Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, system and storage medium for enforcing unified global policy

A global, policy technology, applied in the field of logical network, can solve the problem of difficult security policy application logical network and so on

Active Publication Date: 2022-04-19
NICIRA
View PDF16 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if different virtual machines of the network are assigned overlapping IP addresses, it may be difficult to apply uniform security policies uniformly to all endpoints of the logical network
For example, if a public data center for a software-defined data center allocates two isolated sets of computing resources that administrators can control, but they are deployed using overlapping IP addresses, traditional techniques cannot be used to correctly identify the two sets of computing resources. Enforce a single unified security policy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and storage medium for enforcing unified global policy
  • Method, system and storage medium for enforcing unified global policy
  • Method, system and storage medium for enforcing unified global policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The invention disclosed herein is directed to embodiments for enforcing unified security policies (eg, firewall rules, forwarding rules) at endpoints of a logical network using logical ports. A logical network may run on a software-defined data center, optionally including logical switches and routers for connecting the network's virtual machines and / or containers. The logical network is further managed by a central management and control system, which in turn is optionally configured by a network administrator of the owner (eg, organization, company) of the logical network.

[0018]In some embodiments, a software-defined data center spans one or more private data centers, where a central management and control system can directly access and control forwarding elements; and / or one or more public cloud multi-tenant data centers, In this case the central management and control system does not have direct access to and control of the forwarding elements. Additionally, one...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present disclosure generally relates to applying a global unified security policy across multiple virtual private clouds of a logical network. Logical networks are deployed on software-defined data centers that constitute one or more private and / or public data centers. Multiple virtual private clouds of a logical network may have one or more overlapping internet protocol address blocks, where each virtual private cloud deploys one or more virtual machines and / or containers. Use logical ports of virtual machines and / or containers to propagate global unified security policies to endpoints throughout the logical network.

Description

[0001] Cross References to Related Applications [0002] This application claims application number 15 / 881,703, filed January 26, 2018, and entitled "UNIFIED SECURITY POLICIES ACROSS VIRTUAL PRIVATE CLOUDS WITH OVERLAPPING IP ADDRESS BLOCKS" ” priority of the U.S. non-provisional application. [0003] This application is related to: U.S. Provisional Application No. 62 / 380,411, filed August 27, 2016, entitled "EXTENSION OF NETWORK CONTROL SYSTEM INTO PUBLIC CLOUD"; 2016 U.S. Application No. 15 / 253,829, filed August 31, entitled "EXTENSION OF NETWORK CONTROL SYSTEM INTO PUBLIC CLOUD," filed August 31, 2016, Application No. 15 / 253,832, U.S. application entitled "MANAGED FORWARDING ELEMENT EXECUTING IN PUBLIC CLOUD DATACOMPUTE NODE WITHOUT OVERLAY NETWORK"; Aug. 31, 2016 Application No. 15 / 253,833, entitled "MANAGED FORWARDING ELEMENT EXECUTING IN PUBLIC CLOUD DATA COMPUTENODE WITH DIFFERENT INTERNAL AND EXTERNAL NETWORK ADDRESSES)”; application serial number 15 / 253,834, filed A...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06F21/53
CPCG06F21/53H04L63/0236H04L63/164H04L63/0263H04L41/0895H04L41/0894H04L61/5007H04L61/5061G06F9/45558G06F2009/45595H04L41/0893H04L63/0272H04L63/0281H04L63/20H04L2212/00
Inventor M·希拉J·杰恩G·钱德拉谢卡尔A·森古普塔P·塔迦尔A·特斯默V·阿加瓦尔
Owner NICIRA