公开(公告)号：US10193862B2

公开(公告)日：2019-01-29

申请号：US15363639

申请日：2016-11-29

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Alok Tiagi ,  Jingmin Zhou ,  Russell Lu

IPC: H04L29/06 ,  G06F9/455

Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.

公开(公告)号：US10938726B2

公开(公告)日：2021-03-02

申请号：US15697409

申请日：2017-09-06

Applicant: Nicira, Inc.

Inventor： Russell Lu ,  Xin Qi ,  Shadab Shah ,  Sunitha Krishna ,  Yangyang Zhu ,  Subrahmanyam Manuguri ,  Raju Koganty

IPC: H04L12/851 ,  H04L29/06 ,  H04L12/26

Abstract: For a network including multiple host machines that together implement at least one logical network including a firewall, some embodiments provide a method for collecting traffic flow data that includes identifiers for firewall rules applied to the traffic flow and a logical entity identifier. In some embodiments, the host machines receive traffic monitoring configuration data for a logical network. The traffic monitoring configuration data in some embodiments indicates a set of logical entities of the logical network for which to collect traffic flow data and a set of traffic flow data collectors associated with the set of logical entities. The indicated logical entities may be logical forwarding elements (logical switches, routers, etc.) or logical ports of logical forwarding elements.

公开(公告)号：US20190075056A1

公开(公告)日：2019-03-07

申请号：US15697409

申请日：2017-09-06

Applicant: Nicira, Inc.

Inventor： Russell Lu ,  Xin Qi ,  Shadab Shah ,  Sunitha Krishna ,  Yangyang Zhu ,  Subrahmanyam Manuguri ,  Raju Koganty

IPC: H04L12/851 ,  H04L29/06 ,  H04L12/26

Abstract: For a network including multiple host machines that together implement at least one logical network including a firewall, some embodiments provide a method for collecting traffic flow data that includes identifiers for firewall rules applied to the traffic flow and a logical entity identifier. In some embodiments, the host machines receive traffic monitoring configuration data for a logical network. The traffic monitoring configuration data in some embodiments indicates a set of logical entities of the logical network for which to collect traffic flow data and a set of traffic flow data collectors associated with the set of logical entities. The indicated logical entities may be logical forwarding elements (logical switches, routers, etc.) or logical ports of logical forwarding elements.