1791 results about "Physical network" patented technology

An embodiment of the exemplary SoftRouter architecture includes two physically separate networks, a control plane network and a data plane network. The data plane network is one physical network for the data traffic, while the control plane network is another physical network for the control traffic. The topology of the data plane network is made up of interconnected forwarding elements (FEs). The topology of the control plane network is made up interconnected control elements (CEs). This physical independence of the control plane network from the data plane network provides for a secure mechanism to communicate among the CEs in the control plane network. In addition, this physical independence provides improved reliability and improved scalability, when compared to the traditional router architecture, where control plane message are in-band with the data plane.

Content networking is an emerging technology, where the requests for content accesses are steered by "content routers" that examine not only the destinations but also content descriptors such as URLs and cookies. In the current deployments of content networking, "content routing" is mostly confined to selecting the most appropriate back-end server in virtualized web server clusters. This invention presents a novel content-based routing architecture that is suitable for global content networking. In this content-based routing architecture, a virtual overlay network called the "virtual content network" is superimposed over the physical network. The content network contains content routers as the nodes and "pathways" as links. The content-based routers at the edge of the content network may be either a gateway to the client domain or a gateway to the server domain whereas the interior ones correspond to the content switches dedicated for steering content requests and replies. The pathways are virtual paths along the physical network that connect the corresponding content routers. The invention is based on tagging content requests at the ingress points. The tags are designed to incorporate several different attributes of the content in the routing process. The path chosen for routing the request is the optimal path and is chosen from multiple paths leading to the replicas of the content.

A layer-3 virtual router connects two or more virtual networks. Virtual networks are overlaid upon physical networks. Each virtual network (VN) is a layer-2 network that appears to expand an organization's LAN using virtual MAC addresses. The network stack forms a virtual-network packet with a virtual gateway MAC address of the virtual router to reach a remote virtual network. A VN device driver shim intercepts packets and their virtual MAC and IP addresses and encapsulates them with physical packets sent over the Internet. A VN switch table is expanded to include entries for nodes on the remote virtual network so that all nodes on both virtual networks are accessible. A copy of the VN switch table is stored on each node by a virtual network management daemon on the node. A Time-To-Live field in the virtual-network packet is decremented for each virtual hop and a checksum recalculated.

In some embodiments, the invention involves protecting network communications in a virtualized platform. An embodiment of the present invention is a system and method relating to protecting network communication flow using packet encoding / certification and the network stack. One embodiment uses a specialized engine or driver in the network stack to encode packets before being sent to physical network controller. The network controller may use a specialized driver to decode the packets, or have a hardware implementation of a decoder. If the decoded packet is certified, the packet is transmitted. Otherwise, the packet is dropped. An embodiment of the present invention utilizes virtualization architecture to implement the network communication paths. Other embodiments are described and claimed.

Certain embodiments of the present invention provide systems and method for automatic inference and adaptation of a virtualized computer environment. Certain embodiments of a system include a virtual topology and traffic inference framework tool adapted to monitor traffic for an application on a virtual network to produce a view of network demands for the application. The system also includes a monitoring tool adapted to monitor performance of an underlying physical network associated with the virtual network using traffic for the application. Further, the system includes an adaptation component adapted to automatically adapt the application to the virtual network based on the measured application traffic, the monitored network performance, and one or more adaptation control algorithms.

A device includes a converged input / output controller that includes a physical target storage media controller, a physical network interface controller and a gateway between the storage media controller and the network interface controller, wherein gateway provides a direct connection for storage traffic and network traffic between the storage media controller and the network interface controller.

Embodiments are provided for implementing control plane functionality to configure a data plane at a plurality of network nodes. A software defined topology (SDT) component is configured to determine a data plane logical topology indicating a plurality of selected nodes and a logical architecture connecting the selected nodes. The data plane logical topology enables traffic delivery for a service or virtual network for an end-customer or operator. A software defined networking (SDN) component is configured to interact with the SDT component and map the data plane logical topology to a physical network. The mapping includes allocating network nodes including the selected nodes and network resources which enable communications for the service or virtual network and meet QoS requirement. A software defined protocol (SDP) component is configured to interact with the SDN and define data plane protocol and process functionality for the network nodes.

A secure virtual network platform connects two or more subnets in different or separate network domains. The secure virtual network can use the under layer physical networks in various domains as an IP forwarding fabric without changing any existing firewalls, security settings, or network topology. A first type of connection across the virtual network involves connecting server groups. A second type of connection across the virtual network involves connecting a server group to a physical network. A third type of connection across the virtual network involves connecting a physical network to another physical network.

This disclosure describes a system for Single Root I / O Virtualization (SR-IOV) pass-thru for network packet processing via a virtualized environment of a device. The system includes a device comprising a virtualized environment and a plurality of virtual machines having a virtual network interface for receiving and transmitting network packets. A driver for the physical network interface of the device creates a plurality of virtual devices corresponding to the physical network interface, which appear as a Peripheral ComponentInterconnect (PCI) device to the virtualized environment. A virtual device of the plurality of virtual devices is assigned via the virtualized environment to each virtual machine of the plurality of virtual machines. The virtual machine uses the virtual device assigned to the virtual machine, to receive and transmit network packets via the physical network interface of the device.

Method of and a compiler for controlling a network based on a logical network model. The network has physical nodes and virtual nodes. The physical nodes are interconnected by physical links in accordance with a physical network layout. The logical network model has logical nodes indicated with a logical node name which refers to at least one physical or at least one virtual node in the network. The method uses a physical forwarding point-of-attachment relation defining physical paths of the physical network in dependence on a physical forwarding policy, a first mapping relation defining how the virtual nodes and the physical nodes are mapped to one another, and a second mapping relation defining how the logical nodes are mapped to the physical nodes and the virtual nodes. The method also includes transforming paths in the physical network to paths between the physical nodes and the virtual nodes.

Methods and systems for determining paths for flows within a multi-stage network made up of clusters of processing nodes. The flow paths may be determined without knowledge of whether or not packets of a particular flow will actually traverse specific ones of the clusters within the multi-stage network. In various implementations, the nodes of the multi-stage network may be coupled to one or more physical network switches through respective physical interfaces and a virtual connectivity grid superimposed thereon and configured through the use of a flow routing framework and system management framework to group the nodes into a number of clusters. The nodes of each cluster are configured to perform similar packet processing functions and the clusters are interconnected through virtual networks to which the nodes are communicatively coupled via virtual interfaces overlaid on top of the physical network interfaces.

A virtual network is overlaid upon physical networks. The virtual network is a layer-2 network that appears to expand an organization's LAN using virtual MAC addresses. A VN device driver shim intercepts LAN packets and their virtual MAC and IP addresses and encapsulates them with physical packets that can be routed over the Internet. As new nodes are created, a VN switch table is expanded so that all nodes on the virtual network can reach the new node. A copy of the VN switch table is stored on each node by a virtual network management daemon on the node. A VN configuration controller in a central server updates the VN switch tables. Organizations can expand their virtual network as nodes are created at remote cloud computing providers without action by the staff at the cloud computing provider. Hybrid cloud virtual networks include on-premises physical and virtual-machine nodes, and off-premises guest nodes and instances.

A method, system, and apparatus for controlling transmission and reception of communications between a plurality of telecommunication devices in a group to allow searching of stored resources is provided. The invention includes a group management module for creating and maintaining association links for each of the plurality of telecommunication devices representing a logical network of devices. The invention also includes a search engine for transmission and reception of communications between the devices in a group, the search engine configured to route a search query from an originating device along the association links to all devices in the group, search stored resources in all devices in the group, and return results of the search query to the originating device, thereby allowing searching of stored resources on all the plurality of telecommunication devices without relying on a centralized server or physical network or wireless network for storing resources.

An engine (TOE) is provided in a virtualized computer system for offloading I / O tasks using any defined protocol such as TCP / IP. The system includes a virtual machine (VM), which has a guest operating system (OS) that runs via a virtual machine monitor (VMM) on a system-level software platform (vmkernel), which also forms the software interface layer to at least one physical network connection device. A TCP / IP stack is included in vmkernel. During normal I / O operation, for sockets associated with TOE, processes in an application layer in the guest OS are able to communicate directly with vmkernel's TCP / IP stack, thereby bypassing the guest OS kernel.

We describe a 3D computer network optimisation tool using network management data including one or more of: network device data including hardware identification data, interface data characterising one or more interfaces of a said network device, firmware identification data for a said network device, operating system identification data for a said network device; information flow data relating to information flow within the network including network device information flow load data and link bandwidth data / statistical information flow data; as well as environmental data for a network device such as temperature or power consumption data and / or physical network device location data. The tool also uses captured network data and sniffer data from communication links; and connectivity of the network devices. A three-dimensional (3D) visualisation module constructs a 3D representation of said network including 3D representations of said network devices in conjunction with a representation of said connectivity in three dimensions.

A method and apparatus are provided for monitoring the physical topology of a network on a real-time basis. For patch panel systems, the approach is based upon a distributed architecture that may be modularly scalable and may allow each patch panel to determine port level connectivity by independently monitoring an out-of-band channel supported by each respective port. The approach provides improved real-time reporting of patch panel connectivity with reduced cabling complexity, increased reliability and decreased maintenance costs. The approach is capable of determining the physical equipment and / or physical location information associated with the respective patch panel ports, in real-time, and thereby provide physical network topology information associated with patch cord connections. The approach is compatible with multipurpose network management systems.

A method for providing support for multi-tenancy in single root input / out virtualization (SR-IOV) enabled physical network interface controller (NIC) is provided. The NIC is associated with a host. The SR-IOV provides a physical function (PF) and a set of virtual functions (VFs) for the NIC. The method at a VF of the physical NIC, receives a mapping table of an overlay network which associates an identification of each of a set of virtual machine (VM) of a tenant on the host to an identification of a tunnel end point on the overlay network. The method receives a transmit packet from a VM connected to the VF and performs a lookup in the mapping table to identify source and destination tunnel end points associated with source and destination VMs in the packet. The method encapsulates the packet, for transmission through the tunnel end point associated with the source VM.

A method for offloading packet encapsulation for an overlay network is provided. The method, at a virtualization software of a host, sends a mapping table of the overlay network to a physical network interface controller (NIC) associated with the host. The mapping table maps the identification of each of a set of virtual machine (VM) of a tenant on the host to an identification of a tunnel on the overlay network. The method, at the virtualization software, receives a packet from a VM of the tenant. The method sends the packet to the physical NIC. The method, at the physical NIC, encapsulates the packet for transmission over the overlay network by using the mapping table. The method of claim also tags the packet by the virtualization software as a packet that requires encapsulation for transmission in the overlay network prior to sending the packet to the physical NIC.

The present invention extends to methods, systems, and computer program products for offloading packet processing for networking device virtualization. A host maintains rule set(s) for a virtual machine, and a physical network interface card (NIC) maintains flow table(s) for the virtual machine. The physical NIC receives and processes a network packet associated with the virtual machine. Processing the network packet includes the physical NIC comparing the network packet with the flow table(s) at the physical NIC. When the network packet matches with a flow in the flow table(s) at the physical NIC, the physical NIC performs an action on the network packet based on the matching flow. Alternatively, when the network packet does not match with a flow in the flow table(s) at the physical NIC, the physical NIC passes the network packet to the host partition for processing against the rule set(s).

Exemplary methods, apparatuses, and systems determine that a first physical network interface controller of a first host computer has lost a client traffic network connection. At least one data compute node running on the first host computer has client traffic transmitted via the client traffic network connection. In response to the loss of the client traffic network connection, one or more host computers each having a physical network interface controller with a functioning network connection for the client traffic are identified. Further in response to the loss of the client traffic network connection, the data compute node is moved to one of the identified host computers. The first host computer utilizes a second physical network interface controller to move data compute node.

Inbound packets received by a physical network adapter of a processing device are routed by evaluating an inbound frame to determine if an inbound frame destination MAC address is associated with the processing device and determining whether the inbound frame should be routed to a corresponding logical interface or to drop the inbound frame if the inbound frame destination MAC address is equal to a virtual MAC address supported by the processing device. If it is determined that the inbound frame should be routed to the corresponding logical interface, then any necessary layer 3 functions are performed and the inbound frame is routed to the corresponding logical interface, thereby combining both layer 2 and layer 3 routing into a single logical function.

The present invention is a method and system for managing a secure local area network wherein the local area network includes a plurality of private networks logically linked to a wireless network having a plurality of wireless access points for isolating data traffic. The system provides authentication of the user devices, segregation of the user device into logical wireless virtual local area networks (WVLANs), and places the private networks into virtual local area networks (VLANs). By linking WVLANs with the appropriate VLANs, the management system provides segregation of user device traffic, as well as private network traffic, despite a shared physical network. By consolidating wireless networks in a multi-tenant environment, the work area of each individual tenant is expanded to a building wide roaming area, and radio frequency interference is reduced. In addition, by coupling together numerous wireless networks a greater roaming capability is created across all managed wireless networks.

A universal gateway that allows data to be transferred between one or more network protocols and one or more control protocols is described. The various protocols can coexist on the same physical network medium or on separate networks. The gateway also provides tunneling of network protocols through a selected protocol, and centralized control of network nodes. By using the gateway, end-users can mesh together traditionally standalone, incompatible, networks into a universally accessible, centrally administered, “super-network.” The gateway provides a centralized node database, support for legacy protocols, a rules engine, and an object-oriented class library interface. Configuration is simplified through automatic device discovery. The centralized node database is managed by an active server node. High reliability access to the centralized node database is enhanced by the system fault tolerance provided by standby server nodes. When used in connection with a power line network, the gateway provides the ability to distribute various types of data streams over the power line. Routing handlers provided by the gateway allow virtually any of the legacy data networking services such as TCP / IP to be routed over the power-line.

A network data monitoring device provides for the flexible, programmable port-to-multi-port steering of data packet traffic between network port pairs, with tap data streams being directed to any of a plurality of monitor ports. The network data monitoring device is constructed utilizing one or more switching integrated circuits programmed to disable layer-2 routing and impose port-to-multiport data packet steering. Physical layer protocol encoding / decoding circuits enable connectivity to physical network media connectors though a system of fail-safe relays. A system controller, preferably implemented by a microprocessor, is connected to all switching integrated circuits and relays for configuration, status and control. Hardware-based logic selectively in complement to the switching integrated circuits provides for the programmable filtering, modification and programmable steering of data packets through the device.

A method and apparatus are provided for monitoring the physical topology of a network on a real-time basis. For patch panel systems, the approach is based upon a distributed architecture that may be modularly scalable and may allow each patch panel to determine port level connectivity by independently monitoring an out-of-band channel supported by each respective port. The approach provides improved real-time reporting of patch panel connectivity with reduced cabling complexity, increased reliability and decreased maintenance costs. The approach is capable of determining the physical equipment and / or physical location information associated with the respective patch panel ports, in real-time, and thereby provide physical network topology information associated with patch cord connections. The approach is compatible with multipurpose network management systems.

The invention is directed to a system for remote monitoring of a space and equipment. The space and equipment may, for example, be a sever room and associated network equipment. The system has network appliances, a server, and a client machine. The server receives data from a network appliance. The server may then deliver an application and data to the client machine for viewing and manipulating the data. The client machine may display the data as a mapping, displaying icons associated with the network appliances. The client machine may also graph the data. Further, the client machine may manipulate the organization of the data, the configuration settings of the network appliances, and store map and graph configurations.

A method for communication among mobile units and vehicular communication apparatus make it possible to automatically establish connection with a party who can provide required information on the basis of an environment or condition change of a driver or a vehicle or in response to a driver's request so as to permit communication with the party. An inter-vehicle communication apparatus of a vehicle acquires information from other mobile units through physical networks while it is moving or stopped, and registers, in a member table, mobile units satisfying predetermined conditions on the basis of the acquired information as the members of different virtual logic networks according to the conditions. In such a state, the inter-vehicle communication apparatus selects one virtual logic network from among a plurality of virtual logic networks on the basis of an environment or condition change of a driver or a vehicle or in response to a driver's request so as to permit communication with the party. The selected virtual logic network is set as an active network to establish connection with a predetermined mobile unit in the active network thereby to request or provide required information from or to the mobile unit.