| 发明名称 |
Multi-tenant network stack |
| 摘要 |
Multi-tenant network stack techniques are described. In an implementation, a host instantiates an instance of virtual machine that is configured to serve networks service to multiple tenants and corresponding virtual networks. To do so, a framing layer of the virtual machine may be configured to obtain configuration data indicative of topology for a multi-tenant virtual networking environment from a virtual switch of a host device. The framing layer uses the configuration data to construct routing compartments and interfaces as abstractions of each virtual network in accordance with the topology. The routing compartments are isolated from each other and provide a mechanism for applications to process network input/output (I/O) in the context of a specific tenant or virtual network. The single virtual machine is able to provide services and applications to serve multiple tenants that are independent of the underlying virtualization technology. |
| 申请公布号 |
US9405568(B2) |
申请公布日期 |
2016.08.02 |
| 申请号 |
US201314027025 |
申请日期 |
2013.09.13 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Garg Pankaj;Feliz Onur;Hernandez Luis M. |
| 分类号 |
G06F15/173;G06F9/455;H04L12/751;H04L12/24 |
主分类号 |
G06F15/173 |
| 代理机构 |
|
代理人 |
Yee Judy;Minhas Micky |
| 主权项 |
1. A method implemented by a computing device to provide network services to multiple tenants using isolated compartments and interfaces constructed for multiple virtual networks via a single instance of a virtual machine, the method comprising:
instantiating an instance of a virtual machine to support multi-tenant services for multiple virtual networks including at least Virtual Local Area Network (VLAN) based virtualization; exposing configuration data indicative of a topology for the multiple virtual networks serviced by the virtual machine; creating routing compartments and interfaces using a framing layer of the virtual machine, the routing compartments and interfaces created to correspond to each of the multiple virtual networks as indicated by the configuration data to enable handling of network input/output (I/O) in the context of a particular one of the multiple virtual networks and in isolation from other virtual networks serviced by the virtual machine; associating isolation identifiers with the routing compartments and interfaces to form a data structure that is maintained by the framing layer and maps the isolation identifiers to associated routing compartments, the isolation identifiers used to distinguish between and isolate traffic for different compartments and interfaces; and selectively routing network I/O via the routing compartments and interfaces for provision of at least one network service or application, the network I/O routed to compartments and interfaces using the isolation identifiers to match packets to corresponding compartments and interfaces created to handle the packets, including parsing the packets to obtain corresponding isolation identifiers and using the isolation identifiers to look-up routing compartments for the packets designated via the data structure. |
| 地址 |
Redmond WA US |
