公开(公告)号：US10791092B2

公开(公告)日：2020-09-29

申请号：US15897129

申请日：2018-02-14

Applicant: Nicira, Inc.

Inventor： Alok Tiagi ,  Jayant Jain ,  Sushruth Gopal ,  Anirban Sengupta ,  Subrahmanyam Manuguri

IPC: H04L29/06 ,  H04L29/08

Abstract: Some embodiments provide a method that receives a packet, having a set of one or more layer 7 (L7) expressions, from a datapath. The method identifies a set of datapath firewall rules that match on expressions in the set of expressions. The method provides identifiers for the datapath firewall rules of the identified set to the datapath. The datapath uses the identifiers and additional packet header data to determine a matching firewall rule from the set of datapath firewall rules.

公开(公告)号：US10742673B2

公开(公告)日：2020-08-11

申请号：US15835865

申请日：2017-12-08

Applicant: Nicira, Inc.

Inventor： Alok Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Subrahmanyam Manuguri ,  Vedant Saran

IPC: H04L29/06 ,  H04L12/813 ,  H04L12/26 ,  H04L12/851

Abstract: For a managed network including multiple nodes providing multiple services and executing multiple applications some embodiments provide a method for generating groupings of network addresses associated with different applications or services. The method analyzes network traffic patterns using a probabilistic topic modeling algorithm to generate the groupings of network addresses. In some embodiments, data is collected and analyzed periodically. A network administrator defines the granularity of the time stamps in some embodiments to monitor changes in network traffic patterns over time for each network address or node and/or for the network as a whole. For each network address or node, a probability distribution over the topics at a given time is stored in some embodiments. The stored distributions are then used to determine a divergence over time of the application or service provided by the network address or node. Additionally, the stored distributions can be used to detect anomalous behavior.

公开(公告)号：US20190180141A1

公开(公告)日：2019-06-13

申请号：US15835870

申请日：2017-12-08

Applicant: Nicira, Inc.

Inventor： Alok Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Subrahmanyam Manuguri ,  Vedant Saran

IPC: G06K9/62 ,  G06F15/18 ,  H04L12/26 ,  G06K9/00 ,  H04L29/12

Abstract: For a managed network including multiple nodes providing multiple services and executing multiple applications some embodiments provide a method for generating groupings of network addresses associated with different applications or services. The method analyzes network traffic patterns using a probabilistic topic modeling algorithm to generate the groupings of network addresses. Network traffic patterns are related to the different flows in the network. The method analyzes information about the different flows such as some combination of the network addresses in the network that are a source or destination of the flow, the source or destination port, the number of packets in each flow, the number of bytes exchanged during the life of the flow, a start time of a flow, and the duration of the flow. In some embodiments, the information is collected as part of an internet protocol flow information export (IPFIX) operation or a tcpdump operation.

公开(公告)号：US20170126516A1

公开(公告)日：2017-05-04

申请号：US14994661

申请日：2016-01-13

Applicant: Nicira, Inc.

Inventor： Alok Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Srinivas Nimmagadda ,  Rick Lund

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L43/04 ,  H04L41/5009 ,  H04L67/02 ,  H04L67/1002 ,  H04L69/22

Abstract: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.

公开(公告)号：US10608887B2

公开(公告)日：2020-03-31

申请号：US15726789

申请日：2017-10-06

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Subrahmanyam Manuguri ,  Rick Lund ,  Alok Tiagi

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/26 ,  H04L29/08 ,  H04L12/931

Abstract: Some embodiments provide a method that performs a packet tracing operation for a particular data flow between endpoints of a logical network to generate a representation of logical network components along a path between the endpoints. In response to a selection of at least two of the logical network components, the method automatically generates separate packet capture operations for execution by physical components that implement each of the selected logical network components. The method uses packet header information to correlate packet data from the separate packet capture operations.

公开(公告)号：US20190182276A1

公开(公告)日：2019-06-13

申请号：US15835865

申请日：2017-12-08

Applicant: Nicira, Inc.

Inventor： Alok Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Subrahmanyam Manuguri ,  Vedant Saran

IPC: H04L29/06 ,  H04L12/813 ,  H04L12/26 ,  H04L12/851

Abstract: For a managed network including multiple nodes providing multiple services and executing multiple applications some embodiments provide a method for generating groupings of network addresses associated with different applications or services. The method analyzes network traffic patterns using a probabilistic topic modeling algorithm to generate the groupings of network addresses. In some embodiments, data is collected and analyzed periodically. A network administrator defines the granularity of the time stamps in some embodiments to monitor changes in network traffic patterns over time for each network address or node and/or for the network as a whole. For each network address or node, a probability distribution over the topics at a given time is stored in some embodiments. The stored distributions are then used to determine a divergence over time of the application or service provided by the network address or node. Additionally, the stored distributions can be used to detect anomalous behavior.

公开(公告)号：US10193862B2

公开(公告)日：2019-01-29

申请号：US15363639

申请日：2016-11-29

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Alok Tiagi ,  Jingmin Zhou ,  Russell Lu

IPC: H04L29/06 ,  G06F9/455

Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.

公开(公告)号：US11431677B2

公开(公告)日：2022-08-30

申请号：US15868789

申请日：2018-01-11

Applicant: NICIRA, INC.

Inventor： Sushruth Gopal ,  Jayant Jain ,  Subrahmanyam Manuguri ,  Anirban Sengupta ,  Deepa Kalani ,  Alok Tiagi ,  Sushil Singh

IPC: H04L9/40 ,  G06F9/455 ,  H04L69/22 ,  H04L69/329

Abstract: The method for implementing mechanisms for Layer 7 context accumulation for enforcing Layers 4, 7, and verb-based rules is presented. The method comprises: receiving stream data, and identifying a packet in the stream. If the packet includes Layer 7 headers: for each Layer 7 header: determining content of the packet identified by a Layer 7 header's identifier; and parsing the content to extract firewall input data. If one or more rules at least partially match the firewall input data, determining that a particular rule also includes additional information that cannot be found in the firewall input data; performing a DPI on the content to determine whether at least a portion of the additional information is found in the content; extracting additional input data from the content and adding it to the firewall input data; and applying the rules to the firewall input data to process the packet.

公开(公告)号：US20190253390A1

公开(公告)日：2019-08-15

申请号：US15897129

申请日：2018-02-14

Applicant: Nicira, Inc.

Inventor： Alok Tiagi ,  Jayant Jain ,  Sushruth Gopal ,  Anirban Sengupta ,  Subrahmanyam Manuguri

IPC: H04L29/06

Abstract: Some embodiments provide a method that receives a packet, having a set of one or more layer 7 (Li) expressions, from a datapath. The method identifies a set of datapath firewall rules that match on expressions in the set of expressions. The method provides identifiers for the datapath firewall rules of the identified set to the datapath. The datapath uses the identifiers and additional packet header data to determine a matching firewall rule from the set of datapath firewall rules.

公开(公告)号：US20190109769A1

公开(公告)日：2019-04-11

申请号：US15726789

申请日：2017-10-06

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Subrahmanyam Manuguri ,  Rick Lund ,  Alok Tiagi

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/26

Abstract: Some embodiments provide a method that performs a packet tracing operation for a particular data flow between endpoints of a logical network to generate a representation of logical network components along a path between the endpoints. In response to a selection of at least two of the logical network components, the method automatically generates separate packet capture operations for execution by physical components that implement each of the selected logical network components. The method uses packet header information to correlate packet data from the separate packet capture operations.