cluster placement group

By using the Cluster Placement Group (CPG) framework, closely spaced resource locations are identified and allocated, solving the latency problem between compute instances and database instances in the cloud environment, enabling the deployment of low-latency networked applications, and improving the utilization efficiency of network resources.

CN122295652APending Publication Date: 2026-06-26ORACLE INT CORP

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ORACLE INT CORP
Filing Date
2024-11-26
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

As cloud service providers (CSPs) expand their data center space, existing technologies are unable to guarantee low latency within 200µs, making it difficult to deploy latency-sensitive workloads in cloud environments, especially since latency between compute instances and database instances exceeds 100µs, impacting the use of network resources.

Method used

A Cluster Placement Group (CPG) framework is provided to ensure low-latency communication between compute instances, block volumes, and database instances by identifying and allocating closely spaced resource locations, including receiving client requests, identifying available resources, and allocating appropriate resources.

Benefits of technology

It enables low-latency communication between compute instances and database instances, supports low-latency network applications, solves the deployment problem of latency-sensitive services, and improves the utilization efficiency of network resources.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122295652A_ABST
    Figure CN122295652A_ABST
Patent Text Reader

Abstract

This paper describes a mechanism for constructing a Cluster Placement Group (CPG) in a cloud environment. A request is received from a first customer in the cloud environment, corresponding to the creation of a CPG. The CPG identifies a first set of requested resources, comprising a first type of resource and a second type of resource requested by the first customer, wherein the first type of resource differs from the second type of resource. An availability domain is identified in the cloud environment, comprising a second set of available resources, including all resources included in the first set of requested resources. A set of resources corresponding to the first set of requested resources is allocated to the first customer from the second set of available resources in the availability domain. This allocated set of resources is then associated with the CPG.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] Cross-references to related applications

[0002] This international application claims the benefit of U.S. Provisional Application No. 63 / 603,837, filed November 29, 2023, the contents of which are incorporated herein by reference in their entirety for all purposes. Technical Field

[0003] This disclosure relates to a framework for creating resources in close proximity to each other to support low-latency networking applications. Background Technology

[0004] High-performance computing, graphics processing, and artificial intelligence applications and workloads typically require low-latency network performance. Customers use Availability Domains (ADs) to execute such applications / workloads that require low latency because ADs provide latency in the range of a few hundred microseconds (e.g., 200µs). However, as ADs become larger in size, cloud service providers (CSPs) cannot guarantee new data center space and power within the latency threshold (i.e., 200µs) of existing AD footprint. This raises several issues, such as making it difficult or nearly impossible for customers to continue using latency-sensitive workloads. Additionally, extremely latency-sensitive services, such as autonomous databases, require latency between network resources (e.g., compute instances and ExaCS instances) to be no more than 100µs.

[0005] Therefore, a framework is needed to address the aforementioned issues. Co-locating the resources upon which these applications depend can help achieve the lowest possible latency. The embodiments discussed herein address these issues, as well as others. Specifically, the embodiments discussed herein provide a framework (referred to herein as a Cluster Placement Group (CPG)) that can be used by external and internal clients for latency-sensitive workloads between compute instances, block volumes, and database instances. Summary of the Invention

[0006] This disclosure relates to a framework for creating resources in close proximity to each other to support low-latency networking applications. Various embodiments are described herein, including methods, systems, non-transitory computer-readable media storing programs, code, or instructions executable by one or more processors, etc. References to these illustrative embodiments are not intended to limit or restrict this disclosure, but rather to provide examples to aid in understanding it. Additional embodiments are discussed in the Detailed Description section, and further description is provided therein.

[0007] One embodiment of this disclosure relates to a method comprising: receiving a request from a first customer of a cloud environment provided by a cloud service provider (CSP) for a cluster placement group (CPG), the CPG identifying a first set of requested resources including a first type of resources and a second type of resources requested by the first customer, wherein the first type of resources is different from the second type of resources; identifying an availability domain in the cloud environment including a second set of available resources, the second set of available resources including all resources included in the first set of requested resources; allocating a set of resources corresponding to the first set of requested resources from the second set of available resources in the availability domain to the first customer; and associating the set of resources allocated to the first customer with the CPG.

[0008] One aspect of this disclosure provides a computing device including one or more data processors and a non-transitory computer-readable storage medium containing instructions that, when executed by the one or more data processors, cause the one or more data processors to perform part or all of the methods disclosed herein.

[0009] Another aspect of this disclosure provides one or more computer-readable non-transitory media storing computer-executable instructions that, when executed by one or more processors, cause some or all of the methods disclosed herein to be performed.

[0010] The foregoing, as well as other features and embodiments, will become more apparent from the following description, claims, and drawings. Attached Figure Description

[0011] The features, embodiments, and advantages of this disclosure can be better understood by reading the following detailed description with reference to the accompanying drawings.

[0012] Figure 1 This is a high-level diagram illustrating a distributed environment of a virtual or overlay cloud network hosted by a cloud service provider infrastructure, according to certain embodiments.

[0013] Figure 2 A simplified architecture diagram of the physical components in the physical network within the CSPI according to certain embodiments is depicted.

[0014] Figure 3 An example arrangement is shown according to certain embodiments, in which a host machine is connected to multiple network virtualization devices (NVDs) within a CSPI.

[0015] Figure 4 The connectivity between the host machine and the NVD, according to certain embodiments, is described for providing I / O virtualization to support multi-tenancy.

[0016] Figure 5A simplified block diagram of a physical network provided by CSPI according to certain embodiments is depicted.

[0017] Figure 6 An exemplary physical and logical organization of resources of a cloud service provider according to certain embodiments is depicted.

[0018] Figure 7 An exemplary mapping from site groups to availability domains according to certain embodiments is depicted.

[0019] Figure 8 An exemplary flowchart depicting the steps performed to create a cluster placement group according to certain embodiments is illustrated.

[0020] Figure 9 An exemplary flowchart depicting the steps performed to select a group of sites according to certain embodiments is illustrated.

[0021] Figure 10 This is a block diagram illustrating a pattern for implementing a cloud infrastructure-as-a-service system according to at least one embodiment.

[0022] Figure 11 This is a block diagram illustrating another pattern for implementing a cloud infrastructure-as-a-service system according to at least one embodiment.

[0023] Figure 12 This is a block diagram illustrating another pattern for implementing a cloud infrastructure-as-a-service system according to at least one embodiment.

[0024] Figure 13 This is a block diagram illustrating another pattern for implementing a cloud infrastructure-as-a-service system according to at least one embodiment.

[0025] Figure 14 This is a block diagram illustrating an example computer system according to at least one embodiment. Detailed Implementation

[0026] In the following description, specific details are set forth for purposes of explanation in order to provide a thorough understanding of certain embodiments. However, it will be apparent that various embodiments may be practiced without these specific details. The figures and descriptions are not intended to be limiting. The word “exemplary” is used herein to mean “serves as an example, instance, or illustration.” Any embodiment or design described herein as “exemplary” is not necessarily to be construed as preferred or superior to other embodiments or designs.

[0027] Example architecture of cloud infrastructure

[0028] The term cloud service generally refers to services provided by a cloud service provider (CSP) to users or customers on demand (e.g., via a subscription model) using systems and infrastructure (cloud infrastructure) provided by the CSP. Typically, the servers and systems that make up the CSP's infrastructure are separate from the customer's own on-premises servers and systems. Therefore, customers can utilize cloud services provided by the CSP without having to purchase separate hardware and software resources for the service. Cloud services are designed to provide subscribers with simple, scalable access to applications and computing resources without requiring customers to invest in the infrastructure used to provide the service.

[0029] Several cloud service providers offer various types of cloud services. There are various types or models of cloud services, including Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), etc.

[0030] A customer can subscribe to one or more cloud services provided by a CSP. A customer can be any entity, such as an individual, organization, or enterprise. When a customer subscribes to or registers for a service provided by a CSP, a lease or account is created for that customer. The customer can then access one or more cloud resources associated with that account through the subscription.

[0031] As mentioned above, Infrastructure as a Service (IaaS) is a specific type of cloud computing service. In the IaaS model, a CSP provides customers with infrastructure (called Cloud Service Provider Infrastructure or CSPI) that they can use to build their own customizable networks and deploy customer resources. Therefore, the customer's resources and network are hosted in a distributed environment by the infrastructure provided by the CSP. This differs from traditional computing, where the customer's resources and network are hosted by the infrastructure provided by the customer.

[0032] CSPI can include interconnected high-performance computing resources, including various host machines, memory resources, and network resources forming a physical network, also known as the base network or underlying network. Resources in CSPI can be distributed across one or more data centers, which may be geographically distributed across one or more geographic regions. Virtualization software can be executed by these physical resources to provide a virtualized distributed environment. Virtualization creates overlay networks (also known as software-based networks, software-defined networks, or virtual networks) on the physical network. The CSPI physical network provides the underlying foundation for creating one or more overlay or virtual networks on top of the physical network. The physical network (or base network or underlying network) includes physical network devices such as physical switches, routers, computers, and host machines. An overlay network is a logical (or virtual) network that runs on top of the physical base network. A given physical network can support one or more overlay networks. Overlay networks typically use encapsulation techniques to distinguish traffic belonging to different overlay networks. Virtual or overlay networks are also known as Virtual Cloud Networks (VCNs). Virtual networks are created using software virtualization technologies (e.g., hypervisors, virtualization functions implemented by network virtualization devices (NVDs) (e.g., smartNICs), top-of-rack (TOR) switches, intelligent TORs that implement one or more functions performed by NVDs, and other mechanisms) to create a network abstraction layer that can run on top of a physical network. Virtual networks can take many forms, including peer-to-peer networks, IP networks, etc. Virtual networks are typically Layer 3 IP networks or Layer 2 VLANs. This method of virtual or overlay networking is often referred to as virtual or overlay Layer 3 networking. Examples of protocols developed for virtual networks include IP-in-IP (or Generic Routing Encapsulation (GRE)), Virtual Extensible LAN (VXLAN—IETF RFC 7348), Virtual Private Networks (VPNs) (e.g., MPLS Layer 3 Virtual Private Network (RFC 4364)), VMware's NSX, GENEVE (Generic Network Virtualization Encapsulation), etc.

[0033] For IaaS, the infrastructure provided by a CSP (Center for Service Providers) can be configured to offer virtualized computing resources over a public network (e.g., the Internet). In the IaaS model, cloud service providers can host infrastructure components (e.g., servers, storage devices, network nodes (e.g., hardware), deployment software, platform virtualization (e.g., hypervisor layer), etc.). In some cases, IaaS providers can also provision various services accompanying those infrastructure components (e.g., billing, monitoring, logging, security, load balancing, and clustering, etc.). Therefore, since these services can be policy-driven, IaaS users can implement policies to drive load balancing to maintain application availability and performance. CSPI provides infrastructure and a complementary set of cloud services, enabling customers to build and run a wide range of applications and services in a highly available, hosted, distributed environment. CSPI provides high-performance computing resources and capabilities, as well as storage capacity, in a flexible virtual network securely accessible from various networked locations, such as the customer's on-premises network. When a customer subscribes to or enrolls in an IaaS service provided by a CSP, the lease created for that customer is a secure and isolated partition within the CSP, where the customer can create, organize, and manage their cloud resources.

[0034] Customers can build their own virtual networks using the compute, storage, and networking resources provided by CSPI. One or more customer resources or workloads, such as compute instances, can be deployed on these virtual networks. For example, a customer can use resources provided by CSPI to build one or more customizable and private virtual networks, called Virtual Cloud Networks (VCNs). A customer can deploy one or more customer resources, such as compute instances, on a customer VCN. Compute instances can take the form of virtual machines, bare metal instances, etc. Therefore, CSPI provides the infrastructure and a complementary set of cloud services that enable customers to build and run a wide range of applications and services in a highly available, virtually managed environment. Customers do not manage or control the underlying physical resources provided by CSPI, but they have control over the operating system, storage, and deployed applications; and possibly limited control over chosen networking components, such as firewalls.

[0035] The CSP can provide a console that enables customers and network administrators to configure, access, and manage resources deployed in the cloud using CSPI resources. In some embodiments, the console provides a web-based user interface that can be used to access and manage the CSPI. In other embodiments, the console is a web-based application provided by the CSP.

[0036] CSPI can support single-tenant or multi-tenant architectures. In a single-tenant architecture, software (e.g., applications, databases) or hardware components (e.g., host machines or servers) serve a single customer or tenant. In a multi-tenant architecture, the software or hardware components serve multiple customers or tenants. Therefore, in a multi-tenant architecture, CSPI resources are shared among multiple customers or tenants. In a multi-tenant scenario, precautions and safeguards are implemented in CSPI to ensure that each tenant's data is isolated and invisible to other tenants.

[0037] In a physical network, a network endpoint is a computing device or system that connects to and communicates with the physical network. Network endpoints in a physical network can connect to a Local Area Network (LAN), a Wide Area Network (WAN), or other types of physical networks. Examples of traditional endpoints in a physical network include modems, hubs, bridges, switches, routers and other networking devices, physical computers (or host machines), etc. Each physical device in a physical network has a fixed network address that can be used to communicate with the device. This fixed network address can be a Layer 2 address (e.g., a MAC address), a fixed Layer 3 address (e.g., an IP address), etc. In a virtualized environment or virtual network, endpoints can include various virtual endpoints, such as virtual machines hosted by components of the physical network (e.g., hosted by physical host machines). These endpoints in a virtual network are addressed using overlay addresses, such as overlay Layer 2 addresses (e.g., overlay MAC addresses) and overlay Layer 3 addresses (e.g., overlay IP addresses). Network overlays enable flexibility by allowing network administrators to move around the overlay addresses associated with network endpoints using software management (e.g., via software implementing a control plane for virtual networks). Therefore, unlike physical networks, in virtual networks, overlay addresses (e.g., overlay IP addresses) can be moved from one endpoint to another using network management software. Since virtual networks are built on top of physical networks, communication between components within a virtual network involves both the virtual network and the underlying physical network. To facilitate this communication, CSPI components are configured to learn and store mappings that map overlay addresses in the virtual network to actual physical addresses in the base network, and vice versa. These mappings are then used to facilitate communication. Client traffic is encapsulated to facilitate routing within the virtual network.

[0038] Therefore, physical addresses (e.g., physical IP addresses) are associated with components in a physical network, and overlay addresses (e.g., overlay IP addresses) are associated with entities in a virtual or overlay network. A physical IP address is an IP address associated with a physical device (e.g., a network device) in the underlying or physical network. For example, each NVD has an associated physical IP address. An overlay IP address is an overlay address associated with an entity in an overlay network, such as an overlay address associated with a compute instance in a customer's Virtual Cloud Network (VCN). Two different customers or tenants (each with its own private VCN) can potentially use the same overlay IP address in their VCNs without knowing about each other. Both physical IP addresses and overlay IP addresses are types of real IP addresses. These addresses are separate from virtual IP addresses. A virtual IP address is typically a single IP address that represents or maps to multiple real IP addresses. A virtual IP address provides a one-to-many mapping between virtual IP addresses and multiple real IP addresses. For example, a load balancer can use a VIP to map or represent multiple servers, each with its own real IP address.

[0039] Cloud infrastructure, or CSPI, is physically hosted in one or more data centers in one or more regions of the world. CSPI may include components in the physical or underlying network and virtualized components (e.g., virtual networks, compute instances, virtual machines, etc.) in virtual networks built on top of the physical network components. In some embodiments, CSPI is organized and hosted in domains, regions, and availability domains. A region is typically a localized geographical area containing one or more data centers. Regions are generally independent of each other and can be geographically distant, for example, spanning countries or even continents. For example, one region might be in Australia, another in Japan, another in India, and so on. CSPI resources are partitioned between regions, such that each region has its own independent subset of CSPI resources. Each region can provide a set of core infrastructure services and resources, such as compute resources (e.g., bare metal servers, virtual machines, containers, and related infrastructure); storage resources (e.g., block volume storage, file storage, object storage, archive storage); networking resources (e.g., virtual cloud networks (VCNs), load balancing resources, connections to on-premises networks), database resources; edge networking resources (e.g., DNS); and access management and monitoring resources, etc. Each region typically has multiple paths connecting it to other regions within the domain.

[0040] Generally, applications are deployed in the areas where they are used most frequently (i.e., on the infrastructure associated with that area) because using nearby resources is faster than using resources far away. Applications may also be deployed in different areas for various reasons, such as redundancy to mitigate the risk of events within a region (such as large weather systems or earthquakes), or to meet different requirements such as legal jurisdiction, tax domain, and other business or social standards.

[0041] Data centers within a region can be further organized and subdivided into Availability Domains (ADs). An Availability Domain can correspond to one or more data centers located within the region. A region can consist of one or more Availability Domains. In this distributed environment, CSPI resources are either region-specific, such as Virtual Cloud Networks (VCNs), or Availability Domain-specific, such as compute instances.

[0042] Availability Zones (ADs) within a region are isolated from each other, fault-tolerant, and configured to make simultaneous failures highly unlikely. This is achieved by ensuring that ADs do not share critical infrastructure resources (such as networking, physical cabling, cable paths, cable entry points, etc.), making a failure at one AD within a region unlikely to affect the availability of other ADs in the same region. ADs within the same region can be interconnected via low-latency, high-bandwidth networks, enabling highly available connectivity to other networks (e.g., the internet, customer on-premises networks, etc.) and allowing for replication systems across multiple ADs to achieve both high availability and disaster recovery. Cloud services use multiple ADs to ensure high availability and prevent resource failures. As the infrastructure provided by the IaaS provider grows, more regions and ADs, along with additional capacity, can be added. Traffic between availability domains is typically encrypted.

[0043] In some embodiments, regions are grouped into domains. A domain is a logical collection of regions. Domains are isolated from each other and do not share any data. Regions within the same domain can communicate with each other, but regions in different domains cannot. A customer's lease or account with the CSP resides in a single domain and can be distributed across one or more regions belonging to that domain. Typically, when a customer subscribes to an IaaS service, a lease or account is created for that customer in a region within the domain that the customer designates (called the "primary" region). A customer can extend their lease to one or more other regions within the domain. A customer cannot access regions that are not within the domain where their lease resides.

[0044] IaaS providers can offer multiple domains, each catering to the needs of a specific set of customers or users. For example, a business domain can be offered for business customers. As another example, a domain can be offered for customers within a specific country. Yet another example, a government domain can be offered for governments, and so on. For instance, a government domain can meet the needs of a specific government and may offer a higher level of security than a business domain. For example, Oracle Cloud Infrastructure (OCI) currently offers domains for its business region and two domains for its government cloud region (e.g., FedRAMP licensed and IL5 licensed).

[0045] In some embodiments, an Active Directory (AD) can be subdivided into one or more fault domains. A fault domain is a grouping of infrastructure resources within an AD to provide anti-affinity. Fault domains allow for the distribution of compute instances such that these instances do not reside on the same physical hardware within a single AD. This is known as anti-affinity. A fault domain refers to a group of hardware components (computers, switches, etc.) that share a single point of failure. Compute pools are logically divided into fault domains. Therefore, a hardware failure or compute hardware maintenance event affecting one fault domain does not affect instances in other fault domains. Depending on the embodiment, the number of fault domains per AD can vary. For example, in some embodiments, each AD contains three fault domains. Fault domains act as logical data centers within the AD.

[0046] When a customer subscribes to IaaS services, resources from CSPI are provisioned to the customer and associated with the customer's lease. Customers can use these provisioned resources to build private networks and deploy resources on these networks. Customer networks hosted in the cloud by CSPI are called Virtual Cloud Networks (VCNs). Customers can use the CSPI resources allocated to them to establish one or more VCNs. A VCN is a virtual or software-defined private network. Customer resources deployed in a customer's VCN can include compute instances (e.g., virtual machines, bare metal instances) and other resources. These compute instances can represent various customer workloads, such as applications, load balancers, databases, etc. Compute instances deployed on a VCN can communicate with publicly accessible endpoints (“public endpoints”) via public networks (such as the Internet), with other instances in the same VCN or other VCNs (e.g., other VCNs belonging to the customer or VCNs not belonging to the customer), with the customer's on-premises data center or network, and with service endpoints and other types of endpoints.

[0047] CSPs can use CSPIs to provide various services. In some cases, CSPI clients can act as service providers themselves and use CSPI resources to provide services. Service providers can expose service endpoints characterized by identification information such as IP addresses, DNS names, and ports. Client resources (e.g., compute instances) can access a specific service by visiting the service endpoints exposed by the service for that specific service. These service endpoints are generally publicly accessible to users via public communication networks such as the Internet using the public IP addresses associated with the endpoints. Publicly accessible network endpoints are sometimes also called public endpoints.

[0048] In some embodiments, a service provider may expose the service via an endpoint used for the service (sometimes referred to as a service endpoint). Customers of the service can then use this service endpoint to access the service. In some implementations, the service endpoint provided for the service can be accessed by multiple customers intending to consume the service. In other implementations, a dedicated service endpoint can be provided to a customer, so that only that customer can use that dedicated service endpoint to access the service.

[0049] In some embodiments, when a VCN is created, it is associated with a Private Overlay Classless Inter-Domain Routing (CIDR) address space, which is a set of private overlay IP addresses (e.g., 10.0 / 16) assigned to the VCN. The VCN includes associated subnets, routing tables, and gateways. A VCN resides within a single area but can span one or more of the availability domains within that area. A gateway is a virtual interface configured for the VCN and enables traffic to and from the VCN to one or more endpoints outside the VCN. One or more different types of gateways can be configured for the VCN to enable communication to and from different types of endpoints.

[0050] A VCN can be subdivided into one or more subnets, such as one or more subnets. Therefore, a subnet is a configurable unit or subdivision that can be created within a VCN. A VCN can have one or more subnets. Each subnet within a VCN is associated with a contiguous range of overlay IP addresses (e.g., 10.0.0.0 / 24 and 10.0.1.0 / 24), which do not overlap with other subnets within that VCN and represent a subset of the VCN's address space.

[0051] Each compute instance is associated with a Virtual Network Interface Card (VNIC), which enables the compute instance to participate in subnets within a VCN. A VNIC is the logical representation of a physical network interface card (NIC). Generally, a VNIC is the interface between an entity (e.g., a compute instance, a service) and a virtual network. A VNIC exists within a subnet and has one or more associated IP addresses, along with associated security rules or policies. A VNIC is equivalent to a Layer 2 port on a switch. A VNIC is attached to both the compute instance and the subnet within the VCN. The VNIC associated with a compute instance enables the compute instance to be part of a VCN's subnet and allows the compute instance to communicate (e.g., send and receive packets) with endpoints on the same subnet as the compute instance, with endpoints in different subnets within the VCN, or with endpoints outside the VCN. Therefore, the VNIC associated with a compute instance determines how the compute instance connects to endpoints inside and outside the VCN. When a compute instance is created and added to a subnet within a VCN, a VNIC is created for the compute instance and associated with that compute instance. For a subnet that includes a set of compute instances, the subnet contains a VNIC corresponding to that set of compute instances, and each VNIC is attached to a compute instance within that set of compute instances.

[0052] A private overlay IP address is assigned to each compute instance via the VNIC associated with it. This private overlay network IP address is assigned to the VNIC associated with the compute instance when the compute instance is created and is used to route traffic to and from the compute instance. All VNICs within a given subnet use the same routing table, security list, and DHCP options. As described above, each subnet within a VCN is associated with a contiguous range of overlay IP addresses (e.g., 10.0.0.0 / 24 and 10.0.1.0 / 24) that do not overlap with other subnets within that VCN and represent a subset of the address space within the VCN's address space. For a VNIC on a specific subnet of a VCN, the private overlay IP address assigned to that VNIC is an address derived from the contiguous range of overlay IP addresses allocated to the subnet.

[0053] In some embodiments, in addition to a private overlay IP address, a compute instance may optionally be assigned additional overlay IP addresses, such as one or more public IP addresses, for example, if in a public subnet. These multiple addresses are assigned either on the same VNIC or on multiple VNICs associated with the compute instance. However, each instance has a primary VNIC, which is created during instance startup and associated with the overlay private IP address assigned to that instance—this primary VNIC cannot be deleted. Additional VNICs, called secondary VNICs, can be added to an existing instance in the same availability domain as the primary VNIC. All VNICs are in the same availability domain as the instance. The secondary VNIC can be located in a subnet within the same VCN as the primary VNIC, or in a different subnet within the same VCN or different VCNs.

[0054] If a compute instance is in a public subnet, it can optionally be assigned a public IP address. When creating a subnet, it can be specified as either a public or private subnet. A private subnet means that resources within the subnet (such as compute instances) and associated VNICs cannot have public overriding IP addresses. A public subnet means that resources within the subnet and associated VNICs can have public IP addresses. Customers can specify that a subnet exists within a single availability domain or across multiple availability domains in a region or domain.

[0055] As described above, a VCN can be subdivided into one or more subnets. In some embodiments, a virtual router (VR) configured for a VCN (referred to as a VCN VR or simply VR) enables communication between the subnets of the VCN. For a subnet within a VCN, the VR represents a logical gateway for that subnet, enabling that subnet (i.e., compute instances on that subnet) to communicate with endpoints on other subnets within the VCN as well as with other endpoints outside the VCN. The VCN VR is a logical entity configured to route traffic between the VNIC within the VCN and the virtual gateway (“gateway”) associated with the VCN. The following section discusses… Figure 1Further description of the gateway. A VCN VR is a Layer 3 / IP layer concept. In one embodiment, there exists a VCN VR for a VCN, where the VCN VR potentially has an unlimited number of ports addressable via IP addresses, one port for each subnet of the VCN. In this way, the VCN VR has a different IP address for each subnet within the VCN to which the VCN VR is attached. The VR also connects to various gateways configured for the VCN. In some embodiments, a specific overlay IP address within the overlay IP address range for a subnet is reserved for the port of the VCN VR for that subnet. For example, consider a VCN with two subnets, associated with address ranges 10.0 / 16 and 10.1 / 16. For the first subnet in the VCN with an address range of 10.0 / 16, addresses within this range are reserved for the port of the VCN VR for that subnet. In some cases, the first IP address within the range can be reserved for the VCN VR. For example, for a subnet covering the IP address range of 10.0 / 16, the IP address 10.0.0.1 could be reserved for the port of the VCN VR for that subnet. For a second subnet within the same VCN with an address range of 10.1 / 16, the VCN VR can have a port with IP address 10.1.0.1 for the second subnet. The VCN VR has a different IP address for each subnet within the VCN.

[0056] In some other embodiments, each subnet within a VCN may have its own associated VR, which can be addressed by the subnet using a reserved or default IP address associated with the VR. For example, the reserved or default IP address may be the first IP address in the range of IP addresses associated with the subnet. The VNIC in the subnet can use this default or reserved IP address to communicate with the VR associated with the subnet (e.g., send and receive data packets). In this embodiment, the VR is the ingress / egress point of the subnet. The VR associated with a subnet within the VCN can communicate with other VRs associated with other subnets within the VCN. The VR can also communicate with the gateway associated with the VCN. The VR functionality of the subnet runs on or is performed by one or more NVDs that perform the VNIC functionality of the VNICs in the subnet.

[0057] You can configure routing tables, security rules, and DHCP options for a VCN. A routing table is a virtual routing table used by the VCN and contains rules that route traffic from subnets within the VCN to destinations outside the VCN via gateways or specially configured instances. You can customize the VCN's routing table to control how packets are forwarded / routed to and from the VCN. DHCP options refer to configuration information automatically provided to the instance when it starts up.

[0058] Security rules configured for a VCN represent overlay firewall rules used by the VCN. Security rules can include ingress and egress rules, specifying the types of traffic allowed to enter and exit instances within the VCN (e.g., based on protocol and port). Clients can choose whether a given rule is stateful or stateless. For example, a client can allow incoming SSH traffic from anywhere to a set of instances by setting a stateful ingress rule with source CIDR 0.0.0.0 / 0 and destination TCP port 22. Security rules can be implemented using network security groups or security lists. A network security group consists of a set of security rules that apply only to resources within that group. A security list, on the other hand, includes rules applicable to all resources in any subnet using that security list. A default security list with default security rules can be provided to the VCN. DHCP options configured for the VCN provide configuration information that is automatically provided to instances within the VCN when the instance starts.

[0059] In some embodiments, configuration information for a VCN is determined and stored by the VCN control plane. For example, the configuration information for a VCN may include information about: the address range associated with the VCN, subnets and associated information within the VCN, one or more VRs associated with the VCN, compute instances and associated VNICs within the VCN, the NVD performing various virtualized network functions associated with the VCN (e.g., VNICs, VRs, gateways), status information for the VCN, and other VCN-related information. In some embodiments, the VCN distribution service publishes the configuration information or portions thereof stored by the VCN control plane to the NVD. The distributed information can be used to update information stored by the NVD and used to forward data packets to and from compute instances within the VCN (e.g., forwarding tables, routing tables, etc.).

[0060] In some embodiments, the creation of VCNs and subnets is handled by the VCN control plane (CP), and the initiation of compute instances is handled by the compute control plane. The compute control plane is responsible for allocating physical resources to the compute instances and then invoking the VCN control plane to create VNICs and attach them to the compute instances. The VCN CP also sends VCN data maps to the VCN data plane, which is configured to perform packet forwarding and routing functions. In some embodiments, the VCN CP provides a distribution service responsible for providing updates to the VCN data plane. Examples of VCN control planes are also available in... Figure 6 , Figure 7 , Figure 8 and Figure 9 (See reference numerals 616, 716, 816 and 916) which depict it and are described below.

[0061] Customers can create one or more VCNs using resources hosted by CSPI. Compute instances deployed on a customer's VCN can communicate with different endpoints. These endpoints can include endpoints hosted by CSPI and endpoints outside of CSPI.

[0062] Various architectures are used to implement cloud-based services using CSPI. Figure 1 , Figure 2 , Figure 3 , Figure 4 , Figure 5 , Figure 12-1 It is depicted in 6 and described below. Figure 1 This is a high-level diagram of a distributed environment 100, illustrating an overlay or client VCN hosted by CSPI according to certain embodiments. Figure 1 The distributed environment described includes multiple components in the overlay network. Figure 1 The distributed environment 100 depicted herein is merely an example and is not intended to unduly limit the scope of the claimed embodiments. Many variations, alternatives, and modifications are possible. For example, in some implementations, Figure 1 The distributed environment described in the text can have more than Figure 1 The more or fewer systems or components shown can be combined into two or more systems, or can have different system configurations or arrangements.

[0063] like Figure 1 As illustrated in the example, distributed environment 100 includes a CSPI 101 that provides services and resources that customers can subscribe to and use to build their Virtual Cloud Network (VCN). In some embodiments, CSPI 101 provides IaaS services to subscribing customers. Data centers within CSPI 101 can be organized into one or more regions. Figure 1 The example shown is Region US 102. The customer has already configured a customer VCN c / o Oracle International for Region 102. The customer can deploy various compute instances on VCN 104, which can include virtual machines or bare metal instances. Examples of instances include applications, databases, load balancers, etc.

[0064] exist Figure 1 In the embodiment depicted, customer VCN 104 includes two subnets, namely "Subnet-1" and "Subnet-2", each with its own CIDR IP address range. Figure 1In this configuration, subnet-1 covers the IP address range of 10.0 / 16, and subnet-2 covers the address range of 10.1 / 16. VCN Virtual Router 105 represents a logical gateway for the VCN, enabling communication between subnets within VCN 104 and with other endpoints outside the VCN. VCN VR 105 is configured to route traffic between the VNICs within VCN 104 and the gateway associated with VCN 104. VCN VR 105 provides a port for each subnet of VCN 104. For example, VR 105 could provide a port with IP address 10.0.0.1 for subnet-1 and a port with IP address 10.1.0.1 for subnet-2.

[0065] Multiple compute instances can be deployed on each subnet, where compute instances can be virtual machine instances and / or bare metal instances. Compute instances within a subnet can be hosted by one or more host machines within CSPI 101. Compute instances participate in the subnet via a VNIC associated with the compute instance. For example, as... Figure 1 As shown, compute instance C1 becomes part of subnet-1 via the VNIC associated with it. Similarly, compute instance C2 becomes part of subnet-1 via the VNIC associated with it. In a similar manner, multiple compute instances (which can be virtual machine instances or bare metal instances) can be part of subnet-1. Each compute instance is assigned a private overlay IP address and MAC address via its associated VNIC. For example, in... Figure 1 In this context, compute instance C1 has an overlay IP address of 10.0.0.2 and a MAC address of M1, while compute instance C2 has a private overlay IP address of 10.0.0.3 and a MAC address of M2. Each compute instance in subnet-1 (including compute instances C1 and C2) has a default route to VCN VR 105 using IP address 10.0.0.1, which is the IP address of the port used by VCN VR 105 in subnet-1.

[0066] Multiple compute instances, including virtual machine instances and / or bare metal instances, can be deployed on subnet-2. For example, such as Figure 1 As shown, compute instances D1 and D2 become part of subnet-2 via the VNIC associated with the respective compute instance. Figure 1 In the illustrated embodiment, compute instance D1 has an overlay IP address of 10.1.0.2 and a MAC address of MM1, while compute instance D2 has a private overlay IP address of 10.1.0.3 and a MAC address of MM2. Each compute instance in subnet-2 (including compute instances D1 and D2) has a default route to VCN VR 105 using IP address 10.1.0.1, which is the IP address of the port of VCN VR105 in subnet-2.

[0067] VCN A 104 may also include one or more load balancers. For example, a load balancer can be provided for a subnet, and the load balancer can be configured to load balance traffic across multiple compute instances on the subnet. Load balancers can also be provided to load balance traffic across subnets within a VCN.

[0068] A specific compute instance deployed on VCN 104 can communicate with a variety of different endpoints. These endpoints can include endpoints hosted by CSPI 200 and endpoints outside of CSPI 200. Endpoints hosted by CSPI 101 can include: endpoints on the same subnet as the specific compute instance (e.g., communication between two compute instances in subnet-1); endpoints on different subnets but within the same VCN (e.g., communication between a compute instance in subnet-1 and a compute instance in subnet-2); endpoints in different VCNs within the same region (e.g., communication between a compute instance in subnet-1 and endpoints in VCNs in the same region 106 or 110, or communication between a compute instance in subnet-1 and endpoints in service network 110 within the same region); or endpoints in VCNs in different regions (e.g., communication between a compute instance in subnet-1 and endpoints in VCNs in different regions 108). Compute instances in subnets hosted by CSPI 101 can also communicate with endpoints not hosted by CSPI 101 (i.e., outside of CSPI 101). These external endpoints include endpoints in the customer’s on-premises network 116, endpoints in other remote cloud-hosted networks 118, public endpoints 114 that are accessible via public networks such as the Internet, and other endpoints.

[0069] VNICs associated with source and destination compute instances facilitate communication between compute instances on the same subnet. For example, compute instance C1 in subnet-1 might want to send a packet to compute instance C2 in subnet-1. For a packet originating from the source compute instance and destined for another compute instance in the same subnet, the packet is first processed by the VNIC associated with the source compute instance. The processing performed by the VNIC associated with the source compute instance may include determining the packet's destination information from the packet header, identifying any policies (e.g., security lists) configured for the VNIC associated with the source compute instance, determining the packet's next hop, performing any packet encapsulation / decapsulation functions as needed, and then forwarding / routing the packet to the next hop to facilitate communication to its intended destination. When the destination compute instance is in the same subnet as the source compute instance, the VNIC associated with the source compute instance is configured to identify the VNIC associated with the destination compute instance and forward the packet to that VNIC for processing. The VNIC associated with the destination compute instance then performs the forwarding and forwarding of the packet to the destination compute instance.

[0070] For data packets to be transmitted from a compute instance in a subnet to an endpoint in a different subnet within the same VCN, communication is facilitated by the VNIC associated with the source and destination compute instances, as well as the VCN VR. For example, if Figure 1 If compute instance C1 in subnet-1 wants to send a data packet to compute instance D1 in subnet-2, the packet is first processed by the VNIC associated with compute instance C1. The VNIC associated with compute instance C1 is configured to route the packet to VCN VR 105 using the default route or port 10.0.0.1 of the VCN VR. VCN VR 105 is configured to route the packet to subnet-2 using port 10.1.0.1. Then, the VNIC associated with D1 receives and processes the packet and forwards it to compute instance D1.

[0071] For data packets to be transmitted from a compute instance in VCN 104 to an endpoint outside VCN 104, communication is facilitated by the VNIC associated with the source compute instance, VCN VR 105, and the gateway associated with VCN 104. One or more types of gateways can be associated with VCN 104. A gateway is an interface between a VCN and another endpoint located outside the VCN. A gateway is a Layer 3 / IP concept and enables a VCN to communicate with endpoints outside the VCN. Therefore, a gateway facilitates traffic flow between a VCN and other VCNs or networks. Various different types of gateways can be configured for a VCN to facilitate different types of communication with different types of endpoints. Depending on the gateway, communication can be conducted over a public network (e.g., the Internet) or over a private network. Various communication protocols can be used for these communications.

[0072] For example, compute instance C1 might want to communicate with an endpoint outside of VCN 104. The data packet can first be processed by the VNIC associated with the source compute instance C1. The VNIC processing determines that the packet's destination is outside C1's subnet-1. The VNIC associated with C1 can then forward the packet to VCN VR 105 for VCN 104. VCN VR 105 then processes the packet and, as part of the processing, determines the specific gateway associated with VCN 104 as the next hop for the packet based on its destination. VCN VR 105 can then forward the packet to the identified specific gateway. For example, if the destination is an endpoint within a customer's on-premises network, the packet can be forwarded by VCN VR 105 to the Dynamic Routing Gateway (DRG) gateway 122 configured for VCN 104. The packet can then be forwarded from the gateway to the next hop to facilitate delivery to its final intended destination.

[0073] Various types of gateways can be configured for a VCN. Examples of gateways that can be configured for a VCN are available in [link to example]. Figure 1 It is depicted in the diagram and described below. An example of a gateway associated with a VCN is also included. Figure 12 , Figure 13 , Figure 14 And the gateways depicted in Figure 15 (e.g., those referenced by reference numerals 1234, 1236, 1238, 1334, 1336, 1338, 1434, 1436, 1438, 1534, 1536 and 1538) and described below. Figure 1As illustrated in the embodiments depicted, a Dynamic Routing Gateway (DRG) 122 can be added to or associated with a customer VCN 104 and provides a path for private network traffic communication between the customer VCN 104 and another endpoint, which can be the customer's on-premises network 116, a VCN 108 in a different region of CSPI 101, or another remote cloud network 118 not hosted by CSPI 101. The customer's on-premises network 116 can be a customer network or customer data center built using the customer's resources. Access to the customer's on-premises network 116 is generally very restricted. For customers who have both an on-premises network 116 and one or more VCNs 104 deployed or hosted in the cloud by CSPI 101, the customer may want their on-premises network 116 and their cloud-based VCN 104 to be able to communicate with each other. This allows customers to build extended hybrid environments encompassing the customer's VCN 104 hosted by CSPI 101 and their on-premises network 116. DRG 122 enables this communication. To enable this type of communication, a communication channel 124 is established, with one endpoint located in the customer's on-premises network 116 and the other endpoint located in CSPI 101 and connected to the customer's VCN 104. Communication channel 124 can be transmitted over public or private communication networks. Various communication protocols can be used, such as IPsec VPN technology over public networks (such as the Internet), Oracle's FastConnect technology using a private network instead of a public network, etc. The device or equipment forming one endpoint of communication channel 124 in the customer's on-premises network 116 is referred to as customer premises equipment (CPE), such as... Figure 1 The CPE 126 is depicted in the diagram. On the CSPI 101 side, the endpoint can be the host machine executing DRG 122.

[0074] In some embodiments, a remote peering connection (RPC) can be added to the DRG, which allows a customer to peer one VCN with another VCN in a different region. Using such an RPC, customer VCN 104 can use DRG 122 to connect to VCN 108 in another region. DRG 122 can also be used to communicate with other remote cloud networks 118 not hosted by CSPI 101, such as Microsoft Azure Cloud, Amazon AWS Cloud, etc.

[0075] like Figure 1As shown, an Internet Gateway (IGW) 120 can be configured for customer VCN 104, enabling compute instances on VCN 104 to communicate with a public endpoint 114 accessible via a public network, such as the Internet. IGW 120 is a gateway connecting the VCN to a public network, such as the Internet. IGW 120 enables public subnets within the VCN (such as VCN 104), where resources have publicly overridden IP addresses, to directly access a public endpoint 112 on the public network 114 (such as the Internet). Using IGW 120, connections can be initiated from subnets within VCN 104 or from the Internet.

[0076] Network Address Translation (NAT) gateway 128 can be configured for a customer's VCN 104, enabling cloud resources within the customer's VCN that do not have dedicated public overlay IP addresses to access the Internet, and it does so without exposing those resources to directly incoming Internet connections (e.g., L4-L7 connections). This allows private subnets within the VCN (such as private subnet-1 in VCN 104) to privately access public endpoints on the Internet. In a NAT gateway, connections can only be initiated from a private subnet to the public Internet, and not from the Internet to a private subnet.

[0077] In some embodiments, a Service Gateway (SGW) 126 may be configured for a customer's VCN 104 and provide a path for private network traffic between VCN 104 and service endpoints supported in Service Network 110. In some embodiments, Service Network 110 may be provided by a CSP and may offer a variety of services. An example of such a service network is Oracle's service network, which provides a variety of services available to customers. For example, compute instances (e.g., database systems) in a private subnet of customer VCN 104 may back up data to service endpoints (e.g., object storage) without requiring a public IP address or access to the Internet. In some embodiments, a VCN may have only one SGW, and connections may only originate from subnets within the VCN, not from Service Network 110. If a VCN is peered to another, resources in the other VCN typically cannot access the SGW. Resources in an on-premises network connected to a VCN using FastConnect or VPN Connect may also use the Service Gateway configured for that VCN.

[0078] In some implementations, the SGW 126 uses the concept of a Service Classless Inter-Domain Routing (CIDR) label, which is a string representing the range of all regional public IP addresses used for the service or group of services of interest. Customers use the Service CIDR label when configuring the SGW and associated routing rules to control traffic to the service. Customers can optionally use it when configuring security rules without needing to adjust the security rules if the public IP addresses of the service change in the future.

[0079] Local peering gateway (LPG) 132 is a gateway that can be added to customer VCN 104 and enable VCN 104 to peer with another VCN in the same area. Peering refers to VCNs communicating using private IP addresses without traffic traversing public networks (such as the Internet) or routing traffic through the customer's on-premises network 116. In a preferred embodiment, a VCN has a separate LPG for each peering it establishes. Local peering, or VCN peering, is a common practice for establishing network connectivity between different applications or infrastructure management functions.

[0080] Service providers (such as service providers in service network 110) can offer access to services using different access models. Under the public access model, a service can be exposed as a public endpoint accessible to compute instances within a customer's VCN via a public network (such as the Internet), and / or privately accessible via SGW 126. Under a specific private access model, a service can be accessed as a private IP endpoint within a private subnet of the customer's VCN. This is called Private Endpoint (PE) access and enables service providers to expose their services as instances within the customer's private network. A private endpoint resource represents a service within the customer's VCN. Each PE is represented as a VNIC (called a PE-VNIC, with one or more private IPs) within the customer's VCN in a subnet chosen by the customer. Thus, the PE provides a way to present services within a private customer VCN subnet using the VNIC. Because the endpoint is exposed as a VNIC, all features associated with the VNIC (such as routing rules, security lists, etc.) are now available to the PE VNIC.

[0081] Service providers can register their services to enable access via a Virtual Private Server (PE). Providers can associate policies with services, which restricts the visibility of services to customer leases. Providers can register multiple services under a single Virtual IP address (VIP), especially for multi-tenant services. Multiple such private endpoints (across multiple VCNs) can represent the same service.

[0082] Compute instances in a private subnet can then access the service using the private IP address or service DNS name of the PE VNIC. Compute instances in a customer VCN can access the service by sending traffic to the private IP address of the PE in the customer VCN. A Private Access Gateway (PAGW) 130 is a gateway resource that can be attached to a service provider VCN (e.g., a VCN in service network 110), which acts as the ingress / egress point for all traffic originating from / to the private endpoint of the customer subnet. PAGW 130 enables providers to scale the number of PE connections without utilizing their internal IP address resources. Providers only need to configure one PAGW for any number of services registered in a single VCN. Providers can represent services as private endpoints in multiple VCNs of one or more customers. From the customer's perspective, the PE VNIC is not an instance attached to the customer, but rather appears to be attached to the service that the customer wishes to interact with. Traffic to the private endpoint is routed to the service via PAGW 130. These are referred to as customer-to-service private connections (C2S connections).

[0083] The PE concept can also be used to extend private access to services to the customer's on-premises network and data center by allowing traffic to flow through FastConnect / IPsec links and private endpoints within the customer's VCN. Private access to services can also be extended to the customer's peering VCN by allowing traffic to flow between the LPG 132 and the PE within the customer's VCN.

[0084] Customers can control routing within a VCN at the subnet level, allowing them to specify which subnets within a customer's VCN (such as VCN104) use each gateway. The VCN's routing table is used to determine whether traffic is allowed to leave the VCN via a specific gateway. For example, in a given instance, the routing table for public subnets within customer VCN 104 might send non-local traffic via IGW 120. The routing table for private subnets within the same customer VCN 104 might send traffic destined for CSP services via SGW 126. All remaining traffic might be sent via NAT gateway 128. The routing table only controls traffic leaving the VCN.

[0085] Security lists associated with a VCN are used to control traffic entering the VCN via a gateway through inbound connections. All resources within a subnet use the same routing tables and security lists. Security lists can be used to control specific types of traffic allowed to enter or leave instances within a subnet of the VCN. Security list rules can include inbound and outbound rules. For example, inbound rules can specify allowed source address ranges, while outbound rules can specify allowed destination address ranges. Security rules can specify specific protocols (e.g., TCP, ICMP), specific ports (e.g., port 22 for SSH, port 3389 for Windows RDP), etc. In some implementations, the instance's operating system can enforce its own firewall rules that conform to the security list rules. Rules can be stateful (e.g., tracking connections and automatically allowing responses without explicit security list rules for response traffic) or stateless.

[0086] Access from a customer's VCN (i.e., through resources or compute instances deployed on VCN 104) can be categorized as public access, private access, or dedicated access. Public access refers to an access model that uses a public IP address or NAT to access a public endpoint. Private access enables customer workloads (e.g., resources in a private subnet) with private IP addresses within VCN 104 to access services without traversing a public network such as the Internet. In some embodiments, CSPI 101 enables customer VCN workloads with private IP addresses to access the public endpoint of a service (a service) using a service gateway. Thus, the service gateway provides a private access model by establishing a virtual link between the customer's VCN and the public endpoint of a service residing outside the customer's private network.

[0087] Furthermore, CSPI can provide private public access using technologies such as FastConnect public peering, where on-premises instances can access one or more services within a customer's VCN using FastConnect connections without traversing public networks such as the internet. CSPI can also provide private private access using FastConnect private peering, where on-premises instances with private IP addresses can access a customer's VCN workloads using FastConnect connections. FastConnect is a network connectivity alternative to using the public internet to connect a customer's on-premises network to CSPI and its services. Compared to internet-based connections, FastConnect offers a simple, flexible, and cost-effective way to create private and private connections with higher bandwidth options and a more reliable and consistent network experience.

[0088] Figure 1The accompanying description above describes the various virtualized components in the example virtual network. As mentioned above, the virtual network is built on the underlying physical or base network. Figure 2 A simplified architecture diagram of the physical components within the physical network of the CSPI 200, which provides the underlying layer for virtual networks according to certain embodiments, is depicted. As shown, the CSPI 200 provides a distributed environment including components and resources (e.g., compute, storage, and networking resources) provided by a cloud service provider (CSP). These components and resources are used to provide cloud services (e.g., IaaS services) to subscribed customers (i.e., customers who have subscribed to one or more services provided by the CSP). Based on the services subscribed to by the customer, a subset of the resources of the CSPI 200 (e.g., compute, storage, and networking resources) is provisioned to the customer. The customer can then use the physical compute, storage, and networking resources provided by the CSPI 200 to build their own cloud-based (i.e., CSPI-hosted) customizable and private virtual networks. As indicated above, these customer networks are referred to as Virtual Cloud Networks (VCNs). Customers can deploy one or more customer resources, such as compute instances, on these customer VCNs. Compute instances can take the form of virtual machines, bare metal instances, etc. The CSPI 200 provides infrastructure and a complementary set of cloud services that enable customers to build and run a wide range of applications and services in a highly available managed environment.

[0089] exist Figure 2 In the example embodiment depicted, the physical components of CSPI 200 include one or more physical host machines or physical servers (e.g., 202, 206, 208), network virtualization devices (NVDs) (e.g., 210, 212), top-of-rack (TOR) switches (e.g., 214, 216), and a physical network (e.g., 218), as well as switches within physical network 218. The physical host machines or servers can host and execute various compute instances participating in one or more subnets of the VCN. Compute instances can include virtual machine instances and bare metal instances. For example, Figure 1 The various computational examples described in the text can be derived from... Figure 2 The physical host machine described in the diagram is used for hosting virtual machine compute instances. Virtual machine compute instances in a VCN can be executed by one host machine or multiple different host machines. Physical host machines can also host virtual host machines, container-based hosts, or functions, etc. Figure 1 The VNIC and VCN VR described in the text can be generated by Figure 2 The NVD execution described in the text. Figure 1 The gateway described herein can be a host machine and / or a... Figure 2 The NVD execution described in [the document / document].

[0090] A host machine or server can execute a hypervisor (also known as a virtual machine monitor or VMM) that creates and enables virtualized environments on the host machine. Virtualized or virtualized environments facilitate cloud-based computing. One or more compute instances can be created, executed, and managed on the host machine by a hypervisor on that host machine. The hypervisor on the host machine enables the host machine's physical computing resources (e.g., compute, storage, and networking resources) to be shared among various compute instances executed by the host machine.

[0091] For example, such as Figure 2 As depicted, host machines 202 and 208 execute hypervisors 260 and 266, respectively. These hypervisors can be implemented using software, firmware, or hardware, or a combination thereof. Typically, a hypervisor is a processing or software layer located above the host machine's operating system (OS), which in turn executes on the host machine's hardware processor. Hypervisors provide a virtualized environment by enabling the host machine's physical computing resources (e.g., processing resources such as processors / cores, memory resources, networking resources) to be shared among various virtual machine computing instances executed by the host machine. For example, in... Figure 2 In this configuration, the hypervisor 260 can reside on top of the operating system of the host machine 202 and enable the computing resources (e.g., processing, memory, and networking resources) of the host machine 202 to be shared among computing instances (e.g., virtual machines) executed by the host machine 202. A virtual machine can have its own operating system (called a guest operating system), which may be the same as or different from the host machine's operating system. The operating system of a virtual machine executed by the host machine can be the same as or different from the operating system of another virtual machine executed by the same host machine. Therefore, the hypervisor enables multiple operating systems to be executed simultaneously, sharing the same computing resources of the host machine. Figure 2 The host machines described in the text may have the same or different types of management programs.

[0092] A compute instance can be a virtual machine instance or a bare metal instance. Figure 2 In the diagram, compute instance 268 on host machine 202 and compute instance 274 on host machine 208 are examples of virtual machine instances. Host machine 206 is an example of a bare metal instance provided to a customer.

[0093] In some cases, an entire host machine can be provisioned to a single customer, and one or more compute instances (or virtual machines or bare metal instances) hosted by that host machine all belong to the same customer. In other cases, the host machine can be shared among multiple customers (i.e., multiple tenants). In this multi-tenancy scenario, the host machine can host virtual machine compute instances belonging to different customers. These compute instances can be members of different VCNs for different customers. In some embodiments, bare metal compute instances are hosted by bare metal servers without a hypervisor. When provisioning a bare metal compute instance, a single customer or tenant maintains control over the physical CPU, memory, and network interfaces of the host machine hosting that bare metal instance, and the host machine is not shared with other customers or tenants.

[0094] As previously described, each compute instance, as part of a VCN, is associated with a VNIC that enables that compute instance to become a member of a subnet of the VCN. The VNIC associated with a compute instance facilitates communication of packets or frames to and from the compute instance. The VNIC is associated with the compute instance when it is created. In some embodiments, for compute instances executed by a host machine, the VNIC associated with that compute instance is executed by an NVD connected to the host machine. For example, in Figure 2 In this example, host machine 202 executes a virtual machine compute instance 268 associated with VNIC 276, and VNIC 276 is executed by NVD 210 connected to host machine 202. As another example, a bare metal instance 272 hosted by host machine 206 is associated with VNIC 280 executed by NVD 212 connected to host machine 206. As yet another example, VNIC 284 is associated with compute instance 274 executed by host machine 208, and VNIC 284 is executed by NVD 212 connected to host machine 208.

[0095] For compute instances hosted by a host machine, NVDs connected to that host machine also execute VCN VR corresponding to the VCN where the compute instance is a member. For example, in Figure 2 In the embodiment depicted, NVD 210 executes VCN VR 277 corresponding to the VCN of compute instance 268, which is a member of NVD 212. NVD 212 may also execute one or more VCN VR 283 corresponding to the VCNs of compute instances hosted by host machines 206 and 208.

[0096] The host machine may include one or more network interface cards (NICs) that enable the host machine to connect to other devices. The NIC on the host machine may provide one or more ports (or interfaces) that allow the host machine to communicatively connect to another device. For example, the host machine may connect to the NVD using one or more ports (or interfaces) provided on the host machine and the NVD. The host machine may also connect to other devices, such as another host machine.

[0097] For example, in Figure 2 In this configuration, host machine 202 is connected to NVD 210 via link 220, which extends between port 234 provided by NIC 232 of host machine 202 and port 236 of NVD 210. Host machine 206 is connected to NVD 212 via link 224, which extends between port 246 provided by NIC 244 of host machine 206 and port 248 of NVD 212. Host machine 208 is connected to NVD 212 via link 226, which extends between port 252 provided by NIC 250 of host machine 208 and port 254 of NVD 212.

[0098] The NVD is then connected to top-of-rack (TOR) switches via communication links, which are connected to physical network 218 (also known as a switch architecture). In some embodiments, the links between the host machine and the NVD, and between the NVD and the TOR switches, are Ethernet links. For example, in Figure 2 In this configuration, NVDs 210 and 212 are connected to TOR switches 214 and 216 via links 228 and 230, respectively. In some embodiments, links 220, 224, 226, 228, and 230 are Ethernet links. The collection of host machines and NVDs connected to the TOR is sometimes referred to as a rack.

[0099] Physical network 218 provides a communication architecture that enables TOR switches to communicate with each other. Physical network 218 can be a multi-layer network. In some implementations, physical network 218 is a multi-layer Clos network of switches, where TOR switches 214 and 216 represent leaf-level nodes of the multi-layer and multi-node physical switching network 218. Different Clos network configurations are possible, including but not limited to Layer 2 networks, Layer 3 networks, Layer 4 networks, Layer 5 networks, and general "n"-layer networks. Examples of Clos networks are provided in... Figure 5 It is depicted in the middle and described below.

[0100] Various connection configurations can exist between the host machine and the NVD, such as one-to-one, many-to-one, and one-to-many configurations. In a one-to-one configuration, each host machine connects to its own individual NVD. For example, in... Figure 2 In this configuration, host machine 202 connects to NVD 210 via its NIC 232. In a many-to-one configuration, multiple host machines connect to a single NVD. For example, in... Figure 2 In this configuration, host machines 206 and 208 are connected to the same NVD 212 via NICs 244 and 250, respectively.

[0101] In a one-to-many configuration, a host machine connects to multiple NVDs. Figure 3 An example within the CSPI 300 is shown, where a host machine is connected to multiple NVDs. (Example follows) Figure 3 As shown, host machine 302 includes a network interface card (NIC) 304, which includes multiple ports 306 and 308. Host machine 300 is connected to a first NVD 310 via port 306 and link 320, and to a second NVD 312 via port 308 and link 322. Ports 306 and 308 can be Ethernet ports, and links 320 and 322 between host machine 302 and NVDs 310 and 312 can be Ethernet links. NVD 310 is further connected to a first TOR switch 314, and NVD 312 is connected to a second TOR switch 316. Links between NVDs 310 and 312 and TOR switches 314 and 316 can be Ethernet links. TOR switches 314 and 316 represent Layer 0 switching devices in a multi-layer physical network 318.

[0102] Figure 3 The arrangement depicted provides two separate physical network paths to and from the physical switch network 318 and the host machine 302: the first path goes through TOR switch 314 to NVD 310 and then to host machine 302, and the second path goes through TOR switch 316 to NVD 312 and then to host machine 302. These separate paths provide enhanced availability (referred to as high availability) for host machine 302. If one of the paths (e.g., a link in one of the paths breaks) or a device (e.g., a particular NVD is not running) experiences a problem, the other path can be used for communication to / from host machine 302.

[0103] exist Figure 3 In the configuration depicted, the host machine connects to two different NVDs using two different ports provided by the host machine's NIC. In other embodiments, the host machine may include multiple NICs that enable the host machine to connect to multiple NVDs.

[0104] Return to reference Figure 2An NVD is a physical device or component that performs one or more network and / or storage virtualization functions. An NVD can be any device with one or more processing units (e.g., CPU, Network Processing Unit (NPU), FPGA, packet processing pipeline, etc.), cached memory, and ports. Various virtualization functions can be executed by software / firmware performed by one or more processing units of the NVD.

[0105] NVDs can be implemented in various different forms. For example, in some embodiments, an NVD is implemented as an interface card called a smartNIC or a smart NIC with an onboard embedded processor. A smartNIC is a device separate from the NIC on the host machine. Figure 2 In this context, NVD 210 and 212 can be implemented as smartNICs connected to host machine 202 and host machines 206 and 208, respectively.

[0106] However, smartNIC is just one example of an NVD implementation. Various other implementations are possible. For example, in some other implementations, NVD, or one or more functions performed by NVD, may be integrated into or performed by one or more host machines, one or more TOR switches, and other components of the CSPI 200. For instance, NVD may be implemented within a host machine, where the functions performed by NVD are performed by the host machine. As another example, NVD may be part of a TOR switch, or the TOR switch may be configured to perform functions performed by NVD, enabling the TOR switch to perform various complex packet transformations for public clouds. A TOR performing the functions of NVD is sometimes referred to as a smart TOR. In other implementations that serve virtual machine (VM) instances rather than bare metal (BM) instances to customers, the functions performed by NVD may be implemented within the hypervisor of the host machine. In some other implementations, some of the functions of NVD may be offloaded to a centralized service running on a cluster of host machines.

[0107] In some embodiments, such as when implemented as Figure 2 As shown in the smartNIC diagram, the NVD can include multiple physical ports that enable it to connect to one or more host machines and one or more TOR switches. Ports on the NVD can be classified as host-facing ports (also known as "south ports") or network-facing or TOR-facing ports (also known as "north ports"). The host-facing ports of the NVD are those used to connect the NVD to the host machine. Figure 2 Examples of host-facing ports include port 236 on the NVD 210 and ports 248 and 254 on the NVD 212. Network-facing ports on the NVD are used to connect the NVD to a TOR switch. Figure 2 Examples of network-facing ports include port 256 on the NVD 210 and port 258 on the NVD 212. Figure 2 As shown, NVD 210 is connected to TOR switch 214 via link 228, which extends from port 256 of NVD 210 to TOR switch 214. Similarly, NVD 212 is connected to TOR switch 216 via link 230, which extends from port 258 of NVD 212 to TOR switch 216.

[0108] The NVD receives packets and frames from the host machine (e.g., packets and frames generated by compute instances hosted on the host machine) via its host-facing port, and after performing the necessary packet processing, can forward the packets and frames to the TOR switch via its network-facing port. The NVD can also receive packets and frames from the TOR switch via its network-facing port, and after performing the necessary packet processing, can forward the packets and frames to the host machine via its host-facing port.

[0109] In some embodiments, there can be multiple ports and associated links between the NVD and TOR switches. These ports and links can be aggregated to form a link aggregation group (called a LAG) of multiple ports or links. Link aggregation allows multiple physical links between two endpoints (e.g., between the NVD and TOR switches) to be treated as a single logical link. All physical links in a given LAG can operate at the same speed in full-duplex mode. LAGs help increase the bandwidth and reliability of the connection between two endpoints. If one of the physical links in the LAG fails, traffic is dynamically and transparently reassigned to one of the other physical links in the LAG. Aggregated physical links deliver higher bandwidth than each individual link. Multiple ports associated with an LAG are treated as a single logical port. Traffic can be load balanced across multiple physical links in the LAG. One or more LAGs can be configured between two endpoints. These endpoints can be located between the NVD and TOR switches, between a host machine and the NVD, etc.

[0110] The NVD implements or performs network virtualization functions. These functions are performed by software / firmware executed through the NVD. Examples of network virtualization functions include, but are not limited to: packet encapsulation and decapsulation functions; functions for creating VCN networks; functions for implementing network policies, such as VCN security list (firewall) functionality; functions for facilitating the routing and forwarding of packets to and from compute instances in the VCN; and so on. In some embodiments, upon receiving a packet, the NVD is configured to execute a packet processing pipeline for processing the packet and determining how to forward or route the packet. As part of this packet processing pipeline, the NVD may perform one or more virtual functions associated with the overlay network, such as executing VNICs associated with compute instances in the VCN, executing virtual routers (VRs) associated with the VCN, packet encapsulation and decapsulation to facilitate forwarding or routing in the virtual network, execution of certain gateways (e.g., local peer gateways), implementation of security lists, network security groups, Network Address Translation (NAT) functionality (e.g., host-by-host translation of public IPs to private IPs), throttling functions, and other functions.

[0111] In some embodiments, the packet processing data path in the NVD may include multiple packet pipelines, each consisting of a series of packet transformation stages. In some implementations, upon receiving a packet, the packet is parsed and classified into a single pipeline. The packet is then processed linearly, stage by stage, until the packet is dropped or sent out through the NVD's interface. These stages provide basic functional packet processing building blocks (e.g., header verification, throttling, insertion of new Layer 2 headers, L4 firewall enforcement, VCN encapsulation / decapsulation, etc.) so that new pipelines can be built by combining existing stages, and new functionality can be added by creating new stages and inserting them into existing pipelines.

[0112] NVD can perform both the control plane and data plane functions corresponding to those of VCN. An example of the VCN control plane is also available in... Figure 12 , Figure 13 , Figure 14 And as depicted in Figure 15 (see reference numerals 1216, 1316, 1416 and 1516) and described below. An example of the VCN data plane is shown in... Figure 12 , Figure 13 , Figure 14As depicted in Figure 15 (see reference numerals 1218, 1318, 1418, and 1518) and described below, the control plane functionality includes features for configuring how control data is forwarded on the network (e.g., setting routes and routing tables, configuring VNICs, etc.). In some embodiments, a VCN control plane is provided that centrally computes all overlay mappings to the base layer and publishes them to the NVD and virtual network edge devices (such as various gateways, such as DRGs, SGWs, IGWs, etc.). Firewall rules can also be published using the same mechanism. In some embodiments, the NVD only receives mappings associated with that NVD. The data plane functionality includes the ability to actually route / forward packets based on the configuration established using the control plane. The VCN data plane is implemented by encapsulating client network packets before they traverse the base network. Encapsulation / decapsulation functionality is implemented on the NVD. In some embodiments, the NVD is configured to intercept all network packets entering and leaving the host machine and perform network virtualization functions.

[0113] As indicated above, NVD performs various virtualization functions, including VNIC and VCN VR. NVD can execute VNICs associated with compute instances hosted on one or more host machines connected to the VNIC. For example, as... Figure 2 As depicted, NVD 210 performs the functionality of VNIC 276 associated with compute instance 268 hosted by host machine 202 connected to NVD 210. As another example, NVD 212 performs VNIC 280 associated with bare-metal compute instance 272 hosted by host machine 206, and VNIC 284 associated with compute instance 274 hosted by host machine 208. Host machines can host compute instances belonging to different VCNs (which belong to different customers), and NVDs connected to host machines can perform VNICs corresponding to compute instances (i.e., perform VNIC-related functionality).

[0114] NVD also executes a VCN virtual router corresponding to the VCN of the compute instance. For example, in Figure 2 In the embodiments depicted, NVD 210 executes VCN VR 277 corresponding to the VCN to which compute instance 268 belongs. NVD 212 executes one or more VCN VR 283 corresponding to one or more VCNs to which compute instances hosted by host machines 206 and 208 belong. In some embodiments, the VCN VR corresponding to a VCN is executed by all NVDs connected to host machines hosting at least one compute instance belonging to that VCN. If a host machine hosts compute instances belonging to different VCNs, then NVDs connected to that host machine can execute VCN VR corresponding to those different VCNs.

[0115] In addition to VNIC and VCN VR, NVD can execute various software (e.g., daemons) and includes one or more hardware components that facilitate various network virtualization functions performed by NVD. For simplicity, these various components are grouped together as... Figure 2 The “packet processing component” is shown in the diagram. For example, NVD 210 includes packet processing component 286 and NVD 212 includes packet processing component 288. For example, a packet processing component for an NVD may include a packet processor configured to interact with the NVD’s ports and hardware interface to monitor all packets received by and transmitted using the NVD and to store network information. Network information may include, for example, network flow information identifying different network flows handled by the NVD and per-flow information (e.g., per-flow statistics). In some embodiments, network flow information may be stored on a per-VNIC basis. The packet processor may perform per-packet manipulation and implement stateful NAT and L4 firewall (FW). As another example, a packet processing component may include a replication agent configured to copy information stored by the NVD to one or more different replication target repositories. As yet another example, a packet processing component may include a logging agent configured to perform logging functions of the NVD. The packet processing component may also include software for monitoring the performance and health of the NVD and may also monitor the status and health of other components connected to the NVD.

[0116] Figure 1 The components of an example virtual or overlay network are shown, including a VCN, subnets within the VCN, compute instances deployed on the subnets, VNICs associated with the compute instances, a VR for the VCN, and a set of gateways configured for the VCN. Figure 1 The overlay component described in the text can be made by Figure 2 One or more executions or hosts are described in the physical components. For example, a compute instance in a VCN can be executed or managed by... Figure 2 The VNIC described herein is executed or hosted by one or more host machines. For a compute instance hosted by a host machine, the VNIC associated with that compute instance is typically executed by an NVD connected to that host machine (i.e., VNIC functionality is provided by an NVD connected to that host machine). The VCN VR functionality for a VCN is executed by all NVDs connected to the host machine hosting or executing a compute instance as part of that VCN. The gateway associated with a VCN can be executed by one or more different types of NVDs. For example, some gateways can be executed by smartNICs, while others can be executed by one or more host machines or other implementations of NVDs.

[0117] As described above, compute instances in a client VCN can communicate with various endpoints, which may be in the same subnet as the source compute instance, in a different subnet but within the same VCN as the source compute instance, or outside the source compute instance's VCN. These communications are facilitated using VNICs, VCN VRs, and gateways associated with the VCNs.

[0118] For communication between two compute instances on the same subnet within a VCN, a VNIC associated with both the source and destination compute instances facilitates the communication. The source and destination compute instances can be hosted by the same host machine or different host machines. Packets originating from the source compute instance can be forwarded from the host machine hosting the source compute instance to an NVD connected to that host machine. On the NVD, packets are processed using a packet processing pipeline, which may include the execution of the VNIC associated with the source compute instance. Because the destination endpoint of the packet is within the same subnet, the execution of the VNIC associated with the source compute instance results in the packet being forwarded to the NVD executing the VNIC associated with the destination compute instance, which then processes the packet and forwards it to the destination compute instance. The VNIC associated with the source and destination compute instances can execute on the same NVD (e.g., when the source and destination compute instances are hosted by the same host machine) or on different NVDs (e.g., when the source and destination compute instances are hosted by different host machines connected to different NVDs). The VNIC can use a routing / forwarding table stored by the NVD to determine the next hop for the packet.

[0119] For packets destined for endpoints in different subnets within the same VCN, the packets originating from the source compute instance are routed from the host machine hosting the source compute instance to an NVD connected to that host machine. On the NVD, the packets are processed using a packet processing pipeline, which may include the execution of one or more VNICs and the VR associated with the VCN. For example, as part of the packet processing pipeline, the NVD executes or invokes functionality corresponding to the VNIC associated with the source compute instance (also known as executing the VNIC). Functionality executed by the VNIC may include viewing VLAN tags on the packets. Since the packet's destination is outside the subnet, the VCN VR functionality is then invoked and executed by the NVD. The VCN VR then routes the packets to the NVD executing the VNIC associated with the destination compute instance. The VNIC associated with the destination compute instance then processes the packets and forwards them to the destination compute instance. The VNICs associated with the source and destination compute instances may execute on the same NVD (e.g., when the source and destination compute instances are hosted by the same host machine) or on different NVDs (e.g., when the source and destination compute instances are hosted by different host machines connected to different NVDs).

[0120] If the destination of a data packet is outside the VCN of the source compute instance, the packet originating from the source compute instance is transmitted from the host machine hosting the source compute instance to the NVD connected to that host machine. The NVD executes the VNIC associated with the source compute instance. Since the destination endpoint of the packet is outside the VCN, the packet is subsequently processed by the VCN VR used by that VCN. The NVD invokes the VCN VR functionality, which may result in the packet being forwarded to the NVD executing the appropriate gateway associated with the VCN. For example, if the destination is an endpoint within a customer's on-premises network, the packet may be forwarded by the VCN VR to the NVD executing the DRG gateway configured for the VCN. The VCN VR may execute on the same NVD as the NVD executing the VNIC associated with the source compute instance, or it may be executed by a different NVD. The gateway may be executed by the NVD, which may be a smartNIC, a host machine, or another NVD implementation. The packet is then processed by the gateway and forwarded to the next hop, which facilitates the delivery of the packet to its intended destination endpoint. For example, in Figure 2In the embodiment depicted, data packets originating from compute instance 268 can be transmitted from host machine 202 to NVD 210 via link 220 (using NIC 232). On NVD 210, VNIC 276 is invoked because it is the VNIC associated with the source compute instance 268. VNIC 276 is configured to examine the information encapsulated in the data packets and determine the next hop for forwarding the data packets, with the aim of facilitating the transmission of the data packets to their intended destination endpoint, and then forwarding the data packets to the determined next hop.

[0121] Compute instances deployed on a VCN can communicate with a variety of endpoints. These endpoints can include endpoints hosted by CSPI 200 and endpoints outside of CSPI 200. Endpoints hosted by CSPI 200 can include instances within the same VCN or other VCNs, which can be the customer's VCN or a VCN not belonging to the customer. Communication between endpoints hosted by CSPI 200 can be performed via physical network 218. Compute instances can also communicate with endpoints not hosted by CSPI 200 or outside of CSPI 200. Examples of these endpoints include endpoints within the customer's on-premises network or data center, or public endpoints accessible via public networks such as the Internet. Communication with endpoints outside of CSPI 200 can use various communication protocols over public networks (e.g., the Internet). Figure 2 (not shown in the image) or a dedicated network ( Figure 2 (Not shown in the image) to execute.

[0122] Figure 2 The architecture of the CSPI 200 depicted herein is merely an example and is not intended to be limiting. Variations, alternatives, and modifications are possible in alternative embodiments. For example, in some implementations, the CSPI 200 may have more advanced features than... Figure 2 The systems or components shown may include more or fewer systems or components, and may combine two or more systems, or may have different system configurations or arrangements. Figure 2 The systems, subsystems, and other components described herein may be implemented in software (e.g., code, instructions, programs) executed by one or more processing units (e.g., processors, cores) of the respective system, using hardware, or a combination thereof. The software may be stored on a non-transitory storage medium (e.g., a memory device).

[0123] Figure 4 The connectivity between the host machine and the NVD, according to certain embodiments, is described for providing I / O virtualization to support multi-tenancy. For example... Figure 4As depicted, host machine 402 executes a hypervisor 404 that provides a virtualized environment. Host machine 402 executes two virtual machine instances, VM1 406 belonging to customer / tenant #1 and VM2 408 belonging to customer / tenant #2. Host machine 402 includes a physical NIC 410 connected to NVD 412 via link 414. Each compute instance is attached to a VNIC executed by NVD 412. Figure 4 In one embodiment, VM1 406 is attached to VNIC-VM1 420 and VM2 408 is attached to VNIC-VM2 422.

[0124] like Figure 4 As shown, NIC 410 includes two logical NICs, logical NIC A 416 and logical NIC B 418. Each virtual machine is attached to its own logical NIC and configured to work with its own logical NIC. For example, VM1 406 is attached to logical NIC A 416, and VM2 408 is attached to logical NIC B 418. Although host machine 402 includes only one physical NIC 410 shared by multiple tenants, each tenant's virtual machines believe they have their own host machine and NIC due to the logical NICs.

[0125] In some embodiments, each logical NIC is assigned its own VLAN ID. Thus, a specific VLAN ID is assigned to logical NIC A 416 for tenant #1, and a different VLAN ID is assigned to logical NIC B 418 for tenant #2. When a packet is transmitted from VM1 406, the hypervisor appends a tag assigned to tenant #1 to the packet, and the packet is then transmitted from host machine 402 to NVD 412 via link 414. Similarly, when a packet is transmitted from VM2 408, the hypervisor appends a tag assigned to tenant #2 to the packet, and the packet is then transmitted from host machine 402 to NVD 412 via link 414. Therefore, the packet 424 transmitted from host machine 402 to NVD 412 has an associated tag 426 identifying the specific tenant and the associated VM. On the NVD, for a data packet 424 received from the host machine 402, the tag 426 associated with the data packet is used to determine whether the data packet is processed by VNIC-VM1 420 or VNIC-VM2 422. The data packet is then processed by the corresponding VNIC. Figure 4 The configuration described in the document allows each tenant's compute instance to believe that it owns its own host machine and NIC. Figure 4 The setup described in the document provides I / O virtualization to support multi-tenancy.

[0126] Figure 5A simplified block diagram of a physical network 500 according to certain embodiments is depicted. Figure 5 The embodiments depicted are structured as Clos networks. Clos networks are a specific type of network topology designed to provide connectivity redundancy while maintaining high bandwidth and maximum resource utilization. Clos networks are non-blocking, multi-stage or multi-layer switching networks, where the number of stages or layers can be two, three, four, five, etc. Figure 5 The embodiment depicted is a Layer 3 network, including Layer 1, Layer 2, and Layer 3. TOR switch 504 represents a Layer 0 switch in a Clos network. One or more NVDs are connected to the TOR switch. Layer 0 switches are also referred to as edge devices of the physical network. Layer 0 switches are connected to Layer 1 switches, also known as leaf switches. Figure 5 In the embodiments depicted, a group of "n" Layer 0 TOR switches are connected to a group of "n" Layer 1 switches, forming a pod. Each Layer 0 switch in the pod is interconnected to all Layer 1 switches in that pod, but there is no switch connectivity between pods. In some implementations, two pods are referred to as blocks. Each block is served by or connected to a group of "n" Layer 2 switches (sometimes called backbone switches). There can be several blocks in the physical network topology. The Layer 2 switches are then connected to "n" Layer 3 switches (sometimes called super backbone switches). Communication of packets on the physical network 500 is typically performed using one or more Layer 3 communication protocols. Typically, all layers of the physical network (except the TOR layer) are n-way redundant, thus allowing for high availability. Policies can be specified for pods and blocks to control the visibility of switches to each other in the physical network, thereby enabling scaling of the physical network.

[0127] A key characteristic of Clos networks is that the maximum number of hops from one Layer 0 switch to another (or from an NVD connected to a Layer 0 switch to another NVD connected to a Layer 0 switch) is fixed. For example, in a Layer 3 Clos network, a packet takes a maximum of seven hops to reach another NVD, where the source and destination NVDs are connected to the leaf layers of the Clos network. Similarly, in a Layer 4 Clos network, a packet takes a maximum of nine hops to reach another NVD, where the source and destination NVDs are connected to the leaf layers of the Clos network. Therefore, the Clos network architecture maintains consistent latency throughout the network, which is important for communication within and between data centers. Clos topologies are horizontally scalable and cost-effective. Network bandwidth / throughput capacity can be easily increased by adding more switches at each layer (e.g., more leaf switches and backbone switches) and by increasing the number of links between switches in adjacent layers.

[0128] In some implementations, each resource within CSPI is assigned a unique identifier called a Cloud Identifier (CID). This identifier is included as part of the resource's information and can be used to manage the resource, for example, via a console or API. An example syntax for a CID is: ocid1.<RESOURCE TYPE> . <realm>[REGION][FUTURE USE].<UNIQUE ID> in, ocid1: A text string indicating the version of the CID; resource type: The type of resource (e.g., instance, volume, VCN, subnet, user, group, etc.); realm: The realm where the resource resides. Example values ​​are "c1" for the business realm, "c2" for the government cloud realm, or "c3" for the federal government cloud realm, etc. Each realm can have its own domain name; region: The region where the resource is located. This section may be empty if the region is not applicable to the resource. future use: to be reserved for future use.

[0129] Unique ID: The unique part of the ID. The format may vary depending on the type of resource or service.

[0130] Cluster placement group

[0131] High-performance computing, graphics processing, and artificial intelligence applications and workloads typically require low-latency network performance. Customers use Availability Domains (ADs) to execute such applications / workloads that require low latency because ADs provide latency in the range of a few hundred microseconds (e.g., 200µs). However, as ADs become larger in size, cloud service providers (CSPs) cannot guarantee new data center space and power within the latency threshold (i.e., 200µs) of existing AD footprint. This raises several issues, such as making it difficult or impossible for customers to continue using latency-sensitive workloads. Additionally, extremely latency-sensitive services, such as autonomous databases, require latency between network resources (e.g., compute instances and ExaCS instances) to be no more than 100µs.

[0132] Therefore, a framework is needed to address the aforementioned issues. Co-locating the resources upon which these applications depend can help achieve the lowest possible latency. The embodiments discussed herein address these issues, as well as others. Specifically, the embodiments discussed herein provide a framework that can be used by both external and internal customers in a cloud environment for latency-sensitive workloads between compute instances, block volumes, and database instances.

[0133] Specifically, the framework described in this paper specifies that cloud infrastructure resources should be deployed to the same logical group (referred to in this paper as...). Cluster placement group In the Network Platform Group (CPG), network resources are placed physically close to each other within availability zones. Thus, CPG provides an alternative deployment approach where resources are distributed across hardware in a manner that prioritizes high availability and disaster recovery over network performance. Latency-sensitive workloads can benefit from having resources co-located within the same network boundary.

[0134] First, several concepts that enable understanding of embodiments of this disclosure are described below: Cluster Placement Group (CPG) A logical entity that can be associated with a resource to ensure that the resources are placed in the same location and share the same physical network boundaries when they are created. Co-locating resources in a cluster group can help reduce latency between resources within that group.

[0135] ability This indicates a specific type of resource or combination of resources intended for use in a cluster placement group. When creating a cluster placement group, you can specify the types of resources intended to be deployed within that group. The service checks if this capability is supported by the specified availability domain and, if necessary, prompts the customer to select a different availability domain. It should be recognized that, depending on the hardware, availability domains may support different capabilities at different times.

[0136] capacity : Supporting physical hardware for the resource. When a resource is created, the service creating the resource searches for physical hardware that meets the constraints of the request. If the service cannot find available hardware within the constraints, especially when the specified resource must be placed close to other resources in a specific cluster group, the creation process may fail.

[0137] Site Group : A label describing the physical location within a cloud environment. See the reference below. Figure 7 As described, site groups can be mapped to a list of compute architectures (CFABs), QFABs (i.e., GPU clusters), or other site groups (i.e., nested site groups). It should be recognized that a compute architecture, i.e., a CFAB, is typically one per building and is used by network resources such as compute and block storage devices. On the other hand, a QFAB corresponds to an ultra-low latency architecture (which may have multiple QFABs within a building) and is available to a smaller number of resources, such as GPUs or Exa-Data resources.

[0138] CPG control plane A new zone control plane that provides CPG services and handles all CRUD operations. See below for reference. Figure 8 and Figure 9 The flowchart described can be executed by the CPG control plane.

[0139] Figure 6 An exemplary physical and logical organization 600 of resources of a cloud service provider (CSP) according to certain embodiments is depicted. Figure 6 As shown, a cloud environment provided by a cloud service provider may include one or more domains 601, such as domain 1, domain 2, and domain K. A domain is defined as a logical collection of regions. Domains are isolated from each other and therefore do not share any data. A customer's lease resides in a single domain and has access to regions within that domain. A cloud environment may include one or more regions 602, such as region 1, region 2, and region P. A region is a collection of availability domains within a single geographic location.

[0140] CSP infrastructure is hosted in Region 602 and Availability Domain 603. A region is a local geographic area, and an Availability Domain is one or more data centers located within a region. A region consists of one or more Availability Domains. Most CSP infrastructure resources are either region-specific (such as virtual cloud networks) or Availability Domain-specific (such as compute instances). Traffic between Availability Domains and between regions can be encrypted. Availability Domains are isolated from each other, fault-tolerant, and extremely unlikely to fail simultaneously. Because Availability Domains do not share infrastructure such as power or cooling, nor do they share internal Availability Domain networks, a failure at one Availability Domain within a region is unlikely to affect the availability of other Availability Domains within the same region.

[0141] In one implementation, availability domains 603 within the same region are interconnected via a low-latency, high-bandwidth network. This enables the provision of highly available connectivity to the internet and on-premises deployments, and allows for the creation of replication systems across multiple availability domains to achieve high availability and disaster recovery. As regions need to be expanded, options include adding capacity to existing availability domains, adding additional availability domains to existing regions, or creating new regions. The expansion method in a specific scenario is determined based on customer requirements, regional demand patterns, and resource availability considerations. Regions are independent of other regions and can be geographically distant—across countries or even continents. Generally, applications can be deployed in the region where they are most frequently used because using nearby resources is faster than using distant resources. However, applications can also be deployed in different regions for reasons such as mitigating the risk of regional events such as weather disasters or earthquakes.

[0142] In some implementations, a region may include a Point of Presence (PoP), such as PoP 604. In a cloud environment, a PoP refers to a physical location, such as a data center, where users connect to the cloud network, essentially acting as a gateway to access cloud services with minimal latency by directing data to the geographically nearest entry point. A PoP is a strategic location that houses servers and network equipment to facilitate efficient data exchange between users and the wider cloud infrastructure.

[0143] According to some embodiments, a fault domain (e.g., fault domain 605) is a grouping of hardware and infrastructure within an availability domain. Each availability domain may contain a number of fault domains, for example, three fault domains. Fault domains provide anti-affinity, i.e., they allow the allocation of instances such that these instances are not on the same physical hardware within a single availability domain. Hardware failures or compute hardware maintenance events affecting one fault domain will not affect instances in other fault domains. Additionally, the physical hardware within a fault domain has independent and redundant power supplies, which prevents power hardware failures within one fault domain from affecting other fault domains. Furthermore, it is noted that each Availability Domain (AD) may include one or more data centers. Each data center may include multiple buildings, for example, building 606. Buildings may house certain types of architectures, such as Compute Architectures (CFAB) 607 and / or QFAB 608.

[0144] Furthermore, the logical organization 600 of CSP resources may include a Cluster Placement Group (CPG) 614. A CPG corresponds to a logical entity that can be associated with resources to ensure that resources are placed in the same location and share the same physical network boundary when they are created. Co-locating resources within a Cluster Placement Group can help reduce latency between resources in that group.

[0145] CPG comprises one or more site groups (SGs) 612. SGs correspond to labels describing the physical location within the cloud environment. Site groups can map to a list of compute architectures (CFABs), QFABs (i.e., GPU clusters), or other site groups (i.e., nested site groups). It should be recognized that a compute architecture, i.e., a CFAB, is typically one per building and is used by network resources such as compute and block storage devices. On the other hand, a QFAB corresponds to an ultra-low latency architecture (which may have multiples within a building) and is available to a smaller number of resources, such as GPUs or Exa-Data resources. The logical organization of resources may also include a default site group 610. The default site group corresponds to a list of SGs within which resources can be allocated for customer leasing.

[0146] Figure 7 An exemplary mapping 700 from site groups to availability domains according to certain embodiments is depicted. In one implementation, a CPG is a resource provided by a CSP, which supplies resources to clients (internal and external) with a certain latency guarantee. A regional CPG control plane service is responsible for managing all CRUD operations on new resources. The following description is based on references... Figure 7 The concept of CPG is explained, which also includes the concept of Site Group (SG), which is defined as a label describing the physical placement location. For example, a specific SG can be mapped to a specific resource (e.g., CFAB, GFAB) or to a list of other SGs (i.e., nested SGs).

[0147] like Figure 7 As shown, availability domain 705 includes one or more data centers, such as data center 1 (702), data center 2 (704), and data center K (706). Each data center includes one or more buildings, each configured to host one or more network resources. For example, data center 1 hosts compute architecture 702A, data center 2 hosts another compute architecture 704A, and data center K 706 hosts compute architecture 706A and a pair of QFABs 706B and 706C. Note that data center 2 (704) is shown as a shaded data center to indicate that it is a restricted data center, i.e., it is reserved for a specific customer, and the resources within it cannot be allocated to other customers in the cloud environment.

[0148] like Figure 7 As shown, the hierarchy 750 of the SG may include a top-level SG (labeled 'SG_AD1', 730) corresponding to the site group of AD 705, multiple intermediate-level SGs (e.g., site groups labeled 'SG_DC1' 722, 'SG_DC2' 724, and 'SG_DCK' 726), and multiple lower-level SGs (e.g., site groups labeled 'SG1.C1' 712, 'SG1.C3' 714, 'SG1.C5' 716, 'SG1.Q1' 718, and 'SG1.Q2' 720). It should be recognized that each of the lower-level SGs maps to a specific resource within availability domain 705, while each of the intermediate-level SGs maps to a building included within the data center of availability domain 705.

[0149] Note that lower-level SGs may point to different resources (e.g., CFAB, QFAB, etc.), each potentially offering different latency thresholds. Within this framework, restricted SGs (e.g., data center 2, 704) can be implemented, where resources (e.g., compute architecture 704A) are allocated only to specific clients. In this framework, CPGs are formed for specific clients by instantiating pointers to specific SGs at specific levels within a hierarchical structure 750 of SGs (maintained in the local database). Using this framework, different allocation algorithms (described below) can be used to assign CPGs to clients based on their specific requirements. Furthermore, access control policies can be established for each CPG, controlling access to resources within the CPG for different clients.

[0150] Figure 8 An exemplary flowchart depicting the steps performed to create a cluster placement group according to certain embodiments is illustrated. Figure 8 The processing described herein can be implemented in software (e.g., code, instructions, programs) executed by one or more processing units (e.g., processors, cores) of a corresponding system, hardware, or a combination thereof. The software can be stored on a non-transitory storage medium (e.g., a memory device). Figure 8 The methods 800 presented herein and described below are intended to be illustrative and not restrictive. Although Figure 8 Various processing steps that occur in a specific order or sequence are described, but this is not intended to be limiting. In some alternative embodiments, these steps may be performed in a different order, or some steps may be performed in parallel.

[0151] The process begins at step 805, where a request to create a CPG is received from the client. In step 810, a query is performed to determine if the request received from the client contains a reservation code. It should be understood that this code allows the client to know the physical location where the resource will be placed. If the response to the query is affirmative, the process moves to step 815; otherwise, if the response to the query is negative, the process moves to step 820.

[0152] In step 815, the process verifies the reservation code, i.e., determines that the code provided to the customer is a valid code, and obtains information about the availability domain (AD) associated with the reservation code. Note that the AD associated with the reservation code may have been previously reserved / assigned to the customer by the CSP. In step 820 (i.e., in response to a request that does not include a reservation code), the process obtains a list of available ADs for supplying the customer's request. The process then moves to step 825, where a specific AD is selected from the list of available ADs (e.g., randomly). After selecting the AD, the process moves to step 830. In step 830, the process obtains the type of resource the customer desires. This information can be included as metadata in the request issued by the customer.

[0153] In step 835, a query is executed to determine whether the Active Directory (AD) has one or more site groups with available capacity to supply customer requests. If the response to the query is negative, the process moves to step 855. However, if the response to the query is positive, the process moves to step 840. In step 840, a group assignment identifier is assigned to the cluster. In step 845, one or more access role policies are configured for the CPG. For example, an access role policy can be configured that grants access to a set of resources instantiated in a compartment included in the first lease, which is different from the first lease, to a second customer associated with a second lease in the cloud environment. After configuring the access role(s), the process executes a request (e.g., via the control plane of the CPG service) in step 850 to create a CPG for the customer. In one implementation, the resources requested by the customer can be deployed / instantiated in a compartment of the customer's lease in the cloud environment.

[0154] In step 835, if the response to the query is negative, the process moves to step 855, where another query is performed to determine if all available Ads have been checked and if they can be used to supply the customer's request. If the response to the query is negative, the process loops back to step 825 to select another Ad. However, if the response to the query is positive, the process moves to step 860, where a message indicating that CPG creation failed is transmitted to the customer.

[0155] Figure 9 An exemplary flowchart depicting the steps performed to select a group of sites according to certain embodiments is illustrated. Figure 9 The processing described herein can be implemented in software (e.g., code, instructions, programs) executed by one or more processing units (e.g., processors, cores) of a corresponding system, hardware, or a combination thereof. The software can be stored on a non-transitory storage medium (e.g., a memory device). Figure 9 The methods 900 presented herein and described below are intended to be illustrative and not restrictive. Although Figure 9 Various processing steps that occur in a specific order or sequence are described, but this is not intended to be limiting. In some alternative embodiments, these steps may be performed in a different order, or some steps may be performed in parallel.

[0156] The process begins in step 905, where a request including metadata identifying the resource requested by the client is received. In step 910, a list of Site Groups (SGs) that can be used to supply the client's request is obtained. In step 915, one or more priority rules may be applied to process the list of SGs obtained in step 910. For example, in one implementation, a first rule may correspond to processing the list of SGs sequentially from the beginning of the list. A second priority rule may correspond to: if a combined site group is selected, then all sub-site groups have the same priority. An SG should be randomly selected from the list of sub-SGs. Similarly, a third priority rule may correspond to: if the selected SG does not meet the allocation criteria or has no capacity, then the next SG will be selected according to the first and second rules described above.

[0157] The process then moves to step 920, where restricted SGs are filtered out so that they are not considered for supplying customer requests. For example, refer to... Figure 7 Site group 714 may be filtered out from further consideration because it is a restricted SG (i.e., reserved for a specific customer). In step 930, SGs are further filtered based on whether a specific SG meets the customer's resource requirements. After obtaining a list of SGs that can be used to supply the customer's request, in step 935, an SG is selected from that list (e.g., randomly) to supply the customer's request.

[0158] Therefore, embodiments of this disclosure provide a framework that allows customer resources to be placed in a manner that enables the provision of guaranteed latency thresholds to customers. Such a framework has proven to be a key factor in providing latency-guaranteed services to customers of other cloud providers. Additionally, embodiments of this disclosure provide the following significant features: (a) performing multi-resource placement groups, i.e., compute resources, database resources, and block storage resources, deployed together with some fixed latency guarantees; (b) establishing cross-tenancy policies, i.e., authorizing (by a first customer) to license another customer (e.g., a second customer) to deploy / access resources in the first customer's CPG, for example, to perform the second customer's workloads; and (c) establishing restricted site groups, for example, based on usage, i.e., site groups to be used for specific scenarios, or based on customer restrictions, i.e., site groups to be used by specific customers.

[0159] Example cloud infrastructure implementation

[0160] As noted above, Infrastructure as a Service (IaaS) is a specific type of cloud computing. IaaS can be configured to provide virtualized computing resources over a public network (e.g., the Internet). In the IaaS model, cloud providers can host infrastructure components (e.g., servers, storage devices, network nodes (e.g., hardware), deployment software, platform virtualization (e.g., hypervisor layer), etc.). In some cases, IaaS providers can also provision various services to accompany these infrastructure components (example services include billing software, monitoring software, logging software, load balancing software, and clustering software, etc.). Therefore, because these services may be policy-driven, IaaS users can implement policies to drive load balancing to maintain application availability and performance.

[0161] In some cases, IaaS customers can access resources and services over a wide area network (WAN) such as the internet and can use the cloud provider's services to install the remaining elements of their application stack. For example, a user can log in to the IaaS platform to create virtual machines (VMs), install an operating system (OS) on each VM, deploy middleware such as databases, create buckets for workloads and backups, and even install enterprise software into that VM. The customer can then use the provider's services to perform various functions, including balancing network traffic, troubleshooting application issues, monitoring performance, and managing disaster recovery.

[0162] In most cases, cloud computing models will require the involvement of cloud providers. Cloud providers can, but are not necessarily, third-party providers specializing in (e.g., provisioning, renting, selling) IaaS services. Entities may also choose to deploy private clouds, thus becoming their own infrastructure service providers.

[0163] In some examples, IaaS deployment is the process of placing a new application or a new version of an application onto a prepared application server, etc. It may also include the processing of server preparation (e.g., installation libraries, daemons, etc.). This is typically managed by the cloud provider, below the hypervisor layer (e.g., servers, storage devices, network hardware, and virtualization). Therefore, the customer can be responsible for processing (OS), middleware, and / or application deployment (e.g., on self-service virtual machines, etc., which can be started on demand).

[0164] In some examples, IaaS provisioning can refer to acquiring computers or virtual hosts for use, or even installing necessary libraries or services on them. In most cases, deployment does not include provisioning, and provisioning may need to be performed first.

[0165] In some cases, IaaS provisioning presents two distinct challenges. First, there's the initial challenge of provisioning a set of initial infrastructure before anything is operational. Second, once everything is provisioned, there's the challenge of evolving the existing infrastructure (e.g., adding new services, changing services, removing services, etc.). In some cases, both challenges can be addressed by enabling declaratively defined infrastructure configuration. In other words, the infrastructure (e.g., which components are needed and how they interact) can be defined by one or more configuration files. Therefore, the overall topology of the infrastructure (e.g., which resources depend on which resources and how they work together) can be described declaratively. In some cases, once the topology is defined, workflows for creating and / or managing the different components described in the configuration files can be generated.

[0166] In some examples, the infrastructure can have many interconnected components. For example, there may be one or more Virtual Private Clouds (VPCs) (e.g., potential on-demand pools of configurable and / or shared computing resources), also known as the core network. In some examples, one or more inbound / outbound traffic group rules may also be provided to define how inbound / outbound traffic to the network and one or more virtual machines (VMs) will be configured. Other infrastructure elements, such as load balancers, databases, etc., may also be provided. The infrastructure can evolve incrementally as more and / or more infrastructure elements are expected and added.

[0167] In some cases, continuous deployment techniques can be used to enable the deployment of infrastructure code across various virtual computing environments. Furthermore, the described techniques enable infrastructure management within these environments. In some examples, service teams may write code that they expect to deploy to one or more, but often many, different production environments (e.g., across various geographical locations, sometimes spanning the entire world). However, in some examples, the infrastructure on which the code will be deployed must first be established. In some cases, provisioning can be done manually, resources can be provisioned using provisioning tools, and / or once the infrastructure is provisioned, the code can be deployed using deployment tools.

[0168] Figure 10 This is a block diagram 1000 illustrating an example pattern of an IaaS architecture according to at least one embodiment. Service operator 1002 may be communicatively coupled to a secure host lease 1004, which may include a virtual cloud network (VCN) 1006 and a secure host subnet 1008. In some examples, service operator 1002 may use one or more client computing devices, which may be portable handheld devices (e.g., iPhone®, cellular phone, iPad®, computing tablet, personal digital assistant (PDA)) or wearable devices (e.g., Google Glass® head-mounted display), running software (such as Microsoft Windows Mobile®) and / or various mobile operating systems (such as iOS, Windows Phone, Android, BlackBerry 8, Palm OS, etc.), and supporting the Internet, email, short message service (SMS), Blackberry®, or other communication protocols. Alternatively, client computing devices may be general-purpose personal computers, including, for example, personal computers and / or laptops running various versions of Microsoft Windows®, Apple Macintosh®, and / or Linux operating systems. Client computing devices can be workstation computers running a variety of commercially available UNIX® or UNIX-like operating systems, including but not limited to any of the various GNU / Linux operating systems (such as, for example, Google Chrome OS). Alternatively or additionally, client computing devices can be any other electronic device, such as thin client computers, internet-enabled gaming systems (e.g., Microsoft Xbox game consoles with or without Kinect® gesture input devices), and / or personal messaging devices capable of communicating over a network that can access VCN 1006 and / or the internet.

[0169] VCN 1006 may include a local peering gateway (LPG) 1010, which may be communicatively coupled to a secure shell (SSH) VCN 1012 via an LPG 1010 contained in an SSH VCN 1012. SSH VCN 1012 may include an SSH subnet 1014, and SSH VCN 1012 may be communicatively coupled to a control plane VCN 1016 via an LPG 1010 contained in a control plane VCN 1016. Furthermore, SSH VCN 1012 may be communicatively coupled to a data plane VCN 1018 via an LPG 1010. Control plane VCN 1016 and data plane VCN 1018 may be contained within a service lease 1019 that may be owned and / or operated by an IaaS provider.

[0170] The control plane VCN 1016 may include a control plane demilitarized zone (DMZ) layer 1020 that acts as a peripheral network (e.g., a portion of a corporate network between a corporate intranet and an external network). DMZ-based servers can assume limited liability and help control vulnerabilities. Furthermore, the DMZ layer 1020 may include one or more load balancer (LB) subnets 1022, a control plane application layer 1024 that may include one or more application subnets 1026, and a control plane data layer 1028 that may include one or more database (DB) subnets 1030 (e.g., one or more front-end DB subnets and / or one or more back-end DB subnets). One or more LB subnets 1022 contained in the control plane DMZ layer 1020 may be communicatively coupled to one or more application subnets 1026 contained in the control plane application layer 1024 and an Internet gateway 1034 that may be contained in the control plane VCN 1016. The application subnets 1026 may be communicatively coupled to one or more DB subnets 1030 contained in the control plane data layer 1028, as well as a service gateway 1036 and a Network Address Translation (NAT) gateway 1038. The control plane VCN 1016 may include the service gateway 1036 and the NAT gateway 1038.

[0171] The control plane VCN 1016 may include a data plane mirror application layer 1040, which may include one or more application subnets 1026. The one or more application subnets 1026 included in the data plane mirror application layer 1040 may include a virtual network interface controller (VNIC) 1042 capable of executing a compute instance 1044. The compute instance 1044 may communicatively couple the one or more application subnets 1026 of the data plane mirror application layer 1040 to the one or more application subnets 1026 that may be included in the data plane application layer 1046.

[0172] Data plane VCN 1018 may include data plane application layer 1046, data plane DMZ layer 1048, and data plane data layer 1050. Data plane DMZ layer 1048 may include one or more LB subnets 1022 communicatively coupled to one or more application subnets 1026 of data plane application layer 1046 and Internet gateway 1034 of data plane VCN 1018. One or more application subnets 1026 communicatively coupled to service gateway 1036 and NAT gateway 1038 of data plane VCN 1018. Data plane data layer 1050 may also include one or more DB subnets 1030 communicatively coupled to one or more application subnets 1026 of data plane application layer 1046.

[0173] The Internet gateway 1034 of the control plane VCN 1016 and data plane VCN 1018 can be communicatively coupled to the metadata management service 1052, which can be communicatively coupled to the public Internet 1054. The public Internet 1054 can be communicatively coupled to the NAT gateway 1038 of the control plane VCN 1016 and data plane VCN 1018. The service gateway 1036 of the control plane VCN 1016 and data plane VCN 1018 can be communicatively coupled to the cloud service 1056.

[0174] In some examples, the service gateway 1036 of the control plane VCN 1016 or data plane VCN 1018 can make application programming interface (API) calls to the cloud service 1056 without traversing the public internet 1054. API calls from the service gateway 1036 to the cloud service 1056 can be unidirectional: the service gateway 1036 can make API calls to the cloud service 1056, and the cloud service 1056 can send requested data to the service gateway 1036. However, the cloud service 1056 may not initiate API calls to the service gateway 1036.

[0175] In some examples, secure host lease 1004 can be directly connected to service lease 1019, which would otherwise be isolated. Secure host subnet 1008 can communicate with SSH subnet 1014 via LPG 1010, which enables bidirectional communication between otherwise isolated systems. Connecting secure host subnet 1008 to SSH subnet 1014 allows secure host subnet 1008 to access other entities within service lease 1019.

[0176] Control plane VCN 1016 allows users of service lease 1019 to set up or otherwise provision desired resources. Desired resources provisioned in control plane VCN 1016 can be deployed or otherwise used in data plane VCN 1018. In some examples, control plane VCN 1016 can be isolated from data plane VCN 1018, and the data plane mirror application layer 1040 of control plane VCN 1016 can communicate with the data plane application layer 1046 of data plane VCN 1018 via VNIC 1042, which can be included in both the data plane mirror application layer 1040 and the data plane application layer 1046.

[0177] In some examples, users or clients of the system can make requests, such as create, read, update, or delete (CRUD) operations, via the public internet 1054, which can transmit requests to the metadata management service 1052. The metadata management service 1052 can transmit requests to the control plane VCN 1016 via internet gateway 1034. Requests can be received by one or more LB subnets 1022 contained in the control plane DMZ layer 1020. The LB subnets 1022 can determine that the request is valid, and in response to this determination, they can transmit the request to one or more application subnets 1026 contained in the control plane application layer 1024. If the request is validated and requires a call to the public internet 1054, the call to the public internet 1054 can be transmitted to a NAT gateway 1038 that can make calls to the public internet 1054. The request may expect stored metadata to be stored in one or more DB subnets 1030.

[0178] In some examples, the data plane mirroring application layer 1040 can facilitate direct communication between the control plane VCN 1016 and the data plane VCN 1018. For example, it may be desirable to apply configuration changes, updates, or other appropriate modifications to resources contained in the data plane VCN 1018. Through VNIC 1042, the control plane VCN 1016 can communicate directly with the resources contained in the data plane VCN 1018, and thus can perform configuration changes, updates, or other appropriate modifications.

[0179] In some embodiments, the control plane VCN 1016 and data plane VCN 1018 may be included in service lease 1019. In this case, the system's users or customers may not own or operate the control plane VCN 1016 or data plane VCN 1018. Alternatively, the IaaS provider may own or operate the control plane VCN 1016 and data plane VCN 1018, both of which may be included in service lease 1019. This embodiment can enable the isolation of networks that might prevent users or customers from interacting with resources from other users or customers. Furthermore, this embodiment can allow users or customers of the system to privately store databases without relying on the public Internet 1054, which may not have the desired level of threat prevention for storage.

[0180] In other embodiments, one or more LB subnets 1022 included in the control plane VCN 1016 may be configured to receive signals from the service gateway 1036. In this embodiment, the control plane VCN 1016 and the data plane VCN 1018 may be configured to be invoked by the IaaS provider's customers without invoking the public internet 1054. The IaaS provider's customers may expect this embodiment because the database(s) used by the customer can be controlled by the IaaS provider and can be stored on a service lease 1019, which may be isolated from the public internet 1054.

[0181] Figure 11 This is a block diagram 1100 illustrating another example pattern of an IaaS architecture according to at least one embodiment. Service operator 1102 (e.g., Figure 10 The service provider 1002 can communicatively couple to the secure host lease 1104 (e.g., Figure 10 Secure hosting lease 1004), the secure hosting lease 1104 may include a virtual cloud network (VCN) 1106 (e.g., Figure 10 VCN 1006) and Secure Host Subnet 1108 (e.g., Figure 10 The secure host subnet 1008). VCN 1106 may include a local peering gateway (LPG) 1110 (e.g., Figure 10 The LPG 1010, which can be communicatively coupled to the Secure Shell (SSH) VCN 1112 (e.g., LPG 1010 included in the SSH VCN 1112) via the LPG 1010. Figure 10 SSH VCN 1012). SSH VCN 1112 can include SSH subnet 1114 (e.g., Figure 10 SSH subnet 1014), and SSH VCN 1112 can be communicatively coupled to control plane VCN 1116 via LPG 1110 contained in control plane VCN 1116 (e.g., Figure 10 Control plane VCN 1016). Control plane VCN 1116 may be included in service lease 1119 (e.g., Figure 10 In the service lease 1019), and the data plane VCN 1118 (e.g., Figure 10 The data plane VCN 1018 may be included in a customer lease 1121 that may be owned or operated by a user or customer of the system.

[0182] The control plane VCN 1116 may include one or more LB subnets 1122 (e.g., Figure 10 The control plane DMZ layer 1120 of (one or more) LB subnets 1022) (e.g., Figure 10 The control plane DMZ layer 1020 may contain one or more application subnets 1126 (e.g., Figure 10 The control plane application layer 1124 of (one or more) application subnets 1026 (e.g., Figure 10 The control plane application layer 1024 may contain one or more database (DB) subnets 1130 (e.g., similar to...). Figure 10 The control plane data layer 1128 of (one or more) DB subnets 1030 (e.g., Figure 10 The control plane data layer 1028). One or more LB subnets 1122 contained in the control plane DMZ layer 1120 can be communicatively coupled to one or more application subnets 1126 contained in the control plane application layer 1124 and an Internet gateway 1134 that can be contained in the control plane VCN 1116 (e.g., Figure 10 Internet gateway 1034), and application subnet(s) 1126 can communicatively couple to DB subnet(s) 1130 contained in control plane data layer 1128 and service gateway 1136 (e.g., Figure 10 Service gateway 1036) and Network Address Translation (NAT) gateway 1138 (e.g., Figure 10 (NAT gateway 1038). The control plane VCN 1116 may include the service gateway 1136 and the NAT gateway 1138.

[0183] The control plane VCN 1116 may include a data plane mirror application layer 1140 that may contain one or more application subnets 1126 (e.g., Figure 10 The data plane mirror application layer 1040). One or more application subnets 1126 contained in the data plane mirror application layer 1140 may include computational instances 1144 (e.g., similar to...). Figure 10 The virtual network interface controller (VNIC) 1142 (e.g., the VNIC of 1042) of the computing instance 1044. The computing instance 1144 may facilitate the mirroring of the application subnet(s) 1126 of the application layer 1140 in the data plane and may be included in the application layer 1146 of the data plane (e.g., Figure 10 Communication between one or more application subnets 1126 in the data plane application layer 1046 via VNIC 1142 contained in the data plane mirror application layer 1140 and VNIC 1142 contained in the data plane application layer 1146.

[0184] Internet gateway 1134, included in control plane VCN 1116, can be communicatively coupled to metadata management service 1152 (e.g., Figure 10 Metadata management service 1052), which can communicatively couple to the public Internet 1154 (e.g., Figure 10 The public internet 1154 can communicatively couple to a NAT gateway 1138 contained in a control plane VCN 1116. The service gateway 1136 contained in the control plane VCN 1116 can communicatively couple to a cloud service 1156 (e.g., ...). Figure 10 Cloud services (1056).

[0185] In some examples, data plane VCN 1118 may be included in customer lease 1121. In this case, the IaaS provider may provide control plane VCN 1116 for each customer, and the IaaS provider may establish a unique compute instance 1144 for each customer, included in service lease 1119. Each compute instance 1144 may allow communication between control plane VCN 1116 included in service lease 1119 and data plane VCN 1118 included in customer lease 1121. Compute instance 1144 may allow resources provisioned in control plane VCN 1116 included in service lease 1119 to be deployed or otherwise used in data plane VCN 1118 included in customer lease 1121.

[0186] In other examples, an IaaS provider's customer may have a database residing in customer lease 1121. In this example, control plane VCN 1116 may include data plane mirror application layer 1140, which may include one or more application subnets 1126. Data plane mirror application layer 1140 may reside in data plane VCN 1118, but may not reside in data plane VCN 1118. That is, data plane mirror application layer 1140 may have access to customer lease 1121, but may not reside in data plane VCN 1118 or be owned or operated by an IaaS provider's customer. Data plane mirror application layer 1140 may be configured to invoke data plane VCN 1118, but may not be configured to invoke any entity contained in control plane VCN 1116. Customers may expect to deploy or otherwise use resources provisioned in the control plane VCN 1116 in the data plane VCN 1118, and the data plane mirroring application layer 1140 can facilitate the customer's expected deployment or other use of resources.

[0187] In some embodiments, an IaaS provider's customer may apply filters to data plane VCN 1118. In this embodiment, the customer may determine what data plane VCN 1118 can access, and the customer may restrict access from data plane VCN 1118 to the public internet 1154. The IaaS provider may not be able to apply filters or otherwise control data plane VCN 1118's access to any external networks or databases. Applying filters and controls to data plane VCN 1118 contained in customer lease 1121 can help isolate data plane VCN 1118 from other customers and the public internet 1154.

[0188] In some embodiments, cloud service 1156 may be invoked by service gateway 1136 to access services that may not exist on public internet 1154, control plane VCN 1116, or data plane VCN 1118. The connection between cloud service 1156 and control plane VCN 1116 or data plane VCN 1118 may not be real-time or continuous. Cloud service 1156 may reside on different networks owned or operated by an IaaS provider. Cloud service 1156 may be configured to receive calls from service gateway 1136 and may be configured not to receive calls from public internet 1154. Some cloud services 1156 may be isolated from other cloud services 1156, and control plane VCN 1116 may be isolated from cloud services 1156 that may not be in the same region as control plane VCN 1116. For example, control plane VCN 1116 may be located in "Region 1," and cloud service "Deployment 10" may be located in both "Region 1" and "Region 2." If the service gateway 1136, contained in the control plane VCN 1116 located in region 1, makes a call to deployment 10, then that call can be transmitted to deployment 10 in region 1. In this example, the control plane VCN 1116 or deployment 10 in region 1 may not be communicatively coupled to or otherwise communicate with deployment 10 in region 2.

[0189] Figure 12 This is a block diagram 1200 illustrating another example pattern of an IaaS architecture according to at least one embodiment. Service operator 1202 (e.g., Figure 10 The service provider 1002 can communicatively couple to the secure host lease 1204 (e.g., Figure 10 Secure hosting lease 1004), the secure hosting lease 1204 may include a virtual cloud network (VCN) 1206 (e.g., Figure 10 VCN 1006) and Secure Host Subnet 1208 (e.g., Figure 10 The secure host subnet 1008). VCN 1206 may include LPG 1210 (e.g., Figure 10 The LPG 1010), which can be communicatively coupled to the SSH VCN 1212 via the LPG 1210 included in the SSH VCN 1212 (e.g., Figure 10 SSH VCN 1012). SSH VCN 1212 can include SSH subnet 1214 (e.g., Figure 10 SSH subnet 1014), and SSH VCN 1212 can be communicatively coupled to control plane VCN 1216 via LPG 1210 included in control plane VCN 1216 (e.g., Figure 10 The control plane VCN 1016) and coupled to the data plane VCN 1218 via the LPG 1210 contained in the data plane VCN 1218 (e.g., Figure 10 Data plane 1018). Control plane VCN 1216 and data plane VCN 1218 can be included in service lease 1219 (e.g., Figure 10 In the service rental (1019).

[0190] The control plane VCN 1216 may include a load balancer (LB) subnet 1222 (e.g., Figure 10 The control plane DMZ layer 1220 of (one or more) LB subnets 1022) (e.g., Figure 10 The control plane DMZ layer 1020 may include one or more application subnets 1226 (e.g., similar to...). Figure 10 The control plane application layer 1224 of (one or more) application subnets 1026 (e.g., Figure 10 The control plane application layer 1024), and may include (one or more) DB subnets 1230, and the control plane data layer 1228 (e.g., Figure 10 The control plane data layer 1028). One or more LB subnets 1222 contained in the control plane DMZ layer 1220 can be communicatively coupled to one or more application subnets 1226 contained in the control plane application layer 1224 and an Internet gateway 1234 that can be contained in the control plane VCN 1216 (e.g., Figure 10 Internet gateway 1034), and application subnet(s) 1226 can communicatively couple to DB subnet(s) 1230 contained in control plane data layer 1228 and service gateway 1236 (e.g., Figure 10 The service gateway) and Network Address Translation (NAT) gateway 1238 (e.g., Figure 10 (NAT gateway 1038). The control plane VCN 1216 may include the service gateway 1236 and the NAT gateway 1238.

[0191] Data plane VCN 1218 may include data plane application layer 1246 (e.g., Figure 10 Data plane application layer 1046), data plane DMZ layer 1248 (e.g., Figure 10 Data plane DMZ layer 1048), and data plane data layer 1250 (e.g., Figure 10 The data plane data layer 1050. The data plane DMZ layer 1248 may include one or more trusted application subnets 1260 and one or more untrusted application subnets 1262 that can be communicatively coupled to the data plane application layer 1246, and one or more LB subnets 1222 of the Internet gateway 1234 contained in the data plane VCN 1218. The one or more trusted application subnets 1260 may be communicatively coupled to the service gateway 1236 contained in the data plane VCN 1218, the NAT gateway 1238 contained in the data plane VCN 1218, and one or more DB subnets 1230 contained in the data plane data layer 1250. The one or more untrusted application subnets 1262 may be communicatively coupled to the service gateway 1236 contained in the data plane VCN 1218 and the one or more DB subnets 1230 contained in the data plane data layer 1250. The data plane data layer 1250 may include one or more DB subnets 1230 that can be communicatively coupled to the service gateway 1236 contained in the data plane VCN 1218.

[0192] One or more untrusted application subnets 1262 may include one or more primary VNICs 1264(1)-(N) that can be communicatively coupled to tenant virtual machines (VMs) 1266(1)-(N). Each tenant VM 1266(1)-(N) may be communicatively coupled to a corresponding application subnet 1267(1)-(N) that may be contained in a corresponding container egress VCN 1268(1)-(N), which may be contained in a corresponding customer lease 1270(1)-(N). A corresponding secondary VNIC 1272(1)-(N) may facilitate communication between one or more untrusted application subnets 1262 contained in data plane VCN 1218 and application subnets contained in container egress VCN 1268(1)-(N). Each container exit VCN 1268(1)-(N) may include a NAT gateway 1238, which can communicatively couple to the public Internet 1254 (e.g., Figure 10 (Public Internet 1054).

[0193] Internet gateway 1234, contained in control plane VCN 1216 and data plane VCN 1218, can be communicatively coupled to metadata management service 1252 (e.g., Figure 10 A metadata management system 1052 is provided, which can communicatively couple to the public internet 1254. The public internet 1254 can communicatively couple to a NAT gateway 1238 contained in a control plane VCN 1216 and a data plane VCN 1218. A service gateway 1236 contained in a control plane VCN 1216 and a data plane VCN 1218 can communicatively couple to a cloud service 1256.

[0194] In some embodiments, the data plane VCN 1218 may be integrated with the customer lease 1270. Such integration may be useful or desired by the IaaS provider's customer in certain situations, such as when support may be expected during code execution. A customer may provide code that could be destructive, might communicate with other customer resources, or might otherwise cause undesirable effects. In response, the IaaS provider may determine whether to run the code provided by the customer to the IaaS provider.

[0195] In some examples, an IaaS provider's customer may grant the IaaS provider temporary network access and request functionality attached to the data plane application layer 1246. The code running this functionality may execute in VMs 1266(1)-(N) and may not be configured to run anywhere else on the data plane VCN 1218. Each VM 1266(1)-(N) may be connected to a customer lease 1270. The corresponding container 1271(1)-(N) contained in VMs 1266(1)-(N) may be configured to run the code. In this case, dual isolation may exist (e.g., container 1271(1)-(N) runs the code, where container 1271(1)-(N) may be contained in at least one or more untrusted application subnets 1262 containing VMs 1266(1)-(N)), which can help prevent incorrect or otherwise unintended code from corrupting the IaaS provider's network or the networks of different customers. Containers 1271(1)-(N) may be communicatively coupled to customer lease 1270 and may be configured to transmit or receive data from customer lease 1270. Containers 1271(1)-(N) may not be configured to transmit or receive data from any other entity in data plane VCN 1218. After the code execution is complete, the IaaS provider may terminate or otherwise dispose of containers 1271(1)-(N).

[0196] In some embodiments, one or more trusted application subnets 1260 may run code that may be owned or operated by an IaaS provider. In this embodiment, one or more trusted application subnets 1260 may be communicatively coupled to one or more database subnets 1230 and configured to perform CRUD operations in one or more database subnets 1230. One or more untrusted application subnets 1262 may be communicatively coupled to one or more database subnets 1230, but in this embodiment, one or more untrusted application subnets may be configured to perform read operations in one or more database subnets 1230. Containers 1271(1)-(N) that may be contained in each customer's VM 1266(1)-(N) and may run code from the customer may not be communicatively coupled to one or more database subnets 1230.

[0197] In other embodiments, the control plane VCN 1216 and the data plane VCN 1218 may be coupled without direct communication. In this embodiment, there may be no direct communication between the control plane VCN 1216 and the data plane VCN 1218. However, communication can occur indirectly through at least one method. The LPG 1210 may be established by an IaaS provider, which can facilitate communication between the control plane VCN 1216 and the data plane VCN 1218. In another example, the control plane VCN 1216 or the data plane VCN 1218 may invoke the cloud service 1256 via the service gateway 1236. For example, an invocation of the cloud service 1256 from the control plane VCN 1216 may include a request for a service that can communicate with the data plane VCN 1218. Figure 13 This is a block diagram 1300 illustrating another example pattern of an IaaS architecture according to at least one embodiment. Service operator 1302 (e.g., Figure 10 The service provider 1002 can communicatively couple to the secure host lease 1304 (e.g., Figure 10 Secure hosting lease 1004), the secure hosting lease 1304 may include a virtual cloud network (VCN) 1306 (e.g., Figure 10 VCN 1006) and Secure Host Subnet 1308 (e.g., Figure 10 The secure host subnet 1008). VCN 1306 can include LPG 1310 (e.g., Figure 10 The LPG 1010), the LPG 1310 can be contained in SSH VCN 1312 (e.g., Figure 10 The LPG 1310 in SSH VCN 1012 is communicatively coupled to SSH VCN 1312. SSH VCN 1312 may include SSH subnet 1314 (e.g., Figure 10 SSH subnet 1014), and SSH VCN 1312 can be communicatively coupled to control plane VCN 1316 via LPG 1310 included in control plane VCN 1316 (e.g., Figure 10 The control plane VCN 1016) and coupled to the data plane VCN 1318 via the LPG 1310 contained in the data plane VCN 1318 (e.g., Figure 10 Data plane 1018). Control plane VCN 1316 and data plane VCN 1318 may be included in service lease 1319 (e.g., Figure 10 In the service rental (1019).

[0198] The control plane VCN 1316 may include one or more LB subnets 1322 (e.g., Figure 10 The control plane DMZ layer 1320 of (one or more) LB subnets 1022) (e.g., Figure 10 The control plane DMZ layer 1020 may include one or more application subnets 1326 (e.g., Figure 10 The control plane application layer 1324 of (one or more) application subnets 1026 (e.g., Figure 10 The control plane application layer 1024 may include (one or more) DB subnets 1330 (e.g., Figure 12 The control plane data layer 1328 of (one or more) DB subnets 1230 (e.g., Figure 10 The control plane data layer 1028). One or more LB subnets 1322 contained in the control plane DMZ layer 1320 can be communicatively coupled to one or more application subnets 1326 contained in the control plane application layer 1324 and an Internet gateway 1334 that can be contained in the control plane VCN 1316 (e.g., Figure 10 Internet gateway 1034), and application subnet(s) 1326 can communicatively couple to DB subnet(s) 1330 contained in control plane data layer 1328 and service gateway 1336 (e.g., Figure 10 The service gateway) and Network Address Translation (NAT) gateway 1338 (e.g., Figure 10 (NAT gateway 1038). The control plane VCN 1316 may include the service gateway 1336 and the NAT gateway 1338.

[0199] Data plane VCN 1318 may include data plane application layer 1346 (e.g., Figure 10 Data plane application layer 1046), data plane DMZ layer 1348 (e.g., Figure 10 Data plane DMZ layer 1048), and data plane data layer 1350 (e.g., Figure 10 The data plane data layer 1050). The data plane DMZ layer 1348 may include one or more trusted application subnets 1360 that can be communicatively coupled to the data plane application layer 1346 (e.g., Figure 12 (one or more) trusted application subnets 1260) and (one or more) untrusted application subnets 1362 (e.g., Figure 12 The data plane VCN 1318 may include one or more untrusted application subnets 1262 and one or more LB subnets 1322. One or more trusted application subnets 1360 may be communicatively coupled to a service gateway 1336, a NAT gateway 1338, and a DB subnet 1330, all contained in the data plane VCN 1318. One or more untrusted application subnets 1362 may be communicatively coupled to a service gateway 1336 and a DB subnet 1330, both contained in the data plane VCN 1318 and the data plane data layer 1350. The data plane data layer 1350 may include one or more DB subnets 1330 that may be communicatively coupled to a service gateway 1336, contained in the data plane VCN 1318.

[0200] One or more untrusted application subnets 1362 may include a primary VNIC 1364(1)-(N) communicatively coupled to tenant virtual machines (VMs) 1366(1)-(N) residing within one or more untrusted application subnets 1362. Each tenant VM 1366(1)-(N) may run code in a corresponding container 1367(1)-(N) and is communicatively coupled to an application subnet 1326 that may be contained in a data plane application layer 1346 contained in a container egress VCN 1368. A corresponding secondary VNIC 1372(1)-(N) may facilitate communication between one or more untrusted application subnets 1362 contained in a data plane VCN 1318 and the application subnet contained in a container egress VCN 1368. The container egress VCN may include a public internet 1354 (e.g., Figure 10 The public internet (1054) uses NAT gateway 1338.

[0201] Internet gateway 1334, contained in control plane VCN 1316 and data plane VCN 1318, can be communicatively coupled to metadata management service 1352 (e.g., Figure 10 A metadata management system 1052 is provided, which can communicatively couple to the public internet 1354. The public internet 1354 can communicatively couple to a NAT gateway 1338 contained in a control plane VCN 1316 and a data plane VCN 1318. A service gateway 1336 contained in a control plane VCN 1316 and a data plane VCN 1318 can communicatively couple to a cloud service 1356.

[0202] In some examples, Figure 13 The architecture shown in block diagram 1300 can be considered as... Figure 12 This is an exception to the pattern shown in the architecture of block diagram 1200, and this pattern may be what the IaaS provider's customers would expect if the IaaS provider cannot communicate directly with the customer (e.g., in a disconnected region). The customer can access in real time the corresponding container 1367(1)-(N) contained in each customer's VM 1366(1)-(N). Container 1367(1)-(N) can be configured to invoke a corresponding auxiliary VNIC 1372(1)-(N) contained in one or more application subnets 1326 of the data plane application layer 1346, which may be contained in a container egress VCN 1368. The auxiliary VNIC 1372(1)-(N) can transmit the call to a NAT gateway 1338, which can then transmit the call to the public internet 1354. In this example, containers 1367(1)-(N), which can be accessed by clients in real time, can be isolated from the control plane VCN 1316 and from other entities contained in the data plane VCN 1318. Containers 1367(1)-(N) can also be isolated from resources from other clients.

[0203] In other examples, a client may use container 1367(1)-(N) to invoke cloud service 1356. In this example, the client may run code within container 1367(1)-(N) requesting a service from cloud service 1356. Container 1367(1)-(N) may transmit the request to auxiliary VNIC 1372(1)-(N), which may transmit the request to a NAT gateway, which may then transmit the request to the public internet 1354. The public internet 1354 may then transmit the request via internet gateway 1334 to one or more LB subnets 1322 contained in control plane VCN 1316. In response to determining that the request is valid, one or more LB subnets may transmit the request to one or more application subnets 1326, which may then transmit the request to cloud service 1356 via service gateway 1336.

[0204] It should be recognized that the IaaS architectures 1000, 1100, 1200, and 1300 depicted in the figures may have other components besides those depicted. Furthermore, the embodiments shown in the figures are merely some examples of cloud infrastructure systems that can be incorporated into embodiments of this disclosure. In some other embodiments, the IaaS system may have more or fewer components than shown in the figures, may combine two or more components, or may have different configurations or component arrangements.

[0205] In some embodiments, the IaaS system described herein may include application suites, middleware, and database service offerings delivered to customers in a self-service, subscription-based, elastically scalable, reliable, highly available, and secure manner. An example of such an IaaS system is the Oracle Cloud Infrastructure (OCI) provided by this assignee.

[0206] Figure 14 An example computer system 1400 in which various embodiments can be implemented is illustrated. System 1400 can be used to implement any of the computer systems described above. As shown, computer system 1400 includes a processing unit 1404 that communicates with a plurality of peripheral subsystems via a bus subsystem 1402. These peripheral subsystems may include a processing acceleration unit 1406, an I / O subsystem 1408, a storage subsystem 1418, and a communication subsystem 1424. Storage subsystem 1418 includes a tangible computer-readable storage medium 1422 and system memory 1410.

[0207] Bus subsystem 1402 provides a mechanism for allowing various components and subsystems of computer system 1400 to communicate with each other as intended. While bus subsystem 1402 is schematically shown as a single bus, alternative embodiments of the bus subsystem may utilize multiple buses. Bus subsystem 1402 can be any of several types of bus architectures, including memory buses or memory controllers, peripheral buses, and local buses using any of the various bus architectures. For example, such architectures may include Industry Standard Architecture (ISA) buses, Micro Channel Architecture (MCA) buses, Enhanced ISA (EISA) buses, Video Electronics Standards Association (VESA) local buses, and Peripheral Component Interconnect (PCI) buses, which may be implemented as Mezzanine buses manufactured according to the IEEE P1386.1 standard.

[0208] A processing unit 1404, which may be implemented as one or more integrated circuits (e.g., a conventional microprocessor or microcontroller), controls the operation of the computer system 1400. One or more processors may be included in the processing unit 1404. These processors may include single-core or multi-core processors. In some embodiments, the processing unit 1404 may be implemented as one or more independent processing units 1432 and / or 1434, wherein each processing unit includes a single-core or multi-core processor. In other embodiments, the processing unit 1404 may also be implemented as a quad-core processing unit formed by integrating two dual-core processors into a single chip.

[0209] In various embodiments, processing unit 1404 can execute various programs in response to program code and can maintain multiple concurrently executing programs or processes. At any given time, some or all of the program code to be executed can reside in processor(s) 1404 and / or storage subsystem 1418. With appropriate programming, processor(s) 1404 can provide the various functions described above. Computer system 1400 may additionally include processing acceleration unit 1406, which may include digital signal processor (DSP), dedicated processor, etc.

[0210] I / O subsystem 1408 may include user interface input devices and user interface output devices. User interface input devices may include keyboards, pointing devices such as mice or trackballs, touchpads or touchscreens integrated into a display, scroll wheels, click wheels, dials, buttons, switches, keyboards, audio input devices with voice command recognition systems, microphones, and other types of input devices. User interface input devices may include, for example, motion sensing and / or gesture recognition devices, such as the Microsoft Kinect® motion sensor, which enables users to control and interact with input devices such as the Microsoft Xbox® 360 game controller via a natural user interface using gestures and voice commands. User interface input devices may also include eye posture recognition devices, such as the Google Glass® blink detector, which detects eye activity from the user (e.g., "blinking" when taking a photo and / or making menu selections) and translates the eye posture into input in an input device (e.g., Google Glass®). Furthermore, user interface input devices may include voice recognition sensing devices that enable users to interact with a voice recognition system (e.g., the Siri® navigator) via voice commands.

[0211] User interface input devices may also include, but are not limited to, 3D mice, joysticks or pointing sticks, game panels and drawing tablets, as well as audio / video devices such as speakers, digital cameras, digital camcorders, portable media players, webcams, image scanners, fingerprint scanners, barcode readers, 3D scanners, 3D printers, laser rangefinders, and eye-tracking devices. Furthermore, user interface input devices may include, for example, medical imaging input devices such as computed tomography (CT), magnetic resonance imaging (MRI), positron emission tomography (PET), and medical ultrasound equipment. User interface input devices may also include, for example, audio input devices such as MIDI keyboards, digital musical instruments, etc.

[0212] User interface output devices may include display subsystems, indicator lights, or non-visual displays such as audio output devices, etc. Display subsystems may be cathode ray tubes (CRTs), flat panel devices such as those using liquid crystal displays (LCDs) or plasma displays, projection devices, touchscreens, etc. Generally, the term "output device" is intended to include all possible types of devices and mechanisms for outputting information from computer system 1400 to a user or other computer. For example, user interface output devices may include, but are not limited to, various display devices that visually convey text, graphics, and audio / video information, such as monitors, printers, speakers, headphones, car navigation systems, plotters, voice output devices, and modems.

[0213] Computer system 1400 may include storage subsystem 1418, which provides a tangible, non-transitory, computer-readable storage medium for storing software and data constructs that provide the functionality of the embodiments described in this disclosure. The software may include programs, code modules, instructions, scripts, etc., which, when executed by one or more cores or processors of processing unit 1404, provide the aforementioned functionality. Storage subsystem 1418 may also provide a repository for storing data used according to this disclosure.

[0214] like Figure 14 As illustrated in the example, storage subsystem 1418 may include various components, including system memory 1410, computer-readable storage medium 1422, and computer-readable storage medium reader 1420. System memory 1410 may store program instructions that can be loaded and executed by processing unit 1404. System memory 1410 may also store data used during the execution of instructions and / or data generated during the execution of program instructions. Various types of programs may be loaded into system memory 1410, including but not limited to client applications, web browsers, middleware applications, relational database management systems (RDBMS), virtual machines, containers, etc.

[0215] System memory 1410 may also store operating system 1416. Examples of operating system 1416 may include various versions of Microsoft Windows®, Apple Macintosh® and / or Linux operating systems, various commercially available UNIX® or UNIX-like operating systems (including, but not limited to, various GNU / Linux operating systems, Google Chrome® OS, etc.) and / or mobile operating systems such as iOS, Windows® Phone, Android® OS, BlackBerry® OS, and Palm® OS. In some implementations of computer system 1400 that execute one or more virtual machines, the virtual machine, along with the guest operating system (GOS), may be loaded into system memory 1410 and executed by one or more processors or cores of processing unit 1404.

[0216] System memory 1410 can be configured differently depending on the type of computer system 1400. For example, system memory 1410 can be volatile memory (such as random access memory (RAM)) and / or non-volatile memory (such as read-only memory (ROM), flash memory, etc.). Different types of RAM configurations can be provided, including static random access memory (SRAM), dynamic random access memory (DRAM), etc. In some implementations, system memory 1410 may include a basic input / output system (BIOS), which contains basic routines such as those that facilitate the transfer of information between components within computer system 1400 during startup.

[0217] Computer-readable storage medium 1422 may represent remote, local, fixed and / or removable storage devices and storage media for temporarily and / or more permanently containing and storing computer-readable information for use by computer system 1400, including instructions executable by processing unit 1404 of computer system 1400.

[0218] Computer-readable storage medium 1422 may include any suitable medium known or used in the art, including storage and communication media, such as, but not limited to, volatile and non-volatile, removable and non-removable media implemented by any method or technology for storing and / or transmitting information. This may include tangible computer-readable storage media such as RAM, ROM, electrically erasable programmable ROM (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile disc (DVD) or other optical storage, magnetic tape cassette, magnetic tape, disk storage or other magnetic storage devices, or other tangible computer-readable media.

[0219] For example, computer-readable storage medium 1422 may include a hard disk drive that reads or writes to a non-removable non-volatile magnetic medium, a disk drive that reads or writes to a removable non-volatile magnetic disk, and an optical disc drive that reads or writes to a removable non-volatile optical disc (such as a CD-ROM, DVD, and Blu-ray® disc or other optical media). Computer-readable storage medium 1422 may include, but is not limited to, Zip® drives, flash memory cards, Universal Serial Bus (USB) flash drives, Secure Digital (SD) cards, DVD discs, digital audio tapes, and so on. Computer-readable storage medium 1422 may also include solid-state drives (SSDs) based on non-volatile memory (such as flash memory-based SSDs, enterprise flash drives, solid-state ROMs, etc.), volatile memory-based SSDs (such as solid-state RAM, dynamic RAM, static RAM), DRAM-based SSDs, magnetoresistive RAM (MRAM) SSDs, and hybrid SSDs using a combination of DRAM-based and flash memory-based SSDs. Disk drives and their associated computer-readable media can provide non-volatile storage for computer-readable instructions, data structures, program modules and other data for computer system 1400.

[0220] Machine-readable instructions executable by one or more processors or cores of processing unit 1404 may be stored on a non-transitory computer-readable storage medium. The non-transitory computer-readable storage medium may include physically tangible memory or storage devices, including volatile memory storage devices and / or non-volatile memory devices. Examples of non-transitory computer-readable storage media include magnetic storage media (e.g., disks or tapes), optical storage media (e.g., DVDs, CDs), various types of RAM, ROM, or flash memory, hard disk drives, floppy disk drives, removable memory drives (e.g., USB drives), or other types of storage devices.

[0221] The communication subsystem 1424 provides an interface to other computer systems and networks. The communication subsystem 1424 serves as an interface for receiving data from other systems and sending data from computer system 1400 to other systems. For example, the communication subsystem 1424 enables computer system 1400 to connect to one or more devices via the Internet. In some embodiments, the communication subsystem 1424 may include radio frequency (RF) transceiver components (e.g., advanced data network technologies using cellular telephone technologies, such as 3G, 4G, or EDGE (Enhanced Data Rates for Global Evolution), Wi-Fi (IEEE 802.11 series standards), or other mobile communication technologies, or any combination thereof), a global positioning system (GPS) receiver component, and / or other components for accessing wireless voice and / or data networks. In some embodiments, as an addition to or alternative to the wireless interface, the communication subsystem 1424 may provide a wired network connection (e.g., Ethernet).

[0222] In some embodiments, the communication subsystem 1424 may also represent one or more users who can use the computer system 1400 to receive input communications in the form of structured and / or unstructured data feeds 1426, event streams 1428, event updates 1430, etc.

[0223] For example, the communication subsystem 1424 can be configured to receive data feeds 1426 in real time from users of social networks and / or other communication services, such as Twitter® feeds, Facebook® updates, web feeds such as Rich Site Summary (RSS) feeds, and / or real-time updates from one or more third-party information sources.

[0224] Furthermore, the communication subsystem 1424 can also be configured to receive data in the form of a continuous data stream, which may include event streams 1428 and / or event updates 1430 that are essentially continuous or unbounded real-time events without a clearly defined termination. Examples of applications that generate continuous data may include, for example, sensor data applications, financial quote machines, network performance measurement tools (e.g., network monitoring and traffic management applications), clickstream analysis tools, vehicle traffic monitoring, and so on.

[0225] The communication subsystem 1424 can also be configured to output structured and / or unstructured data feeds 1426, event streams 1428, event updates 1430, etc. to one or more databases, which can communicate with one or more streaming data source computers coupled to the computer system 1400.

[0226] The computer system 1400 can be one of a variety of types, including handheld portable devices (e.g., iPhone® cellular phones, iPad® computing tablets, PDAs), wearable devices (e.g., Google® Glass head-mounted displays), PCs, workstations, mainframes, information stations, server racks, or any other data processing system.

[0227] Due to the constantly evolving nature of computers and networks, the depiction of the computer system 1400 in the figures is merely a concrete example. Many other configurations with more or fewer components than the system depicted in the figures are possible. For example, custom hardware may be used and / or specific elements may be implemented using hardware, firmware, software (including applets), or a combination thereof. Additionally, connections to other computing devices, such as network input / output devices, may also be employed. Based on the disclosure and teachings provided herein, those skilled in the art will recognize other ways and / or methods for implementing the various embodiments.

[0228] While specific embodiments have been described, various modifications, alterations, alternative constructions, and equivalents are also included within the scope of this disclosure. The embodiments are not limited to operation within certain specific data processing environments, but can be freely operated within multiple data processing environments. Furthermore, although the embodiments have been described using a specific series of transactions and steps, those skilled in the art will understand that the scope of this disclosure is not limited to the described series of transactions and steps. Various features and aspects of the above embodiments can be used individually or in combination.

[0229] Furthermore, while embodiments have been described using specific combinations of hardware and software, it should be recognized that other combinations of hardware and software are also within the scope of this disclosure. Embodiments may be implemented using only hardware, or only software, or a combination thereof. The various processes described herein can be implemented in any combination on the same processor or on different processors. Thus, where a component or service is described as being configured to perform certain operations, such configuration can be accomplished, for example, by designing electronic circuits to perform operations, by programming programmable electronic circuits (such as microprocessors), or any combination thereof. Processes may communicate using various technologies, including but not limited to conventional technologies for inter-process communication, and different pairs of processes may use different technologies, or the same pair of processes may use different technologies at different times.

[0230] Therefore, the specification and drawings are to be considered illustrative rather than restrictive. However, it will be apparent that additions, omissions, deletions, and other modifications and changes can be made thereto without departing from the broader spirit and scope set forth in the claims. Thus, while specific disclosed embodiments have been described, they are not intended to be limiting. Various modifications and equivalents are within the scope of the following claims.

[0231] In the context of describing the disclosed embodiments (particularly in the context of the following claims), the terms "a," "an," and "the," and similar designations, are to be interpreted as covering both singular and plural, unless otherwise indicated herein or obviously contradicted by the context. Unless otherwise stated, the terms "comprising," "having," "including," and "containing" are to be interpreted as open-ended terms (i.e., meaning "including but not limited to"). The term "connected" should be interpreted as partially or wholly contained in, attached to, or joined together, even if something exists in between. Unless otherwise indicated herein, the enumeration of value ranges herein is intended only as a shorthand method for individually referencing each individual value falling within that range, and each individual value is incorporated into the specification as if it were individually enumerated herein. Unless otherwise indicated herein or obviously contradicted by the context, all methods described herein can be performed in any suitable order. The use of any and all examples or exemplary language (e.g., "such as") provided herein is intended only to better illustrate the embodiments and does not constitute a limitation on the scope of this disclosure, unless otherwise stated. Nothing in the specification should be construed as indicating that any unclaimed element is essential to the practice of this disclosure.

[0232] Extractive language, such as the phrase "at least one of X, Y, or Z", is intended to be understood in the context in which items, terms, etc., can be X, Y, or Z, or any combination thereof (e.g., X, Y, and / or Z), unless otherwise expressly stated. Therefore, such extractive language is generally not intended to, and should not, imply that certain embodiments require the presence of at least one of X, at least one of Y, or at least one of Z, each individually.

[0233] This document describes preferred embodiments of the present disclosure, including the best modes known for carrying out the present disclosure. Variations of those preferred embodiments will become apparent to those skilled in the art upon reading the foregoing description. Those skilled in the art should be able to suitably employ such variations and may practice the present disclosure in ways other than those specifically described herein. Thus, the present disclosure includes all modifications and equivalents to the subject matter recited in the appended claims, where permitted by applicable law. Moreover, unless otherwise indicated herein, the present disclosure includes any combination of the foregoing elements in all its possible variations.

[0234] All references cited in this article, including publications, patent applications and patents, are incorporated into this article by reference to the same extent as if each reference individually and specifically indicated to be incorporated by reference and elaborated in full in this article.

[0235] In the foregoing specification, various aspects of this disclosure have been described with reference to specific embodiments thereof, but those skilled in the art will recognize that this disclosure is not limited thereto. The various features and aspects of the foregoing disclosure may be used individually or in combination. Furthermore, embodiments may be used in any number of settings and applications other than those described herein without departing from the broader spirit and scope of this specification. Therefore, this specification and the accompanying drawings should be considered illustrative rather than restrictive.< / realm>

Claims

1. A method comprising: Receive a request from a first customer of a cloud environment provided by a cloud service provider (CSP) for a cluster placement group (CPG), wherein the CPG identifies a first group of requested resources including a first type of resource and a second type of resource requested by the first customer, wherein the first type of resource is different from the second type of resource; Identify availability domains in the cloud environment that include a second set of available resources, which includes all resources included in the first set of requested resources; A set of resources corresponding to the first set of requested resources is allocated from the second set of available resources in the availability domain to the first customer; as well as The set of resources allocated to the first customer is associated with the CPG.

2. The method of claim 1, wherein the first type of resource corresponds to a computing instance, and the second type of resource corresponds to a block storage device.

3. The method of claim 1, wherein the distributing step further comprises: The set of resources is instantiated in the compartment of the first customer's first lease within the cloud environment.

4. The method of claim 3, further comprising: Configure one or more access role policies for the CPG, wherein at least one access role policy grants a second customer associated with a second lease in the cloud environment access to the set of resources instantiated in a compartment contained in the first lease, wherein the second lease is different from the first lease.

5. The method of claim 1, wherein identifying availability domains in the cloud environment further comprises: Identify one or more site groups associated with the availability domain, wherein at least one of the site groups corresponds to a label indicating the physical location of resources contained in the set of resources.

6. The method of claim 5, wherein the one or more site groups are arranged hierarchically, including a first hierarchical level corresponding to a first site group associated with the availability domain, a second hierarchical level corresponding to a building within a data center in the availability domain, and a third hierarchical level corresponding to network resources located in the building within the data center.

7. The method of claim 5, further comprising: The one or more site groups associated with the availability domain are processed sequentially to determine whether each of the one or more site groups is available for provisioning requests. as well as Filter out restricted site groups from the one or more site groups, wherein the restricted site groups cannot be used for supply requests.

8. The method of claim 1, wherein the availability domain comprises a plurality of data centers, each of the plurality of data centers comprising one or more buildings, and wherein the first type of resource corresponds to a computing architecture comprising a plurality of computing instances and / or a GPU architecture comprising a plurality of GPUs hosted in one of the one or more buildings.

9. A computing device, comprising: processor; as well as The memory includes instructions that, when executed by the processor, cause the computing device to at least: Receive a request from a first customer of a cloud environment provided by a cloud service provider (CSP) for a cluster placement group (CPG), wherein the CPG identifies a first group of requested resources including a first type of resource and a second type of resource requested by the first customer, wherein the first type of resource is different from the second type of resource; Identify availability domains in the cloud environment that include a second set of available resources, which includes all resources included in the first set of requested resources; A set of resources corresponding to the first set of requested resources is allocated from the second set of available resources in the availability domain to the first customer; as well as The set of resources allocated to the first customer is associated with the CPG.

10. The computing device of claim 9, wherein the first type of resource corresponds to a computing instance, and the second type of resource corresponds to a block storage device.

11. The computing device of claim 9, wherein the processor is further configured to: The set of resources is instantiated in the compartment of the first customer's first lease within the cloud environment.

12. The computing device of claim 11, wherein the processor is further configured to: Configure one or more access role policies for the CPG, wherein at least one access role policy grants a second customer associated with a second lease in the cloud environment access to the set of resources instantiated in a compartment contained in the first lease, wherein the second lease is different from the first lease.

13. The computing device of claim 11, wherein the processor is further configured to: Identify one or more site groups associated with the availability domain, wherein at least one of the site groups corresponds to a label indicating the physical location of resources contained in the set of resources.

14. The computing device of claim 13, wherein the one or more site groups are arranged hierarchically, including a first hierarchical level corresponding to a first site group associated with the availability domain, a second hierarchical level corresponding to a building within a data center in the availability domain, and a third hierarchical level corresponding to network resources located in the building within the data center.

15. The computing device of claim 13, wherein the processor is further configured to: The one or more site groups associated with the availability domain are processed sequentially to determine whether each of the one or more site groups is available for provisioning requests; and Filter out restricted site groups from the one or more site groups, wherein the restricted site groups cannot be used for supply requests.

16. The computing device of claim 11, wherein the availability domain comprises a plurality of data centers, each of the plurality of data centers comprising one or more buildings, and wherein the first type of resource corresponds to a computing architecture comprising a plurality of computing instances and / or a GPU architecture comprising a plurality of GPUs hosted in one of the one or more buildings.

17. One or more computer-readable non-transitory media storing particular computer-executable instructions, which, when executed by a processor, cause the computer system to at least: Receive a request from a first customer of a cloud environment provided by a cloud service provider (CSP) for a cluster placement group (CPG), wherein the CPG identifies a first group of requested resources including a first type of resource and a second type of resource requested by the first customer, wherein the first type of resource is different from the second type of resource; Identify availability domains in the cloud environment that include a second set of available resources, which includes all resources included in the first set of requested resources; A set of resources corresponding to the first set of requested resources is allocated from the second set of available resources in the availability domain to the first customer; as well as The set of resources allocated to the first customer is associated with the CPG.

18. One or more computer-readable non-transitory media for storing particular computer-executable instructions as claimed in claim 17, wherein the first type of resource corresponds to a computing instance and the second type of resource corresponds to a block storage device.

19. One or more computer-readable non-transitory media storing particular computer-executable instructions as claimed in claim 17, wherein the allocation step further comprises: The set of resources is instantiated in the compartment of the first customer's first lease within the cloud environment.

20. The computer-readable non-transitory medium storing particular computer-executable instructions as described in claim 19, further comprising: Configure one or more access role policies for the CPG, wherein at least one access role policy grants access to the set of resources instantiated in a compartment contained in the first lease to a second customer associated with a second lease in the cloud environment, wherein the second lease is different from the first lease.