Network virtualization involves creating virtual Layer-2 and/or Layer-3 topologies on top of an arbitrary physical (Layer-2 or Layer-3) network. Network Virtualization decouples virtual networks and addresses from physical network infrastructure, providing isolation and concurrency between multiple virtual networks on the same physical network infrastructure. Such virtualized networks can be used, for example, in data centers and cloud computing services. Virtualized networks of this sort are commonly referred to as “overlay networks” or “tenant networks,” and these latter terms are used interchangeably in the present patent application.
A number of protocols have been developed to support network virtualization. For example, Sridharan et al. describe the NVGRE virtualization protocol in an Internet Draft entitled “NVGRE: Network Virtualization using Generic Routing Encapsulation,” draft-sridharan-virtualization-nvgre-01 (Jul. 9, 2012), published by the Internet Engineering Task Force (IETF). Another network virtualization protocol is VXLAN (Virtual eXtensible Local Area Network), which is described by Mahalingam et al. in an Internet Draft entitled “VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks,” published by the IETF as draft-mahalingam-dutt-dcops-vxlan-02 (Aug. 22, 2012). These protocols are directed to virtualization and encapsulation of Layer 2 communications (such as Ethernet™ links) over Internet Protocol (IP) networks.
Attempts have also been made to provide a framework for encapsulation and transmission of various protocols over InfiniBand™ (IB) networks. For example, Chu and Kashyap describe a method for encapsulating and transmitting IP and Address Resolution Protocol (ARP) packets over IB in “Transmission of IP over InfiniBand (IPoIB),” published in 2006 as IETF Request for Comments (RFC) 4391. This document specifies the link-layer address to be used when resolving IP addresses in IB subnets and the setup and configuration of IPoIB links.
U.S. Pat. No. 8,201,168 describes the use of virtual input-output connections for machine virtualization. A virtual computer system includes at least one virtual or physical compute node, which produces data packets having respective source attributes. At least one Virtual Input-Output Connection (VIOC) is uniquely associated with the values of the source attributes. The virtual computer system is implemented on a physical computer system, which includes at least one physical packet switching element. The physical packet switching element is configured to identify the data packets whose source attributes have the values that are associated with the VIOC and to perform operations on the identified data packets so as to enforce a policy with regard to the VIOC.