US 11,792,138 B2
Centralized processing of north-south traffic for logical network in public cloud
Jia Yu, Sunnyvale, CA (US); Su Wang, Sunnyvale, CA (US); Akshay Katrekar, Mountain View, CA (US); Mukesh Hira, Palo Alto, CA (US); and Saurabh Shah, Mountain View, CA (US)
Assigned to NICIRA, INC., Palo Alto, CA (US)
Filed by Nicira, Inc., Palo Alto, CA (US)
Filed on May 4, 2021, as Appl. No. 17/307,983.
Application 17/307,983 is a continuation of application No. 15/279,394, filed on Sep. 28, 2016, granted, now 11,018,993.
Claims priority of provisional application 62/380,411, filed on Aug. 27, 2016.
Prior Publication US 2021/0258268 A1, Aug. 19, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 12/933 (2013.01); H04L 49/15 (2022.01); H04L 67/10 (2022.01); G06F 15/177 (2006.01); G06F 11/20 (2006.01); G06F 9/455 (2018.01); G06F 11/34 (2006.01); G06F 11/07 (2006.01); G06F 11/14 (2006.01); G06F 11/00 (2006.01); G06F 9/50 (2006.01); H04L 61/2521 (2022.01); H04L 61/2514 (2022.01); H04L 9/40 (2022.01); H04L 41/044 (2022.01); H04L 41/0806 (2022.01); H04L 41/00 (2022.01); H04L 45/00 (2022.01); H04L 47/32 (2022.01); H04L 41/12 (2022.01); H04L 49/00 (2022.01); H04L 67/1097 (2022.01); H04L 12/46 (2006.01); H04L 49/25 (2022.01); H04L 61/2592 (2022.01); H04L 12/66 (2006.01); H04L 61/2539 (2022.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 45/74 (2022.01); H04L 61/256 (2022.01); H04L 47/125 (2022.01); H04L 61/5014 (2022.01)
CPC H04L 49/15 (2013.01) [G06F 9/45533 (2013.01); G06F 9/45558 (2013.01); G06F 9/5072 (2013.01); G06F 11/008 (2013.01); G06F 11/07 (2013.01); G06F 11/0709 (2013.01); G06F 11/0793 (2013.01); G06F 11/1438 (2013.01); G06F 11/1482 (2013.01); G06F 11/2035 (2013.01); G06F 11/3433 (2013.01); G06F 15/177 (2013.01); H04L 9/0819 (2013.01); H04L 9/3213 (2013.01); H04L 12/4633 (2013.01); H04L 12/4641 (2013.01); H04L 12/66 (2013.01); H04L 41/044 (2013.01); H04L 41/0806 (2013.01); H04L 41/12 (2013.01); H04L 41/20 (2013.01); H04L 45/38 (2013.01); H04L 45/72 (2013.01); H04L 45/74 (2013.01); H04L 47/32 (2013.01); H04L 49/25 (2013.01); H04L 49/70 (2013.01); H04L 61/256 (2013.01); H04L 61/2514 (2013.01); H04L 61/2521 (2013.01); H04L 61/2539 (2013.01); H04L 61/2592 (2013.01); H04L 63/0209 (2013.01); H04L 63/029 (2013.01); H04L 63/0236 (2013.01); H04L 63/0263 (2013.01); H04L 63/0272 (2013.01); H04L 63/0428 (2013.01); H04L 63/062 (2013.01); H04L 63/20 (2013.01); H04L 67/10 (2013.01); H04L 67/1097 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45595 (2013.01); H04L 47/125 (2013.01); H04L 61/5014 (2022.05); H04L 2209/24 (2013.01); H04L 2212/00 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method comprising:
at a first data compute node (DCN) configured to execute a gateway first forwarding element for a logical network within a datacenter:
receiving a data packet from a second forwarding element executing on a second DCN in the datacenter, wherein (i) the data packet has a first network address associated with an application executing on the second DCN as its source address, (ii) the second forwarding element performs a first set of operations on the data packet before sending the data packet to a host computer on which the first DCN executes and (iii) a network controller distributes logical network configuration data to configure the first and second forwarding elements;
performing a second set of operations on the data packet according to a logical network configuration for the gateway first forwarding element, the second set of operations comprising translating the first network address to a second network address allocated to the logical network by an administrator of the datacenter; and
sending the data packet to a third forwarding element configured by the administrator of the datacenter, wherein (i) the network controller does not have access to the third forwarding element and other administrator-configured forwarding elements of the datacenter and (ii) the third forwarding element performs a third set of operations on the data packet before sending the data packet to a destination external to the datacenter, the third set of operations comprising translating the second network address to a public third network address.