Browse Prior Art Database

Sanitizing or restoring the source MAC Address of packets received from transparent proxies and solving the problem of inconsistent MAC-Learning by L2 bridges in virtualized environments, at hypervisor level using Open Flow Switches

IP.com Disclosure Number: IPCOM000239524D
Publication Date: 2014-Nov-13
Document File: 5 page(s) / 156K

Publishing Venue

The IP.com Prior Art Database

Abstract

To restore the source MAC Address of packets received from transparent proxies in virtual environment as most of the L2 transparent network services mainly proxy based services change Source MAC of the packets after processing. To solve the problem of inconsistent MAC-Learning by L2 bridges in virtualized environments, at hypervisor level using Open Flow Switches as only one network interface is attached to the L2 bridge in virtual environment unlike in Physical environment.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 32% of the total text.

Document Title:

Sanitizing or restoring the source MAC Address of packets received from transparent proxies and solving the problem of inconsistent MAC-Learning by L2 bridges in virtualized environments, at hypervisor level using Open Flow Switches.

Abstract:

To restore the source MAC Address of packets received from transparent proxies in virtual environment as most of the L2 transparent network services mainly proxy based services change Source MAC of the packets after processing. To solve the problem of inconsistent MAC-Learning by L2 bridges  in virtualized environments, at hypervisor level using Open Flow Switches as only one network interface is attached to the L2 bridge in virtual environment unlike in Physical environment.

Problem statement:

This publication proposes solutions to the two following problems and the problems are explained below with background information.

1. When L3 network services are employed, every new additional L3 network service requires network configuration changes (e.g... IP Address) in the adjoining network elements. To avoid configuration changes upon the insertion of a new network service, L2 transparent network services are normally used. But some of these L2 transparent network services mainly proxy based services change Source MAC of the packets after processing.

2. In physical world, L2 transparent network services appear as L2 bridges to rest of the network and thus avoid the need for IP address changes in rest of the network elements. L2 transparent network services perform their operations while bridging the packets. Being bridges, they don’t need to run any unicast or multicast routing protocols, thereby making them simpler to configure and manage. But when L2 network services are run in virtualized environment, only one network interface is attached to the L2 Bridge unlike in physical environment. So bridging functionality fails as MAC-Learning is inconsistent as all the packets are received.

 

Solution:

The above two problems listed are solved by using the following method. Please refer to the Figure 1 and Figure 2 attached along with this primary document.

The setup used to solve the two problems as depicted in Figures 1 and 2 include

·         Traffic steering controller (TSC) application running on a OF controller.

·         Two compute nodes

o    Hosting virtual machines running L2 transparent network services

o    Hosting virtual machines running Applications to ping traffic across Service VMs.

o    Contains a Traffic steering Accelerator implemented using an Open

Flow Switch.

1.  A global pair of Local MAC Addresses is defined by the Traffic steering controller Application (TSC) running in Open Flow Controller.

 

2.  For each Traffic connection, a pair of private MAC addresses is generated by TSC from the globally maintained pair by incrementing the two LSB bytes as the connections are transient. The first MAC address is used for client side of the connection and the second MAC address is used for server side...