US 12,238,066 B2
Edge gateways in disaggregated networks
Deepak Bansal, Bellevue, WA (US); and Gerald Roy Degrace, Atlanta, GA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed on Feb. 18, 2022, as Appl. No. 17/675,999.
Prior Publication US 2023/0269227 A1, Aug. 24, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 12/46 (2006.01)
CPC H04L 63/0245 (2013.01) [H04L 12/4641 (2013.01); H04L 63/0263 (2013.01); H04L 63/0272 (2013.01); H04L 63/08 (2013.01); H04L 63/1458 (2013.01); H04L 2463/142 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A method for processing data packets in a virtualized computing environment comprising a plurality of computing nodes and smart network interface cards (SmartNICs) configured to implement a software defined network (SDN), the computing nodes including a cloud edge node configured to provide at least one cloud edge processing function for incoming data packets, the SmartNICs configured to enable communications between virtual machines within a customer network of the virtualized computing environment and applying associated policies, the method comprising:
receiving, by the cloud edge node from a first SmartNIC, an input data packet generated by performing, by the first SmartNIC, network termination and authentication of a data packet received from a node outside of the virtualized computing environment, the data packet addressed to an endpoint hosted by a virtual machine of the customer network, the SmartNIC comprising a hardware-based acceleration device configured to perform cryptographic and authentication processes of the network termination and authentication using one or more of ASIC logic, ASIC processors, configurable FPGA logic, or FPGA software processor overlays;
applying, by the cloud edge node, security filtering on the input data packet;
identifying, by the cloud edge node based on the input data packet, a target resource within the virtualized computing environment for the input data packet; and
forwarding, by the cloud edge node, the filtered input data packet to a second SmartNIC that is associated with the target resource of the virtualized computing environment;
wherein the second SmartNIC is configured to apply a policy associated with the filtered input data packet and securely transport the filtered input data packet to the endpoint hosted by the virtual machine of the customer network;
wherein the first and second SmartNICs and the cloud edge node are disaggregated from physical dependencies on particular computing nodes that are hosting the virtual machines of the customer network;
wherein the first SmartNIC, cloud edge node, and second SmartNIC are physically distributed in the virtualized computing environment and configured as a logically pooled resource independent of the physical distribution, the logically pooled resource configured to provide disaggregated services for data flows associated with the plurality of computing nodes.