Network architecture traditionally involves high level design based upon inputs received as requirements and objectives and includes the selection of hardware platforms which provide routing, switching and security. The data center server evolution has included rapid growth in CPU cores, increase in the number of separate physical processors on a single logic board and an increase in hardware density in the form of blade servers and single-board computers in multi-board chassis which provide common power and common mounting in data center racks or shelves. Equally dramatic is the virtualization of Operating Systems (OS), pushing CPU and I/O utilization to levels unachievable without Virtual Machines (VMs). Hypervisors that interface with the hardware server are themselves limited operating systems which provide hardware support to one or many self-contained operating system VM clients. Hypervisors, in combination with VMs, are improving hardware reduction beyond that achieved by stacking of multiple applications on a single computer which was the technique just a few years prior.
With the instantiation of multiple VMs on a single server, it is important to consider the frequent switching of frames between VMs on the same machine. Recent development on Ethernet switching to provide Single Root I/O Virtualization (SR-IOV) on network interface cards (NICs) improves Ethernet throughput for Virtual Machines (VMs) and lowers CPU loads. SR-IOV creates multiple receive queues on a NIC, directly accessible by VMs for frames coming from sources external to the Ethernet port. This virtualization of Ethernet ports and the presentation of frames directly to VMs eliminate a major cause for CPU loading by reducing the interrupts for receipt of inbound frames. However, SR-IOV cannot provide switching support for two VMs on the same computer.
Accordingly, what is needed is switching in software which is feasible at larger throughputs but retaining efficiency (e.g., rapid switching of frames between VMs), inclusion of security rules (e.g., firewall capability), and trust Quality of Service on frames between VMs. However, in view of the art considered as a whole at the time the present invention was made, it was not obvious to those of ordinary skill how the art could be advanced.
While certain aspects of conventional technologies have been discussed to facilitate disclosure of the invention, Applicants in no way disclaim these technical aspects, and it is contemplated that the claimed invention may encompass one or more of the conventional technical aspects discussed herein.
The present invention may address one or more of the problems and deficiencies of the prior art discussed above. However, it is contemplated that the invention may prove useful in addressing other problems and deficiencies in a number of technical areas. Therefore, the claimed invention should not necessarily be construed as limited to addressing any of the particular problems or deficiencies discussed herein.
In this specification, where a document, act or item of knowledge is referred to or discussed, this reference or discussion is not an admission that the document, act or item of knowledge or any combination thereof was at the priority date, publicly available, known to the public, part of common general knowledge, or otherwise constitutes prior art under the applicable statutory provisions; or is known to be relevant to an attempt to solve any problem with which this specification is concerned.