-
11.发明授权
-
-
公开(公告)号:EP3219058A1
公开(公告)日:2017-09-20
申请号:EP14846769.9
申请日:2014-12-30
申请人: Nicira Inc.
发明人: PARSA, Mike , JAIN, Jayant , HONG, Xinhua , SENGUPTA, Anirban , FAN, Kai-wei
IPC分类号: H04L12/721 , G06F9/50 , H04L29/08 , H04L12/715 , H04L12/743 , H04L12/707
摘要: In order to enable dynamic scaling of network services at the edge, novel systems and methods are provided to enable addition of new nodes or removal of existing nodes while retaining the affinity of the flows through the stateful services. The methods provide a cluster of network nodes that can be dynamically resized to handle and process network traffic that utilizes stateful network services. The existing traffic flows through the edge continue to function during and after the changes to membership of the cluster. All nodes in the cluster operate in active-active mode, i.e., they are receiving and processing traffic flows, thereby maximizing the utilization of the available processing power.
摘要翻译: 为了实现边缘处网络服务的动态扩展,提供了新颖的系统和方法,以允许添加新节点或移除现有节点,同时保持通过有状态服务的流的亲和性。 这些方法提供了一组可以动态调整大小的网络节点,以处理和处理利用有状态网络服务的网络流量。 在更改群集成员资格期间和之后,通过边缘的现有流量继续运行。 集群中的所有节点以主动 - 主动模式操作,即它们正在接收和处理业务流,从而最大化可用处理能力的利用率。
-
公开(公告)号:EP3202109A1
公开(公告)日:2017-08-09
申请号:EP15782148.9
申请日:2015-09-30
申请人: Nicira Inc.
发明人: JAIN, Jayant , SENGUPTA, Anirban , PARTHASARATHY, Mohan , SEQUEIRA, Allwyn , MASKALIK, Serge , LUND, Rick , KOGANTY, Raju , HONG, Xinhua
IPC分类号: H04L29/06
CPC分类号: H04L67/14 , H04L41/0803 , H04L47/125 , H04L47/825 , H04L51/18 , H04L67/10 , H04L67/1002 , H04L67/16 , H04L67/327 , H04L69/16 , H04L69/22 , H04W76/12
摘要: Some embodiments provide novel inline switches that distribute data messages from source compute nodes (SCNs) to different groups of destination service compute nodes (DSCNs). In some embodiments, the inline switches are deployed in the source compute nodes datapaths (e.g., egress datapath). The inline switches in some embodiments are service switches that (1) receive data messages from the SCNs, (2) identify service nodes in a service-node cluster for processing the data messages based on service policies that the switches implement, and (3) use tunnels to send the received data messages to their identified service nodes. Alternatively, or conjunctively, the inline service switches of some embodiments (1) identify service-nodes cluster for processing the data messages based on service policies that the switches implement, and (2) use tunnels to send the received data messages to the identified service-node clusters. The service-node clusters can perform the same service or can perform different services in some embodiments. This tunnel-based approach for distributing data messages to service nodes/clusters is advantageous for seamlessly implementing in a datacenter a cloud-based XaaS model (where XaaS stands for X as a service, and X stands for anything), in which any number of services are provided by service providers in the cloud.
摘要翻译: 一些实施例提供了将来自源计算节点(SCN)的数据消息分发到不同组的目的地服务计算节点(DSCN)的新型在线交换机。 在一些实施例中,内联交换机被部署在源计算节点数据路径(例如,出口数据路径)中。 (1)从SCN接收数据消息,(2)基于交换机实现的服务策略来识别服务节点集群中用于处理数据消息的服务节点,以及(3) 使用隧道将收到的数据消息发送到他们识别的服务节点。 备选地或连接地,一些实施例(1)的内联服务交换机基于交换机实现的服务策略来识别用于处理数据消息的服务节点集群,并且(2)使用隧道将接收到的数据消息发送到所识别的服务 - 节点集群。 在一些实施例中,服务节点群集可以执行相同的服务或者可以执行不同的服务。 这种用于将数据消息分发到服务节点/集群的基于隧道的方法有利于在数据中心无缝地实现基于云的XaaS模型(其中XaaS代表X作为服务,X代表任何事物),其中任何数量的 服务由云中的服务提供商提供。
-
公开(公告)号:EP3709600A1
公开(公告)日:2020-09-16
申请号:EP20172139.6
申请日:2014-12-30
申请人: Nicira, Inc.
发明人: JAIN, Jayant , SENGUPTA, Anirban , PARTHASARATHY, Mohan , SEQUEIRA, Allwyn , MASKALIK, Serge , LUND, Rick
摘要: Some examples provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some examples, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some examples changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.
-
16.发明公开
公开(公告)号:EP3677009A1
公开(公告)日:2020-07-08
申请号:EP19704538.8
申请日:2019-01-25
申请人: Nicira Inc.
发明人: HIRA, Mukesh , JAIN, Jayant , CHANDRASHEKHAR, Ganesan , SENGUPTA, Anirban , THAKKAR, Pankaj , TESSMER, Alexander , AGARWAL, Vivek
IPC分类号: H04L29/06 , H04L12/931 , G06F21/53
-
公开(公告)号:EP3567504A1
公开(公告)日:2019-11-13
申请号:EP19184011.5
申请日:2014-04-11
申请人: Nicira Inc.
摘要: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to another security container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One of the virtual machines is identified as requiring transfer to the another security container based on, at least, one or more of the security threats and one or more criteria.
-
公开(公告)号:EP3228060A1
公开(公告)日:2017-10-11
申请号:EP15721473.5
申请日:2015-04-24
申请人: Nicira Inc.
发明人: ZHOU, Jingmin , SENGUPTA, Anirban
CPC分类号: H04L63/0227 , G06F9/45533 , G06F9/45558 , G06F2009/45587 , G06F2009/45595 , H04L45/48 , H04L63/0263
摘要: A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. A hypervisor implements a search structure that allows each virtual machine's filter to quickly identify relevant rules from all of the received rules. The search structure is constructed as a binary prefix tree, each node corresponding to an IP CIDR (Classless Inter-Domain Routing) block. A query for relevant rules traverses nodes of the search structure according to a queried IP address and collect all rules that are associated with the traversed nodes.
摘要翻译: 提供上下文感知分布式防火墙方案。 负责为一组网络地址提供防火墙保护的防火墙引擎应用与机器相关的一组地址相关的一组减少的防火墙规则。 管理程序实现了一种搜索结构,该结构允许每个虚拟机的过滤器从所有接收到的规则中快速识别相关规则。 搜索结构被构造为二进制前缀树,每个节点对应于IP CIDR(无类别域间路由)块。 对相关规则的查询将根据查询的IP地址遍历搜索结构的节点,并收集与遍历节点关联的所有规则。
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.015 秒)
