou gestion de ceux-ci, p.ex. protocole de localisation de service [SLP] ou services du Web
H04L 67/60 - Ordonnancement ou organisation du service des demandes d'application, p.ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises
Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
6.
DYNAMIC INTER-CLOUD PLACEMENT OF VIRTUAL NETWORK FUNCTIONS FOR A SLICE
Examples can include an optimizer that dynamically determines where to place virtual network functions for a slice in a distributed Telco cloud network. The optimizer can determine a slice path that complies with a service level agreement and balances network load. The virtual network functions of the slice can be provisioned at clouds identified by the optimal slice path. In one example, performance metrics are normalized, and tenant-selected weights can be applied. This can allow the optimizer to prioritize particular SLA attributes in choosing an optimal slice path.
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p.ex. prêt à l’emploi [plug-and-play]
H04L 41/0826 - Réglages de configuration caractérisés par les objectifs d’un changement de paramètres, p.ex. l’optimisation de la configuration pour améliorer la fiabilité pour la réduction des coûts du réseau
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 41/5009 - Détermination des paramètres de rendement du niveau de service ou violations des contrats de niveau de service, p.ex. violations du temps de réponse convenu ou du temps moyen entre l’échec [MTBF]
H04L 41/5025 - Pratiques de respect de l’accord du niveau de service en réagissant de manière proactive aux changements de qualité du service, p.ex. par reconfiguration après dégradation ou mise à niveau de la qualité du service
H04L 41/5054 - Déploiement automatique des services déclenchés par le gestionnaire de service, p.ex. la mise en œuvre du service par configuration automatique des composants réseau
H04L 43/0882 - Utilisation de la capacité de la liaison
H04L 45/12 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données Évaluation de la route la plus courte
H04L 47/2425 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS pour la prise en charge de spécifications de services, p.ex. SLA
H04L 67/1008 - Sélection du serveur pour la répartition de charge basée sur les paramètres des serveurs, p.ex. la mémoire disponible ou la charge de travail
H04L 67/101 - Sélection du serveur pour la répartition de charge basée sur les conditions du réseau
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p.ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 41/50 - Gestion des services réseau, p.ex. en assurant une bonne réalisation du service conformément aux accords
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
Some embodiments provide a simplified mechanism to deploy and control a multi- segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi- segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.
Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.
Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
10.
CREATING VIRTUAL NETWORKS SPANNING MULTIPLE PUBLIC CLOUDS
Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.
H04L 45/745 - Recherche de table d'adresses; Filtrage d'adresses
H04L 61/25 - Correspondance entre adresses du même type
H04L 61/2514 - Traduction d'adresses de protocole Internet [IP] entre adresses IP locales et globales
H04L 61/255 - Maintenance ou indexation des tables de correspondance
H04L 61/30 - Gestion des noms de réseau, p.ex. utilisation d'alias ou de surnoms
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
11.
CREATING VIRTUAL NETWORKS SPANNING MULTIPLE PUBLIC CLOUDS
A virtual network over several public clouds of several public cloud providers and/or in several regions is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the =Internet. Also, the virtual network can be configured to optimize the layer 4 processing of the data message flows passing through the network.
H04L 45/76 - Routage dans des topologies définies par logiciel, p.ex. l’acheminement entre des machines virtuelles
H04L 45/12 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données Évaluation de la route la plus courte
H04L 45/17 - Routage par raccourcis, p.ex. en utilisant le protocole de résolution du prochain saut [NHRP]
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
H04L 67/141 - Configuration des sessions d'application
12.
A SYSTEM AND METHOD FOR NETWORK INCIDENT IDENTIFICATION, CONGESTION DETECTION, ANALYSIS, AND MANAGEMENT
A system and method for automatic detection of a network incident from real-time network data is disclosed. The method includes: collecting real-time network data; executing performance calculations on the real-time network data to compute performance metrics; and detecting a pattern over a time window, wherein detecting a pattern includes detecting a proportion of metric values crossing a threshold exceeding a defined percentage amount, detecting a presence of a sequence of metric values, detecting a time-ordered stretch of metric values with a length of the time-ordered stretch exceeding a defined threshold, detecting a cyclical presence of a sequence of metric values, or combinations thereof.
H04L 41/0631 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant l’analyse de la corrélation entre les notifications, les alarmes ou les événements en fonction de critères de décision, p.ex. la hiérarchie ou l’analyse temporelle ou arborescente
H04L 41/0659 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau en isolant ou en reconfigurant les entités défectueuses
H04L 41/142 - Analyse ou conception de réseau en utilisant des méthodes statistiques ou mathématiques
Remote desktop servers include a display encoder that maintains a secondary framebuffer that contains display data to be encoded and transmitted to a remote client display and a list of display primitives effectuating updated display data in the secondary framebuffer. The display encoder submits requests to receive the list of drawing primitives to a video adapter driver that receives and tracks drawing primitives that, when executed, update a primary framebuffer.
Remote desktop servers include a display encoder that maintains a secondary framebuffer that contains display data to be encoded and transmitted to a remote client display. The display encoder submits requests to update the display data in the secondary framebuffer to a video adapter driver that has access to a primary framebuffer whose display data is updated according to drawing commands received from applications running on the remote desktop servers. The video adapter driver utilizes a spatial data structure to track changes made to the display data located in regions of the primary framebuffer and copies the display data in those regions of the primary framebuffer to corresponding regions in the secondary framebuffer.
A method for persisting a state of a virtual port in a virtualized computer system is described. A distributed virtual port (DVport) is stored in a persistent storage location, the DVport comprising a state of a corresponding virtual port and configuration settings of the virtual port. In addition, an association between the virtual port and the virtual network interface card (VNIC) connected to the virtual port is stored. When a virtual machine corresponding to the VNIC is restarted, the state from the DVport is restored to a new virtual port from the persistent storage location.
A method creates a distributed virtual switch (DVswitch) and distributed virtual ports (DVports) for the DVswitch. The DVswitch binds virtual switches in a collection of hosts together in a software abstraction. Also, the DVports are available for connection by virtual network interface cards (VNICs) of virtual machines in the collection of hosts. A request is received for a connection of a virtual network interface card (VNIC) of a virtual machine for a host in the collection of hosts to a DVport. If the requested DVport is available, the method provides connection information for the requested DVport to the host to allow the host to connect the requested DVport to the VNIC. The DVport stores a runtime state for a virtual port associated with a virtual switch for the host and the virtual switch forwards network frames between the VNIC and a physical network interface card (NIC).
H04L 12/12 - Dispositions pour la connexion ou la déconnexion à distance de sous-stations ou de leur équipement
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
17.
EXTENDING SERVER-BASED DESKTOP VIRTUAL MACHINE ARCHITECTURE TO CLIENT MACHINES
A server-based desktop-virtual machines architecture may be extended to a client machine. In one embodiment, a user desktop is remotely accessed from a client system. The remote desktop is generated by a first virtual machine running on a server system, which may comprise one or more server computers. During execution of the first virtual machine, writes to a corresponding virtual disk are directed to a delta disk file or redo log. A copy of the virtual disk is created on the client system. When a user decides to 'check out' his or her desktop, the first virtual machine is terminated (if it is running) and a copy of the delta disk is created on the client system. Once the delta disk is present on the client system, a second virtual machine can be started on the client system using the virtual disk and delta disk to provide local access to the user's desktop at the client system. This allows the user to then access his or her desktop without being connected to a network.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p.ex. pour le traitement simultané de plusieurs programmes
G06F 12/00 - Accès à, adressage ou affectation dans des systèmes ou des architectures de mémoires