Patent application number | Description | Published |
20080244747 | Network context triggers for activating virtualized computer applications - A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action. | 10-02-2008 |
20100054129 | Virtual switch quality of service for virtual machines - In one embodiment a method includes selectively controlling a virtual network switch to control a quality of service (QoS) for a flow associated with a virtual machine (VM). Controlling the QoS may include controlling the virtual switch to provide classification, congestion management, congestion avoidance, bandwidth limiting, traffic shaping, and/or priority manipulation. The method may also include migrating a policy associated with a virtual interface between the VM and the virtual switch from a first server to a second server when the VM is to be migrated from the first server to the second server. The migration may also include moving statistics associated with the policy. The method may include selectively adapting the policy or an existing policy on the receiving server when a discrepancy is detected between the policies. The method may include reserving resources to provide guaranteed minimum bandwidth, even without control of an ingress and egress queue. | 03-04-2010 |
20110173295 | OFFLOAD STACK FOR NETWORK, BLOCK AND FILE INPUT AND OUTPUT - An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems. | 07-14-2011 |
20120131662 | Virtual local area networks in a virtual machine environment - In one embodiment, a method includes identifying virtual machines operating at a network device and virtual local area networks associated with the virtual machines, creating an allowed list of virtual local area networks at the network device based on the virtual machines operating at the network device, and updating the allowed list in response to changes in the virtual machines at the network device. The network device is configured to forward traffic received from the virtual local area networks on the allowed list to a virtual switch at the network device, and drop traffic received from a virtual local area network not on the allowed list. An apparatus and logic are also disclosed. | 05-24-2012 |
Patent application number | Description | Published |
20090049199 | VIRTUAL MAC ADDRESS SYSTEM AND METHOD - A method for creating a virtual MAC address, the method includes receiving an Internet Protocol address that is to be associated with a virtual MAC address. The method creates a virtual MAC address by setting an OUI portion of the virtual MAC address to an OUI value and setting the non-OUI portion of the virtual MAC address to a subset of the Internet Protocol (IP) address. In one embodiment, the lower three bytes of the IP address are used. Additionally, a method of migrating a virtual MAC address includes detecting a migration event on a first system; creating a virtual MAC address on a second system; and issuing a gratuitous ARP packet containing the virtual MAC address. | 02-19-2009 |
20100067374 | Reducing Flooding in a Bridged Network - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of reducing flooding in a bridged network, typically including a device directly connected to multiple upstream bridges. These bridges are configured such that the device receives broadcast/multicast traffic from a single interface of one of the bridges, while allowing unicast traffic over each of the communications links connecting the device to the bridges. In one configuration, the device implements virtual machine(s), each including a virtual network interface associated with a MAC address; and the directly connected bridges are configured, for each particular MAC address of these MAC addresses of the virtual interfaces, such that one and only one of the bridges will forward packets having the particular MAC address as its destination address over a communications link directly connected to the device. | 03-18-2010 |
20100146093 | CENTRAL CONTROLLER FOR COORDINATING MULTICAST MESSAGE TRANSMISSIONS IN DISTRIBUTED VIRTUAL NETWORK SWITCH ENVIRONMENT - A centralized control processor provides a unified management mechanism for multiple multicast switches or servers running virtual switches that is also capable of sending query messages based upon a subset of ports. | 06-10-2010 |
20120127857 | Dynamic Queuing and Pinning to Improve Quality of Service on Uplinks in a Virtualized Environment - Techniques are provided for improve quality of service on uplinks in a virtualized environment. At a server apparatus having a plurality of physical links configured to communicate traffic over a network to or from the server apparatus, forming an uplink group comprising a plurality of physical links. A first class of service is defined that allocates a first share of available bandwidth on the uplink group, and a second class of service is defined that allocates a second share of available bandwidth on the uplink group. The bandwidth for the first class of service is allocated across the plurality of physical links of the uplink group, and the bandwidth for the second class of service is allocated across the plurality of physical links of the uplink group. Traffic rates are monitored on each of the plurality of physical links to determine if a physical link is congested indicating that a bandwidth deficit exists for a class of service. In response to determining that one of the plurality of physical links is congested, bandwidth is reallocated for a class of service to reduce the bandwidth deficit for a corresponding class of service. | 05-24-2012 |
20140092744 | Dynamic Queuing and Pinning to Improve Quality of Service on Uplinks in a Virtualized Environment - At a network element having a plurality of physical links configured to communicate traffic over a network to or from the network element, an uplink group is formed comprising the plurality of physical links, wherein the plurality of physical links comprise a first physical link and a second physical link A plurality of classes of service are defined comprising a first class of service and a second class of service, wherein the first class of service and second class of service have bandwidth allocations on the first physical link. Traffic congestion is detected on the first physical link that exceeds a predetermined threshold for the first class of service. Traffic associated with one or more virtual machines associated with the first class of service on the first physical link is re-associated to the second physical link until the traffic congestion falls below the predetermined threshold. | 04-03-2014 |