Search

EP-4407485-B1 - MAPPING MESSAGES TO CONNECTION SERVERS BETWEEN NETWORK MANAGEMENT SYSTEM AND MANAGED DATACENTERS

EP4407485B1EP 4407485 B1EP4407485 B1EP 4407485B1EP-4407485-B1

Inventors

  • BISWAS, Sudipta
  • DAS, MONOTOSH

Dates

Publication Date
20260506
Application Date
20240124

Claims (11)

  1. A method (1500) for load balancing requests to datacenters (110, 115, 120; 1045, 1050, 1055) from a network management system (100) implemented in a public cloud: at a load balancer (1020) executing in the public cloud: receiving (1505) a message from a network management service (140, 145, 105; 1005, 1010, 1015, 1017) for a local network manager (125, 130, 135; 1075, 1080, 1085) at a particular datacenter (110, 115, 120; 1045, 1050, 1055) of a plurality of datacenters (110, 115, 120; 1045, 1050, 1055) managed by the network management system (100); mapping (1510) a datacenter identifier for the particular datacenter (110, 115, 120; 1045, 1050, 1055) included in the request to a particular connection server (1030, 1035, 1040) that handles a persistent connection between the local network manager (125, 130, 135; 1075, 1080, 1085) at the particular datacenter (110, 115, 120; 1045, 1050, 1055) and the network management system (100), wherein persistent connections between the plurality of datacenters (110, 115, 120; 1045, 1050, 1055) and the network management system (100) are handled by a plurality of different connection servers (1030, 1035, 1040); and sending (1515) the message to the particular connection server (1030, 1035, 1040) for the particular connection server (1030, 1035, 1040) to transmit the message to the local network manager (125, 130, 135; 1075, 1080, 1085) via the persistent connection.
  2. The method (1500) of claim 1, wherein: the network management system (100) is implemented in a container cluster (105; 1000) in the public cloud; and the plurality of connection servers (1030, 1035, 1040) are also in the container cluster (105; 1000).
  3. The method (1500) of claim 2, wherein the load balancer (1020) is also in the container cluster (105; 1000) in the public cloud.
  4. The method (1500) of any one of the claims 1 to 3, wherein the network management service (140, 145, 105; 1005, 1010, 1015, 1017) is a service of the network management system (100) that manages a group of datacenters (110, 115, 120; 1045, 1050, 1055) including the particular datacenter (110, 115, 120; 1045, 1050, 1055).
  5. The method (1500) of claim 4, wherein the network management system (100) includes a plurality of network management services (140, 145, 105; 1005, 1010, 1015, 1017), each respective network management service (140, 145, 105; 1005, 1010, 1015, 1017) managing a respective group of datacenters (110, 115, 120; 1045, 1050, 1055) for a respective tenant (T1, T2).
  6. The method (1500) of any one of the claims 1 to 5, wherein the message is an application programming interface, API, request to be executed at the local network manager (125, 130, 135; 1075, 1080, 1085), the method (1500) further comprising: from the local network manager (125, 130, 135; 1075, 1080, 1085), receiving a response to the request that also includes the datacenter identifier; and sending the response to the particular connection server (1030, 1035, 1040) for the particular connection server (1030, 1035, 1040) to transmit the response to the network management service (140, 145, 105; 1005, 1010, 1015, 1017).
  7. The method (1500) of any one of the claims 1 to 6 further comprising: receiving a data stream from the local network manager (125, 130, 135; 1075, 1080, 1085) via the persistent connection; mapping the particular datacenter identifier in the data stream to the particular connection server (1030, 1035, 1040); and sending the data stream to the particular connection server (1030, 1035, 1040) for the particular connection server (1030, 1035, 1040) to provide the data stream to a particular network management service (140, 145, 105; 1005, 1010, 1015, 1017) of the network management system (100).
  8. The method (1500) of any one of the claims 1 to 7, wherein mapping the datacenter identifier to the particular connection server (1030, 1035, 1040) comprises using a static load balancing configuration specified prior to initiation of the persistent connection.
  9. The method (1500) of any one of the claims 1 to 8, wherein the persistent connection is initiated by a connection agent (1090, 1091, 1092) at the local network manager (125, 130, 135; 1075, 1080, 1085) because the local network manager (125, 130, 135; 1075, 1080, 1085) does not have a publicly routable network address and therefore the network management system (100) cannot initiate a connection to the local network manager (125, 130, 135; 1075, 1080, 1085).
  10. The method (1500) of claim 9, wherein the connection is an http/2 connection that allows for the server to push requests onto the connection.
  11. A non-transitory machine-readable medium having stored thereon program code executable by at least one processing unit, the program code embodying a method (1500) of any one of claims 1 to 10.

Description

BACKGROUND Network management services (e.g., policy management, network monitoring, etc.) have mostly been contained to managing networks at a single datacenter, with recent innovations allowing for certain features to be managed at a higher level in order to enable logical networks that span multiple datacenters. Even in this latter case, the network management system typically operates within one of these datacenters owned by the entity. However, more applications are moving to the cloud. Providing a cloud-based network management system presents numerous challenges that must be overcome. Document US 2021/117251 discloses handling resource management, creation/destruction of indexing nodes, high availability and load balancing and networking for containerization management of containers of indexing system. Document US 2021/117249 discloses resources management and orchestration in cloud in a multi-tenant, multi-owner and multi-access settings, by using microservices and containers. Document US 2022/279420 discloses a cloud data center environment using microservices deployed as containers and managed as groups of logically-related elements. BRIEF SUMMARY The invention is defined by the appended claims. Some embodiments of the invention provide a cloud-based network management and monitoring system capable of managing multiple tenant networks that are each distributed across one or more datacenters. The tenant networks, in some embodiments, can include multiple different types of datacenters. For instance, a given tenant network may include a combination of on-premises and/or branch datacenters (i.e., physical datacenters using the tenant's infrastructure) as well as virtual datacenters that operate in a public cloud (but with network management components incorporated into the virtual datacenter). In some embodiments, the network management and monitoring system (hereafter referred to as the network management system) deploys one or more service instances in the cloud for each group of datacenters. These group-specific services may include a policy management service, a network flow monitoring service, and a threat monitoring service. In some embodiments, upon defining a group of datacenters for the network management system to manage, a tenant selects which of these services should be deployed for the group of datacenters, and the network management system deploys instances of these services in the cloud. As the network management system manages multiple different datacenter groups, multiple instances of each service are deployed in the public cloud (i.e., one or more service instances for each datacenter group). AD:PS:cs Different tenants may specify different sets of network management services for their respective datacenter groups. In fact, a single tenant might have multiple datacenter groups and can define separate (and different) sets of network management services (e.g., a tenant might only want threat monitoring for one of the datacenter groups). The network management system, in some embodiments, is deployed in a container cluster (e.g., a Kubernetes cluster) within the public cloud. In some such embodiments, each of the different network management services is implemented as a group of microservices. Each service includes multiple microservices that perform different functions within the service. For instance a policy management service (that manages logical network policy for a logical network spanning a group of datacenters) could include a database microservice (e.g., a Corfu database service that stores network policy configuration via a log), a channel management microservice (e.g., for managing asynchronous replication channels that push configuration to each of the datacenters managed by the policy management service), an API microservice (for handling API requests from users to modify and/or query for policy), a span calculation microservice (for identifying which atomic policy configuration data should be sent to which datacenters), among other microservices. Each of the different types of services has its own set of microservices that are deployed in the container cluster for each instance of the service. In addition to the datacenter-group-specific service instance, the network management system of some embodiments also includes (i) local managers at each of the datacenters managed by the network management system and (ii) multi-tenant services within the public cloud (e.g., within the container cluster implementing the network management system). The local managers are not within the public cloud, but rather operate at each of the datacenters and interact with the network management system service instances that manage their datacenter (as described further below). In some embodiments, for example, the network management system (e.g., a policy management service instance) managing a group of datacenters provides logical network configuration data to the local managers in each grou