Translation cache for firewall configuration

Assignee

• Nicira, Inc. · US

Inventors

• Kaushal Bansal · Sunnyvale, US
• Uday Masurekar · Sunnyvale, US
• Shadab Shah · Sunnyvale, US
• James Joseph Stabile · Los Altos, US
• Steven J. Peters · Renton, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2212/62
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Some embodiments provide a method for distributing firewall configuration in a datacenter comprising multiple host machines. The method retrieves a rule in the firewall configuration for distribution to the host machines. The firewall rule is associated with a minimum required version number. The method identifies a high-level construct in the firewall rule. The method queries a translation cache for the identified high-level construct. The translation cache stores previous translation results for different high-level constructs. Each stored translation result is associated with a version number. When the translation cache has a stored previous translation result for the identified high-level construct that is associated with a version number that is equal to or newer than the minimum required version number, the method uses the previous translation result stored in the cache to translate the identified high-level construct to a low-level construct.