The scale of Cloud services continues to expand. What was once “good enough” via Q-in-Q cloud deployments (up to 1,048,576 devices/networks) has been supplanted by VxLAN technology which has the capability of 16,777,216 networks*16,777,216 devices. It points the way for IPv6 deployment with expanded addressing capability and provides a way for the IoT to be deployed. There are three main advantages to VxLAN: a) increased addressing space and scalability because VxLAN has 24 bits vs. 12 with VLANs in the tag associated with VxLAN, b) The Layer 2 Virtual network is on a completely different network than the Layer 2 physical network. This allows the Layer 2 network to be extended to a different location, c) isolation/security provided by having each Virtual Terminal Point along the way provide encryption of the tag at each point along the way while maintaining encryption of the Layer 2 “payload”.
Although a lot has been disclosed about VxLAN, what has not been disclosed is how industrial grade cloud providers can provide private instances of shared resources. This is especially tricky because it is easy, trivial, and known by anyone skilled in the art is how to provide “human scale” private instances—use the hypervisor to provide private instances. Every major hypervisor has an ability to provide private instances on a virtual machine. What will be taught in this patent disclosure is how to do the same thing that a hypervisor does with virtual machines using a cluster of physical machines on a scale that matches VxLAN's enhanced addressing capabilities.
In the field of VxLAN networks (VxLAN), a system is used to isolate clients into individual private networks, as long as they possess conforming equipment (virtual or physical) to meet the specifications, which are governed by IETF standards. The key component is a VTEP (Virtual Transmission End Point) for providing a new encryption when it leaves the network, a firewall which prevents unauthorized packets from entering the network, and a router to provide a route to another network controlled by the client with a VTEP.
What is described herein is using the concepts of networks and virtualization on a large pooled system to be able to dynamically allocate private instances of shared resources to users.
Herein, the term “computing device” refers to any electronic device with a processor and means for data storage. Used herein, the term “network connection” refers to any means to allow a plurality of computing devices to communicate. Further, the term “trunked” used herein refers to programmatically relating multiple network connections to each other to create redundancy and greater bandwidth in a single logical connection. The term “network packets” refers to a formatted message in the form of packets transmitted over a network. The term “hardware resource” refers to a networkable computing device. The term “virtual resource” refers to an allocation on a networkable computing device which refers to a virtual representation of a computing device or a software application, such as a database. Used herein, the term “management local area network”, sometimes referred to as a “MLAN”, refers to a LAN containing hardware or virtual resources used exclusively for the initialization, configuration, and maintenance of other LANs. Used herein, the term “data center” refers to a central storage complex containing a multitude of servers and network routing hardware. A “traditional data center” is a data center absent of virtualization. The term “virtual firewall/vtep/router” refers to a virtual implementation of a firewall/vtep/router with a virtual Ethernet port. Used herein, the term, “maintaining” refers to keeping a network resource functioning