公开(公告)号：WO2014062752A1

公开(公告)日：2014-04-24

申请号：PCT/US2013/065159

申请日：2013-10-16

Applicant: MICROSOFT CORPORATION

Inventor： KUMAR, Hemant ,  PATEL, Parveen Kumar ,  BANSAL, Deepak

IPC: H04L29/08

CPC classification number: H04L67/1038 ,  H04L12/56 ,  H04L61/2521 ,  H04L67/2814

Abstract: Bypassing a load balancer that initially appeared in a multi-message flow from a source machine served by a source intermediary and a target machine served on a target intermediary. One or more original network messages (and perhaps just the first) of the flow arrive from the source intermediary at the load balancer, which selects which machine is to be a destination machine, and it turns out selects the destination machine serviced by the destination intermediary. In response to receiving this message, the destination intermediary instructs the source intermediary to transmit subsequent messages in the flow in a manner that bypasses the load balancer. To facilitate this, the source intermediary may modify addressing of subsequent flow messages from the source machine such that they are rerouted to the destination machine without addressing the load balancer.

Abstract translation: 绕过最初出现在来自源中介机构所服务的源计算机的多消息流中的负载均衡器，以及在目标中介服务的目标机器。 流量的一个或多个原始网络消息（也许只是第一个）从负载平衡器的源中介获取，该负载平衡器选择哪个机器将作为目标机器，并且结果是选择目的地中介服务的目的地机器 。 响应于接收到该消息，目的地中介指示源中介以绕过负载平衡器的方式在流中发送后续消息。 为了促进这一点，源中介可以修改来自源机器的后续流消息的寻址，使得它们被重新路由到目的地机器而不寻址负载均衡器。

公开(公告)号：WO2013191973A1

公开(公告)日：2013-12-27

申请号：PCT/US2013/045291

申请日：2013-06-12

Applicant: MICROSOFT CORPORATION

Inventor： KHALIDI, Yousef A. ,  BANSAL, Deepak ,  KIM, Changhoon ,  KANDULA, Srikanth ,  MALTZ, David A.

IPC: G06F9/50 ,  G06F9/445

CPC classification number: G06F8/61 ,  G06F9/5072

Abstract: The provisioning of a host computing system by a controller located over a wide area network. The host computing system has power-on code that automatically executes upon powering up, and causes the host to notify the controller of the host address. In a first level of bootstrapping, the controller instructs the host to download a maintenance operating system. The host responds by downloading and installing a maintenance operating system, enabling further bootstrapping. The persistent memory may further have security data, such as a public key, that allows the host computing system to securely identify the source of the download instructions (and subsequent instructions) as originating from the controller. A second level of bootstrapping may accomplish the configuring of the host with a hypervisor and a host agent. A third level of bootstrapping may accomplish the provisioning of virtual machines on the host.

Abstract translation: 由位于广域网上的控制器提供主计算系统。 主机计算系统具有在上电时自动执行的上电代码，并使主机通知控制器主机地址。 在第一级自举中，控制器指示主机下载维护操作系统。 主机通过下载和安装维护操作系统进行响应，实现进一步的自举。 持久存储器还可以具有诸如公开密钥的安全数据，其允许主计算系统将源自该控制器的下载指令（和后续指令）的源安全地标识。 第二级引导可以使用管理程序和主机代理完成主机的配置。 第三级引导可以完成主机上虚拟机的配置。

公开(公告)号：WO2013191972A1

公开(公告)日：2013-12-27

申请号：PCT/US2013/045290

申请日：2013-06-12

Applicant: MICROSOFT CORPORATION

Inventor： KANDULA, Srlkanth ,  KIM, Changhoon ,  DABAGH, Alireza ,  BANSAL, Deepak ,  MALTZ, David A.

IPC: G06F9/50

CPC classification number: G06F9/5077 ,  G06F9/45533 ,  H04L41/0893 ,  H04L45/38 ,  H04L45/586 ,  H04L49/70 ,  H04L49/90 ,  H04L49/9068

Abstract: The present invention extends to methods, systems, and computer program products for offloading virtual machine flows to physical queues. A computer system executes one or more virtual machines, and programs a physical network device with one or more rules that manage network traffic for the virtual machines. The computer system also programs the network device to manage network traffic using the rules. In particular, the network device is programmed to determine availability of one or more physical queues at the network device that are usable for processing network flows for the virtual machines. The network device is also programmed to identify network flows for the virtual machines, including identifying characteristics of each network flow. The network device is also programmed to, based on the characteristics of the network flows and based on the rules, assign one or more of the network flows to at least one of the physical queues.

Abstract translation: 本发明扩展到用于将虚拟机流卸载到物理队列的方法，系统和计算机程序产品。 计算机系统执行一个或多个虚拟机，并且利用管理虚拟机的网络流量的一个或多个规则对物理网络设备进行编程。 计算机系统还使用规则对网络设备进行编程以管理网络流量。 特别地，网络设备被编程为确定在网络设备处可用于处理虚拟机的网络流的一个或多个物理队列的可用性。 网络设备也被编程为识别虚拟机的网络流，包括识别每个网络流的特征。 网络设备还被编程为基于网络流的特征并且基于规则，将一个或多个网络流分配给至少一个物理队列。

公开(公告)号：WO2013191992A1

公开(公告)日：2013-12-27

申请号：PCT/US2013/045521

申请日：2013-06-12

Applicant: MICROSOFT CORPORATION

Inventor： KHALIDI, Yousef A. ,  BANSAL, Deepak ,  KIM, Changhoon ,  KANDULA, Srlkanth ,  MALTZ, David A. ,  PATEL, Parveen

IPC: G06F9/50

CPC classification number: G06F9/5072 ,  G06F2209/509

Abstract: A delivery controller for use in an enterprise environment that communicates with a cloud computing environment that is providing a service for the enterprise. As the cloud service processing progresses, some cloud service data is transferred from the cloud computing environment to the enterprise environment, and vice versa. The cloud service data may be exchanged over any one of a number of different types of communication channels. The delivery controller selects which communication channel to use to transfer specific data, depending on enterprise policy. Such policy might consider any business goals of the enterprise, and may be applied at the application level.

Abstract translation: 用于与为企业提供服务的云计算环境通信的企业环境中的传送控制器。 随着云服务处理的进行，一些云服务数据从云计算环境转移到企业环境，反之亦然。 云服务数据可以通过多种不同类型的通信信道中的任一种进行交换。 交付控制器根据企业策略选择使用哪个通信信道来传送特定数据。 这样的政策可以考虑企业的任何业务目标，并可以在应用程序级别应用。

公开(公告)号：WO2013191993A1

公开(公告)日：2013-12-27

申请号：PCT/US2013/045524

申请日：2013-06-12

Applicant: MICROSOFT CORPORATION

Inventor： BANSAL, Deepak ,  PATEL, Parveen ,  GREENBERG, Albert

IPC: G06F9/50

CPC classification number: H04L47/10 ,  G06F9/5072 ,  G06F9/5077

Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middle ware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.

Abstract translation: 包括多个主机的系统，每个主机运行多个虚拟机。 该系统可以是例如云计算环境，其中存在与主机和服务进行通信的服务和服务协调系统。 这些服务包括一个中间件管理服务，该服务被配置为为多个租户中的每一个维护租户的中间件策略。 中间件管理服务通过将网络流量引导到中间件执行机制，使中间件策略应用于网络流量。 这种中间件政策是租用的，因为它取决于租户的身份。

公开(公告)号：WO2013191927A1

公开(公告)日：2013-12-27

申请号：PCT/US2013/044869

申请日：2013-06-10

Applicant: MICROSOFT CORPORATION

Inventor： KIM, Changhoon ,  GREENBERG, Albert, G. ,  DABAGH, Alireza ,  KHALIDI, Yousef, A. ,  BANSAL, Deepak ,  KANDULA, Srikanth

IPC: H04L12/803

CPC classification number: H04L47/11 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L47/12 ,  H04L47/263 ,  H04L47/762 ,  H04L47/822 ,  H04L49/70 ,  H04L69/16 ,  Y02D50/10

Abstract: The ensuring of predictable and quantifiable networking performance. Embodiments of the invention combine a congestion free network core with a hypervisor based (i.e., edge-based) throttling design to help insure quantitative and invariable subscription bandwidth rates. A lightweight shim layer in a hypervisor can adaptively throttle the rate of VM-to-VM traffic flow.A receiving hypervisor can detect congestion and communicate back to sending hypervisors that rates are to be regulated. In response, sending hypervisors can reduce transmission rate to mitigate congestion at the receiving hypervisor. In some embodiments, the principles are extended to any message processors communicating over a congestion free network.

Abstract translation: 确保可预测和可量化的网络性能。 本发明的实施例将无拥塞网络核心与基于虚拟机管理程序（即基于边缘的）节流设计相结合，以帮助确保定量和不变的订阅带宽速率。 虚拟机管理程序中的轻量级垫片层可以自适应地调节VM到VM流量的速率。接收虚拟机管理程序可以检测到拥塞并向发送管理程序通信，速率将被调节。 作为响应，发送管理程序可以降低传输速率以减轻接收管理程序的拥塞。 在一些实施例中，原理被扩展到通过无拥塞网络通信的任何消息处理器。

公开(公告)号：WO2011142972A2

公开(公告)日：2011-11-17

申请号：PCT/US2011/034191

申请日：2011-04-27

Applicant: MICROSOFT CORPORATION

Inventor： ALKHATIB, Hasan ,  KIM, Changhoon ,  OUTHRED, Geoff ,  BANSAL, Deepak ,  GREENBERG, Albert ,  MALTZ, Dave ,  PATEL, Parveen

IPC: H04L12/24 ,  H04L12/56 ,  H04L29/08 ,  H04L12/28 ,  G06F9/44

CPC classification number: H04L12/4641 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/42 ,  H04L45/46 ,  H04L45/566 ,  H04L45/586

Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.

Abstract translation: 提供了计算机化方法，系统和计算机可读介质，用于建立和管理虚拟网络（V-net）和虚拟机（VM）交换机，从而实现V-net成员之间的保护和隔离互连。 V-net成员包括生成发往目标网络适配器的数据包的始发网络适配器。 在检测到数据包生成时，源侧VM交换机访问与V-net相关联的转发表，确定与目的网络适配器的标识符相对应的目的地侧的VM交换机定位符，并修改数据包 包括标识符。 转发表表示位于数据中心内的相应节点上的V-net和VM交换机的成员之间的映射。 在操作中，映射强制执行数据包流量的通信策略。 目的端VM交换机接收到数据包后，恢复数据包并将其转发到目的网络适配器。

公开(公告)号：WO2011109565A2

公开(公告)日：2011-09-09

申请号：PCT/US2011/026931

申请日：2011-03-02

Applicant: MICROSOFT CORPORATION

Inventor： BANSAL, Deepak ,  ALKHATIB, Hasan

CPC classification number: H04L69/14 ,  H04L47/193 ,  H04L47/20 ,  H04L47/22 ,  H04L67/10 ,  H04L69/161 ,  H04L69/326 ,  H04L69/329 ,  H04L69/40 ,  Y02D50/30

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel ("tunnel") are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.

Abstract translation: 提供了用于建立和管理基于传输控制协议（TCP）的隧道（“隧道”）的计算机化方法，系统和计算机存储介质。 隧道跨越数据中心和私有企业网络，并连接驻留在每个位置的服务应用程序的端点。 在通信期间，端点通过包括隧道的一个或多个信道（例如，较高级信道和下级信道）发送数据分组。 每个信道支持在其上整体运行的可靠性机制（例如，拥塞控制机制和丢失恢复机制），以确保完整的数据分组传递。 为了防止由可靠性机制的重复努力引起的不合理的性能下降，使用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用由诸如来自服务模型的指令或源/目的地端点的检测到的标识的预定义标准来调用，并且在每个网络连接的基础上被调用。

公开(公告)号：WO2011056714A2

公开(公告)日：2011-05-12

申请号：PCT/US2010/054559

申请日：2010-10-28

Applicant: MICROSOFT CORPORATION

Inventor： ALKHATIB, Hasan ,  BANSAL, Deepak

IPC: H04L12/28

CPC classification number: H04L29/12349 ,  H04L45/64 ,  H04L61/2507 ,  H04L63/0272

Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a virtual network overlay ("overlay") are provided. The overlay spans between a data center and a private enterprise network and includes endpoints, of a service application, that reside in each location. The service-application endpoints residing in the data center and in the enterprise private network are reachable by data packets at physical IP addresses. Virtual presences of the service-application endpoints are instantiated within the overlay by assigning the service-application endpoints respective virtual IP addresses and maintaining an association between the virtual IP addresses and the physical IP addresses. This association facilitates routing the data packets between the service-application endpoints, based on communications exchanged between their virtual presences within the overlay. Also, the association secures a connection between the service-application endpoints within the overlay that blocks communications from other endpoints without a virtual presence in the overlay.

Abstract translation: 提供了用于建立和管理虚拟网络覆盖（“覆盖”）的计算机化的方法，系统和计算机存储介质。 覆盖层跨越数据中心和私人企业网络之间，并包含驻留在每个位置的服务应用程序的端点。 驻留在数据中心和企业专用网络中的服务应用端点可通过物理IP地址处的数据包到达。 通过为服务应用程序端点分配相应的虚拟IP地址并维护虚拟IP地址与物理IP地址之间的关联，服务应用程序端点的虚拟存在被实例化。 该关联有助于根据在覆盖内的虚拟存在之间交换的通信在服务应用端点之间路由数据分组。 另外，该关联保证覆盖内的服务应用端点之间的连接，该连接阻止来自其他端点的通信，而没有覆盖中的虚拟存在。

公开(公告)号：WO2008157036A1

公开(公告)日：2008-12-24

申请号：PCT/US2008/065737

申请日：2008-06-04

Applicant: MICROSOFT CORPORATION

Inventor： BANSAL, Deepak ,  GARG, Sumit ,  SRIDHARAN, Murari ,  THALER, David

IPC: H04L12/28

CPC classification number: H04L45/00 ,  H04L45/12 ,  H04L45/124 ,  H04L45/22

Abstract: A computer may be capable of communicating with devices via network through multiple interfaces. When a new connection is to be established, the computer may select an interface to use for the connection. In some embodiments, the interface may be selected based on historical connection information representing the performance of previous network connections that the computer has established through the interfaces.

Abstract translation: 计算机可能能够通过多个接口通过网络与设备进行通信。 当建立新连接时，计算机可以选择用于连接的接口。 在一些实施例中，可以基于表示计算机通过接口建立的先前网络连接的性能的历史连接信息来选择接口。