Search

EP-4078395-B1 - PARSING LOGICAL NETWORK DEFINITION FOR DIFFERENT SITES

EP4078395B1EP 4078395 B1EP4078395 B1EP 4078395B1EP-4078395-B1

Inventors

  • CHANDRASHEKHAR, GANESAN
  • MARGARIAN, Pavlush
  • PALAVALLI, AMARNATH
  • DORR, JOSH

Dates

Publication Date
20260506
Application Date
20210131

Claims (12)

  1. A method for defining a logical network (100) that spans a plurality of sites (405, 410, 415) and is managed at each site by a local manager (425, 430, 435) executed on a computing device on the respective site of the plurality of sites, the method comprising: at a global manager (420) executed on a computing device at one of the plurality of sites that manages the logical network (100): creating a tree (1700) from a definition of a logical network (100) that spans the plurality of sites (405, 410, 415), said tree (1700) comprising nodes representing elements in the logical network (100) and connections between the nodes to express relationships between the elements, each of at least a subset of nodes having a span attribute identifying a set of sites spanned by a logical network element corresponding to the node; using the span attributes to create a parsed tree (2100) for each site; based on the parsed tree (2100) of each respective site, identifying a portion of the logical network definition that is relevant for the respective site; and providing, to the local manager (425, 430, 435) of each respective site, the portion of the logical network definition that is identified for the respective site, wherein: the logical network definition is a first logical network definition; a particular local manager (425) at a particular site (405) creates and stores a local tree (2200) based on an identified portion of the first logical network definition received from the global manager (420); the particular local manager (425) directly receives a second logical network definition that is not received from the global manager (420) and, based on the received second logical network definition, updates the local tree (2200); for a particular network element spanning the particular site (405), when the second logical network definition conflicts with the first logical network definition, the particular local manager (425) resolves the conflict using a set of priority rules; the first logical network definition specifies to delete a particular logical network element; the particular local manager (425) deletes the node associated with the particular logical network element from the local tree (2200) when the particular local manager (425) determines that the particular logical network element is not required by other logical network elements in use at the particular site (405); and the particular local manager (425) automatically notifies the global manager (420) that the particular logical network element has not been deleted when the particular local manager (425) determines that the particular logical network element is required by other logical network elements in use at the particular site (405).
  2. The method of claim 1, wherein: a particular local manager (430) at a particular site (410) uses a portion of the logical network definition identified for the particular site (410) to generate and provide a set of configuration data to a cluster of controllers (1420) at the particular site (410) managed by the particular local manager (430); and the cluster of controllers (1420) i) receives the configuration data from the particular local manager (430), ii) identifies a set of computing devices (320, 325) at the particular site (410) to implement the logical network elements that span the particular site (410), and iii) distributes the configuration data to an identified set of computing devices (320, 325).
  3. The method of claim 2, wherein the configuration data received by a particular computing device (320) is received by a local controller (1425) executing on the particular computing device (320), wherein the local controller (1425) uses the received configuration data to configure at least one forwarding element (345) also executing on the particular computing device (320) to implement at least one of the logical network elements that span the particular site (410).
  4. The method of claim 2, wherein the cluster of controllers (1420), for each identified computing device (320, 325) at the particular site (410), (i) determines a set of mappings between logical addresses of logical network endpoints executing on the identified computing device (320) and physical addresses of tunnel endpoints associated with the identified computing device (320), (ii) distributes the set of mappings for the identified computing device (320) to other computing devices (320, 325) at the site (410), and (iii) distributes the set of mappings to other clusters of controllers at other sites (405, 415).
  5. The method of claim 1, wherein: the nodes of the tree (1700) comprise logical network elements and logical network policies; the logical network elements comprise logical forwarding elements that forward data in the logical network (100), each logical forwarding element implemented by one or more physical forwarding elements executing on computing devices (320, 325) at sites (405, 410, 415) spanned by the logical forwarding element; and the logical network policies comprise forwarding policies, security policies, and service policies.
  6. The method of claim 1, wherein: the set of priority rules comprises a rule that specifies, when the conflict pertains to forwarding rules associated with the particular logical network element, to update the local tree (2200) using the second logical network definition that was directly received at the local manager (425); and the particular local manager (425) stores the first logical network definition received from the global manager (420) as a read-only definition that is not modified when updating the local tree (2200).
  7. The method of claim 1, wherein the set of priority rules comprises a rule that specifies, when the conflict pertains to security rules associated with the particular logical network element, to update the local tree (2200) using the first logical network definition that was received from the global manager (420).
  8. The method of claim 1 further comprising determining the span attribute of a particular node by performing a span calculation based on the logical network definition, wherein the span calculation comprises identifying a parent node of the particular node and inheriting the span attribute from the identified parent node.
  9. The method of claim 1, wherein the logical network definition specifies the span attribute of a particular node, said span attribute comprising a set of site identifiers that are each associated with one of the sites (405, 410, 415).
  10. The method of claim 1, wherein providing a particular identified portion of the logical network definition to a particular local manager (425) comprises writing the particular identified portion of the logical network definition to a file and transmitting the file to the particular local manager (425) over a network.
  11. A machine-readable medium storing a program which when executed by at least one processing unit implements the method according to any one of claims 1-10, wherein the at least one processing unit executes a global manager (420) that manages a logical network (100), wherein the logical network (100) spans a plurality of sites (405, 410, 415) and is managed at each site by a local manager (425, 430, 435) executing on the at least one processing unit or on another processing unit.
  12. An electronic device comprising: a set of processing units; and a machine readable medium storing a program which when executed by at least one of the processing units implements the method according to any one of claims 1-10, wherein the at least one processing unit executes a global manager (420) that manages a logical network (100), wherein the logical network (100) spans a plurality of sites (405, 410, 415) and is managed at each site by a local manager (425, 430, 435) executing on the at least one processing unit or on another one of the processing units.

Description

TECHNICAL FIELD The present invention relates to the field of networks spanning multiple sites. In particular, the present invention relates to methods for defining a logical network that spans a plurality of sites and is managed at each site by a local manager. Furthermore, the present invention relates to a machine-readable medium and an electronic device. BACKGROUND As more networks move to the cloud, it is more common for corporations or other entities to have networks spanning multiple sites. While logical networks that operate within a single site are well established, there are various challenges in having logical networks span multiple physical sites (e.g., datacenters). The sites should be self-contained, while also allowing for data to be sent from one site to another easily. Various solutions are required to solve these issues. In the cited background art, US2018062923A1 concerns the use of public cloud inventory tags to configure a data compute node for a logical network. US2019342175A1 concerns the application of profile setting groups to logical network entities. BRIEF SUMMARY The present invention provides an advantageous way of defining a logical network that spans a plurality of sites as set out in the independent claims. Additional features are set out in the dependent claims. By way of introduction, the following description concerns a network management system for managing a logical network spanning multiple federated sites (e.g., multiple datacenters). The network management system of some examples includes a global manager that manages the entire logical network spanning all of the sites, as well as local managers at each site that directly manage the logical network at their respective sites. The logical network includes logical network elements that span one or more sites and logical network policies that apply to the elements at those sites. In some examples, the global manager receives a global desired configuration for the logical network (e.g., from an administrator of the network), identifies a relevant portion of the global desired configuration for each site in the federation, and provides the identified portion to the site's corresponding local manager. In addition, the global manager collects information about the realized state of the logical network across the sites from the local managers and provides this information (e.g., to an administrator of the logical network) for troubleshooting and management purposes. In some examples, the global manager executes on a computing device at one of the sites spanned by the logical network, and each local manager also executes on a computing device at its respective site. In some examples, the global manager executes on the same computing device at one of the physical sites as the local manager managing that site. The global manager and the local managers are in some examples separate modules of a single application. Some examples deploy each manager at a physical site as a cluster of machines, with each machine executing on a different computing device at the same site. Some examples employ a primary global manager and a secondary global manager, in an active-standby arrangement. The primary global manager is asynchronously synchronized with the secondary global manager as a standby for failover scenarios. The secondary global manager executes on a different computing device, located in some examples for resiliency at a different site than the primary global manager, and maintains an independent database. The secondary global manager is also deployed in some examples as a set of machines and may also execute on the same computing device as a local manager. The primary global manager's database is a distributed shared log implemented across a set of storage devices at the physical site where the primary global manager resides in some examples. Data regarding the global desired configuration is received and stored in the database using a series of database transactions which are initiated through a series of application programming interface (API) calls to the global manager. The database, in some examples, generates an update stream from the database transactions, that is used to provide the data regarding the desired configuration to the secondary global manager for replication of the database. The update stream also includes metadata associated with each transaction, such as timestamp information that can be used for data ordering, as well as database status to prevent race conditions for access. In some examples, the database is shared by the primary global manager with other applications (e.g., a local manager) on the same computing device. In some such examples, data for replication to the secondary global manager is tagged so that only data associated with the primary global manager is replicated and other data associated with other applications on the computing device is not replicated. Each global manager's database also inc