-
公开(公告)号:US11522915B2
公开(公告)日:2022-12-06
申请号:US16833536
申请日:2020-03-28
Applicant: Nicira, Inc.
Inventor: Srinivas Nimmagadda , Jayant Jain , Anirban Sengupta
Abstract: Some embodiments provide a method for defining an adaptable monitoring profile for a network. The defined network monitoring profile is independent of the security policy defined for the network and includes one or more log generation rules, each of which defines a logging policy for a set of data compute nodes (DCNs) that share a common attribute. A log generation rule specifies whether the network activities of a set of DCNs that share a common attribute should be logged or not. A log generation rule can also specify other logging parameters such as priority level of the logs and the required logging protocol for transmission of the logs. The logging policy of a log generation rule is associated with a set of service rules (e.g., firewall rules) through a dynamic service group, and is applied to the service rules when any of these rules is triggered.
-
公开(公告)号:US10397353B2
公开(公告)日:2019-08-27
申请号:US14996172
申请日:2016-01-14
Applicant: Nicira, Inc.
Inventor: Jayant Jain , Anirban Sengupta , Mayank Agarwal , Raju Koganty , Chidambareswaran Raman , Nishant Jain , Jeremy Olmsted-Thompson , Srinivas Nimmagadda
Abstract: A method of enhancing log packets with context metadata is provided. The method at a redirecting filter on a host in a datacenter, intercepts a packet from a data compute node (DCN) of a datacenter tenant. The method determines that the intercepted packet is a log packet. The method forwards the log packet and a first set of associated context metadata to a proxy logging server. The first set of context metadata is associated with the log packet based on the DCN that generated the packet. The method, at the proxy logging server, associates a second set of context metadata with the log packet. The second set of context metadata is received from a compute manager of the datacenter. The method sending the log packet and the first and second sets of context metadata from the proxy logging server to a central logging server associated with the tenant.
-
公开(公告)号:US10298619B2
公开(公告)日:2019-05-21
申请号:US15381122
申请日:2016-12-16
Applicant: Nicira, Inc.
Inventor: Srinivas Nimmagadda , Jayant Jain , Anirban Sengupta
IPC: H04L29/06 , H04L12/24 , H04L12/725 , H04L12/26
Abstract: A method of creating micro-segmentation policy for a network is provided. The method monitors the network packet traffic to identify network traffic types and patterns. The method, based on the network traffic types and patterns, identifies a set of components as an affinity group associated with each application. The method generates an application template that includes a set of application components for each application based on information provided by the vendor of the application. The method creates micro-segmentation policy for the network based on a mapping of the components of each affinity group into the components of the template generated for the associated application.
-
4.发明授权公开(公告)号:US09906560B2
公开(公告)日:2018-02-27
申请号:US14929401
申请日:2015-11-01
Applicant: Nicira, Inc.
Inventor: Jayant Jain , Anirban Sengupta , Srinivas Nimmagadda , Alok S. Tiagi , Kausum Kumar
CPC classification number: H04L63/20 , G06F17/30958 , H04L12/4641 , H04L41/5045 , H04L61/256 , H04L61/2571 , H04L61/2585 , H04L63/0236 , H04L63/0263 , H04L63/0272 , H04L63/029 , H04L63/08 , H04L63/105 , H04L67/1004 , H04L67/1097 , H04L69/22 , H04W12/08 , H04W76/12
Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
-
5.发明授权公开(公告)号:US09894103B2
公开(公告)日:2018-02-13
申请号:US14929399
申请日:2015-11-01
Applicant: Nicira, Inc.
Inventor: Leung Tao Kwok , Sulay Shah , Craig Newell , Adam Rykowski , Sridhar Kommireddy , Utkarsh Singh , Sagar Date , Kausum Kumar , Anirban Sengupta , Srinivas Nimmagadda , Jayant Jain , Uday Masurekar , Ravishankar Chamarajnagar
CPC classification number: H04L63/20 , G06F17/30958 , H04L12/4641 , H04L41/5045 , H04L61/256 , H04L61/2571 , H04L61/2585 , H04L63/0236 , H04L63/0263 , H04L63/0272 , H04L63/029 , H04L63/08 , H04L63/105 , H04L67/1004 , H04L67/1097 , H04L69/22 , H04W12/08 , H04W76/12
Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
-
Patent Agency Ranking
6.发明申请Performing Source Network Address Translation Based on Remote Device Management Attributes 有权基于远程设备管理属性执行源网络地址转换公开(公告)号:US20170063787A1
公开(公告)日:2017-03-02
申请号:US14929399
申请日:2015-11-01
Applicant: Nicira, Inc.
Inventor: Leung Tao Kwok , Sulay Shah , Craig Newell , Adam Rykowski , Sridhar Kommireddy , Utkarsh Singh , Sagar Date , Kausum Kumar , Anirban Sengupta , Srinivas Nimmagadda , Jayant Jain , Uday Masurekar , Ravishankar Chamarajnagar
CPC classification number: H04L63/20 , G06F17/30958 , H04L12/4641 , H04L41/5045 , H04L61/256 , H04L61/2571 , H04L61/2585 , H04L63/0236 , H04L63/0263 , H04L63/0272 , H04L63/029 , H04L63/08 , H04L63/105 , H04L67/1004 , H04L67/1097 , H04L69/22 , H04W12/08 , H04W76/12
Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
Abstract translation: 一些实施例提供用于基于来自远程设备管理(RDM)系统的数据消息属性在网络中处理远程设备数据消息的新颖方法。 例如,一些实施例的方法识别与数据消息相关联的一组RDM属性,然后基于所识别的RDM属性集执行一个或多个服务操作。
-
公开(公告)号:US20210288893A1
公开(公告)日:2021-09-16
申请号:US17334682
申请日:2021-05-28
Applicant: Nicira, Inc.
Inventor: Alok S. Tiagi , Jayant Jain , Anirban Sengupta , Srinivas Nimmagadda , Rick Lund
Abstract: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.
-
公开(公告)号:US20200228573A1
公开(公告)日:2020-07-16
申请号:US16833536
申请日:2020-03-28
Applicant: Nicira, Inc.
Inventor: Srinivas Nimmagadda , Jayant Jain , Anirban Sengupta
IPC: H04L29/06
Abstract: Some embodiments provide a method for defining an adaptable monitoring profile for a network. The defined network monitoring profile is independent of the security policy defined for the network and includes one or more log generation rules, each of which defines a logging policy for a set of data compute nodes (DCNs) that share a common attribute. A log generation rule specifies whether the network activities of a set of DCNs that share a common attribute should be logged or not. A log generation rule can also specify other logging parameters such as priority level of the logs and the required logging protocol for transmission of the logs. The logging policy of a log generation rule is associated with a set of service rules (e.g., firewall rules) through a dynamic service group, and is applied to the service rules when any of these rules is triggered.
-
公开(公告)号:US10469450B2
公开(公告)日:2019-11-05
申请号:US14975573
申请日:2015-12-18
Applicant: Nicira, Inc.
Inventor: Srinivas Nimmagadda , Jayant Jain , Anirban Sengupta , Subrahmanyam Manuguri , Alok S. Tiagi
Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
-
10.发明申请公开(公告)号:US20180176252A1
公开(公告)日:2018-06-21
申请号:US15381122
申请日:2016-12-16
Applicant: Nicira, Inc.
Inventor: Srinivas Nimmagadda , Jayant Jain , Anirban Sengupta
IPC: H04L29/06 , H04L12/24 , H04L12/725 , H04L12/26 , G06F9/455
CPC classification number: H04L63/20 , H04L41/0893 , H04L43/04 , H04L45/306 , H04L63/0263 , H04L63/1408
Abstract: A method of creating micro-segmentation policy for a network is provided. The method monitors the network packet traffic to identify network traffic types and patterns. The method, based on the network traffic types and patterns, identifies a set of components as an affinity group associated with each application. The method generates an application template that includes a set of application components for each application based on information provided by the vendor of the application. The method creates micro-segmentation policy for the network based on a mapping of the components of each affinity group into the components of the template generated for the associated application.
-
-
-
-
-
-
-
-
-
Search Results
39
records
(took 0.022 seconds)
