User-configured on-demand virtual layer-2 network for infrastructure-as-a-service (IaaS) on a hybrid cloud network

摘要

A virtual network is overlaid upon physical networks. The virtual network is a layer-2 network that appears to expand an organization's LAN using virtual MAC addresses. A VN device driver shim intercepts LAN packets and their virtual MAC and IP addresses and encapsulates them with physical packets that can be routed over the Internet. As new nodes are created, a VN switch table is expanded so that all nodes on the virtual network can reach the new node. A copy of the VN switch table is stored on each node by a virtual network management daemon on the node. A VN configuration controller in a central server updates the VN switch tables. Organizations can expand their virtual network as nodes are created at remote cloud computing providers without action by the staff at the cloud computing provider. Hybrid cloud virtual networks include on-premises physical and virtual-machine nodes, and off-premises guest nodes and instances.

主权项

1. A virtual network overlay system comprising:
a virtual network (VN) configuration database for storing virtual network addresses and physical network addresses for a plurality of nodes in a virtual network, the virtual network overlaid upon a plurality of physical networks that include an Internet that routes data using a layer-3 Internet Protocol (IP) network address; a virtual-network configuration process, coupled to receive network-configuration requests from a client operated by a subscriber, for writing a new virtual network address and a new physical network address for a new node being added to the virtual network; wherein applications executing on the new node send data to other nodes in the plurality of nodes using the virtual network addresses and receive data from the virtual network addressed to the new virtual network address; a plurality of VN switch tables, wherein a VN switch table is stored on each node in the virtual network, the VN switch table storing entries for nodes on the virtual network, the entries storing a virtual network address and a physical network address for each node on the virtual network; a VN configuration controller, activated by the virtual-network configuration process when the VN configuration database is updated, the VN configuration controller sending updates of the VN configuration database to the plurality nodes in the virtual network; a plurality of virtual network management daemons running on the plurality of nodes of the virtual network, wherein a virtual network management daemon receives the updates from the VN configuration controller and writes the updates to the VN switch table; wherein each node in the plurality of nodes on the virtual network further comprises:
a network stack that sends data to an application executing on the node when a virtual network address of an incoming packet matches a virtual network address of the node, and the network stack receives data from the application and sends the data to a virtual network address specified by the application;a network interface controller (NIC), coupled to a physical local-area network that routes data using a layer-2 physical network address, for receiving data matching a physical network address for the node, and for sending data to a physical network address, wherein the physical local-area network is connected to the Internet; anda VN device driver shim between the network stack and the NIC, the VN device driver shim intercepting data between the network stack and the NIC, the VN device driver shim intercepting a virtual network address from the network stack and encapsulating data with a physical network address sent to the NIC using the VN switch table,whereby data sent to virtual network addresses of the network stack are encapsulated using physical network addresses of the physical local-area network by the VN device driver shim looking up a translation in the VN switch table.