| CPC H04L 12/465 (2013.01) [G06F 9/4401 (2013.01); G06F 9/4416 (2013.01); G06F 21/575 (2013.01); H04L 9/08 (2013.01); H04L 12/4633 (2013.01); H04L 45/22 (2013.01); H04L 45/28 (2013.01); H04L 45/302 (2013.01); H04L 45/64 (2013.01); H04L 63/02 (2013.01); H04L 63/0218 (2013.01); H04L 63/0236 (2013.01); H04L 63/0254 (2013.01); H04L 63/0263 (2013.01); H04L 63/0272 (2013.01); H04L 12/4641 (2013.01)] | 14 Claims |
|
1. A method of operating an overlay networking protocol (ONP) on a group of packet networking devices, the method comprising:
at each given first device of a plurality of packet networking devices, establishing a respective secure application programming interface mechanism (APIM) with one or more respective other devices of the plurality of packet networking devices that are reachable by that given first device for ONP communication; and
for each given first device designated as an ONP tunnel builder device, automatically
maintaining, for each of one or more designated ONP tunnel listener second devices of the respective other devices, a respective pool of combinations of transport addresses and ports that are authorized for ONP tunneling between that ONP tunnel builder device and that second device,
accepting, at one or more inbound interfaces, one or more first packets for transport to a first network destination,
determining a first route toward the first network destination,
when the determined first route passes through a given second device of the ONP tunnel listener devices, and a tunnel has not yet been built for forwarding the first packets, performing a new tunnel creation process comprising
selecting, from the respective pool of combinations of transport addresses and ports for the given second device, an unused first transport address/port combination for a first tunnel to be built to the second device,
contacting a tunnel listener on the given second device, and exchanging information via the APIM with that given second device to establish the first tunnel,
binding the first tunnel to a virtual interface (VIF) to service the first route toward the first network destination for the first packets, and
marking the first transport address/port combination as in use, when the first route directs the first packets to the VIF,
processing the first packets for transport through the first tunnel using the first transport address/port combination, and
forwarding the processed first packets to the given second device through the first tunnel, and
for one or more second packets accepted for transport to a second network destination on a second route through the given second device,
repeating the new tunnel creation process to create a second tunnel to the given second device with a second transport address/port combination from the respective pool, bound to the VIF to service the second route toward the second network destination, and
when the second route directs the second packets to the VIF,
processing the second packets for transport through the second tunnel using the second transport address/port combination, and
forwarding the processed second packets to the given second device through the second tunnel;
wherein the first and second tunnels are concurrently active.
|