This relates to communication networks, and more particularly, to managing virtual switches.
Packet-based networks such as the internet and local data networks that are connected to the internet include network switches. Network switches are used in forwarding packets from packet sources to packet destinations.
It can be difficult or impossible to control the switches of one vendor using the equipment of another vendor. This is because the switch equipment of one vendor may use a different operating system and set of control procedures than the switch equipment of another vendor. To address the challenges associated with controlling different types of switch platforms, cross-platform protocols have been developed. These protocols allow centralized control of otherwise incompatible switches.
Cross-platform controller clients can be included on the switches in a network. The controller clients are able to communicate with a corresponding controller server over network paths. Because the controller clients can be implemented on a variety of switch hardware, it is possible for a single controller to control switch equipment that might otherwise be incompatible.
Each network switch on which a controller client has been implemented (sometimes referred to herein as client switches) may be provided with an access control list (ACL) with entries that specify types of packets that are allowed to traverse the switch and entries that specify types of packets that are not allowed to traverse the switch. For example, a specific entry of the access control list (ACL) may specify that packets from a particular internet protocol (IP) address are not allowed to traverse the switch.
Each client switch may include ports through which network packets are conveyed. For example, a first network device coupled to a first port of a client switch may transmit packets to a second network device that is coupled to a second port of the client switch to the first port. The client switch may forward the packets to the second network device by transmitting the packets from the second port.
It may be desirable to form groups of client switches and ports. For example, end hosts such as electronic payment clients (e.g., devices used to communicate with electronic payment servers to perform payment transactions) may be coupled to various ports on the client switches in the network. There may be many electronic payment clients coupled to ports on the client switches in the network (e.g., hundreds or thousands). The many electronic payment clients may generate large amounts of network traffic. It may be desirable to control the large amounts of network traffic associated with the electronic payment clients. To prevent sensitive payment information such as credit card numbers from being transmitted to other devices, it may be desirable to prevent packets originating from the ports associated with the electronic payment clients from reaching destinations other than the electronic payment server.
It would therefore be desirable to be able to provide improved arrangements for controlling the traffic in a communications network by configuring and controlling the network switches in the communications network.