Tunnel-less SD-WAN

Description

BACKGROUND

In the field of network computing, a wide area network (WAN) system allows companies to incorporate separate local area networks (LANs) as a single effective network. Software-defined wide area networking (SD-WAN) systems are a way of operating such WANs that reduces various network problems such as variations in packet delay, network congestion, and packet loss. SD-WAN systems send data packets (e.g., TCP packets) through managed forwarding nodes (sometimes referred to herein as “nodes” or “MFNs”) of an SD-WAN. The packets are sent from the original source address of the packet to the final destination address through a series of nodes of the SD-WAN.

Some existing SD-WAN systems use IP tunnels. Each network site is provided with an SD-WAN device connected to the LAN. Data packets from one network site to another are sent to the SD-WAN device and encapsulated before being sent to an SD-WAN device of another network site through the nodes. In some existing systems, the encapsulation includes adding additional header to each packet of a packet flow at each node. The headers successively direct the packets to the next node in a path from the original source of the packet to a final destination of the packet. The headers include an inner header with an original source and final destination of the data packet that is prepended when the packet is initially sent and an outer header that includes an address for the next hop of the packet. In such systems, the outer packet is replaced at each hop with a packet identifying a subsequent hop for the packet. Other systems may group packets together and encrypt them. However, such systems may be inefficient as they require every packet to have an outer header removed, analyzed, and replaced with a new header at each successive node. Accordingly, there is a need for more efficient tunnel-less SD-WAN system.

BRIEF SUMMARY

In a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop (e.g., another node, or a destination outside the SD-WAN) along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow. The prepended set of SD-WAN header values is then used to not only forward the first packet through the SD-WAN, but also to create records at each subsequent hop, which are then used to forward subsequent packets of the flow through the SD-WAN. Instead of identifying the entire packet flow, the first hop in the SD-WAN does not identify the entire path for the packet flow in some embodiments, but just identifies the next hop, as each subsequent hop in the SD-WAN has the task of identifying the next hop through the SD-WAN for the packet flow. Also, in some embodiments, each hop also creates records for the reverse flow in order to automatically forward reply packets along a reverse route. In some embodiments, the records comprise a TCP splicing record between two TCP connections of the node.

In some embodiments, the SD-WAN ingress node (referred to below as the “first hop”) generates the initial prepended set of one or more header values as part of a TCP split optimization operation that its TCP splitter (e.g., a TCP splitting machine, module, or server) performs. Under this approach, the packet flow is a TCP flow sent from a source machine outside of the SD-WAN (e.g., from a source computing device, or a source gateway, outside of the SD-WAN). The TCP splitter in some embodiments terminates the TCP connection and starts a new TCP connection to the next hop. That is, as the TCP splitter at each hop has a TCP connection to a previous hop and sets up a new TCP connection to the next hop, a TCP splitter at each hop can also be thought of as a TCP connector.

From the header of the received flow, the TCP splitter identifies (i.e., reads) the destination address of the first TCP packet. In some embodiments, the TCP splitter then identifies the path for the flow through the SD-WAN to a destination machine outside of the SD-WAN (e.g., to a destination computing device, or a destination gateway, outside of the SD-WAN). The TCP splitter then generates a set of SD-WAN header (SDH) values for the flow, each SDH value specifying the network address for a next hop address along the path. In some embodiments, the SDH values are part of a single SDH header, in other embodiments, the SDH values are in multiple headers (e.g., one header per SDH value, etc.). The TCP splitter then sends the generated set of SDH values to the next hop and then sends the first packet and subsequent packets of the TCP flow to the next hop. The set of SDH values are sent ahead of the first TCP packet in some embodiments, while in other embodiments they are prepended to the first packet but not the other packets of the flow. In either case, the tunnel-less SD-WAN system is referred to as a “prepended TCP” system or a “prepended TCP flow” system.

In some embodiments, the TCP splitter of the first hop identifies the path through the SD-WAN by using the header values of the first packet (e.g., its destination network addresses (such as layers 2-4 addresses) and in some cases the source network addresses (such as the layers 2-4 addresses)) to identify a path-traversal rule that specifies one or more possible paths for the TCP splitter to select for the flow through the SD-WAN. As mentioned above, the set of SDH values in some embodiments includes the network address for each subsequent hop along the SD-WAN to reach the flow's destination outside of the SD-WAN. In other embodiments, the first hop TCP splitter only includes in its generated set of SDH values the network address for the next hop, as each subsequent SD-WAN hop in these embodiments identifies the next hop after receiving the prepended packet from a previous hop.

In some of the embodiments where the first hop's prepended header includes the network addresses for each hop along the SD-WAN, each subsequent hop removes its network address from the prepended header, identifies the network address for the next hop along the SD-WAN, creates a record that stores the next-hop's network address for this flow, and forwards the prepended header (e.g., the first packet with the prepended header or the prepended packet flow) along to the next hop when the next hop is another hop along the SD-WAN.

The preceding Summary is intended to serve as a brief introduction to some embodiments of the invention. It is not meant to be an introduction or overview of all inventive subject matter disclosed in this document. The Detailed Description that follows and the Drawings that are referred to in the Detailed Description will further describe the embodiments described in the Summary as well as other embodiments. Accordingly, to understand all the embodiments described by this document, a full review of the Summary, Detailed Description, the Drawings and the Claims is needed. Moreover, the claimed subject matters are not to be limited by the illustrative details in the Summary, Detailed Description and the Drawing.

BRIEF DESCRIPTION OF THE DRAWINGS

The novel features of the invention are set forth in the appended claims. However, for purpose of explanation, several embodiments of the invention are set forth in the following figures.

FIG. 1 conceptually illustrates a process of some embodiments for sending a flow of TCP packets through a tunnel-less SD-WAN.

FIG. 2 illustrates a tunnel-less SD-WAN system.

FIG. 3A illustrates a prior art system for sending packets in tunnels.

FIG. 3B illustrates a path of nodes through a network using a tunnel-less SD-WAN system and data sent through the nodes.

FIG. 4A illustrates data structures for SDH values and TCP packets of some embodiments in which each hop identifies the next hop.

FIG. 4B illustrates a data structure for prepended configuring packets in an alternate embodiment.

FIG. 5 illustrates an example of a managed forwarding node 500 and a controller cluster 560 of some embodiments.

FIG. 6 conceptually illustrates an electronic system with which some embodiments of the invention are implemented.

DETAILED DESCRIPTION

In the following detailed description of the invention, numerous details, examples, and embodiments of the invention are set forth and described. However, it will be clear and apparent to one skilled in the art that the invention is not limited to the embodiments set forth and that the invention may be practiced without some of the specific details and examples discussed.

In a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN (also referred to below as the “first hop”) receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow. The prepended set of SD-WAN header values is then used to not only forward the first packet through the SD-WAN, but also to create records at each subsequent hop, which are then used to forward subsequent packets of the flow through the SD-WAN.

Instead of identifying the entire packet flow, the MFN of the first hop in the SD-WAN does not identify the entire path for the packet flow in some embodiments, but just identifies the next hop, as each subsequent hop in the SD-WAN has the task of identifying the next hop through the SD-WAN for the packet flow. Also, in some embodiments, each hop also creates records for the reverse flow in order to automatically forward reply packets along a reverse route. In some embodiments, the records comprise a TCP splicing record between two TCP connections of the node. In such embodiments, one set of TCP splicing records (per node) may allow both forward and reverse routing. SD-WANs are sometimes referred to herein as “virtual networks.”

Several embodiments will now be described by reference to FIGS. 1-5. In these embodiments, the first hop in the SD-WAN generates the initial prepended set of one or more header values as part of a TCP split optimization operation that its TCP splitter performs. Under this approach, the packet flow is a TCP flow sent from a source machine outside of the SD-WAN (e.g., from a source computing device, or a source gateway, outside of the SD-WAN). The TCP splitter in some embodiments terminates the TCP connection and starts a new TCP connection to the next hop.

In some embodiments, the TCP splitter of the first hop identifies the path through the SD-WAN by using the header values of the first packet (e.g., its destination network addresses (such as layers 2-4 addresses) and in some cases the source network addresses (such as the layers 2-4 addresses)) to identify a path-traversal rule that specifies one or more possible paths for the TCP splitter to select for the flow through the SD-WAN. As mentioned above, the set of SDH values in some embodiments includes the network address for each subsequent hop along the SD-WAN to reach the flow's destination outside of the SD-WAN. In other embodiments, the first hop TCP splitter only includes, in its generated set of SDH values, the network address for the next hop, as each subsequent SD-WAN hop in these embodiments identifies the next hop after receiving the prepended packet from a previous hop.

FIG. 1 conceptually illustrates a process 100 of some embodiments for sending a flow of TCP packets through a tunnel-less SD-WAN. FIG. 1 will be described with references to FIGS. 2 and 3B. FIG. 2 illustrates a virtual network 200. FIG. 2 includes multiple tenant locations at different locations 202a-202f, a tenant location 205 that is a source of a TCP packet flow, a tenant location 225 that is a destination of the TCP packet flow, managed forwarding nodes 204a-204j, network connections 230, 235, 240, and 245, and controllers 250.

Node 204a is a first hop in a tunnel-less SD-WAN route, from tenant location 205 to tenant location 225, through the network 200. Nodes 204b and 204c are subsequent hops in the route. Tenant locations 202a-202f and SD-WAN nodes 204d-204j are included to illustrate that an SD-WAN system generally has multiple network locations and multiple nodes that are not involved in any given TCP flow. The connections within network 200 (e.g., connections 235, 240) represent communicative connections between the nodes that may be selected by the next-hop forwarding rules to define paths through the SD-WAN network. These connections may include their own security protocols, such as IPsec or other such protocols or may use some other data security measure.

The controllers 250 provide forwarding rules and path-selection rules (e.g., next-hop forwarding rules, and in some embodiments other forwarding rules used to determine routes through the network 200) to the managed forwarding nodes 204a-204j. A path selection rule, in some embodiments, has (1) match criteria defined in terms of header values, and (2) one or more paths to destination. In some embodiments, each path has a path identifier, which is looked up in a table to identify all hops along path. Alternatively, a path can be defined directly in the path selection rule. The same node may assign more than one path when it is distributing loads for different flows (e.g., multiple flows with different source addresses and/or different destination addresses).

The active elements of FIG. 2, tenant locations 205 and 225, managed forwarding nodes 204a-204c, and network connections 230, 235, 240, and 245 are further described with respect to the operations of FIG. 1.

FIG. 3A illustrates a prior art system for sending packets in tunnels, which will be described briefly to contrast such a system with the present invention. FIG. 3A includes tenant location 205, connections 230, and 245, managed forwarding node 300 with encapsulation processor 302, managed forwarding nodes 305 and 310, tunnel 315, packets 320A and 320B, inner encapsulation header 322, and outer encapsulation headers 323 and 324. In the prior art shown, the tenant location 205 sends a data flow comprising multiple packets (here, packets 320A and 320B) through a network of managed forwarding nodes 300, 305, and 310 to tenant location 225.

The packets 320A and 320B are initially sent through connection 230 using IPsec for security. The encapsulation processor 302 of managed forwarding node applies an overlay tunnel (represented by tunnel 315) to the packets 320A and 320B. The overlay tunnels in some prior art systems include encryption of the packets being sent. The encapsulation processor 302 also prepends a pair of headers to every packet of the data flow. These two tunnel headers are (1) an inner header 322 that identifies (e.g., by IP address) the ingress MFN 300 and egress MFN 310 for entering and exiting the virtual network, and (2) an outer header 323 that identifies the next hop MFN 305. The outer header 323 includes a source IP address corresponding to MFN 300 and a destination IP address corresponding to the next hop, MFN 305. The inner tunnel header 322, in some embodiments, also includes a tenant identifier (TID) in order to allow multiple different tenants of the virtual network provider to use a common set of MFNs of the virtual network provider.

When, as in FIG. 3A, the path to the egress MFN 310 includes one or more intermediate MFNs (here, MFN 305), the intermediate MFN(s) replace the outer header with an outer header addressed to the next hop. Here, outer header 323 is replaced with outer header 324. The source IP address in the new outer header 324 is the IP address of MFN 305. The intermediate MFN 305 uses the destination IP address in the inner header 322 to perform a route lookup in its routing table to identify the destination IP address of the next hop MFN (here MFN 310) that is on the path to the destination IP address of the inner header. The replacement outer header 324 includes a destination IP address of next hop MFN 310 (as identified through the route table lookup). The managed forwarding node 310 then terminates the tunnel by removing the inner header 322 and outer header 324 from each packet and decrypting the packets before sending them through the connection 245 using IPsec for security.

Some advantages of the present tunnel-less SD-WAN invention include that the present invention does not require replacing an outer encapsulation header in every single packet of a data flow (which could be millions of packets) at every intermediate node, nor does the present invention require a route lookup from a routing table at each intermediate node for every packet of every flow. FIG. 3B illustrates a path of nodes through a virtual network using a tunnel-less SD-WAN system and data sent through the nodes. In addition to the active elements of FIG. 2, FIG. 3B also includes TCP splitter 330, a first packet 340 of a TCP flow, a second packet 342 of the TCP flow routing data 345, SDH headers/routing data 350 and 355, and new headers 360 and 365.

In FIG. 1, the process 100 transmits data through a managed forwarding node with a TCP splitter. The process 100 receives (at 102) a TCP packet flow at the MFN 204a of FIG. 2. The MFN 204a is one of several in the virtual network 200. Each MFN 204a-204c in the virtual network 200 has a cloud forwarding element. In some embodiments, multiple or all of the nodes of the virtual network have TCP splitters. Further description of the managed forwarding nodes of some embodiments is provided with respect to FIG. 5, below. Still further description of virtual networks and managed forwarding nodes can be found in U.S. patent application Ser. No. 15/972,083, filed May 4, 2018, now published as U.S. Patent Publication 2019/0103990, which is incorporated herein by reference. In FIG. 3B, first TCP packet 340 goes from tenant location 205 to node 204a, which is an MFN with a TCP splitter 330. In some embodiments, the TCP splitter is implemented as an operation of an optimization engine of the MFN 204a as described with respect to FIG. 5, below. In FIG. 3B, the final destination address of the TCP flow is a machine or device at the tenant location 225.

After receiving at least the first packet 340, the process 100 of FIG. 1 then identifies (at 104) a route comprising a series of hops through intermediate MFNs to send the TCP flow to the destination address. The process 100 identifies the route through the MFNs based on the initial MFN and the destination of the TCP flow, in some embodiments.

The process 100 of FIG. 1 then establishes (at 106) a new TCP connection to the MFN of the second hop, stores a connection tracking record associating the TCP connection on which the first packet was received with the new TCP connection, and sends the SDH values from the first hop (i.e., the MFN with the TCP splitter) to the MFN identified as the second hop. A TCP connection between two machines or devices includes an IP address and port address for each machine/device. The combination of an IP address and port address is sometimes called a “socket”, so a TCP connection has a socket at the source machine and another socket at the destination machine. TCP connection data for each TCP packet is stored in the header of the TCP packet. The set of data identifying the connection used by the packet is referred to as a tuple. Some embodiments identify connections using a 4-tuple (source IP address, source port, destination IP address, and destination port), other embodiments identify connections using a 5-tuple (the same values as the 4-tuple plus a value identifying a protocol of the packet). Storing the connection tracking record (of operation 106 of FIG. 1) associates the TCP connection from the branch 205 (of Figure #3b) to MFN 204a with the new connection from MFN 204a to MFN 204b by storing (e.g., in a connection tracking record storage of the MFN 204a) a 5-tuple or in some embodiments a 4-tuple, identifying the incoming connection and a 5-tuple (or 4-tuple) identifying the new connection in a single connection tracking record. One of ordinary skill in the art will understand that in some embodiments, some information of the tracking record may be stored implicitly. For example, some embodiments omit the protocol value from the connection tracking record and/or omit the IP address of the MFN itself (e.g., in cases where the MFN has only one IP address, every incoming packet will have that IP address as its destination and every outgoing packet will have that IP address as its source, though different connections could use different ports of the MFN).

After (or in some embodiments, before) storing the connection tracking record, the MFN 204a sends SD-WAN headers to MFN 204b. Unlike the encapsulation headers of the prior art overlay tunnel, the SDH values are not added to every packet in the TCP flow, instead the SDH values are sent only once for the TCP flow. In some embodiments, the SDH values are sent ahead of the first packet of the TCP flow. In other embodiments, the SDH values are sent prepended to only the first packet of the TCP flow (e.g., prepended to the payload of the first packet or prepended as additional headers of the first packet 340 of FIG. 3). In either case, the tunnel-less SD-WAN system may be referred to as a “prepended TCP” system or “prepended TCP flow” system because the SDH values are prepended to the flow rather than to the individual packets. As the SDH values are only sent once, the second packet 342 and any subsequent packets of the same flow (not shown) are sent without prepending headers to those packets.

In FIG. 3B, new header 360 and SDH headers 350 and 355 are shown preceding (e.g., prepended to, or sent ahead of, the first packet) the packet 340 out of node 204a. The new header 360 identifies the TCP connection between MFNs 204a and 204b. Specifically, it is a header with a 5-tuple that includes (as the source address) an IP address and port address of MFN 204a and (as the destination address) an IP and port address of MFN 204b and a protocol of the packet. SDH 350 identifies node 204c as the next hop after node 204b, SDH 355 identifies the original destination IP address in tenant location 225 as the next destination after node 204c. In the illustrated embodiment, the SDH values are sent out in the same order as the nodes they identify. However, they may be sent in other orders in other embodiments.

The routing data 345, stored in the node 204a, identifies node 204b as the next hop after node 204a. In some embodiments, the routing data 345 for the TCP connection to the next hop is stored as part of the connection tracking record pairing (e.g., splicing) (a) the incoming TCP connection (of the node 204a) through which the packet 340 was received from a machine or device at tenant location 205 with (b) the TCP connection (of node 204a) to node 204b. In some embodiments, each flow uses a separate TCP connection between each pair of selected MFNs in the planned route. In some embodiments, there is also a separate TCP connection between the branch office 205 and the first hop MFN 204a and/or another separate TCP connection between the final hop MFN 204c and the branch office 225.

Each flow in some embodiments (i.e., each set of packets with the same original source and destination addresses) receives its own set of TCP connections between MFNs. A second flow (either from the same source address to a different destination address, from a different source address to the same destination address, or from a different source and different destination addresses as the first flow) in some embodiments can pass through one, some, or all of the same MFNs as the first flow, but every TCP connection that the second flow uses will be different from any connection that the first flow uses. One of ordinary skill in the art will understand that in some embodiments, different connections may have some values in common, for example, two connections between the same pair of MFNs could use the same IP and port address at the first MFN and still be separate connections so long as each connection's IP and/or port address at the second MFN are different. However, in some embodiments, the SD-WAN may reserve a particular IP address and port address for a particular flow rather than allowing multiple connections of multiple flows to use that particular IP address and port address.

More specifically, splicing two TCP connections of a node together configures the node so that, for any packet coming in with a header identifying a 5-tuple of one TCP connection (which will be called “the first connection” here, while the other TCP connection of the splice will be called “the second connection” for clarity) the header specifying the first connection will be replaced with a header specifying the second connection. Such a replacement may be performed using a match-action rule in some embodiments. In such embodiments, incoming packets whose headers include 5-tuples that match the stored 5-tuple of a connection tracking record trigger an action to replace the header with a header that includes the 5-tuple of the other connection stored in the connection tracking record.

After the old header is replaced with a new header (e.g., header 360 being replaced with header 365 at MFN 204b), the packet is sent on toward the subsequent MFN (e.g., MFN 204c). In some embodiments, TCP splicing also configures the node to receive and then forward reply packets. The reply packets will be received at the second connection and forwarded through the first connection to the “next hop” of the reply packets, which is the same MFN as the “prior hop” for packets in the original direction. In some embodiments that use a match-action rule, the match-action rules apply in both directions, but with match and action reversed for reply packets. That is, for packets of the original packet flow, the match attribute corresponds to the first connection and the action attribute corresponds to the second connection, while for packets of the reply packet flow, the match attribute corresponds to the second connection (with source and destination reversed from the action attribute of the original packet flow) and the action attribute corresponds to the first connection (with the source and destination reversed from the match attribute of the original packet flow).

Although the embodiments of the above description implement forwarding using connection tracking records and TCP socket splicing, in other embodiments, the routing data 345 is stored in some other format that identifies node 204b as the next hop for the TCP flow. Details about how the nodes splice the TCP connections and the contents of the SDH headers 350 and 355 and the first packet 340 for some embodiments are described with respect to FIG. 4, below.

The process 100, of FIG. 1, then sends (at 108) the 2nd and subsequent packets of the TCP flow from the MFN of the first hop to the MFN identified as the second hop. The 2nd and subsequent packets also have their headers replaced at the MFN of each hop. An example of this is shown in FIG. 3B, in which second packet 342 receives the same new header 360 at MFN 204a as the first packet 340, although not the SMH headers 350 and 355.

Before receiving the second packet 342, the MFN of the second hop 204b receives and processes the first packet 340 and its SDH headers 350 and 355 previously sent from the MFN 204a of the first hop. As shown in FIG. 1, the process 100 receives (at 110) the SDH values at the MFN of the next hop. The process 100 then establishes (at 112) a new TCP connection to the MFN identified as the MFN of the next hop by the SDH values and stores a connection tracking record that associates the connection of the incoming packets with the new connection. In some embodiments, the SDH values identify an IP address of the MFN of the next hop. In other embodiments, the SDH values provide a node identifier value that the MFN (e.g., the TCP connector of the MFN) uses to determine an IP address of the next hop MFN. In FIG. 3B, node 204b stores routing data (e.g., a 4-tuple or 5-tuple for the connection to the MFN of the next hop) corresponding to SDH 350, which identifies node 204c as the next hop for the TCP flow. In some embodiments, this routing data is stored as part of the connection tracking record in a connection tracking record storage of the MFN. In some embodiments, the connection tracking record also includes data identifying the incoming connection from which the packet 340 and its SDH headers 350 and 355 were received. To clarify that the routing data 350 stored at node 204b includes the connection identified in the SDH 350, they are both labeled with the same item number. However, one of ordinary skill in the art will understand that the format in which the routing data 350 is stored may be different in some embodiments than the format of the SDH 350. In some embodiments, as mentioned, the routing data 350 for the next hop is stored in a connection tracking record. In other embodiments, the routing data 350 is stored in some other format (e.g., a set of rules in some format) that identifies node 204b as the next hop for the TCP flow.

In the illustrated embodiment of FIG. 1, the MFN of the first hop identifies the specific MFNs of the route, but does not specify what port addresses each MFN should use to connect to the subsequent MFNs. Furthermore, in some such embodiments, where an MFN may have more than one IP address, the MFN of the first hop may specify the MFNs of the route without determining what IP address each MFN should use to connect to the MFN of the next hop. In other such embodiments, the first hop MFN may specify IP addresses for each subsequent hop, but still leave the port address determination to the subsequent MFNs. However, in other embodiments, rather than the initial MFN planning the entire route and sending out headers for each MFN along with a flow identifier (e.g., the original source and destination addresses of the packet flow), the MFN of the initial hop sends out just the flow identifier and each MFN identifies the next MFN on the route (or, for the last MFN of the route, determines that the MFN should connect to the final destination).

The process 100 of FIG. 1 then sends (at 114) the SDH values from the present MFN to the MFN at the next hop of the SD-WAN path, after removing the SDH values that identify the present node. In FIG. 3B, node 204b sends the packet 340 and SDH 355 to node 204c after removing SDH 350 and replacing header 360 with new header 365. In some embodiments, rather than reading and removing a leading SDH and sending the remaining SDHs on, each MFN sends all the SDHs and the SDHs include a pointer value that identifies the SDH values for the MFN receiving the SDHs to use. The receiving SDH then uses the SDH values identified by the pointer and updates the pointer value to point at the SDH values for the subsequent MFN before sending the entire set of SDHs on.

The process 100 of FIG. 1 then receives (at 116) the subsequent packets of the TCP flow and sends (at 118) the TCP flow to the next hop. In FIG. 3, MFN 204b receives second packet 342 and sends it to MFN 204c after replacing header 360 with header 365.

The process 100 repeats operations 110-118 at each node of the path until the SDH values and TCP packets reach the last node of the SD-WAN path before the final destination of the TCP flow. In FIG. 3B, the last node of the SD-WAN path is node 204c, which stores (at 112) routing data 355 corresponding to SDH 355 in the same manner as node 204b stores routing data 350. Since the “next hop” of the last node 204c is the destination IP at tenant location 225, there are no more SD-WAN nodes in the path. Therefore, node 204c skips operation 114 (of FIG. 1) and does not send out an SDH, but does send TCP packets 340, 342, and others in the flow (not shown) to the destination tenant location 225. The destination IP address receives (at 116) the TCP packets.

In some embodiments, the MFN 204c of the last hop restores the original header of the packets so that any firewalls and/or other analysis applications will identify the flow as originating from tenant location 205. In some embodiments, the MFN 204c sends the TCP packets of the flow to the edge gateway of the destination tenant location 225 through an IPsec connection. In some embodiments, the edge gateway creates a connection tracking record that maps the 5-tuple (or 4-tuple) of the received flow to the IPsec connection with the MFN 204c that forwarded the flow to the edge gateway. The edge gateway then uses the connection tracking record, when sending a reverse flow from the destination machine of the original flow to the source machine of the original flow, in order to forward the reverse flow to the correct MFN 204c, now acting as the ingress node, to the virtual network, for the reverse flow. The MFN 204c then uses its connection tracking record to select the connection with the MFN 204b to forward the reverse flow to the MFN 204b, which then uses its connection tracking record to forward the reverse flow to the MFN 204a. The MFN 204a then replaces the original header of the reverse flow (i.e., a 4-tuple or 5-tuple corresponding to the original header of the original flow, but with the source and destination addresses swapped) and forwards the reverse flow packets to the edge gateway of the tenant location 205 for forwarding to the original source machine. The edge gateway of the tenant location 205, in some embodiments, may also maintain a connection tracking record that associates the IPsec connection initially used to send the original packet flow to MFN 204a with the original packet flow header (5-tuple or 4-tuple) in order to consistently send packets of that flow to the same ingress MFN 204a, in some embodiments.

The connection tracking record of the last hop 204c may be different from the connection tracking records in the MFNs of the intermediate MFNs (e.g., MFN 204b) in some embodiments. In such embodiments, the final hop MFN 204c replaces the header 365 of each packet with the original header, rather than a header representing a connection between the MFN 204c and the edge gateway of tenant location 225. The connection tracking record of the egress MFN 204c may also include additional data identifying the IPsec connection to the edge gateway of tenant location 225 in some embodiments. Similarly, in some embodiments, the connection tracking record of the ingress MFN 204a may include additional data identifying the IPsec connection between the edge gateway of tenant location 205 and the ingress MFN 204a in order to send reply packets through the correct IPsec.

As mentioned above, in the embodiment of FIG. 1, the MFN of the first hop identifies the route through the virtual network 200 and sends SDHs that directly identify the subsequent hops to each hop of the identified route with a subsequent hop (and the final destination to the final hop of the route). However, in other embodiments, at each hop, the MFN identifies the subsequent hop, e.g., based on data in the configuration packet that does not directly identify the subsequent hop for each MFN.

FIG. 4A illustrates data structures for SDH values and TCP packets of some embodiments in which each hop identifies the next hop. FIG. 4A shows a first packet 400 of a TCP flow in the format it is initially sent from a device outside the SD-WAN, a prepended configuring packet 402 with edited payload 404, and a second packet 406 in the format of the second and subsequent packets as they pass through the SD-WAN.

The first packet 400 as sent from the source (e.g., from a device or machine at a tenant location through an edge gateway, sometimes called an “edge node” or “edge forwarding node,” of the tenant location) is formatted as an ordinary TCP packet sent from one device/machine to another. It includes an original header 405, with source and destination addresses corresponding to the original source and destination machines/devices. However, one of ordinary skill in the art will understand that when the packet is sent from the tenant location, the source and destination addresses may have been translated from internal addresses of machines/devices at the client network to external addresses by passing through an edge gateway of the tenant locations with a network address translation (NAT) system.

When the packet 400 is received at a first hop, the node at the first hop reformats the first packet 400 as a prepended configuring packet 402. As mentioned above with respect to FIGS. 3A and 3B, the node of the first hop creates a TCP connection to the node of the next hop. The node of the first hop then generates the prepended configuration packet 402 by replacing the original header 405 with a new header 415 identifying the first hop as the source and the next hop as the destination. The new header 415 allows packets to be sent between the first hop and the next hop. The node of the first hop then appends the original header 405 (or in some embodiments a subset of the values of the original header 405 or another flow identifier that identifies the flow) as part of the data payload 404 for the configuring packet. In some embodiments, the header values are not prepended to the payload of the packet, but are prepended elsewhere, for example, as additional headers or metadata of an existing TCP header, etc. In some such embodiments, the original header 405 data comprises a fixed number of byte (e.g., 12, 16, 32, 40, 64, etc.).

In the embodiments illustrated in FIG. 4A, at each subsequent hop, the node of that hop reads the original header 405 from the data payload 404. Based on the original header 405 data, the subsequent hop identifies a next subsequent hop through which to route a TCP flow between the original source and destination. The node at the subsequent hop sets up a TCP connection between that node and the node of the next subsequent hop. The node replaces the new header 415 with another new header 415 with the subsequent hop as the source and the next subsequent hop as the destination. The node then sends the packet 402 to the next subsequent hop. This continues until the packet 402 reaches the last node in its route through the SD-WAN. The last node removes the original header 405 data from the payload 404, recreating the payload 410. In some embodiments, the last node sets the original destination address as the destination address of the packet. In some embodiments, the last node sets the original source address as the source address of the packet, completing the recreation of the first packet 400 as sent from the source (or in some embodiments, as sent from the edge gateway of the original tenant location).

Recreating the original packet 400 entirely has advantages, for example, by using the original source address, firewalls of the destination tenant location can identify the packets as originating from an allowed address, etc. However, in alternate embodiments, there may be some differences between the original packet 400 when it is sent from the first tenant location and when it is sent from the node at the least hop in the SD-WAN path. For example, in some embodiments the node may edit the packet to use the last hop as the source address.

Once the prepended configuring packet is sent, the second packet 406 (and subsequent packets) receive new headers 415 at each hop that are the same as the new headers 415 received by the prepended configuring packet 402. However, as the TCP connections between the nodes at the hops along the route had already been set up in response to the prepended configuring packet 402, the second packet 406 (and subsequent packets) are sent along at each hop with the same payload 420 as they were originally sent with from the original source.

FIG. 4B illustrates a data structure for prepended configuring packets in an alternate embodiment in which the entire path through the SD-WAN is determined by the node of the first hop. FIG. 4B shows a prepended configuring packet 430 with an edited payload 434. In this embodiment, in addition to prepending the original header 405 data (or a subset thereof) the first hop prepends a set of one or more hop identifiers (IDs) 440. In this embodiment, the first hop prepends the hop IDs 440 to the payload 410 along with the original header 405 data (or other flow identifier). Then at each subsequent hop, the node of that hop uses the set of hop IDs 440 to generate a TCP connection to the next subsequent hop, before removing the hop ID for itself from the set of hop IDs 440 before sending the packet on to the next subsequent hop. As described with respect to FIG. 4A, each node provides new headers 415 to replace the previous header of the packet 430 with source and destination addresses corresponding to the hop that the packet is being sent on. Similarly, the second packet 406 (and subsequent packets) do not need path configuring data in this embodiment as the nodes have set up the TCP connections based on the prepended configuring packet.

Various embodiments may provide the hop IDs 440 (of FIG. 4B) in various different formats. Some embodiments provide each identifier as an IP address and port address of the next subsequent hop. Other embodiments provide an identifier that specifies the next hop as being a particular node in the network, with the current node determining IP and port addresses based on a lookup table for nodes in the network. As previously mentioned, in some embodiments, rather than reformatting an existing first packet of a TCP flow, the node at the first hop generates a separate configuring packet that identifies the flow and includes identifiers of the subsequent hops. The node then sends this configuring packet out before sending the first packet out without prepending anything to its payload in a similar manner to the second packet 406 of FIG. 4A.

In multi-tenant networks, of some embodiments, routing depends on a tenant ID. In such networks, metadata identifying the tenant (and in some cases additional data) are included in the configuring packet 430, either as metadata of the new header 415, as part of the data prepended in the payload 434 for the configuring packet 430, or elsewhere in the configuring packet 430. For example, in some embodiments, each header has a TLV (type, length, value) structure. This allows adding any number of flexible fields. For example, in some embodiments, the header data includes fields with type “tenant ID” with a specific length and a value that identifies the particular tenant from which the data flow originates, in addition to fields that identify next hop or other values described above. In some embodiments, the TCP connections between each two consecutive hops result in the metadata (identifying a particular tenant) being implicitly part of the TCP stream defined by the packets' source and destination address tuples.

The virtual network 200 described with respect to FIGS. 2 and 3B includes managed forwarding node 204a with a TCP splitter and other managed forwarding nodes. In some embodiments, multiple nodes may implement TCP splitters. In some such embodiments, the nodes include elements such as an optimization engine that performs the TCP splitting. Furthermore, in some embodiments all nodes include an optimization engine or some other element that performs TCP splitting. Additionally, in some embodiments, machines or devices of the tenant locations may include elements that perform TCP splitting.

FIG. 5 illustrates an example of a managed forwarding node 500 and a controller cluster 560 of some embodiments. In some embodiments, each managed forwarding node 500 is a machine (e.g., a VM or container) that executes on a host computer in a public cloud datacenter. In other embodiments, each managed forwarding node 500 is implemented by multiple machines (e.g., multiple VMs or containers) that execute on the same host computer in one public cloud datacenter. In still other embodiments, two or more components of one MFN can be implemented by two or more machines executing on two or more host computers in one or more public cloud datacenters.

In some embodiments, a logically centralized controller cluster 560 (e.g., a set of one or more controller servers) operates inside or outside of one or more public clouds, and configure the public-cloud components of the managed forwarding nodes 500 to implement the virtual network 200 (and in some embodiments, other virtual networks for other tenants) over the public clouds. In some embodiments, the controllers in this cluster are at various different locations (e.g., are in different public cloud datacenters) in order to improve redundancy and high availability. The controller cluster in some embodiments scales up or down the number of public cloud components that are used to establish the virtual network 200, or the compute or network resources allocated to these components.

As shown, the managed forwarding node 500 includes one or more optimization engines 520, edge gateways including branch gateway 525 and remote device gateway 532, and a cloud forwarding element 535 (e.g., a cloud router). In some embodiments, each of these components 520-535 can be implemented as a cluster of two or more components. The optimization engines 520 receive data from and send data to the Internet 502, the cloud forwarding element 535, branch gateway 525 and remote device gateway 532.

The controller cluster 560 in some embodiments can dynamically scale up or down each component cluster (1) to add or remove machines (e.g., VMs or containers) to implement each component's functionality and/or (2) to add or remove compute and/or network resources to the previously deployed machines that implement that cluster's components. As such, each deployed MFN 500 in a public cloud datacenter can be viewed as a cluster of MFNs, or it can be viewed as a node that includes multiple different component clusters that perform different operations of the MFN.

Also, in some embodiments, the controller cluster deploys different sets of MFNs in the public cloud datacenters for different tenants for which the controller cluster defines virtual networks over the public cloud datacenters. In this approach, the virtual networks of any two tenants do not share any MFN. However, in the embodiments described below, each MFN can be used to implement different virtual networks for different tenants. One of ordinary skill will realize that in other embodiments the controller cluster 560 can implement the virtual network of each tenant of a first set of tenants with its own dedicated set of deployed MFNs, while implementing the virtual network of each tenant of a second set of tenants with a shared set of deployed MFNs.

In some embodiments, the branch gateway 525 and remote device gateway 532 establish secure VPN connections respectively with one or more branch offices, such as branch office 205, and remote devices (e.g., mobile devices 202c) that connect to the MFN 500, as shown in FIG. 5. The connection from the branch gateway 525 to the branch office 205, in some embodiments, goes through an edge gateway 570 of the branch office 205. The edge gateway 570 passes the data to and from host machines 575 of the branch office 205 and, through the host machines 575, to virtual machines 580 of the host machines 575.

One example of such VPN connections is IPsec connections as mentioned with respect to FIGS. 3A and 3B. However, one of ordinary skill will realize that in other embodiments, such gateways 525 and/or 532 establish different types of VPN connections.

In the example illustrated in FIG. 5, the MFN 500 is shown to include one or more L4-L7 optimization engines 520. One of ordinary skill will realize that in other embodiments, the MFN 500 includes other middlebox engines for performing other middlebox operations.

The optimization engine 520 executes novel processes that optimize the forwarding of the entity's data messages to their destinations for best end-to-end performance and reliability. Some of these processes implement proprietary high-performance networking protocols, free from the current network protocol ossification. For example, in some embodiments, the optimization engine 520 optimizes end-to-end TCP rates through intermediate TCP splitting and/or termination. In some embodiments, an optimization engine 520, some other component of the node 500, and/or some component of the VNP central control determines an identified routing path for each pair of data message endpoints. This may be a routing path that is deemed optimal based on a set of optimization criteria, e.g., it is the fastest routing path, the shortest routing path, or the path that least uses the Internet.

The cloud forwarding element 535 is the MFN engine that is responsible for forwarding a data message flow to the next hop MFN's cloud forwarding element (CFE) when the data message flow has to traverse to another public cloud to reach its destination, or to an egress router in the same public cloud when the data message flow can reach its destination through the same public cloud. In some embodiments, the CFE 535 of the MFN 500 is a software router.

To forward the data messages, the CFE encapsulates the messages with tunnel headers. Different embodiments use different approaches to encapsulate the data messages with tunnel headers. Some embodiments described below use one tunnel header to identify network ingress/egress addresses for entering and exiting the virtual network, and use another tunnel header to identify next hop MFNs when a data message has to traverse one or more intermediate MFN to reach the egress MFN.

As mentioned with respect to FIG. 3A, in some prior art virtual networks, the managed forwarding nodes send data packets encapsulated with tunnel headers. In some such prior art virtual networks, the CFE sends each packet of the data message with two tunnel headers (1) an inner header that identifies an ingress CFE and egress CFE for entering and exiting the virtual network, and (2) an outer header that identifies the next hop CFE. The inner tunnel header in some prior art systems also includes a tenant identifier (TID) in order to allow multiple different tenants of the virtual network provider to use a common set of MFN CFEs of the virtual network provider. However, in some embodiments of the present invention, rather than sending tunnel headers with each packet of a data message, a TCP splitter of an initial MFN provides a single set of SD-WAN header values for an entire flow, as described with respect to FIGS. 1-4.

Different embodiments define neighboring nodes differently. For a particular MFN in one public cloud datacenter of a particular public cloud provider, a neighboring node in some embodiments includes (1) any other MFN that operates in any public cloud datacenter of the particular public cloud provider, and (2) any other MFN that operates in another public cloud provider's datacenter that is within the same “region” as the particular MFN.

Although the above figures were described with respect to TCP packets, TCP splitters, TCP flows, TCP connections, etc. one of ordinary skill in the art will understand that in other embodiments, other packet protocols (e.g., UDP, ICMP, etc.) may be used. In such embodiments, machines or devices that provide the equivalent operations as a TCP splitter for the respective protocols would be used in place of a TCP splitter and any processes and devices would be adapted to the appropriate protocol.

In the above described embodiments, the ingress MFN replaced the original header of each packet with a header for a TCP connection to the next hop, each intermediate MFN replaced the header of each packet with a header for a TCP connection to the next hop and the egress MFN replaced the header of each packet with the original header of the packet flow. However, in other embodiments, the original header of each packet is left intact at the ingress MFN, with headers representing the TCP connection to the next hop being prepended to each packet and the original header becoming part of the payload of the packet as it is sent through the SD-WAN. The prepended header is then replaced at each intermediate MFN and removed at the egress MFN, leaving the original header as the header of the packet, before the packet is sent to the edge gateway of the destination location.

FIG. 6 conceptually illustrates an electronic system 600 with which some embodiments of the invention are implemented. The electronic system 600 can be used to execute any of the control, virtualization, or operating system applications described above. The electronic system 600 may be a computer (e.g., a desktop computer, personal computer, tablet computer, server computer, mainframe, a blade computer etc.), phone, PDA, or any other sort of electronic device. Such an electronic system includes various types of computer readable media and interfaces for various other types of computer readable media. Electronic system 600 includes a bus 605, processing unit(s) 610, a system memory 625, a read-only memory 630, a permanent storage device 635, input devices 640, and output devices 645.

The bus 605 collectively represents all system, peripheral, and chipset buses that communicatively connect the numerous internal devices of the electronic system 600. For instance, the bus 605 communicatively connects the processing unit(s) 610 with the read-only memory 630, the system memory 625, and the permanent storage device 635.

From these various memory units, the processing unit(s) 610 retrieve instructions to execute and data to process in order to execute the processes of the invention. The processing unit(s) may be a single processor or a multi-core processor in different embodiments.

The read-only-memory (ROM) 630 stores static data and instructions that are needed by the processing unit(s) 610 and other modules of the electronic system. The permanent storage device 635, on the other hand, is a read-and-write memory device. This device is a non-volatile memory unit that stores instructions and data even when the electronic system 600 is off. Some embodiments of the invention use a mass-storage device (such as a magnetic or optical disk and its corresponding disk drive) as the permanent storage device 635.

Other embodiments use a removable storage device (such as a floppy disk, flash drive, etc.) as the permanent storage device. Like the permanent storage device 635, the system memory 625 is a read-and-write memory device. However, unlike storage device 635, the system memory is a volatile read-and-write memory, such a random access memory. The system memory 625 stores some of the instructions and data that the processor needs at runtime. In some embodiments, the invention's processes are stored in the system memory 625, the permanent storage device 635, and/or the read-only memory 630. From these various memory units, the processing unit(s) 610 retrieve instructions to execute and data to process in order to execute the processes of some embodiments.

The bus 605 also connects to the input and output devices 640 and 645. The input devices 640 enable the user to communicate information and select commands to the electronic system. The input devices 640 include alphanumeric keyboards and pointing devices (also called “cursor control devices”). The output devices 645 display images generated by the electronic system 600. The output devices 645 include printers and display devices, such as cathode ray tubes (CRT) or liquid crystal displays (LCD). Some embodiments include devices such as a touchscreen that function as both input and output devices.

Finally, as shown in FIG. 6, bus 605 also couples electronic system 600 to a network 665 through a network adapter (not shown). In this manner, the computer can be a part of a network of computers (such as a local area network (“LAN”), a wide area network (“WAN”), or an Intranet, or a network of networks, such as the Internet. Any or all components of electronic system 600 may be used in conjunction with the invention.

Some embodiments include electronic components, such as microprocessors, storage and memory that store computer program instructions in a machine-readable or computer-readable medium (alternatively referred to as computer-readable storage media, machine-readable media, or machine-readable storage media). Some examples of such computer-readable media include RAM, ROM, read-only compact discs (CD-ROM), recordable compact discs (CD-R), rewritable compact discs (CD-RW), read-only digital versatile discs (e.g., DVD-ROM, dual-layer DVD-ROM), a variety of recordable/rewritable DVDs (e.g., DVD-RAM, DVD-RW, DVD+RW, etc.), flash memory (e.g., SD cards, mini-SD cards, micro-SD cards, etc.), magnetic and/or solid state hard drives, read-only and recordable Blu-Ray® discs, ultra-density optical discs, any other optical or magnetic media, and floppy disks. The computer-readable media may store a computer program that is executable by at least one processing unit and includes sets of instructions for performing various operations. Examples of computer programs or computer code include machine code, such as is produced by a compiler, and files including higher-level code that are executed by a computer, an electronic component, or a microprocessor using an interpreter.

While the above discussion primarily refers to microprocessor or multi-core processors that execute software, some embodiments are performed by one or more integrated circuits, such as application-specific integrated circuits (ASICs) or field-programmable gate arrays (FPGAs). In some embodiments, such integrated circuits execute instructions that are stored on the circuit itself.

As used in this specification, the terms “computer”, “server”, “processor”, and “memory” all refer to electronic or other technological devices. These terms exclude people or groups of people. For the purposes of the specification, the terms display or displaying means displaying on an electronic device. As used in this specification, the terms “computer readable medium,” “computer readable media,” and “machine readable medium” are entirely restricted to tangible, physical objects that store information in a form that is readable by a computer. These terms exclude any wireless signals, wired download signals, and any other ephemeral signals.

This specification refers throughout to computational and network environments that include virtual machines (VMs). However, virtual machines are merely one example of data compute nodes (DCNs) or data compute end nodes, also referred to as addressable nodes. DCNs may include non-virtualized physical hosts, virtual machines, containers that run on top of a host operating system without the need for a hypervisor or separate operating system, and hypervisor kernel network interface modules.

VMs, in some embodiments, operate with their own guest operating systems on a host using resources of the host virtualized by virtualization software (e.g., a hypervisor, virtual machine monitor, etc.). The tenant (i.e., the owner of the VM) can choose which applications to operate on top of the guest operating system. Some containers, on the other hand, are constructs that run on top of a host operating system without the need for a hypervisor or separate guest operating system. In some embodiments, the host operating system uses name spaces to isolate the containers from each other and therefore provides operating-system level segregation of the different groups of applications that operate within different containers. This segregation is akin to the VM segregation that is offered in hypervisor-virtualized environments that virtualize system hardware, and thus can be viewed as a form of virtualization that isolates different groups of applications that operate in different containers. Such containers are more lightweight than VMs.

Hypervisor kernel network interface modules, in some embodiments, are non-VM DCNs that include a network stack with a hypervisor kernel network interface and receive/transmit threads. One example of a hypervisor kernel network interface module is the vmknic module that is part of the ESXi™ hypervisor of VMware, Inc.

It should be understood that while the specification refers to VMs, the examples given could be any type of DCNs, including physical hosts, VMs, non-VM containers, and hypervisor kernel network interface modules. In fact, the example networks could include combinations of different types of DCNs in some embodiments.

While the invention has been described with reference to numerous specific details, one of ordinary skill in the art will recognize that the invention can be embodied in other specific forms without departing from the spirit of the invention. In addition, a number of the figures conceptually illustrate processes. The specific operations of these processes may not be performed in the exact order shown and described. The specific operations may not be performed in one continuous series of operations, and different specific operations may be performed in different embodiments. Furthermore, the process could be implemented using several sub-processes, or as part of a larger macro process. Thus, one of ordinary skill in the art would understand that the invention is not to be limited by the foregoing illustrative details, but rather is to be defined by the appended claims.

Claims

1. A method of forwarding packets through a software-defined wide area network (SD-WAN), the method comprising: receiving a first packet of a flow at an ingress forwarding node of the SD-WAN;after receiving the first packet, (i) generating a set of SD-WAN header (SDH) values for the flow, each SDH value specifying a network address for a subsequent forwarding node in the SD-WAN through which the flow should traverse to reach a destination outside of the SD-WAN and (ii) sending the generated set of SDH values to a next forwarding node in the SD-WAN for the next forwarding node and any other subsequent forwarding nodes to use to forward the flow through the SD-WAN without using any encapsulating tunnel header to direct traversal of the flow through the SD-WAN;sending the first packet to the next forwarding node in the SD-WAN; andsending, to the next forwarding node in the SD-WAN, subsequent packets of the flow without sending the set of SDH values again for the subsequent packets.
2. The method of claim 1, wherein the flow is a Transmission Control Protocol (TCP) flow, the method comprising performing a TCP split operation that comprises said generating and sending of the set of SDH values.
3. The method of claim 1 further comprising identifying a path through the SD-WAN based on header values of the first packet.
4. The method of claim 1 further comprising: at each subsequent forwarding node in the SD-WAN, removing an SDH value that corresponds to the subsequent forwarding node from the set of SDH values and forwarding the remaining set of SDH values to a next subsequent forwarding node when there is a next subsequent forwarding node.
5. The method of claim 4, wherein when there is not a next subsequent forwarding node, forwarding the flow from the subsequent forwarding node to the destination outside the SD-WAN.
6. The method of claim 4, wherein the removed SDH value is a leading SDH value of the set of SDH values.
7. The method of claim 4 further comprising, at each of the subsequent forwarding nodes: storing a set of rules based at least partly on the received set of SDH values, the set of rules associating the next subsequent forwarding node with the flow when there is a next subsequent forwarding node;receiving the flow at the subsequent forwarding node; andbased on the set of rules, sending the flow to the next subsequent forwarding node.
8. The method of claim 4 further comprising, at each of the subsequent forwarding nodes: splicing a pair of connections associated with the flow;receiving the flow at the subsequent forwarding node through a first connection of the pair of connections; andbased on the splicing of the connections, forwarding the flow to the next subsequent forwarding node through the second connection when there is a next subsequent forwarding node.
9. The method of claim 8, wherein a first forwarding node is a next subsequent forwarding node of a second forwarding node, the method further comprising: receiving a reply flow in response to the flow at the first forwarding node; andbased on the splicing of the pair of connections of the first forwarding node, forwarding the reply flow to the second forwarding node through the first connection of the first forwarding node.
10. The method of claim 1, wherein sending the generated set of SDH values and sending the first packet to the next forwarding node in the SD-WAN comprises sending the generated set of SDH values with the first packet.
11. The method of claim 1, wherein the sets of instructions for sending the generated set of SDH values and sending the first packet to the next forwarding node in the SD-WAN comprises a set of instructions for sending the generated set of SDH values before sending the first packet.
12. A non-transitory machine readable medium storing a program which when executed by at least one processing unit forwards packets through a software-defined wide area network (SD-WAN), the program comprising sets of instructions for: receiving a first packet of a flow at an ingress forwarding node of the SD-WAN;after receiving the first packet, (i) generating, for the flow, a set of one or more SD-WAN next hop values that specifies a set of one or more network addresses for a set of one or more subsequent forwarding nodes in the SD-WAN through which the flow should traverse to reach a destination outside of the SD-WAN and (ii) sending the generated set of SDH values to a next forwarding node in the SD-WAN for the next forwarding node to use to forward the flow through the SD-WAN;sending the first packet to the next forwarding node in the SD-WAN; andsending, to the next forwarding node in the SD-WAN, subsequent packets of the flow without sending the set of SDH values again for the subsequent packets.
13. The non-transitory machine readable medium of claim 12, wherein the set of SDH values includes one next hop value specifying a network address of a subsequent forwarding node of the ingress forwarding node.
14. The non-transitory machine readable medium of claim 13, wherein each subsequent forwarding node: determines a next hop value, specifying a network address of a next subsequent forwarding node, by using, for the first packet, a set of original header values of the flow to identify the next subsequent forwarding node; andcreates a connection tracking record for the flow that stores the network address of the next subsequent forwarding node.
15. The non-transitory machine readable medium of claim 14, wherein the connection tracking record associates a network address of the previous forwarding node with the network address of the next subsequent forwarding node.
16. The non-transitory machine readable medium of claim 15, wherein, for a second packet of the flow, at each of a plurality of subsequent forwarding nodes, the subsequent forwarding node uses the connection tracking record to identify the network address of the next subsequent forwarding node.
17. The non-transitory machine readable medium of claim 14, wherein each of the subsequent forwarding nodes: splices a pair of connections associated with the flow using the connection tracking record;receives the flow at the subsequent forwarding node through a first connection of the pair of connections; andbased on the splicing of the connections, forwards the flow to the next subsequent forwarding node through a second connection of the pair of connections when there is a next subsequent forwarding node.
18. The non-transitory machine readable medium of claim 17, wherein a first forwarding node is a next subsequent forwarding node of a second forwarding node, wherein the first forwarding node: receives a reply flow in response to the flow at the first forwarding node; andbased on the splicing of the pair of connections of the first forwarding node, forwards the reply flow to the second forwarding node through the first connection of the first forwarding node.
19. The non-transitory machine readable medium of claim 12, wherein the set of one or more SD-WAN next hop values comprises two or more next hop values specifying all of the network addresses for the set of one or more subsequent forwarding nodes.
20. The non-transitory machine readable medium of claim 12, wherein the flow is a Transmission Control Protocol (TCP) flow.
21. The non-transitory machine readable medium of claim 12, wherein the sets of instructions for sending the generated set of SDH values and sending the first packet to the next forwarding node in the SD-WAN comprises a set of instructions for sending the generated set of SDH values with the first packet.

US Referenced Citations (792)

Number	Name	Date	Kind
5652751	Sharony	Jul 1997	A
5909553	Campbell et al.	Jun 1999	A
6154465	Pickett	Nov 2000	A
6157648	Voit et al.	Dec 2000	A
6201810	Masuda et al.	Mar 2001	B1
6363378	Conklin et al.	Mar 2002	B1
6445682	Weitz	Sep 2002	B1
6744775	Beshai et al.	Jun 2004	B1
6976087	Westfall et al.	Dec 2005	B1
7003481	Banka et al.	Feb 2006	B2
7280476	Anderson	Oct 2007	B2
7313629	Nucci et al.	Dec 2007	B1
7320017	Kurapati et al.	Jan 2008	B1
7373660	Guichard et al.	May 2008	B1
7581022	Griffin et al.	Aug 2009	B1
7680925	Sathyanarayana et al.	Mar 2010	B2
7681236	Tamura et al.	Mar 2010	B2
7962458	Holenstein et al.	Jun 2011	B2
8094575	Vadlakonda et al.	Jan 2012	B1
8094659	Arad	Jan 2012	B1
8111692	Ray	Feb 2012	B2
8141156	Mao et al.	Mar 2012	B1
8224971	Miller et al.	Jul 2012	B1
8228928	Parandekar et al.	Jul 2012	B2
8243589	Trost et al.	Aug 2012	B1
8259566	Chen et al.	Sep 2012	B2
8274891	Averi et al.	Sep 2012	B2
8301749	Finklestein et al.	Oct 2012	B1
8385227	Downey	Feb 2013	B1
8566452	Goodwin et al.	Oct 2013	B1
8630291	Shaffer et al.	Jan 2014	B2
8661295	Khanna et al.	Feb 2014	B1
8724456	Hong et al.	May 2014	B1
8724503	Johnsson et al.	May 2014	B2
8745177	Kazerani et al.	Jun 2014	B1
8799504	Capone et al.	Aug 2014	B2
8804745	Sinn	Aug 2014	B1
8806482	Nagargadde et al.	Aug 2014	B1
8855071	Sankaran et al.	Oct 2014	B1
8856339	Mestery et al.	Oct 2014	B2
8964548	Keralapura et al.	Feb 2015	B1
8989199	Sella et al.	Mar 2015	B1
9009217	Nagargadde et al.	Apr 2015	B1
9055000	Ghosh et al.	Jun 2015	B1
9060025	Xu	Jun 2015	B2
9071607	Twitchell, Jr.	Jun 2015	B2
9075771	Gawali et al.	Jul 2015	B1
9135037	Petrescu-Prahova et al.	Sep 2015	B1
9137334	Zhou	Sep 2015	B2
9154327	Marino et al.	Oct 2015	B1
9203764	Shirazipour et al.	Dec 2015	B2
9306949	Richard et al.	Apr 2016	B1
9323561	Ayala et al.	Apr 2016	B2
9336040	Dong et al.	May 2016	B2
9354983	Yenamandra et al.	May 2016	B1
9356943	Lopilato et al.	May 2016	B1
9379981	Zhou et al.	Jun 2016	B1
9413724	Xu	Aug 2016	B2
9419878	Hsiao et al.	Aug 2016	B2
9432245	Sorenson et al.	Aug 2016	B1
9438566	Zhang et al.	Sep 2016	B2
9450817	Bahadur et al.	Sep 2016	B1
9450852	Chen et al.	Sep 2016	B1
9462010	Stevenson	Oct 2016	B1
9467478	Khan et al.	Oct 2016	B1
9485163	Fries et al.	Nov 2016	B1
9521067	Michael et al.	Dec 2016	B2
9525564	Lee	Dec 2016	B2
9559951	Sajassi et al.	Jan 2017	B1
9563423	Pittman	Feb 2017	B1
9602389	Maveli et al.	Mar 2017	B1
9608917	Anderson et al.	Mar 2017	B1
9608962	Chang	Mar 2017	B1
9621460	Mehta et al.	Apr 2017	B2
9641551	Kariyanahalli	May 2017	B1
9648547	Hart et al.	May 2017	B1
9665432	Kruse et al.	May 2017	B2
9686127	Ramachandran et al.	Jun 2017	B2
9715401	Devine et al.	Jul 2017	B2
9717021	Hughes et al.	Jul 2017	B2
9722815	Mukundan et al.	Aug 2017	B2
9747249	Cherian et al.	Aug 2017	B2
9755965	Yadav et al.	Sep 2017	B1
9787559	Schroeder	Oct 2017	B1
9807004	Koley et al.	Oct 2017	B2
9819540	Bahadur et al.	Nov 2017	B1
9819565	Djukic et al.	Nov 2017	B2
9825822	Holland	Nov 2017	B1
9825911	Brandwine	Nov 2017	B1
9825992	Xu	Nov 2017	B2
9832128	Ashner et al.	Nov 2017	B1
9832205	Santhi et al.	Nov 2017	B2
9875355	Williams	Jan 2018	B1
9906401	Rao	Feb 2018	B1
9930011	Clemons, Jr. et al.	Mar 2018	B1
9935829	Miller et al.	Apr 2018	B1
9942787	Tillotson	Apr 2018	B1
9996370	Khafizov et al.	Jun 2018	B1
10038601	Becker et al.	Jul 2018	B1
10057183	Salle et al.	Aug 2018	B2
10057294	Xu	Aug 2018	B2
10135789	Mayya et al.	Nov 2018	B2
10142226	Wu et al.	Nov 2018	B1
10178032	Freitas	Jan 2019	B1
10178037	Appleby et al.	Jan 2019	B2
10187289	Chen et al.	Jan 2019	B1
10200264	Menon et al.	Feb 2019	B2
10229017	Zou et al.	Mar 2019	B1
10237123	Dubey et al.	Mar 2019	B2
10250498	Bales et al.	Apr 2019	B1
10263832	Ghosh	Apr 2019	B1
10320664	Nainar et al.	Jun 2019	B2
10320691	Matthews et al.	Jun 2019	B1
10326830	Singh	Jun 2019	B1
10348767	Lee et al.	Jul 2019	B1
10355989	Panchal et al.	Jul 2019	B1
10425382	Mayya et al.	Sep 2019	B2
10454708	Mibu	Oct 2019	B2
10454714	Mayya et al.	Oct 2019	B2
10461993	Turabi et al.	Oct 2019	B2
10498652	Mayya et al.	Dec 2019	B2
10511546	Singarayan et al.	Dec 2019	B2
10523539	Mayya et al.	Dec 2019	B2
10550093	Ojima et al.	Feb 2020	B2
10554538	Spohn et al.	Feb 2020	B2
10560431	Chen et al.	Feb 2020	B1
10565464	Han et al.	Feb 2020	B2
10567519	Mukhopadhyaya et al.	Feb 2020	B1
10574528	Mayya et al.	Feb 2020	B2
10594516	Cidon et al.	Mar 2020	B2
10594659	El-Moussa et al.	Mar 2020	B2
10608844	Cidon et al.	Mar 2020	B2
10637889	Ermagan et al.	Apr 2020	B2
10666460	Cidon et al.	May 2020	B2
10666497	Tahhan et al.	May 2020	B2
10686625	Cidon et al.	Jun 2020	B2
10693739	Naseri et al.	Jun 2020	B1
10749711	Mukundan et al.	Aug 2020	B2
10778466	Cidon et al.	Sep 2020	B2
10778528	Mayya et al.	Sep 2020	B2
10778557	Ganichev et al.	Sep 2020	B2
10805114	Cidon et al.	Oct 2020	B2
10805272	Mayya et al.	Oct 2020	B2
10819564	Turabi et al.	Oct 2020	B2
10826775	Moreno et al.	Nov 2020	B1
10841131	Cidon et al.	Nov 2020	B2
10911374	Kumar et al.	Feb 2021	B1
10938693	Mayya et al.	Mar 2021	B2
10951529	Duan et al.	Mar 2021	B2
10958479	Cidon et al.	Mar 2021	B2
10959098	Cidon et al.	Mar 2021	B2
10992558	Silva et al.	Apr 2021	B1
10992568	Michael et al.	Apr 2021	B2
10999100	Cidon et al.	May 2021	B2
10999137	Cidon et al.	May 2021	B2
10999165	Cidon et al.	May 2021	B2
10999197	Hooda et al.	May 2021	B2
11005684	Cidon	May 2021	B2
11018995	Cidon et al.	May 2021	B2
11044190	Ramaswamy et al.	Jun 2021	B2
11050588	Mayya et al.	Jun 2021	B2
11050644	Hegde et al.	Jun 2021	B2
11071005	Shen et al.	Jul 2021	B2
11089111	Markuze et al.	Aug 2021	B2
11095612	Oswal et al.	Aug 2021	B1
11102032	Cidon et al.	Aug 2021	B2
11108851	Kurmala et al.	Aug 2021	B1
11115347	Gupta et al.	Sep 2021	B2
11115426	Pazhyannur et al.	Sep 2021	B1
11115480	Markuze et al.	Sep 2021	B2
11121962	Michael et al.	Sep 2021	B2
11121985	Cidon et al.	Sep 2021	B2
11128492	Sethi et al.	Sep 2021	B2
11153230	Cidon et al.	Oct 2021	B2
11171885	Cidon et al.	Nov 2021	B2
11212140	Mukundan et al.	Dec 2021	B2
11212238	Cidon et al.	Dec 2021	B2
11223514	Mayya et al.	Jan 2022	B2
11245641	Ramaswamy et al.	Feb 2022	B2
11252079	Michael et al.	Feb 2022	B2
11252105	Cidon et al.	Feb 2022	B2
11252106	Cidon et al.	Feb 2022	B2
11258728	Cidon et al.	Feb 2022	B2
11310170	Cidon et al.	Apr 2022	B2
11323307	Mayya et al.	May 2022	B2
11381474	Kumar et al.	Jul 2022	B1
20020085488	Kobayashi	Jul 2002	A1
20020087716	Mustafa	Jul 2002	A1
20020152306	Tuck	Oct 2002	A1
20020198840	Banka et al.	Dec 2002	A1
20030061269	Hathaway et al.	Mar 2003	A1
20030088697	Matsuhira	May 2003	A1
20030112766	Riedel et al.	Jun 2003	A1
20030112808	Solomon	Jun 2003	A1
20030126468	Markham	Jul 2003	A1
20030161313	Jinmei et al.	Aug 2003	A1
20030189919	Gupta et al.	Oct 2003	A1
20030202506	Perkins et al.	Oct 2003	A1
20030219030	Gubbi	Nov 2003	A1
20040059831	Chu et al.	Mar 2004	A1
20040068668	Lor et al.	Apr 2004	A1
20040165601	Liu et al.	Aug 2004	A1
20040224771	Chen et al.	Nov 2004	A1
20050078690	DeLangis	Apr 2005	A1
20050149604	Navada	Jul 2005	A1
20050154790	Nagata et al.	Jul 2005	A1
20050172161	Cruz et al.	Aug 2005	A1
20050195754	Nosella	Sep 2005	A1
20050265255	Kodialam et al.	Dec 2005	A1
20060002291	Alicherry et al.	Jan 2006	A1
20060114838	Mandavilli et al.	Jun 2006	A1
20060171365	Borella	Aug 2006	A1
20060182034	Klinker et al.	Aug 2006	A1
20060182035	Vasseur	Aug 2006	A1
20060193247	Naseh et al.	Aug 2006	A1
20060193252	Naseh et al.	Aug 2006	A1
20070064604	Chen et al.	Mar 2007	A1
20070064702	Bates et al.	Mar 2007	A1
20070083727	Johnston et al.	Apr 2007	A1
20070091794	Filsfils et al.	Apr 2007	A1
20070103548	Carter	May 2007	A1
20070115812	Hughes	May 2007	A1
20070121486	Guichard et al.	May 2007	A1
20070130325	Lesser	Jun 2007	A1
20070162619	Aloni et al.	Jul 2007	A1
20070162639	Chu et al.	Jul 2007	A1
20070177511	Das et al.	Aug 2007	A1
20070237081	Kodialam et al.	Oct 2007	A1
20070260746	Mirtorabi et al.	Nov 2007	A1
20070268882	Breslau et al.	Nov 2007	A1
20080002670	Bugenhagen et al.	Jan 2008	A1
20080049621	McGuire et al.	Feb 2008	A1
20080055241	Goldenberg et al.	Mar 2008	A1
20080080509	Khanna et al.	Apr 2008	A1
20080095187	Jung et al.	Apr 2008	A1
20080117930	Chakareski et al.	May 2008	A1
20080144532	Chamarajanagar et al.	Jun 2008	A1
20080181116	Kavanaugh et al.	Jul 2008	A1
20080219276	Shah	Sep 2008	A1
20080240121	Xiong et al.	Oct 2008	A1
20090013210	McIntosh et al.	Jan 2009	A1
20090125617	Kiessig et al.	May 2009	A1
20090141642	Sun	Jun 2009	A1
20090154463	Hines et al.	Jun 2009	A1
20090247204	Sennett et al.	Oct 2009	A1
20090268605	Campbell et al.	Oct 2009	A1
20090274045	Meier et al.	Nov 2009	A1
20090276657	Wetmore et al.	Nov 2009	A1
20090303880	Maltz et al.	Dec 2009	A1
20100008361	Guichard et al.	Jan 2010	A1
20100017802	Lojewski	Jan 2010	A1
20100046532	Okita	Feb 2010	A1
20100061379	Parandekar et al.	Mar 2010	A1
20100080129	Strahan et al.	Apr 2010	A1
20100088440	Banks et al.	Apr 2010	A1
20100091782	Hiscock	Apr 2010	A1
20100091823	Retana et al.	Apr 2010	A1
20100107162	Edwards et al.	Apr 2010	A1
20100118727	Draves et al.	May 2010	A1
20100118886	Saavedra	May 2010	A1
20100165985	Sharma et al.	Jul 2010	A1
20100191884	Holenstein et al.	Jul 2010	A1
20100223621	Joshi et al.	Sep 2010	A1
20100226246	Proulx	Sep 2010	A1
20100290422	Haigh et al.	Nov 2010	A1
20100309841	Conte	Dec 2010	A1
20100309912	Mehta et al.	Dec 2010	A1
20100322255	Hao et al.	Dec 2010	A1
20100332657	Elyashev et al.	Dec 2010	A1
20110007752	Silva et al.	Jan 2011	A1
20110032939	Nozaki et al.	Feb 2011	A1
20110040814	Higgins	Feb 2011	A1
20110075674	Li et al.	Mar 2011	A1
20110107139	Middlecamp et al.	May 2011	A1
20110110370	Moreno et al.	May 2011	A1
20110141877	Xu et al.	Jun 2011	A1
20110142041	Imai	Jun 2011	A1
20110153909	Dong	Jun 2011	A1
20110235509	Szymanski	Sep 2011	A1
20110255397	Kadakia et al.	Oct 2011	A1
20120008630	Ould-Brahim	Jan 2012	A1
20120027013	Napierala	Feb 2012	A1
20120136697	Peles et al.	May 2012	A1
20120157068	Eichen et al.	Jun 2012	A1
20120173694	Yan et al.	Jul 2012	A1
20120173919	Patel et al.	Jul 2012	A1
20120182940	Taleb et al.	Jul 2012	A1
20120221955	Raleigh et al.	Aug 2012	A1
20120227093	Shatzkamer et al.	Sep 2012	A1
20120250682	Vincent et al.	Oct 2012	A1
20120250686	Vincent et al.	Oct 2012	A1
20120281706	Agarwal et al.	Nov 2012	A1
20120287818	Corti et al.	Nov 2012	A1
20120300615	Kempf et al.	Nov 2012	A1
20120307659	Yamada	Dec 2012	A1
20120317270	Vrbaski et al.	Dec 2012	A1
20120317291	Wolfe	Dec 2012	A1
20130019005	Hui et al.	Jan 2013	A1
20130021968	Reznik et al.	Jan 2013	A1
20130044764	Casado et al.	Feb 2013	A1
20130051237	Ong	Feb 2013	A1
20130051399	Zhang et al.	Feb 2013	A1
20130054763	Merwe et al.	Feb 2013	A1
20130086267	Gelenbe et al.	Apr 2013	A1
20130097304	Asthana et al.	Apr 2013	A1
20130103834	Dzerve et al.	Apr 2013	A1
20130117530	Kim et al.	May 2013	A1
20130124718	Griffith et al.	May 2013	A1
20130124911	Griffith et al.	May 2013	A1
20130124912	Griffith et al.	May 2013	A1
20130128889	Mathur et al.	May 2013	A1
20130142201	Kim et al.	Jun 2013	A1
20130170354	Takashima et al.	Jul 2013	A1
20130173788	Song	Jul 2013	A1
20130182712	Aguayo et al.	Jul 2013	A1
20130185729	Vasic et al.	Jul 2013	A1
20130191688	Agarwal et al.	Jul 2013	A1
20130238782	Zhao et al.	Sep 2013	A1
20130242718	Zhang	Sep 2013	A1
20130254599	Katkar et al.	Sep 2013	A1
20130258839	Wang et al.	Oct 2013	A1
20130258847	Zhang et al.	Oct 2013	A1
20130266015	Qu et al.	Oct 2013	A1
20130266019	Qu et al.	Oct 2013	A1
20130283364	Chang et al.	Oct 2013	A1
20130286846	Atlas et al.	Oct 2013	A1
20130297611	Moritz et al.	Nov 2013	A1
20130297770	Zhang	Nov 2013	A1
20130301469	Suga	Nov 2013	A1
20130301642	Radhakrishnan et al.	Nov 2013	A1
20130308444	Sem-Jacobsen et al.	Nov 2013	A1
20130315242	Wang et al.	Nov 2013	A1
20130315243	Huang et al.	Nov 2013	A1
20130329548	Nakil et al.	Dec 2013	A1
20130329601	Yin et al.	Dec 2013	A1
20130329734	Chesla et al.	Dec 2013	A1
20130346470	Obstfeld et al.	Dec 2013	A1
20140019604	Twitchell, Jr.	Jan 2014	A1
20140019750	Dodgson et al.	Jan 2014	A1
20140040975	Raleigh et al.	Feb 2014	A1
20140064283	Balus et al.	Mar 2014	A1
20140071832	Johnsson et al.	Mar 2014	A1
20140092907	Sridhar et al.	Apr 2014	A1
20140108665	Arora et al.	Apr 2014	A1
20140112171	Pasdar	Apr 2014	A1
20140115584	Mudigonda et al.	Apr 2014	A1
20140123135	Huang et al.	May 2014	A1
20140126418	Brendel et al.	May 2014	A1
20140156818	Hunt	Jun 2014	A1
20140156823	Liu et al.	Jun 2014	A1
20140160935	Zecharia et al.	Jun 2014	A1
20140164560	Ko et al.	Jun 2014	A1
20140164617	Jalan et al.	Jun 2014	A1
20140173113	Vemuri et al.	Jun 2014	A1
20140173331	Martin et al.	Jun 2014	A1
20140181824	Saund et al.	Jun 2014	A1
20140208317	Nakagawa	Jul 2014	A1
20140219135	Li et al.	Aug 2014	A1
20140223507	Xu	Aug 2014	A1
20140229210	Sharifian et al.	Aug 2014	A1
20140244851	Lee	Aug 2014	A1
20140258535	Zhang	Sep 2014	A1
20140269690	Tu	Sep 2014	A1
20140279862	Dietz et al.	Sep 2014	A1
20140280499	Basavaiah et al.	Sep 2014	A1
20140317440	Biermayr et al.	Oct 2014	A1
20140321277	Lynn, Jr. et al.	Oct 2014	A1
20140337500	Lee	Nov 2014	A1
20140341109	Cartmell et al.	Nov 2014	A1
20140372582	Ghanwani et al.	Dec 2014	A1
20150003240	Drwiega et al.	Jan 2015	A1
20150016249	Mukundan et al.	Jan 2015	A1
20150029864	Raileanu et al.	Jan 2015	A1
20150039744	Niazi et al.	Feb 2015	A1
20150046572	Cheng et al.	Feb 2015	A1
20150052247	Threefoot et al.	Feb 2015	A1
20150052517	Raghu et al.	Feb 2015	A1
20150056960	Egner et al.	Feb 2015	A1
20150058917	Xu	Feb 2015	A1
20150088942	Shah	Mar 2015	A1
20150089628	Lang	Mar 2015	A1
20150092603	Aguayo et al.	Apr 2015	A1
20150096011	Watt	Apr 2015	A1
20150124603	Ketheesan et al.	May 2015	A1
20150134777	Onoue	May 2015	A1
20150139238	Pourzandi et al.	May 2015	A1
20150146539	Mehta et al.	May 2015	A1
20150163152	Li	Jun 2015	A1
20150169340	Haddad et al.	Jun 2015	A1
20150172121	Farkas et al.	Jun 2015	A1
20150172169	DeCusatis et al.	Jun 2015	A1
20150188823	Williams et al.	Jul 2015	A1
20150189009	Bemmel	Jul 2015	A1
20150195178	Bhattacharya et al.	Jul 2015	A1
20150201036	Nishiki et al.	Jul 2015	A1
20150222543	Song	Aug 2015	A1
20150222638	Morley	Aug 2015	A1
20150236945	Michael et al.	Aug 2015	A1
20150236962	Veres et al.	Aug 2015	A1
20150244617	Nakil et al.	Aug 2015	A1
20150249644	Xu	Sep 2015	A1
20150257081	Ramanujan et al.	Sep 2015	A1
20150271056	Chunduri et al.	Sep 2015	A1
20150271104	Chikkamath et al.	Sep 2015	A1
20150271303	Neginhal et al.	Sep 2015	A1
20150281004	Kakadia et al.	Oct 2015	A1
20150312142	Barabash et al.	Oct 2015	A1
20150312760	O'Toole	Oct 2015	A1
20150317169	Sinha et al.	Nov 2015	A1
20150334025	Rader	Nov 2015	A1
20150334696	Gu et al.	Nov 2015	A1
20150341271	Gomez	Nov 2015	A1
20150349978	Wu et al.	Dec 2015	A1
20150350907	Timariu et al.	Dec 2015	A1
20150358236	Roach et al.	Dec 2015	A1
20150363221	Terayama et al.	Dec 2015	A1
20150363733	Brown	Dec 2015	A1
20150365323	Duminuco et al.	Dec 2015	A1
20150372943	Hasan et al.	Dec 2015	A1
20150372982	Herle et al.	Dec 2015	A1
20150381407	Wang et al.	Dec 2015	A1
20150381493	Bansal et al.	Dec 2015	A1
20160020844	Hart et al.	Jan 2016	A1
20160021597	Hart et al.	Jan 2016	A1
20160035183	Buchholz et al.	Feb 2016	A1
20160036924	Koppolu et al.	Feb 2016	A1
20160036938	Aviles et al.	Feb 2016	A1
20160037434	Gopal et al.	Feb 2016	A1
20160072669	Saavedra	Mar 2016	A1
20160072684	Manuguri et al.	Mar 2016	A1
20160080502	Yadav et al.	Mar 2016	A1
20160105353	Cociglio	Apr 2016	A1
20160105392	Thakkar et al.	Apr 2016	A1
20160105471	Nunes et al.	Apr 2016	A1
20160105488	Thakkar et al.	Apr 2016	A1
20160117185	Fang et al.	Apr 2016	A1
20160134461	Sampath et al.	May 2016	A1
20160134528	Lin et al.	May 2016	A1
20160134591	Liao et al.	May 2016	A1
20160142373	Ossipov	May 2016	A1
20160150055	Choi	May 2016	A1
20160164832	Bellagamba et al.	Jun 2016	A1
20160164914	Madhav et al.	Jun 2016	A1
20160173338	Wolting	Jun 2016	A1
20160191363	Haraszti et al.	Jun 2016	A1
20160191374	Singh et al.	Jun 2016	A1
20160192403	Gupta et al.	Jun 2016	A1
20160197834	Luft	Jul 2016	A1
20160197835	Luft	Jul 2016	A1
20160198003	Luft	Jul 2016	A1
20160205071	Cooper	Jul 2016	A1
20160210209	Verkaik et al.	Jul 2016	A1
20160212773	Kanderholm et al.	Jul 2016	A1
20160218947	Hughes et al.	Jul 2016	A1
20160218951	Vasseur et al.	Jul 2016	A1
20160255169	Kovvuri et al.	Sep 2016	A1
20160261493	Li	Sep 2016	A1
20160261495	Xia et al.	Sep 2016	A1
20160261506	Hegde et al.	Sep 2016	A1
20160261639	Xu	Sep 2016	A1
20160269298	Li	Sep 2016	A1
20160269926	Sundaram	Sep 2016	A1
20160285736	Gu	Sep 2016	A1
20160301471	Kunz et al.	Oct 2016	A1
20160308762	Teng et al.	Oct 2016	A1
20160315912	Mayya et al.	Oct 2016	A1
20160323377	Einkauf et al.	Nov 2016	A1
20160328159	Coddington et al.	Nov 2016	A1
20160330111	Manghirmalani et al.	Nov 2016	A1
20160352588	Subbarayan et al.	Dec 2016	A1
20160353268	Senarath et al.	Dec 2016	A1
20160359738	Sullenberger et al.	Dec 2016	A1
20160366187	Kamble	Dec 2016	A1
20160371153	Dornemann	Dec 2016	A1
20160378527	Zamir	Dec 2016	A1
20160380886	Blair et al.	Dec 2016	A1
20160380906	Hodique et al.	Dec 2016	A1
20170005986	Bansal et al.	Jan 2017	A1
20170006499	Hampel et al.	Jan 2017	A1
20170012870	Blair et al.	Jan 2017	A1
20170019428	Cohn	Jan 2017	A1
20170026283	Williams et al.	Jan 2017	A1
20170026355	Mathaiyan et al.	Jan 2017	A1
20170034046	Cai et al.	Feb 2017	A1
20170034052	Chanda et al.	Feb 2017	A1
20170034129	Sawant et al.	Feb 2017	A1
20170048296	Ramalho et al.	Feb 2017	A1
20170053258	Carney et al.	Feb 2017	A1
20170055131	Kong et al.	Feb 2017	A1
20170063674	Maskalik et al.	Mar 2017	A1
20170063782	Jain et al.	Mar 2017	A1
20170063794	Jain et al.	Mar 2017	A1
20170064005	Lee	Mar 2017	A1
20170075710	Prasad et al.	Mar 2017	A1
20170093625	Pera et al.	Mar 2017	A1
20170097841	Chang et al.	Apr 2017	A1
20170104653	Badea et al.	Apr 2017	A1
20170104755	Arregoces et al.	Apr 2017	A1
20170109212	Gaurav et al.	Apr 2017	A1
20170118173	Arramreddy et al.	Apr 2017	A1
20170123939	Maheshwari et al.	May 2017	A1
20170126516	Tiagi et al.	May 2017	A1
20170126564	Mayya et al.	May 2017	A1
20170134186	Mukundan et al.	May 2017	A1
20170134520	Abbasi et al.	May 2017	A1
20170139789	Fries et al.	May 2017	A1
20170142000	Cai et al.	May 2017	A1
20170149637	Banikazemi et al.	May 2017	A1
20170155557	Desai et al.	Jun 2017	A1
20170163473	Sadana et al.	Jun 2017	A1
20170171310	Gardner	Jun 2017	A1
20170180220	Leckey et al.	Jun 2017	A1
20170181210	Nadella et al.	Jun 2017	A1
20170195161	Ruel et al.	Jul 2017	A1
20170195169	Mills et al.	Jul 2017	A1
20170201585	Doraiswamy et al.	Jul 2017	A1
20170207976	Rovner et al.	Jul 2017	A1
20170214545	Cheng et al.	Jul 2017	A1
20170214701	Hasan	Jul 2017	A1
20170223117	Messerli et al.	Aug 2017	A1
20170237710	Mayya et al.	Aug 2017	A1
20170257260	Govindan et al.	Sep 2017	A1
20170257309	Appanna	Sep 2017	A1
20170264496	Ao et al.	Sep 2017	A1
20170279717	Bethers et al.	Sep 2017	A1
20170279741	Elias et al.	Sep 2017	A1
20170279803	Desai et al.	Sep 2017	A1
20170280474	Vesterinen et al.	Sep 2017	A1
20170288987	Pasupathy et al.	Oct 2017	A1
20170289002	Ganguli et al.	Oct 2017	A1
20170289027	Ratnasingham	Oct 2017	A1
20170295264	Touitou et al.	Oct 2017	A1
20170302565	Ghobadi et al.	Oct 2017	A1
20170310641	Jiang et al.	Oct 2017	A1
20170310691	Vasseur et al.	Oct 2017	A1
20170317954	Masurekar et al.	Nov 2017	A1
20170317969	Masurekar et al.	Nov 2017	A1
20170317974	Masurekar et al.	Nov 2017	A1
20170337086	Zhu et al.	Nov 2017	A1
20170339054	Yadav et al.	Nov 2017	A1
20170339070	Chang et al.	Nov 2017	A1
20170364419	Lo	Dec 2017	A1
20170366445	Nemirovsky et al.	Dec 2017	A1
20170366467	Martin et al.	Dec 2017	A1
20170373950	Szilagyi et al.	Dec 2017	A1
20170374174	Evens et al.	Dec 2017	A1
20180006995	Bickhart et al.	Jan 2018	A1
20180007005	Chanda et al.	Jan 2018	A1
20180007123	Cheng et al.	Jan 2018	A1
20180013636	Seetharamaiah et al.	Jan 2018	A1
20180014051	Phillips et al.	Jan 2018	A1
20180020035	Boggia et al.	Jan 2018	A1
20180034668	Mayya et al.	Feb 2018	A1
20180041425	Zhang	Feb 2018	A1
20180062875	Tumuluru	Mar 2018	A1
20180062914	Boutros et al.	Mar 2018	A1
20180062917	Chandrashekhar et al.	Mar 2018	A1
20180063036	Chandrashekhar et al.	Mar 2018	A1
20180063193	Chandrashekhar et al.	Mar 2018	A1
20180063233	Park	Mar 2018	A1
20180063743	Tumuluru et al.	Mar 2018	A1
20180069924	Tumuluru et al.	Mar 2018	A1
20180074909	Bishop et al.	Mar 2018	A1
20180077081	Lauer et al.	Mar 2018	A1
20180077202	Xu	Mar 2018	A1
20180084081	Kuchibhotla et al.	Mar 2018	A1
20180097725	Wood et al.	Apr 2018	A1
20180114569	Strachan et al.	Apr 2018	A1
20180123910	Fitzgibbon	May 2018	A1
20180131608	Jiang et al.	May 2018	A1
20180131615	Zhang	May 2018	A1
20180131720	Hobson et al.	May 2018	A1
20180145899	Rao	May 2018	A1
20180159796	Wang et al.	Jun 2018	A1
20180159856	Gujarathi	Jun 2018	A1
20180167378	Kostyukov et al.	Jun 2018	A1
20180176073	Dubey et al.	Jun 2018	A1
20180176082	Katz et al.	Jun 2018	A1
20180176130	Banerjee et al.	Jun 2018	A1
20180213472	Ishii et al.	Jul 2018	A1
20180219765	Michael et al.	Aug 2018	A1
20180219766	Michael et al.	Aug 2018	A1
20180234300	Mayya et al.	Aug 2018	A1
20180248790	Tan	Aug 2018	A1
20180260125	Botes et al.	Sep 2018	A1
20180262468	Kumar et al.	Sep 2018	A1
20180270104	Zheng et al.	Sep 2018	A1
20180278541	Wu et al.	Sep 2018	A1
20180287907	Kulshreshtha et al.	Oct 2018	A1
20180295101	Gehrmann	Oct 2018	A1
20180295529	Jen et al.	Oct 2018	A1
20180302286	Mayya et al.	Oct 2018	A1
20180302321	Manthiramoorthy et al.	Oct 2018	A1
20180307851	Lewis	Oct 2018	A1
20180316606	Sung et al.	Nov 2018	A1
20180351855	Sood et al.	Dec 2018	A1
20180351862	Jeganathan et al.	Dec 2018	A1
20180351863	Vairavakkalai et al.	Dec 2018	A1
20180351882	Jeganathan et al.	Dec 2018	A1
20180367445	Bajaj	Dec 2018	A1
20180373558	Chang et al.	Dec 2018	A1
20180375744	Mayya et al.	Dec 2018	A1
20180375824	Mayya et al.	Dec 2018	A1
20180375967	Pithawala et al.	Dec 2018	A1
20190013883	Vargas et al.	Jan 2019	A1
20190014038	Ritchie	Jan 2019	A1
20190020588	Twitchell, Jr.	Jan 2019	A1
20190020627	Yuan	Jan 2019	A1
20190028378	Houjyo et al.	Jan 2019	A1
20190028552	Johnson et al.	Jan 2019	A1
20190036808	Shenoy et al.	Jan 2019	A1
20190036810	Michael et al.	Jan 2019	A1
20190036813	Shenoy et al.	Jan 2019	A1
20190046056	Khachaturian et al.	Feb 2019	A1
20190058657	Chunduri et al.	Feb 2019	A1
20190058709	Kempf et al.	Feb 2019	A1
20190068470	Mirsky	Feb 2019	A1
20190068493	Ram et al.	Feb 2019	A1
20190068500	Hira	Feb 2019	A1
20190075083	Mayya et al.	Mar 2019	A1
20190103990	Cidon et al.	Apr 2019	A1
20190103991	Cidon et al.	Apr 2019	A1
20190103992	Cidon et al.	Apr 2019	A1
20190103993	Cidon et al.	Apr 2019	A1
20190104035	Cidon et al.	Apr 2019	A1
20190104049	Cidon et al.	Apr 2019	A1
20190104050	Cidon et al.	Apr 2019	A1
20190104051	Cidon et al.	Apr 2019	A1
20190104052	Cidon et al.	Apr 2019	A1
20190104053	Cidon et al.	Apr 2019	A1
20190104063	Cidon et al.	Apr 2019	A1
20190104064	Cidon et al.	Apr 2019	A1
20190104109	Cidon et al.	Apr 2019	A1
20190104111	Cidon et al.	Apr 2019	A1
20190104413	Cidon et al.	Apr 2019	A1
20190109769	Jain et al.	Apr 2019	A1
20190132221	Boutros et al.	May 2019	A1
20190140889	Mayya et al.	May 2019	A1
20190140890	Mayya et al.	May 2019	A1
20190158371	Dillon et al.	May 2019	A1
20190158605	Markuze et al.	May 2019	A1
20190199539	Deng et al.	Jun 2019	A1
20190220703	Prakash et al.	Jul 2019	A1
20190238364	Boutros	Aug 2019	A1
20190238446	Barzik et al.	Aug 2019	A1
20190238449	Michael et al.	Aug 2019	A1
20190238450	Michael et al.	Aug 2019	A1
20190238483	Marichetty et al.	Aug 2019	A1
20190268421	Markuze	Aug 2019	A1
20190268973	Bull et al.	Aug 2019	A1
20190278631	Bernat et al.	Sep 2019	A1
20190280962	Michael et al.	Sep 2019	A1
20190280963	Michael et al.	Sep 2019	A1
20190280964	Michael et al.	Sep 2019	A1
20190306197	Degioanni	Oct 2019	A1
20190313907	Khachaturian et al.	Oct 2019	A1
20190319847	Nahar et al.	Oct 2019	A1
20190327109	Guichard	Oct 2019	A1
20190334813	Raj et al.	Oct 2019	A1
20190334820	Zhao	Oct 2019	A1
20190342219	Liu et al.	Nov 2019	A1
20190356736	Narayanaswamy et al.	Nov 2019	A1
20190364099	Thakkar et al.	Nov 2019	A1
20190364456	Yu	Nov 2019	A1
20190372888	Michael et al.	Dec 2019	A1
20190372889	Michael et al.	Dec 2019	A1
20190372890	Michael et al.	Dec 2019	A1
20190394081	Tahhan et al.	Dec 2019	A1
20200014609	Hockett et al.	Jan 2020	A1
20200014615	Michael et al.	Jan 2020	A1
20200014616	Michael et al.	Jan 2020	A1
20200014661	Mayya et al.	Jan 2020	A1
20200014663	Chen et al.	Jan 2020	A1
20200021514	Michael et al.	Jan 2020	A1
20200021515	Michael et al.	Jan 2020	A1
20200036624	Michael et al.	Jan 2020	A1
20200044943	Bor-Yaliniz et al.	Feb 2020	A1
20200044969	Hao et al.	Feb 2020	A1
20200059420	Abraham	Feb 2020	A1
20200059457	Raza et al.	Feb 2020	A1
20200059459	Abraham et al.	Feb 2020	A1
20200092207	Sipra et al.	Mar 2020	A1
20200097327	Beyer et al.	Mar 2020	A1
20200099659	Cometto et al.	Mar 2020	A1
20200106696	Michael et al.	Apr 2020	A1
20200106706	Mayya et al.	Apr 2020	A1
20200119952	Mayya et al.	Apr 2020	A1
20200127905	Mayya et al.	Apr 2020	A1
20200127911	Gilson et al.	Apr 2020	A1
20200153701	Mohan et al.	May 2020	A1
20200153736	Liebherr et al.	May 2020	A1
20200162407	Tillotson	May 2020	A1
20200169473	Rimar et al.	May 2020	A1
20200177503	Hooda et al.	Jun 2020	A1
20200177550	Valluri et al.	Jun 2020	A1
20200177629	Hooda et al.	Jun 2020	A1
20200186471	Shen et al.	Jun 2020	A1
20200195557	Duan et al.	Jun 2020	A1
20200204460	Schneider et al.	Jun 2020	A1
20200213212	Dillon et al.	Jul 2020	A1
20200213224	Cheng et al.	Jul 2020	A1
20200218558	Sreenath et al.	Jul 2020	A1
20200235990	Janakiraman et al.	Jul 2020	A1
20200235999	Mayya et al.	Jul 2020	A1
20200236046	Jain et al.	Jul 2020	A1
20200244721	S et al.	Jul 2020	A1
20200252234	Ramamoorthi et al.	Aug 2020	A1
20200259700	Bhalla et al.	Aug 2020	A1
20200267184	Vera-Schockner	Aug 2020	A1
20200280587	Janakiraman et al.	Sep 2020	A1
20200287819	Theogaraj et al.	Sep 2020	A1
20200287976	Theogaraj et al.	Sep 2020	A1
20200296011	Jain et al.	Sep 2020	A1
20200296026	Michael et al.	Sep 2020	A1
20200314006	Mackie et al.	Oct 2020	A1
20200314614	Moustafa et al.	Oct 2020	A1
20200322230	Natal et al.	Oct 2020	A1
20200322287	Connor et al.	Oct 2020	A1
20200336336	Sethi et al.	Oct 2020	A1
20200344143	Faseela et al.	Oct 2020	A1
20200344163	Gupta et al.	Oct 2020	A1
20200351188	Arora et al.	Nov 2020	A1
20200358878	Bansal et al.	Nov 2020	A1
20200366530	Mukundan et al.	Nov 2020	A1
20200366562	Mayya et al.	Nov 2020	A1
20200382345	Zhao et al.	Dec 2020	A1
20200382387	Pasupathy et al.	Dec 2020	A1
20200412576	Kondapavuluru	Dec 2020	A1
20200413283	Shen et al.	Dec 2020	A1
20210006482	Hwang et al.	Jan 2021	A1
20210006490	Michael et al.	Jan 2021	A1
20210029019	Kottapalli	Jan 2021	A1
20210029088	Mayya et al.	Jan 2021	A1
20210036888	Makkalla et al.	Feb 2021	A1
20210036987	Mishra et al.	Feb 2021	A1
20210067372	Cidon et al.	Mar 2021	A1
20210067373	Cidon et al.	Mar 2021	A1
20210067374	Cidon et al.	Mar 2021	A1
20210067375	Cidon et al.	Mar 2021	A1
20210067407	Cidon et al.	Mar 2021	A1
20210067427	Cidon et al.	Mar 2021	A1
20210067442	Sundararajan et al.	Mar 2021	A1
20210067461	Cidon et al.	Mar 2021	A1
20210067464	Cidon et al.	Mar 2021	A1
20210067467	Cidon et al.	Mar 2021	A1
20210067468	Cidon et al.	Mar 2021	A1
20210092062	Dhanabalan et al.	Mar 2021	A1
20210105199	H et al.	Apr 2021	A1
20210112034	Sundararajan et al.	Apr 2021	A1
20210126830	R. et al.	Apr 2021	A1
20210126853	Ramaswamy et al.	Apr 2021	A1
20210126854	Guo et al.	Apr 2021	A1
20210126860	Ramaswamy et al.	Apr 2021	A1
20210144091	H et al.	May 2021	A1
20210160169	Shen et al.	May 2021	A1
20210160813	Gupta et al.	May 2021	A1
20210176255	Hill	Jun 2021	A1
20210184952	Mayya et al.	Jun 2021	A1
20210184966	Ramaswamy et al.	Jun 2021	A1
20210184983	Ramaswamy et al.	Jun 2021	A1
20210194814	Roux et al.	Jun 2021	A1
20210226880	Ramamoorthy et al.	Jul 2021	A1
20210234728	Cidon et al.	Jul 2021	A1
20210234775	Devadoss et al.	Jul 2021	A1
20210234786	Devadoss et al.	Jul 2021	A1
20210234804	Devadoss et al.	Jul 2021	A1
20210234805	Devadoss et al.	Jul 2021	A1
20210235312	Devadoss et al.	Jul 2021	A1
20210235313	Devadoss et al.	Jul 2021	A1
20210266262	Subramanian et al.	Aug 2021	A1
20210279069	Salgaonkar et al.	Sep 2021	A1
20210314289	Chandrashekhar et al.	Oct 2021	A1
20210328835	Mayya et al.	Oct 2021	A1
20210336880	Gupta et al.	Oct 2021	A1
20210377109	Shrivastava et al.	Dec 2021	A1
20210377156	Michael et al.	Dec 2021	A1
20210392060	Silva et al.	Dec 2021	A1
20210392070	Tootaghaj et al.	Dec 2021	A1
20210399920	Sundararajan et al.	Dec 2021	A1
20210399978	Michael et al.	Dec 2021	A9
20210400113	Markuze et al.	Dec 2021	A1
20210409277	Jeuk et al.	Dec 2021	A1
20220006726	Michael et al.	Jan 2022	A1
20220006751	Ramaswamy et al.	Jan 2022	A1
20220006756	Ramaswamy et al.	Jan 2022	A1
20220035673	Markuze et al.	Feb 2022	A1
20220038370	Vasseur et al.	Feb 2022	A1
20220038557	Markuze et al.	Feb 2022	A1
20220094644	Cidon et al.	Mar 2022	A1
20220123961	Mukundan et al.	Apr 2022	A1
20220131740	Mayya et al.	Apr 2022	A1
20220131807	Srinivas et al.	Apr 2022	A1

Foreign Referenced Citations (32)

Number	Date	Country
1926809	Mar 2007	CN
102577270	Jul 2012	CN
102811165	Dec 2012	CN
104956329	Sep 2015	CN
106656847	May 2017	CN
110447209	Nov 2019	CN
111198764	May 2020	CN
1912381	Apr 2008	EP
3041178	Jul 2016	EP
3509256	Jul 2019	EP
2010233126	Oct 2010	JP
2017059991	Mar 2017	JP
2574350	Feb 2016	RU
03073701	Sep 2003	WO
2007016834	Feb 2007	WO
2012167184	Dec 2012	WO
WO-2015092565	Jun 2015	WO
2016061546	Apr 2016	WO
WO-2016123314	Aug 2016	WO
2017083975	May 2017	WO
2019070611	Apr 2019	WO
2019094522	May 2019	WO
2020018704	Jan 2020	WO
WO-2020012491	Jan 2020	WO
2020091777	May 2020	WO
2020101922	May 2020	WO
2020112345	Jun 2020	WO
2021040934	Mar 2021	WO
2021118717	Jun 2021	WO
2021150465	Jul 2021	WO
2021211906	Oct 2021	WO
2022005607	Jan 2022	WO

Non-Patent Literature Citations (64)

Entry
Using Path Label Routing in Wide Area Software-Defined Networks with OpenFlow Weidong Lin;Yukun Niu;Xia Zhang;Lingbo Wei; Chi Zhang 2016 International Conference on Networking and Network Applications (NaNA) (Year: 2016).
End-to-End Header Compression over Software-Defined Networks: A Low Latency Network Architecture Supalerk Jivorasetkul;Masayoshi Shimamura;Katsuyoshi Iida 2012 Fourth International Conference on Intelligent Networking and Collaborative Systems Year: 2012 \| Conference Paper \| Publisher: IEEE (Year: 2012).
Dynamic On-Demand Virtual Extensible LAN Tunnels via Software-Defined Wide Area Networks Gieorgi Zakurdaev;Mohammed Ismail;Chung-Horng Lung 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC) Year: 2022 \| Conference Paper \| Publisher: IEEE (Year: 2022).
Del Piccolo, Valentin, et al., “A Survey of Network Isolation Solutions for Multi-Tenant Data Centers,” IEEE Communications Society, Apr. 20, 2016, vol. 18, No. 4, 37 pages, IEEE.
Fortz, Bernard, et al., “Internet Traffic Engineering by Optimizing OSPF Weights,” Proceedings IEEE INFOCOM 2000, Conference on Computer Communications, Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies, Mar. 26-30, 2000, 11 pages, IEEE, Tel Aviv, Israel, Israel.
Francois, Frederic, et al., “Optimizing Secure SDN-enabled Inter-Data Centre Overlay Networks through Cognitive Routing,” 2016 IEEE 24th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS), Sep. 19-21, 2016, 10 pages, IEEE, London, UK.
Michael, Nithin, et al., “HALO: Hop-by-Hop Adaptive Link-State Optimal Routing,” IEEE/ACM Transactions on Networking, Dec. 2015, 14 pages, vol. 23, No. 6, IEEE.
Mishra, Mayank, et al., “Managing Network Reservation for Tenants in Oversubscribed Clouds,” 2013 IEEE 21st International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems, Aug. 14-16, 2013, 10 pages, IEEE, San Francisco, CA, USA.
Mudigonda, Jayaram, et al., “NetLord: A Scalable Multi-Tenant Network Architecture for Virtualized Datacenters,” Proceedings of the ACM SIGCOMM 2011 Conference, Aug. 15-19, 2011, 12 pages, ACM, Toronto, Canada.
Non-Published Commonly Owned U.S. Appl. No. 16/662,363, filed Oct. 24, 2019, 129 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,379, filed Oct. 24, 2019, 123 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,402, filed Oct. 24, 2019, 128 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,427, filed Oct. 24, 2019, 165 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,489, filed Oct. 24, 2019, 165 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,510, filed Oct. 24, 2019, 165 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,531, filed Oct. 24, 2019, 135 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,570, filed Oct. 24, 2019, 141 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,587, filed Oct. 24, 2019, 145 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/662,591, filed Oct. 24, 2019, 130 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/721,964, filed Dec. 20, 2019, 39 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/721,965, filed Dec. 20, 2019, 39 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/792,908, filed Feb. 18, 2020, 48 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/792,909, filed Feb. 18, 2020, 49 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/851,294, filed Apr. 17, 2020, 59 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/851,301, filed Apr. 17, 2020, 59 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/851,308, filed Apr. 17, 2020, 59 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/851,314, filed Apr. 17, 2020, 59 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/851,323, filed Apr. 17, 2020, 59 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 16/851,397, filed Apr. 17, 2020, 59 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/068,603, filed Oct. 12, 2020, 37 pages, Nicira, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/072,764, filed Oct. 16, 2020, 33 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/072,774, filed Oct. 16, 2020, 34 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/085,893, filed Oct. 30, 2020, 34 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/085,916, filed Oct. 30, 2020, 35 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 15/803,964, filed Nov. 6, 2017, 15 pages. The Mode Group.
Non-Published Commonly Owned U.S. Appl. No. 16/216,235, filed Dec. 11, 2018, 19 pages. The Mode Group.
Ray, Saikat, et al., “Always Acyclic Distributed Path Computation,” University of Pennsylvania Department of Electrical and Systems Engineering Technical Report, May 2008, 16 pages, University of Pennsylvania ScholarlyCommons.
Webb, Kevin C., et al., “Blender: Upgrading Tenant-Based Data Center Networking,” 2014 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Oct. 20-21, 2014, 11 pages, IEEE, Marina del Rey, CA, USA.
Yap, Kok-Kiong, et al., “Taking the Edge off with Espresso: Scale, Reliability and Programmability for Global Internet Peering,” SIGCOMM '17: Proceedings of the Conference of the ACM Special Interest Group on Data Communication, Aug. 21-25, 2017, 14 pages, Los Angeles, CA.
Huang, Cancan, et al., “Modification of Q.SD-WAN,” Rapporteur Group Meeting—Doc, Study Period 2017-2020, Q4/11-DOC1 (190410), Study Group 11, Apr. 10, 2019, 19 pages, International Telecommunication Union, Geneva, Switzerland.
Non-published Commonly Owned U.S. Appl. No. 17/187,913, filed Mar. 1, 2021, 27 pages, Nicira, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/233,427, filed Apr. 16, 2021, 124 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/361,292, filed Jun. 28, 2021, 35 pages, Nicira, Inc.
Sarhan, Soliman Abd Elmonsef, et al., “Data Inspection in SDN Network,” 2018 13th International Conference on Computer Engineering and Systems (ICCES), Dec. 18-19, 2018, 6 pages, IEEE, Cairo, Egypt.
Xie, Junfeng, et al., A Survey of Machine Learning Techniques Applied to Software Defined Networking (SDN): Research Issues and Challenges, IEEE Communications Surveys & Tutorials, Aug. 23, 2018, 38 pages, vol. 21, Issue 1, IEEE.
Alsaeedi, Mohammed, et al., “Toward Adaptive and Scalable OpenFlow-SDN Flow Control: A Survey,” IEEE Access, Aug. 1, 2019, 34 pages, vol. 7, IEEE, retrieved from https://ieeexplore.ieee.org/document/8784036.
Long, Feng, “Research and Application of Cloud Storage Technology in University Information Service,” Chinese Excellent Masters' Theses Full-text Database, Mar. 2013, 72 pages, China Academic Journals Electronic Publishing House, China.
Non-Published Commonly Owned U.S. Appl. No. 17/562,8902, filed Dec. 27, 2021, 36 pages, Nicira, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/572,583, filed Jan. 10, 2022, 33 pages, Micira, Inc.
Noormohammadpour, Mohammad, et al., “DCRoute: Speeding up Inter-Datacenter Traffic Allocation while Guaranteeing Deadlines,” 2016 IEEE 23rd International Conference on High Performance Computing (HiPC), Dec. 19-22, 2016, 9 pages, IEEE, Hyderabad, India.
Guo, Xiangyi, et al., (U.S. Appl. No. 62/925,193) filed Oct. 23, 2019, 26 pages.
Lasserre, Marc, et al., “Framework for Data Center (DC) Network Virtualization,” RFC 7365, Oct. 2014, 26 pages, IETF.
Non-Published Commonly Owned U.S. Appl. No. 17/467,378, filed Sep. 6, 2021, 157 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/474,034, filed Sep. 13, 2021, 349 pages, VMware, Inc.
Non-Published Commonly Owned U.S. Appl. No. 17/542,413, filed Dec. 4, 2021, 173 pages, VMware, Inc.
Alvizu, Rodolfo, et al., “SDN-Based Network Orchestration for New Dynamic Enterprise Networking Services,” 2017 19th International Conference on Transparent Optical Networks, Jul. 2-6, 2017, 4 pages, IEEE, Girona, Spain.
Barozet, Jean-Marc, “Cisco SD-WAN as a Managed Service,” BRKRST-2558, Jan. 27-31, 2020, 98 pages, Cisco, Barcelona, Spain, retrieved from https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKRST-2558.pdf.
Barozei, Jean-Marc, “Cisco SDWAN,” Deep Dive, Dec. 2017, 185 pages, Cisco, Retreived from https://www.coursehero.com/file/71671376/Cisco-SDWAN-Deep-Divepdf/.
Bertaux, Lionel, et al., “Software Defined Networking and Virtualization for Broadband Satellite Networks,” IEEE Communications Magazine, Mar. 18, 2015, 7 pages, vol. 53, IEEE, retrieved from https://ieeexplore.ieee.org/document/7060482.
Cox, Jacob H., et al., “Advancing Software-Defined Networks: A Survey,” IEEE Access, Oct. 12, 2017, 40 pages, vol. 5, IEEE, retrieved from https://ieeexplore.ieee.org/document/8066287.
Duan, Zhenhai, et al., “Service Overlay Networks: SLAs, QoS, and Bandwidth Provisioning,” IEEE/ACM Transactions on Networking, Dec. 2003, 14 pages, vol. 11, IEEE, New York, NY, USA.
Li, Shengru, et al., “Source Routing with Protocol-oblivious Forwarding (POF) to Enable Efficient e-Health Data Transfers,” 2016 IEEE International Conference on Communications (ICC), May 22-27, 2016, 6 pages, IEEE, Kuala Lumpur, Malaysia.
Ming, Gao, et al., “A Design of SD-WAN-Oriented Wide Area Network Access,” 2020 International Conference on Computer Communication and Network Security (CCNS), Aug. 21-23, 2020, 4 pages, IEEE, Xi'an, China.
Tootaghaj, Diman Zad, et al., “Homa: An Efficient Topology and Route Management Approach in SD-WAN Overlays,” IEEE INFOCOM 2020—IEEE Conference on Computer Communications, Jul. 6-9, 2020, 10 pages, IEEE, Toronto, ON, Canada.

Related Publications (1)

	Number	Date	Country
	20220166713 A1	May 2022	US

Tunnel-less SD-WAN

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

CPC