-
1.发明授权公开(公告)号:US11533290B2
公开(公告)日:2022-12-20
申请号:US15718583
申请日:2017-09-28
申请人: Nicira, Inc.
发明人: Michael Hu , Ansis Atteka , Dongping Chen , Bo Lin , Yi Zeng , Shadab Shah
IPC分类号: H04L61/5014 , H04L61/5053 , H04L61/5061 , H04L49/00 , H04L67/30
摘要: Systems and methods described herein provide a high availability DHCP server capable of serving multiple tenants in a data center. The DHCP server may use a different logical DHCP server instance for each tenant, and may be implemented as one process without the use of namespaces. A DHCP server is executed on a gateway virtual machine (VM) that is capable of hosting a plurality of logical DHCP servers. For each tenant in a data center, a logical network and a corresponding logical DHCP server instance are implemented. The DHCP server may service requests for DHCP services from VMs via their physical host by determining the tenant that the VM originates from and leasing a DHCP resource from that tenant's corresponding logical DHCP server instance.
-
公开(公告)号:US10725833B2
公开(公告)日:2020-07-28
申请号:US15796245
申请日:2017-10-27
申请人: Nicira, Inc.
发明人: Xin Qi , Fenil Kavathia , Chidambareswaran Raman , Shadab Shah , Raju Koganty , Jingmin Zhou
IPC分类号: G06F15/173 , G06F9/50 , H04L12/26 , G06F9/455 , H04L12/24
摘要: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.
-
公开(公告)号:US10536383B2
公开(公告)日:2020-01-14
申请号:US15708352
申请日:2017-09-19
申请人: Nicira, Inc.
发明人: Kaushal Bansal , Sunitha Krishna , Jerry Pereira , Shadab Shah , Subrahmanyam Manuguri , Jayant Jain
IPC分类号: H04L12/815 , H04L12/801
摘要: The technology disclosed herein enables the enhancement of attributes used to identify network packet traffic exchanged with micro segmented guests. In a particular embodiment, a method provides receiving a plurality of attributes from a user. The plurality of attributes describes first network packet traffic that should be handled in a first manner. The method further provides processing network packet traffic to identify the first network packet traffic using the plurality of attributes. While processing the network packet traffic, the method provides identifying one or more additional attributes shared among the first network packet traffic and adding at least a portion of the one or more additional attributes to the plurality of attributes.
-
公开(公告)号:US20190207983A1
公开(公告)日:2019-07-04
申请号:US16297637
申请日:2019-03-09
申请人: Nicira, Inc.
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/02 , H04L63/0245 , H04L63/0263
摘要: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced).
-
公开(公告)号:US10264021B2
公开(公告)日:2019-04-16
申请号:US14968795
申请日:2015-12-14
申请人: Nicira, Inc.
IPC分类号: H04L12/813 , H04L29/06 , H04L12/26
摘要: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). As the AppliedTo tuples of the firewall rules can refer to dynamically modifiable constructs, the application of the AppliedTo firewall rules (i.e., rules that are specified to include an AppliedTo tuple) can be dynamically adjusted for different locations within a network by dynamically adjusting the membership of these modifiable constructs.
-
公开(公告)号:US20180121250A1
公开(公告)日:2018-05-03
申请号:US15796245
申请日:2017-10-27
申请人: Nicira, Inc.
发明人: Xin Qi , Fenil Kavathia , Chidambareswaran Raman , Shadab Shah , Raju Koganty , Jingmin Zhou
摘要: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.
-
公开(公告)号:US11082400B2
公开(公告)日:2021-08-03
申请号:US15386207
申请日:2016-12-21
申请人: Nicira, Inc.
IPC分类号: H04L29/06 , G06F12/0813 , G06F12/0875
摘要: Some embodiments provide a method for managing firewall protection in a datacenter that includes multiple host machines that each hosts a set of data compute nodes. The method maintains a firewall configuration for the host machines at a network manager of the data center. The firewall configuration includes multiple firewall rules to be enforced at the host machines. The method aggregates a first set of updates to the firewall configuration into a first aggregated update and associates the first aggregated update with a first version number. The method distributes a first host-level firewall configuration update to a first host machine based on the first aggregated update and associates the first host machine with the first version number. The method aggregates a second set of updates to the firewall configuration into a second aggregated update and associates the second aggregated update with a second version number.
-
公开(公告)号:US10341299B2
公开(公告)日:2019-07-02
申请号:US15380934
申请日:2016-12-15
申请人: NICIRA, INC.
发明人: Kaushal Bansal , Medhavi Dhawan , Jerry Pereira , Shadab Shah , Sameer Kurkure
摘要: In a computer-implemented method for collecting firewall flow records, firewall flow records are received from a plurality of data end nodes of a virtualized infrastructure comprising a distributed firewall according to a collection schedule, wherein the collection schedule defines which data end nodes of the plurality of data end nodes from which firewall flow records are collected, a frequency of collection of firewall flow records from the data end nodes, and an amount of firewall flow records collected from the data end nodes. Firewall flow records received at a firewall flow record collection queue are processed, such that the received firewall flow records are prepared for storage at a flow record data store. The collection schedule is dynamically adapted based at least in part on the processing of the received firewall flow records, such that the firewall flow record collection queue is available for processing firewall flow records prior to receiving additional firewall flow records from the data end nodes.
-
公开(公告)号:US20180183760A1
公开(公告)日:2018-06-28
申请号:US15388151
申请日:2016-12-22
申请人: Nicira, Inc.
发明人: Sameer Kurkure , Subrahmanyam Manuguri , Anirban Sengupta , Aman Raj , Kaushal Bansal , Shadab Shah
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L63/0227 , H04L63/0236 , H04L63/20
摘要: Network firewalls operate based on rules that define how a firewall should handle traffic passing through the firewall. At their most basic, firewall rules may indicate that certain network traffic should be denied from passing through a network firewall or indicate that certain network traffic should be allowed to pass through the network firewall. Manners of handling network traffic beyond simply allowing or denying the network traffic may also be defined by the rules. For instance, a rule may indicate that certain network traffic should be routed to a specific system. Thus, if an administrator of a network firewall determines that certain network traffic should be handled in a certain way by a network firewall, the administrator need only implement a firewall rule defining how that network traffic should be handled in the network firewall.
-
公开(公告)号:US20180007000A1
公开(公告)日:2018-01-04
申请号:US15386214
申请日:2016-12-21
申请人: Nicira, Inc.
IPC分类号: H04L29/06 , G06F12/0813 , G06F12/0875
CPC分类号: H04L63/0218 , G06F12/0813 , G06F12/0875 , G06F2212/1052 , G06F2212/152 , G06F2212/154 , G06F2212/60 , G06F2212/62 , H04L63/0263
摘要: Some embodiments provide a method for distributing firewall configuration in a datacenter comprising multiple host machines. The method retrieves a rule in the firewall configuration for distribution to the host machines. The firewall rule is associated with a minimum required version number. The method identifies a high-level construct in the firewall rule. The method queries a translation cache for the identified high-level construct. The translation cache stores previous translation results for different high-level constructs. Each stored translation result is associated with a version number. When the translation cache has a stored previous translation result for the identified high-level construct that is associated with a version number that is equal to or newer than the minimum required version number, the method uses the previous translation result stored in the cache to translate the identified high-level construct to a low-level construct.
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.023 秒)
