知搜-全球专利检索

  1. 登录
  2. 注册

搜索结果

15 条记录 (耗时 0.014 秒)

    Methods, apparatus and systems to use artificial intelligence to define encryption and security policies in a software defined data center
    3.
    发明授权
    Methods, apparatus and systems to use artificial intelligence to define encryption and security policies in a software defined data center 有权

    公开(公告)号:US10951656B2

    公开(公告)日:2021-03-16

    申请号:US15678939

    申请日:2017-08-16

    申请人: Nicira, Inc.

    发明人: Gang Xu Xinghua Hu Yong Wang Shadab Shah Sharath Bhat Yashika Narang

    IPC分类号: G06F17/28 H04W12/00 H04W12/08 H04L29/06

    摘要: Methods, apparatus and articles of manufacture to use artificial intelligence to define encryption and security policies in a software defined data center are disclosed. Example apparatus include a language parser to parse a natural language statement into a policy statement that defines a distributed network encryption policy or a distributed network security policy. Example apparatus also include a comparator to compare the policy statement to a set of reference policy templates and a template configurer to select a first policy template from the set of reference policy templates in response to the comparator determining the first policy template corresponds to the policy statement. A policy distributor distributes a policy rule defined by the first policy template for enforcement at network nodes of a software defined data center. The policy rule is a distributed network encryption policy rule or a security policy rule.

    SERVICE OPERATION CHAINING
    4.
    发明申请
    SERVICE OPERATION CHAINING 有权

    公开(公告)号:US20210044502A1

    公开(公告)日:2021-02-11

    申请号:US17067635

    申请日:2020-10-09

    申请人: Nicira, Inc.

    发明人: Sami Boutros Pere Monclus Philip Kippen Dharma Rajan Yashika Narang

    IPC分类号: H04L12/24 H04L12/26 H04L29/08 H04L12/851 H04L12/701 H04L12/46

    摘要: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

    Providing stateful services deployed in redundant gateways connected to asymmetric network
    5.
    发明授权
    Providing stateful services deployed in redundant gateways connected to asymmetric network 有权

    公开(公告)号:US11153122B2

    公开(公告)日:2021-10-19

    申请号:US15899323

    申请日:2018-02-19

    申请人: Nicira, Inc.

    发明人: Ankur Dubey Sami Boutros Vijayalaxmi Basavaraj Yashika Narang Sharath Bhat

    IPC分类号: H04L12/66 H04L12/26 H04L29/08 H04L29/14 H04L12/46

    摘要: For a set of gateway devices at the edge of a logical network, some embodiments provide a method for ensuring that data messages from an external network requiring a stateful service are received at an active gateway device. The method advertises the availability of a set of internet protocol (IP) addresses from standby gateway devices with a higher cost than the cost advertised by an active gateway device. In some embodiments, the advertisement is made using a border gateway protocol. Data messages may be unexpectedly received on a standby node despite the higher advertised cost. This could happen due to asymmetric network failures. The method determines if a stateful service is needed for the data messages received on standby node. Based on the determination, the method forwards the received data message to the active gateway device for the active gateway device to provide the stateful service.

    SERVICE OPERATION CHAINING
    6.
    发明申请
    SERVICE OPERATION CHAINING 审中-公开

    公开(公告)号:US20190132220A1

    公开(公告)日:2019-05-02

    申请号:US15881670

    申请日:2018-01-26

    申请人: Nicira, Inc.

    发明人: Sami Boutros Pere Monclus Philip Kippen Dharma Rajan Yashika Narang

    IPC分类号: H04L12/24 H04L12/46

    摘要: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).

    DYNAMIC CHAIN OF SERVICE FUNCTIONS FOR PROCESSING NETWORK TRAFFIC IN A VIRTUAL COMPUTING ENVIRONMENT
    7.
    发明申请
    DYNAMIC CHAIN OF SERVICE FUNCTIONS FOR PROCESSING NETWORK TRAFFIC IN A VIRTUAL COMPUTING ENVIRONMENT 审中-公开

    公开(公告)号:US20180331951A1

    公开(公告)日:2018-11-15

    申请号:US15593516

    申请日:2017-05-12

    申请人: Nicira, Inc.

    发明人: Sami Boutros Mani Kancherla Dharmaraja Rajan Philip Kippen Yashika Narang Chidambareswaran Raman

    IPC分类号: H04L12/741 H04L29/06 H04L12/713 H04L12/721

    CPC分类号: H04L45/74 H04L45/586 H04L45/72 H04L69/22 H04L2212/00

    摘要: The technology disclosed herein enables a dynamic chain of virtual service functions for processing network traffic in a virtual computing environment. In a particular embodiment, a method includes providing a service chain policy to a virtual routing element connecting the respective service functions and determining an initial classification of a network packet entering the dynamic service chain. The initial classification indicates at least a first service function in a sequence of the service functions for processing the network packet. The method further includes providing a service chain policy to a virtual routing element connecting the respective service functions. After the network packet has been processed by a one service function in the sequence and before the virtual routing element passes the network packet to a next service function in the sequence, the method provides applying the service chain policy to the network packet in the virtual routing element to determine the next service function and directing the network packet from the virtual routing element to the next service function. The process continues till the packet passes through all service functions till it reaches its destination.

    PROVIDING STATEFUL SERVICES DEPLOYED IN REDUNDANT GATEWAYS CONNECTED TO ASYMMETRIC NETWORK
    8.
    发明申请
    PROVIDING STATEFUL SERVICES DEPLOYED IN REDUNDANT GATEWAYS CONNECTED TO ASYMMETRIC NETWORK 审中-公开

    公开(公告)号:US20190260610A1

    公开(公告)日:2019-08-22

    申请号:US15899323

    申请日:2018-02-19

    申请人: Nicira, Inc.

    发明人: Ankur Dubey Sami Boutros Vijayalaxmi Basavaraj Yashika Narang Sharath Bhat

    IPC分类号: H04L12/66 H04L12/26 H04L29/08

    摘要: For a set of gateway devices at the edge of a logical network, some embodiments provide a method for ensuring that data messages from an external network requiring a stateful service are received at an active gateway device. The method advertises the availability of a set of internet protocol (IP) addresses from standby gateway devices with a higher cost than the cost advertised by an active gateway device. In some embodiments, the advertisement is made using a border gateway protocol. Data messages may be unexpectedly received on a standby node despite the higher advertised cost. This could happen due to asymmetric network failures. The method determines if a stateful service is needed for the data messages received on standby node. Based on the determination, the method forwards the received data message to the active gateway device for the active gateway device to provide the stateful service.

    SERVICE OPERATION CHAINING
    9.
    发明申请
    SERVICE OPERATION CHAINING 审中-公开

    公开(公告)号:US20190132221A1

    公开(公告)日:2019-05-02

    申请号:US15881674

    申请日:2018-01-26

    申请人: Nicira, Inc.

    发明人: Sami Boutros Pere Monclus Philip Kippen Dharma Rajan Yashika Narang

    IPC分类号: H04L12/24 H04L12/46

    摘要: For a multi-tenant environment, some embodiments of the invention provide a novel method for forwarding tenant traffic through a set of service machines to perform a set of service operations on the tenant traffic. In some embodiments, the method performs a classification operation on a data message flow of a tenant, in order to identify a set of service operations to perform on the data message flow. For some data message flows, the classification operation selects the identified set of service operations from several candidate sets of service operations that are viable service operation sets for similar data message flows of the tenant. In some embodiments, the classification operation is based on a set of attributes associated with the data message flow (e.g., five tuple identifier, i.e., protocol and source and destination ports and IP addresses).