-
公开(公告)号:US10257152B2
公开(公告)日:2019-04-09
申请号:US15455580
申请日:2017-03-10
Applicant: Nicira, Inc.
Inventor: Yonggang Wang , Keyong Sun , Frank Guo , Dousheng Zhao , Liang Li
IPC: H04L29/12 , H04L12/741
Abstract: Aspects of the present disclosure provide a method for processing address resolution protocol (ARP) packets in a computing environment. The method includes the steps of maintaining a table mapping internet protocol (IP) addresses to port identifiers (port IDs), receiving a packet, determining a type of the received packet, based on the type of the received packet being a first type, checking whether a destination IP address in the received packet matches an entry in the table, and if the destination IP address in the received packet matches an entry in the table: determining a port ID associated with the matching entry, and forwarding the received packet over a port associated with the determined port ID.
-
公开(公告)号:US09930010B2
公开(公告)日:2018-03-27
申请号:US14811425
申请日:2015-07-28
Applicant: Nicira, Inc.
Inventor: Keyong Sun , Yonggang Wang , Frank Guo , Liang Li , Zikang Chen
IPC: H04L29/06
CPC classification number: H04L63/0227 , H04L63/20 , H04L69/22
Abstract: Some embodiments of the invention provide a method that performs security operations for packets that are processed by a forwarding element. The method of some embodiments receives, at a security agent operating on a physical machine, a packet from a forwarding element that also operates on the physical machine. The method then determines whether a security rule is stored for the packet at the security agent. When no security rule is stored for the packet, the method transmits the packet to a default security controller of several security controllers that store security rules for a network and process packets according to the stored security rules. When the security rule is stored for the packet, the method processes the packet according to the stored security rule for the packet.
-
Patent Agency Ranking
公开(公告)号:US20190075079A1
公开(公告)日:2019-03-07
申请号:US16179769
申请日:2018-11-02
Applicant: Nicira, Inc.
Inventor: Keyong Sun , Yonggang Wang , Frank Guo , Liang Li , Zikang Chen
IPC: H04L29/06
Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.
-
公开(公告)号:US20160294776A1
公开(公告)日:2016-10-06
申请号:US14811434
申请日:2015-07-28
Applicant: Nicira, Inc.
Inventor: Keyong Sun , Yonggang Wang , Frank Guo , Liang Li , Zikang Chen
IPC: H04L29/06
CPC classification number: H04L63/0227 , H04L63/20 , H04L69/22
Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.
Abstract translation: 本发明的一些实施例提供了一种用于对在网络内发送的分组执行安全操作的第一安全控制器的方法。 一些实施例的方法基于与转发元件一起操作的安全代理作出的决定,从网络中的转发元件接收分组。 当第一安全控制器存储分组的安全规则时,该方法根据存储的安全规则处理该分组。 当第一安全控制器不存储分组的安全规则时,方法(i)确定第二安全控制器基于分组的报头值的集合来存储分组的安全规则,并且(ii)发送 分组到第二安全控制器,用于根据存储在第二安全控制器上的分组的安全规则进行安全处理。
-
公开(公告)号:US11570147B2
公开(公告)日:2023-01-31
申请号:US16179769
申请日:2018-11-02
Applicant: Nicira, Inc.
Inventor: Keyong Sun , Yonggang Wang , Frank Guo , Liang Li , Zikang Chen
Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.
-
公开(公告)号:US10142287B2
公开(公告)日:2018-11-27
申请号:US14811434
申请日:2015-07-28
Applicant: Nicira, Inc.
Inventor: Keyong Sun , Yonggang Wang , Frank Guo , Liang Li , Zikang Chen
IPC: H04L29/06
Abstract: Some embodiments of the invention provide a method for a first security controller that performs security operations on the packets that are transmitted within a network. The method of some embodiments receives a packet from a forwarding element in the network based on a decision made by a security agent that operates along with the forwarding element. When the first security controller stores a security rule for the packet, the method processes the packet according to the stored security rule. When the first security controller does not store a security rule for the packet, the method (i) determines that a second security controller stores a security rule for the packet based on a set of header values of the packet, and (ii) sends the packet to the second security controller for security processing according to the security rule for the packet stored on the second security controller.
-
公开(公告)号:US20160294874A1
公开(公告)日:2016-10-06
申请号:US14811425
申请日:2015-07-28
Applicant: Nicira, Inc.
Inventor: Keyong Sun , Yonggang Wang , Frank Guo , Liang Li , Zikang Chen
IPC: H04L29/06
CPC classification number: H04L63/0227 , H04L63/20 , H04L69/22
Abstract: Some embodiments of the invention provide a method that performs security operations for packets that are processed by a forwarding element. The method of some embodiments receives, at a security agent operating on a physical machine, a packet from a forwarding element that also operates on the physical machine. The method then determines whether a security rule is stored for the packet at the security agent. When no security rule is stored for the packet, the method transmits the packet to a default security controller of several security controllers that store security rules for a network and process packets according to the stored security rules. When the security rule is stored for the packet, the method processes the packet according to the stored security rule for the packet.
Abstract translation: 本发明的一些实施例提供了一种对由转发元件处理的分组执行安全性操作的方法。 一些实施例的方法在物理机器上操作的安全代理处接收来自也在物理机器上操作的转发元件的分组。 该方法然后确定在安全代理处是否为该数据包存储了安全规则。 当没有为数据包存储安全规则时,该方法将数据包发送到存储网络安全规则并根据存储的安全规则处理数据包的多个安全控制器的默认安全控制器。 当为数据包存储安全规则时,该方法根据存储的数据包的安全规则处理数据包。
-
-
-
-
-
-
Search Results
7
records
(took 0.017 seconds)
