-
公开(公告)号:US09419941B2
公开(公告)日:2016-08-16
申请号:US13849315
申请日:2013-03-22
申请人: Yi Sun , Meng Xu , Lee Cheung , Hsisheng Wang , Chuong-Yaw Michael Shieh
发明人: Yi Sun , Meng Xu , Lee Cheung , Hsisheng Wang , Chuong-Yaw Michael Shieh
IPC分类号: H04L29/06
CPC分类号: H04L63/0209 , H04L63/104
摘要: A method and apparatus is disclosed herein for distributed zone-based security. In one embodiment, the method comprises: determining an ingress security zone associated with an ingress of a first network device based on a first key and a media access control (MAC) address of a source of a packet; determining an egress security zone of a second network device based on a MAC address of a destination for the packet and a second key; performing a policy lookup based on the ingress security zone and the egress security zone to identify a policy to apply to the packet; and applying the policy to the packet.
摘要翻译: 本文公开了一种用于分布式区域安全性的方法和装置。 在一个实施例中,该方法包括:基于分组的源的第一密钥和媒体访问控制(MAC)地址来确定与第一网络设备的入口相关联的入口安全区域; 基于所述分组的目的地的MAC地址和第二密钥来确定第二网络设备的出口安全区域; 基于进入安全区域和出口安全区域执行策略查找,以识别应用于分组的策略; 并将策略应用于数据包。
-
2.发明申请公开(公告)号:US20130275592A1
公开(公告)日:2013-10-17
申请号:US13860404
申请日:2013-04-10
申请人: Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Michael Shieh
发明人: Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Michael Shieh
IPC分类号: H04L12/56
CPC分类号: H04L45/14 , G06F9/45558 , G06F2009/4557 , G06F2009/45595 , H04L45/02 , H04L63/0209 , H04L63/20
摘要: A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.
摘要翻译: 网络系统包括具有防火墙的输入/输出(IO)模块的第一网络接入设备,用于捕获从与第一网络接入设备相关联的第一节点发起的网络会话的分组,具有防火墙处理的第一安全设备 模块,以基于所捕获的分组确定所述第一节点是否是从与第二网络接入设备相关联的第二节点接收VM迁移的目的地节点。 第一安全设备是更新第一网络接入设备内的第一流表。 网络系统还包括第二安全设备,用于从第一安全设备接收关于VM迁移的消息以更新第二网络接入设备的第二流表,使得网络会话的另外的网络业务路由到第一节点 而不会中断网络会话。
-
公开(公告)号:US10333827B2
公开(公告)日:2019-06-25
申请号:US13860404
申请日:2013-04-10
申请人: Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Shieh
发明人: Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Shieh
IPC分类号: G06F15/173 , H04L12/721 , H04L29/06 , G06F9/455 , H04L12/751
摘要: A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.
-
-
搜索结果
3 条记录 (耗时 0.027 秒)
