Check patentability & draft patents in minutes with Patsnap Eureka AI!

A method and system for realizing security group blacklist based on openstack

A technology of security groups and blacklists, applied in transmission systems, digital transmission systems, secure communication devices, etc., to achieve the effect of increasing flexibility and robustness

Active Publication Date: 2022-04-08
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Currently openstack only supports security group whitelist

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for realizing security group blacklist based on openstack
  • A method and system for realizing security group blacklist based on openstack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0044] Openstack, as a mainstream product of open source Iaas cloud computing, has received widespread attention and general welcome from the industry. Especially in recent years, the openstack open source community and the commercialization of openstack related products have achieved rapid development. However, some functions Not yet implemented, such as the security group blacklist. Compared with the whitelist, the security group blacklist can accurately intercept the specified traffic, and has the flexibility that the whitelist does not have. The existing neutron project of the Openstack cloud platform only implements the security group whitelist, and users cannot specify security group policies flexibly and efficiently.

[0045] Neutron is responsible for providing the network function of openstack, which has very good scalability. The emb...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for realizing a security group blacklist based on openstack, which belongs to the field of cloud computing and computer network technology, and implements a security group blacklist by extending neutron's service-plugin and openvswitch-agentextension, which is set in the raw table of iptables The tap port bound to the virtual machine is marked. According to the mark, the traffic entering and exiting the virtual machine is imported into the chain of the security group blacklist in the mangle table of iptables, and matched according to the blacklist rules; unmatched traffic will be imported into iptables The filter table will continue to be matched according to the original security group rules of neutron. The invention allows openstack to not only support the creation of security group whitelists, but also support security group blacklists, thereby realizing a more flexible security group mechanism.

Description

technical field [0001] The invention relates to the technical field of cloud computing and computer network, in particular to a method and system for implementing a security group blacklist based on openstack. Background technique [0002] In openstack, a virtual machine restricts its communication with the outside world by binding a security group. Openstack's security group is implemented through linux iptables, and the corresponding iptables rules are issued to allow or deny the traffic entering and leaving the virtual machine. [0003] There are two types of security groups: whitelist and blacklist. The default rule of the whitelist is to drop all traffic with the lowest priority. The traffic of the corresponding rule is released by issuing the accept rule with a higher priority; the default rule of the blacklist is to accept all traffic with the lowest priority. Issue a drop rule with a higher priority to deny the traffic of the corresponding rule. Currently openstac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/101H04L63/20
Inventor 高雨张晖李彦君胡章丰李亚洁
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com