The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 07, 2014
Filed:
Aug. 02, 2012
Murari Sridharan, Sammamish, WA (US);
Narasimhan Venkataramaiah, Redmond, WA (US);
Yu-shun Wang, Bellevue, WA (US);
Albert G. Greenberg, Seattle, WA (US);
Alireza Dabagh, Kirkland, WA (US);
Pankaj Garg, Seattle, WA (US);
Daniel M. Firestone, Seattle, WA (US);
Murari Sridharan, Sammamish, WA (US);
Narasimhan Venkataramaiah, Redmond, WA (US);
Yu-Shun Wang, Bellevue, WA (US);
Albert G. Greenberg, Seattle, WA (US);
Alireza Dabagh, Kirkland, WA (US);
Pankaj Garg, Seattle, WA (US);
Daniel M. Firestone, Seattle, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition.