Patents by Inventor Teemu Koponen

Teemu Koponen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Network control system for configuring middleboxes
    Patent number: 9558027
    Abstract: Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.
    Type: Grant
    Filed: January 12, 2015
    Date of Patent: January 31, 2017
    Assignee: NICIRA, INC.
    Inventors: Ronghua Zhang, Teemu Koponen, Pankaj Thakkar, Amar Padmanabhan, Martin Casado
  • Managing forwarding of logical network traffic between physical domains
    Patent number: 9559870
    Abstract: Some embodiments provide a method for a first network controller located at a first physical domain that manages a logical network spanning several physical domains including the first domain. The method detects that connectivity is lost between the first network controller and a second network controller located in a second one of the physical domains. The method identifies a set of forwarding elements managed by the first network controller that implement the logical network. The method instructs the set of forwarding elements to drop packets for the logical network received from forwarding elements in the second physical domain.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: January 31, 2017
    Assignee: NICIRA, INC.
    Inventors: Teemu Koponen, Bruce Davie, Jeremy Stribling
  • Migrating middlebox state for distributed middleboxes
    Patent number: 9552219
    Abstract: A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. The controller configures, in a first host, a first middlebox instance to receive a notification from a migration module before a virtual machine (VM) running in the first host migrates to a second host and to send middlebox state related to the VM to the migration module.
    Type: Grant
    Filed: November 16, 2015
    Date of Patent: January 24, 2017
    Assignee: NICIRA, INC.
    Inventors: Ronghua Zhang, Teemu Koponen, Pankaj Thakkar, Amar Padmanabhan, W. Andrew Lambeth, Martin Casado
  • Detecting an elephant flow based on the size of a packet
    Patent number: 9548924
    Abstract: Some embodiments provide a forwarding element that inspects the size of each of several packets in a data flow to determine whether the data flow is an elephant flow. The forwarding element inspects the size because, in order for the packet to be of a certain size, the data flow had to already have gone through a slow start in which smaller packets are transferred and by definition be an elephant flow. When the forwarding element receives a packet in a data flow, the forwarding element identifies the size of the packet. The forwarding element then determines if the size of the packet is greater than a threshold size. If the size is greater, the forwarding element specifies that the packet's data flow is an elephant flow.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: January 17, 2017
    Assignee: NICIRA, INC.
    Inventors: Justin Pettit, Martin Casado, Teemu Koponen, Bruce Davie, W. Andrew Lambeth
  • Distributed Logical L3 Routing
    Publication number: 20160373355
    Abstract: For a network controller for managing hosts in a network, a method for configuring a host to resolve network addresses is described. The method configures an address resolution module in a host to resolve a network address. The method configures a managed forwarding element in the host to (1) avoid sending a request to resolve the network address to another host by using the address resolution module to resolve the network address and (2) forward packets using the resolved network address.
    Type: Application
    Filed: September 2, 2016
    Publication date: December 22, 2016
    Inventors: Ronghua Zhang, Teemu Koponen, Pankaj Thakkar
  • Network control apparatus and method for creating and modifying logical switching elements
    Patent number: 9525647
    Abstract: A network controller for managing several managed switching elements that forward data in a network that includes the managed switching elements. The network controller is further for creating a logical switching element to be implemented in a set of managed switching elements. The network controller includes a set of modules for receiving input data specifying a logical switching element and for creating, based on the received input data, a set of logical switch constructs for the logical switching element by performing a set of database join operations. At least one of the logical switch constructs is for facilitating non-forwarding behavior of the logical switching element.
    Type: Grant
    Filed: October 7, 2011
    Date of Patent: December 20, 2016
    Assignee: NICIRA, INC.
    Inventors: Teemu Koponen, Pankaj Thakkar, Bryan J. Fulton
  • NETWORK VIRTUALIZATION APPARATUS AND METHOD
    Publication number: 20160359674
    Abstract: A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.
    Type: Application
    Filed: June 3, 2016
    Publication date: December 8, 2016
    Inventors: Teemu Koponen, Pankaj Thakkar, Martin Casado, W. Andrew Lambeth
  • Logical Router Processing by Network Controller
    Publication number: 20160344586
    Abstract: Some embodiments provide a method for a network controller. The method receives configuration data, for a logical router managed by the network controller, that specifies at least one logical port for the logical router. The method automatically generates connected routes for the logical router based on network address ranges specified for the logical ports of the logical router. The method receives a manually input static route for the logical router. The method generates data tuples, for distribution to several managed network elements, based on the connected and static routes for the logical router in order for the several managed network elements to implement the logical router.
    Type: Application
    Filed: August 1, 2016
    Publication date: November 24, 2016
    Inventors: Igor Ganichev, Ronghua Zhang, Teemu Koponen, Gleb Dubovik, Pankaj Thakkar
  • TUNNEL CREATION
    Publication number: 20160308785
    Abstract: A non-transitory machine readable medium storing a program that configures managed forwarding elements to establish tunnels between the managed forwarding elements is described. From a particular managed forwarding element, the program receives information regarding coupling of a network element to the first managed forwarding element. Upon receiving the information, the program generates a set of universal flow entries for configuring another managed forwarding element to establish a tunnel to the particular managed forwarding element.
    Type: Application
    Filed: March 21, 2016
    Publication date: October 20, 2016
    Inventors: Amar Padmanabhan, Pankaj Thakkar, Ronghua Zhang, Teemu Koponen
  • ADDRESS RESOLUTION PROTOCOL SUPPRESSION USING A FLOW-BASED FORWARDING ELEMENT
    Publication number: 20160301655
    Abstract: A method of suppressing ARP packets in a logical network comprising a set of data compute nodes (DCNs). The DCNs are hosted on a set of physical hosts. Each DCN has a protocol address and is connected to a forwarding elements (FE) on the corresponding host. Each FE has a set of flows that specifies a set of conditions to match a set of fields of each received packet and a set of actions to take on a packet that matches the set of conditions. An FE on a physical host receives a packet sent by a first DCN on the physical host and determines that the received packet is an ARP request packet by matching a set of fields in the packet with a set of conditions of a particular flow. The ARP request packet identifies a protocol address of a second DCN on the logical network.
    Type: Application
    Filed: December 3, 2015
    Publication date: October 13, 2016
    Inventors: Harold Vinson C. Lim, Mart Haitjema, Srinivas Neginhal, Pankaj Thakkar, Teemu Koponen, Anupam Chanda, Benjamin L. Pfaff
  • METHOD AND APPARATUS FOR INTERACTING WITH A NETWORK INFORMATION BASE IN A DISTRIBUTED NETWORK CONTROL SYSTEM WITH MULTIPLE CONTROLLER INSTANCES
    Publication number: 20160294627
    Abstract: A control system including several controllers for managing several switching elements. A first controller registers a second controller for receiving a notification when a data tuple changes in a network information base (NIB) storage of the first controller that stores data for managing a set of switching elements. The first controller changes the data tuple in the NIB. The first controller sends the notification to the second controller of the change to the data tuple in the NIB. The first and second controllers operate on two different computing devices. Each controller receives logical control plane data for specifying logical datapath sets and converts the logical control plane data to physical control plane data for enabling the switching elements to implement the logical datapath sets.
    Type: Application
    Filed: June 14, 2016
    Publication date: October 6, 2016
    Inventors: Teemu Koponen, Martin Casado, Jeremy Stribling, Natasha Gude
  • Logical L3 daemon
    Patent number: 9461960
    Abstract: For a network controller for managing hosts in a network, a method for configuring a host to resolve network addresses is described. The method configures an address resolution module in a host to resolve a network address. The method configures a managed forwarding element in the host to (1) avoid sending a request to resolve the network address to another host by using the address resolution module to resolve the network address and (2) forward packets using the resolved network address.
    Type: Grant
    Filed: February 1, 2013
    Date of Patent: October 4, 2016
    Assignee: NICIRA, INC.
    Inventors: Ronghua Zhang, Jesse E. Gross, IV, Teemu Koponen
  • Flow generation from second level controller to first level controller to managed switching element
    Patent number: 9444651
    Abstract: A network control system that includes a first set of network controllers for (i) receiving a logical control plane definition of a logical switching element that couples to both a first set of network hosts in a first domain and a second set of network hosts in a second domain, (ii) translating the logical control plane definition of the logical switching element into a first set of flow entries in a first logical forwarding plane, and (iii) translating the first set of flow entries into a second set of flow entries in a second logical forwarding plane. The network control system includes a second set of network controllers in the first domain for (i) receiving a portion of the second set of flow entries and (ii) translating the portion of the second set of flow entries into a third set of flow entries in a physical control plane.
    Type: Grant
    Filed: August 17, 2012
    Date of Patent: September 13, 2016
    Assignee: NICIRA, INC.
    Inventors: Teemu Koponen, Martin Casado, Pankaj Thakkar, Ronghua Zhang, Daniel J. Wendlandt
  • Unified replication mechanism for fault-tolerance of state
    Patent number: 9432252
    Abstract: A network control system that achieves high availability for forwarding state computation within a controller cluster by replicating different levels of table state between controllers of the controller cluster. To build a highly available controller cluster, the tables for storing the forwarding state are replicated across the controllers. In order to take responsibility for a slice, the slave controller of some embodiments performs merging of replicated state on a slice-by-slice basis. The merging is performed in a manner to prevent disruptions to the network state while the slave controller is updated.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: August 30, 2016
    Assignee: NICIRA, INC.
    Inventors: Teemu Koponen, Alan Shieh, Igor Ganichev
  • Encapsulating Data Packets Using an Adaptive Tunnelling Protocol
    Publication number: 20160248670
    Abstract: Some embodiments of the invention provide a novel method of tunneling data packets. The method establishes a tunnel between a first forwarding element and a second forwarding element. For each data packet directed to the second forwarding element from the first forwarding element, the method encapsulates the data packet with a header that includes a tunnel option. The method then sends the data packet from the first forwarding element to the second forwarding element through the established tunnel. In some embodiments, the data packet is encapsulated using a protocol that is adapted to change with different control plane implementations and the implementations' varying needs for metadata.
    Type: Application
    Filed: May 2, 2016
    Publication date: August 25, 2016
    Inventors: Jesse E. Gross, IV, Teemu Koponen, W. Andrew Lambeth
  • Static routes for logical routers
    Patent number: 9419855
    Abstract: Some embodiments provide a method for a network controller. The method receives configuration data, for a logical router managed by the network controller, that specifies at least one logical port for the logical router. The method automatically generates connected routes for the logical router based on network address ranges specified for the logical ports of the logical router. The method receives a manually input static route for the logical router. The method generates data tuples, for distribution to several managed network elements, based on the connected and static routes for the logical router in order for the several managed network elements to implement the logical router.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: August 16, 2016
    Assignee: NICIRA, INC.
    Inventors: Igor Ganichev, Joseph A. Garcia, Ronghua Zhang, Ansis Atteka, Teemu Koponen
  • EDGE DATAPATH USING INTER-PROCESS TRANSPORT FOR TENANT LOGICAL NETWORKS
    Publication number: 20160226967
    Abstract: A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon. The method inserts TLR identifiers as VLAN tags into the dispatched packets from the datapath daemon so that the network stack can deliver them to the correct TLR-specific namespace.
    Type: Application
    Filed: December 10, 2015
    Publication date: August 4, 2016
    Inventors: Ronghua Zhang, Yong Wang, Teemu Koponen, Jia Yu, Xinhua Hong
  • EDGE DATAPATH USING INTER-PROCESS TRANSPORTS FOR HIGHER NETWORK LAYERS
    Publication number: 20160226960
    Abstract: A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon. Datapath operations at lower layers of the network protocol model are processed by the datapath daemon within its run-to-completion thread, while datapath operations at higher layers of the network protocol model are processed by data plane processes external to the datapath daemon.
    Type: Application
    Filed: December 10, 2015
    Publication date: August 4, 2016
    Inventors: Ronghua Zhang, Yong Wang, Teemu Koponen, Jia Yu, Xinhua Hong
  • Tracing Network Packets Through Logical and Physical Networks
    Publication number: 20160226741
    Abstract: Some embodiments provide a method for a first network controller that manages a set of logical forwarding elements implemented in several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method sends the packet to a second network controller that manages a managed forwarding element associated with the particular source. The method receives a first set of messages regarding operations performed on the packet from a set of network controllers that receives a second set of messages regarding operations performed on the packet from a set of managed forwarding elements that process the packet.
    Type: Application
    Filed: April 12, 2016
    Publication date: August 4, 2016
    Inventors: Igor Ganichev, Pankaj Thakkar, Teemu Koponen, Mo Dong
  • EDGE DATAPATH USING USER-KERNEL TRANSPORTS
    Publication number: 20160226957
    Abstract: A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. In some embodiments, the datapath daemon dispatches packets to other processes or processing threads outside of the daemon. In some embodiments, the datapath daemon dispatches packets to a kernel network stack in order to support packet traffic monitoring.
    Type: Application
    Filed: December 10, 2015
    Publication date: August 4, 2016
    Inventors: Ronghua Zhang, Yong Wang, Teemu Koponen, Michael Hu, Xinhua Hong