Patent Application
20130238773
In traditional network elements, especially Ethernet, networks operate in a self-operating way by learning about station moves, i.e. as all bridges and network elements learn Layer 2 Mac address. A Media Access Control (MAC) address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies, including Ethernet. Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware. Changing MAC addresses is necessary in network virtualization. It can also be used in the process of exploiting security vulnerabilities. Layer 2 switches us MAC addresses to restrict packet transmission to the intended recipient. However, the effect is not immediate (address learning). Many higher-end switches currently in distribution are Layer 3 switches. Such a switch supports IP multicast and therefore uses the IP address for routing. The switch preserves the MAC address for compatibility but does not need to use it for routing.
An embodiment of the invention may therefore comprise a method of learning a network machine address in a network environment. The network environment may comprise at least one network element and at least one network machine. The method may include the steps of, if a network machine is to be moved from a first server to a second server, sending a notification to all of the network elements of the at least one network element of the network machine move, making an entry into the address table of all of the network elements of the at least one network element of the network machine move and performing the network machine move.
An embodiment of the invention may further comprise a method of synchronized learning of a network machine address change in a network environment. The network environment may comprise a data center having a plurality of network elements. The method may include the steps of sending a message to all network elements in the network environment that one of said network elements will undergo an address move, updating an address table in each of said network elements that receives said notification and moving the network element that is to undergo the address move from a source address to a destination address.
An embodiment of the invention may further comprise a system for learning a network machine address in a network environment. The system may comprise a source virtual machine server element located at a first network address, at least one network switch element, and a destination virtual machine server at second address. An address change in the network environment results in moving virtual machine state information from the source virtual machine to the destination virtual machine and a notification is sent to the at least one network switch element. The notification provides information of the address change.
Whenever a station moves, the new location of the station is learned by all the network elements through which the data traffic traverses from the moved station. This is often referred to as source address based MAC learning. In order to not waste valuable hardware resources, the learned MAC addresses go through a process called aging which essentially invalidates the source MAC entry if no packet has been received for a certain period of time from that particular MAC station. In typical Ethernet networks, this time period is 5 minutes.
Similarly, in layer 3 or IP network elements, the routers learn IP addresses through a variety of learning protocols. In addition, there are protocols defined for cases where the MAC address is known for a station and not the IP address. This is called ARP learning. Accordingly, network elements leaning a variety of Layer 2 or Layer 3 addresses in known in the art.
An additional aspect of the network elements going through re-learning of MAC or IP addresses is handling failure events. A particular link in a network can possibly fail which in turn could affect other network elements downstream to that particular port. At a Layer 2, there are standard protocols defined and adopted by standards bodies. For example, Spanning Tree is a standards protocol that essentially helps eliminate network loops. It also handles the network link failure scenarios in terms of activating alternative paths for traffic to flow by bypassing the failed link. In the process of relearning Layer 2 or Layer 3 addresses there is always the possibility of other stations sending traffic to the station before it is either moved or an alternative path is defined. This is commonly referred to in the industry as a “blackhole”—where the stations new location is not completely learned by all the network elements. For inadvertent network link or station changes, e.g. due to failures, blackholes may be relatively common.
In network environments, it is also common that there are many administrative reasons why a network station or link needs to be moved from one physical or logical association to another part of either a corporate or service provider network. The solutions, protocols and procedures developed to date in the industry do not have efficient solutions for administrator scheduled network link or station changes. The same techniques of being able to slowly re-learn the addresses are adopted. So for bigger network level changes, the network administrator is required to send test packets out across various network elements so that each station is able to re-learn the new location. For scheduled maintenance or other changes, the term used is “outage” instead of a blackhole. However, the result is the same in terms of sent traffic resulting in an abundance of broadcasts and eventually the stations learn through these broadcasts. Eventually the network will regain a steady state.
Network re-learn messages are scheduled and then generated from the control plane for various network elements that are affected by the particular physical or virtual changes. In routing, a control plane is the part of an architecture that is concerned with drawing the network map, or the information in a (possibly augmented) table that defines what to do with incoming packets. Control plane functions, such as participating in protocols, run the architectural control element. In most cases, the table contains a list of destination addresses and the outgoing interface(s) associated with them. Control plane logic also can define certain packets to be discarded, as well as preferential treatment. Virtual routers are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group. A default gateway of a participating host may be assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.
Before the station or virtual machine actually moves, the re-learn messages are sent out to the network elements which contain a time parameter or a flag indicating whether to follow a traditional learning process via broadcast or other control packet ping messages or to follow the time parameter to commit the new station or virtual machine's location.
A source network element also receives a control message indicating the time at which to erase the old entry and/or update the entry with the station or virtual machine's new location. This will ensure that the source network element, destination network element and all of the intermediate network elements commit the change of address information at the same time. Also, this will reduce address unknown broadcasts in a network. Broadcast packets in general bring down network performance and the method of the embodiment of the invention improves network performance.
An administrator will schedule a network element, station or virtual machine address change or move. Upon this scheduling event, short control message are sent out informing all relevant network elements with a message indicating the time period when the new location for the network element, station or virtual machine will be effective. It is understood, that the specified time period can be an absolute time (perhaps recovered from an IEEE 1588 network), some other timing protocol or a relative time from the point at which the message is received by the various relevant network elements. Although an absolute time may be more accurate than a relative time indication, an administrator could choose any indicator suitable to a particular policy.
This reduces resultant network blackhole issues. Further, the number of unknown broadcast messages related to a station or virtual machine move is reduced.
A Layer 2 address may be learned by bypassing the aging process described above. The aging process can be bypassed for specified entries to a fixed time interval either at the time when the address is learned or it can be specified at any time by the control plane to the data plane hardware engine which typically performs address learning.
An embodiment of the invention may comprise a method and apparatus for performing synchronized and time aware learning of network MAC addresses and IP addresses in a networking cloud of many networking equipment items interconnected either over a layer 2 or a layer 3 network.
Blackhole and outage issues may be exacerbated in virtualized environments. This may be the case where the rate at which virtual machines migrate from one location to another is at a very high rate due to various administrative reasons. Typically, in the art, the virtual machine software (administrator) is aware of these virtual machine moves but does not assist the network elements in learning or migration. For example, gratuitous ARP messages may be sent after a destination station is established with the new virtual machine and all the network elements listen to the message to re-learn the station address. If the gratuitous ARP messages get dropped in the network element due to congestion or link failure, a prolonged blackhole period may ensue and may lead to transport level connection disconnects affecting the applications that are running on that particular machine.
The foregoing description of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed, and other modifications and variations may be possible in light of the above teachings. The embodiment was chosen and described in order to best explain the principles of the invention and its practical application to thereby enable others skilled in the art to best utilize the invention in various embodiments and various modifications as are suited to the particular use contemplated. It is intended that the appended claims be construed to include other alternative embodiments of the invention except insofar as limited by the prior art.
