Secure and efficient offloading of network policies to network interface cards

Assignee

• Microsoft Corporation · US

Inventors

• Murari Sridharan · Redmond, US
• Narasimhan Agrahara Venkataramaiah · Redmond, US
• Yu Wang · Redmond, US
• Albert Greenberg · Redmond, US
• Alireza Dabagh · Kirkland, US
• Pankaj Garg · Patiala, IN
• Daniel Firestone · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L12/4666
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition.