VMware, Inc.
Workload identification for network flows in hybrid environments with non-unique IP addresses

Abstract:

Embodiments described herein generally involve identifying workloads in a networking environment based on a flow record from an observation point. In one embodiment, network data is received from one or more endpoints and used to determine a plurality of administrative domains. Each administrative domain comprises a distinct section of the networking environment within which every Internet Protocol (IP) address is unique. The network data may be used to generate observation point mapping information that maps each observation point to an administrative domain, lookup tables associated with each of the plurality of administrative domains that map IP addresses to administrative domains, and a workload identification table that maps combinations of IP addresses and administrative domains to workloads. The flow record is received from the observation point and a source and destination workload of the flow record are identified using the observation point mapping information, applicable lookup table, and workload identification table.