US 11,740,923 B2
Architecture of networks with middleboxes
Teemu Koponen, San Francisco, CA (US); Ronghua Zhang, San Jose, CA (US); Pankaj Thakkar, Cupertino, CA (US); and Martin Casado, Portola Valley, CA (US)
Assigned to NICIRA, INC., Palo Alto, CA (US)
Filed by Nicira, Inc., Palo Alto, CA (US)
Filed on Jun. 27, 2022, as Appl. No. 17/850,925.
Application 15/618,951 is a division of application No. 14/595,199, filed on Jan. 12, 2015, granted, now 9,697,033, issued on Jul. 4, 2017.
Application 17/850,925 is a continuation of application No. 17/140,792, filed on Jan. 4, 2021, granted, now 11,372,671.
Application 17/140,792 is a continuation of application No. 16/238,446, filed on Jan. 2, 2019, granted, now 10,884,780, issued on Jan. 5, 2021.
Application 16/238,446 is a continuation of application No. 15/618,951, filed on Jun. 9, 2017, granted, now 10,191,763, issued on Jan. 29, 2019.
Application 14/595,199 is a continuation of application No. 13/678,498, filed on Nov. 15, 2012, granted, now 8,966,024, issued on Feb. 24, 2015.
Claims priority of provisional application 61/560,279, filed on Nov. 15, 2011.
Prior Publication US 2022/0326980 A1, Oct. 13, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 15/177 (2006.01); G06F 9/455 (2018.01); H04L 41/12 (2022.01); H04L 49/00 (2022.01); H04L 67/1008 (2022.01); H04L 41/0813 (2022.01); H04L 41/08 (2022.01); H04L 41/0893 (2022.01); H04L 41/0823 (2022.01); H04L 41/0803 (2022.01); H04L 9/40 (2022.01); H04L 45/74 (2022.01); H04L 61/2503 (2022.01); H04L 41/0806 (2022.01); H04L 61/256 (2022.01); H04L 61/2517 (2022.01); H04L 61/2521 (2022.01); H04L 45/64 (2022.01); H04L 45/02 (2022.01); H04L 49/15 (2022.01)
CPC G06F 9/45558 (2013.01) [G06F 9/455 (2013.01); G06F 9/45533 (2013.01); G06F 15/177 (2013.01); H04L 41/08 (2013.01); H04L 41/0803 (2013.01); H04L 41/0806 (2013.01); H04L 41/0813 (2013.01); H04L 41/0823 (2013.01); H04L 41/0889 (2013.01); H04L 41/0893 (2013.01); H04L 41/12 (2013.01); H04L 45/64 (2013.01); H04L 45/74 (2013.01); H04L 49/70 (2013.01); H04L 61/2503 (2013.01); H04L 61/256 (2013.01); H04L 61/2517 (2013.01); H04L 61/2521 (2013.01); H04L 63/0218 (2013.01); H04L 67/1008 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45595 (2013.01); H04L 45/02 (2013.01); H04L 49/15 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method of performing firewall operations in a data center comprising a plurality of host computers that execute source and destination machines for data message flows, the method comprising:
deploying a set of two or more firewall modules to execute on a set of two or more host computers to implement a plurality of distributed logical firewalls for a plurality of logical networks, each distributed logical firewall for each logical network identified by a different tag, each distributed logical firewall implemented by at least two firewall modules executing on at least two host computers; and
distributing, to the set of host computers, firewall rules for the set of firewall modules executing on the set of host computers to process,
said distributing comprising distributing to at least one firewall module two different sets of firewall rules for two different logical networks, with each particular distributed set of firewall rules for each particular logical network associated with a particular tag of the particular logical network,
each firewall module processing flows associated with a machine that is associated with each particular logical network by using the particular tag of the particular logical network to identify the set of firewall rules for the particular logical network to examine for the flows.