The present invention is in the field of server virtualization and, more particularly, includes an intelligent network interface controller architecture which can efficiently process data traffic involving virtual machines operating on a physical host machine.
Virtual machine environments are becoming popular. In particular, a virtual machine environment allows multiple virtual machines operating on a host machine to share the physical resources of the host machine. The sharing of physical resources is made possible by a hypervisor, which is a software application that, generally, is aware of all data traffic that is sourced from or destined to the virtual machines (also generally referred to as a guest operating system or virtual image) and is also aware of all memory usage by the virtual machines.
One general concern in networked computing environments has been with detecting intrusions that may interfere with operation of the computer system. Such intrusion detection may include, for example, the use of deep packet inspection of data traffic destined to the computer system. In a virtual machine environment, such intrusion detection may be conventionally handled as part of the hypervisor.
Another challenge in virtual machine environments is switching data traffic that is sourced from one virtual machine, operating on the host machine, to other virtual machines also operating on that host machine. A conventional method of switching such traffic utilizes a virtual switch, which is a software component operating on the host machine that allows virtual machines on the same host to communicate with each other using the same protocols that would be used over physical switches, without the need for additional networking hardware. However, it is known that such a software virtual switch can be a performance bottleneck.
One proposed solution to the performance bottleneck of the software virtual switch is to employ an appliance that is connected outside the host machine on which the virtual machines are operating. That is, the appliance is part of the network hardware. In addition, it has also been proposed that intrusion detection may be performed by this switching appliance. However, by employing an appliance that is outside the host machine, communication between the appliance and the host machine may add undesirable latency in communication involving the virtual machines.