Abstract: In general, the invention relates to a method for routing a packet. The method includes receiving the packet in a network interface card (NIC), classifying the packet, placing the packet in a receive ring of the NIC, sending the packet to a virtual NIC associated with the receive ring, sending the packet to a first container associated with the virtual NIC, and routing the packet to a packet destination using the first container.

Abstract: A method for testing a network topology. The method includes obtaining the network topology, where the network topology includes a number of nodes connected by at least one link. The method further includes instantiating a number of containers corresponding to the nodes, instantiating a number of virtual network stacks, and instantiating at least one virtual switch corresponding to the at least one link. The containers are subsequently connected to the virtual network stacks using the at least one virtual switch. At least one of the virtual network stacks is then configured to send and receive packets. Finally, the network topology is tested by sending a packet through at least one of the plurality of virtual network stacks and the at least one virtual switch, wherein a result of the testing is used to validate the network topology.

Abstract: In general, the invention relates to a method for processing packets. The method includes receiving a first packet for a first target on a host. Prior to sending the packet to a Network Layer in the host, the method includes determining the first target of the first packet, obtaining a first target ID associated with the first target, obtaining a first virtual network stack (VNS) instance ID using the first target ID, and obtaining a first security configuration parameter using the first VNS instance ID. The method further includes sending the first packet to the Network Layer and processing the first packet in the Network Layer using the first security configuration parameter to obtain a first network processed packet.

Abstract: A method for configuring a packet destination, that includes creating the packet destination on a host, obtaining a network configuration for the packet destination, determining whether the host comprises a virtual network stack, where the virtual network stack includes the network configuration, and assigning the packet destination to the virtual network stack.

Abstract: A method for changing network configuration parameters that includes generating a request to change a network configuration parameter, where the request is generated by a virtual machine, sending the request to a virtual network interface card (VNIC) associated with the virtual machine, sending the request to a VNIC configuration database associated with the VNIC, determining whether the virtual machine is allowed to change the network configuration parameter, if the virtual machine is allowed to change the network configuration parameter, updating the VNIC configuration database and VNIC to reflect the change in the network configuration parameter, and notifying the virtual machine that the change in network configuration parameter is allowed, and if the virtual machine is not allowed to change the network configuration parameter, dropping the request.

Abstract: A method for changing network configuration parameters that includes generating a request to change a network configuration parameter by a user, determining whether the user is allowed to change the network configuration parameter using a network configuration database, if the user is allowed to change the network configuration parameter, updating the network configuration database to reflect the change in the network configuration parameter, updating a container associated with the network configuration parameter to reflect the change in the configuration parameter, and if the user is not allowed to change the network configuration parameter, dropping the request.

Abstract: A method for processing packets that includes receiving a first packet for a first target on a host, prior to sending the packet to a Network Layer in the host, determining the first target of the first packet, obtaining a first target ID associated with the first target, obtaining a first virtual network stack (VNS) instance ID using the first target ID, and obtaining a first VNS Instance parameter using the first VNS instance ID, sending the first packet to the Network Layer, and processing the first packet in the Network Layer using the first VNS Instance parameter to obtain a first network processed packet.

Abstract: A method for processing packets that includes receiving a first packet for a first target by a network interface card (NIC), classifying the first packet, sending the first packet to a first receive ring in the NIC based on the classification of the first packet, sending the first packet to a Network Layer from the first receive ring, sending a first virtual network stack (VNS) Instance ID associated with the first receive ring to the Network Layer, obtaining a first VNS Instance parameter using the first VNS Instance ID, and processing the first packet in the Network Layer using the first VNS Instance parameter to obtain a first network processed packet.

Abstract: A method for processing a packet that includes receiving a packet for a target, classifying the packet, and sending the packet to a receive ring based on the classification. The method also includes obtaining an identifier (ID) associated with the target based on the classification, and sending a request for virtual memory that includes the ID. Furthermore, the method includes determining, using the ID, whether the target has exceeded a virtual memory allocation associated with the target. In addition, the method includes allocating the virtual memory, storing the packet in the virtual memory, and updating the virtual memory allocation associated with the target to reflect the allocation of the virtual memory, all if the target does not exceed the virtual memory allocation. The method further includes waiting until the target is not exceeding the virtual memory allocation if the target exceeds the virtual memory allocation.

Abstract: A method for routing packets includes receiving an outbound packet issued by a first virtual machine, wherein the first virtual machine is located on a host, determining a packet destination associated with the outbound packet, querying a routing table for a routing entry corresponding to the packet destination, wherein the routing table comprises a first routing entry referencing an external host and a second routing entry referencing a second virtual machine, wherein the second virtual machine is located on the host, if the routing entry corresponding to the packet destination is the first routing entry, passing the packet to the external host, and if the routing entry corresponding to the packet destination is the second routing entry, passing the packet to the second virtual machine.

Abstract: A system including a plurality of virtual network interface cards (VNICs); and a Vswitch table associated with a virtual switch, wherein each entry in the Vswitch table is associated with one of the plurality of VNICs, wherein each of the plurality of VNICs is located on the host, and wherein each of the plurality of VNICs is associated with the virtual switch. The first VNIC in the plurality of VNICs is configured to receive a packet associated with a hardware address (HA), determine, using the HA, whether one of the plurality of entries in the Vswitch table is associated with the HA, send the packet to a VNIC associated with HA if one of the plurality of entries in the Vswitch table is associated with the HA, wherein the VNIC is one of the plurality of VNICs.

Abstract: A system includes a first and a second network component, and a bridge. The bridge, which resides a Media Access Control (MAC) layer of a host, includes a bridge component, a first virtual network interface card (VNIC) and a second VNIC, wherein the first VNIC is associated with the first network component and the second VNIC is associated with the second network component. Further, the bridge component is configured to send packets received from the first network component to the second network component and to send packets received from the second network component to the first network component.

Abstract: In an embodiment of the present invention, a first communication packet is assigned to a first communication data structure that is unique to a first connection comprising the first communication packet. A first event list is selected from a database based on a classification of the first communication packet. The first event list identifies a first plurality of communication modules (e.g., socket layer, TCP layer, IP layer, IP security layer, firewall layer, etc.) and an ordering thereof, specific for the needs of the first connection. The first communication packet is processed through the first plurality of communication modules based upon the ordering specified in the first event list. A reference contained in the data structure marks the current packet position though the plurality of communication modules.

Abstract: An improved mechanism for efficiently polling file descriptors in a large scale computer system is disclosed. The polling of the file descriptors is performed by first determining, based upon a set of indication information, which file descriptors are eligible for polling. A file descriptor is eligible for polling if the indication information for that file descriptor indicates that the file associated with that file descriptor might (but does not necessarily) have an event pending. Only if a file descriptor is determined to be eligible will the file descriptor and the file associated with the file descriptor be polled. By polling only the eligible file descriptors in a system, the overhead associated with the polling operation is kept to a minimum. As a result, even in a large scale system with a large number of file descriptors, polling is still performed efficiently.