-
公开(公告)号:US20220210042A1
公开(公告)日:2022-06-30
申请号:US17227044
申请日:2021-04-09
申请人: VMware, Inc.
发明人: Rohan Gandhi , Avinash Nigam , Sandip Shah , Philip Brighten Godfrey , Ambarish P. Pande , Gourab Ghosh , Prashant Jain , Shashank Ranjan
IPC分类号: H04L12/26 , H04L12/723
摘要: Some embodiments provide a novel method for assessing the suitability of network links for connecting compute nodes located at different geographic sites. The method of some embodiments identifies and analyzes sample packets from a set of flows exchanged between first and second compute sites that are connected through a first network link in order to identify attributes of the sampled packets. The method also computes attributes of predicted packets between the identified samples in order to identify attributes of each flow in the set of flows. The method then uses the identified and computed attributes of each flow in the set of flows to emulate the set of flows passing between the two compute sites through the second network link in order to assess whether a second network link should be used for future flows (e.g., future flows exchanged between the first and second compute sites).
-
公开(公告)号:US20210006543A1
公开(公告)日:2021-01-07
申请号:US16547634
申请日:2019-08-22
申请人: VMWARE, INC.
IPC分类号: H04L29/06
摘要: The present disclosure provides an approach for creating one or more firewall rules to regulate communication between containers. The approach includes calculating a trust score for each container. To generate a rule for any two containers, a difference between the trust scores is computed, and if the difference in trust levels is too large, then the more trustworthy container is not allowed to communicate with the less trustworthy container. If the difference in trust scores is not too large, then the trustworthy container is allowed to communicate with the other trustworthy container, or an untrustworthy container is allowed to communicate with another untrustworthy container.
-
公开(公告)号:US11483284B2
公开(公告)日:2022-10-25
申请号:US16436930
申请日:2019-06-11
申请人: VMWARE, INC.
IPC分类号: H04L9/40 , H04L43/08 , H04L41/0806
摘要: The present disclosure provides an approach for generating one or more firewall rules to regulate communication between containerized services running within containers. The approach includes determining which services communicate with each other, independently of in which containers the services execute. The determining occurs over a period of time. If two services communicated with each other during the period of time, then the firewall allows the services to continue communicating, but only over the same ports as used during the period of time. If two services did not communicate during the period of time, then the firewall does not allow the services to communicate after the expiration of the period of time. In some embodiments, redetermining the communication flow over a new period of time may occur after the initial period of time so as to refresh the firewall rules.
-
公开(公告)号:US20220210041A1
公开(公告)日:2022-06-30
申请号:US17227016
申请日:2021-04-09
申请人: VMware, Inc.
发明人: Rohan Gandhi , Avinash Nigam , Sandip Shah , Philip Brighten Godfrey , Ambarish P. Pande , Gourab Ghosh , Prashant Jain , Shashank Ranjan
IPC分类号: H04L12/26
摘要: Some embodiments provide a novel method for assessing the suitability of network links for connecting compute nodes located at different geographic sites. The method of some embodiments identifies and analyzes sample packets from a set of flows exchanged between first and second compute sites that are connected through a first network link in order to identify attributes of the sampled packets. The method also computes attributes of predicted packets between the identified samples in order to identify attributes of each flow in the set of flows. The method then uses the identified and computed attributes of each flow in the set of flows to emulate the set of flows passing between the two compute sites through the second network link in order to assess whether a second network link should be used for future flows (e.g., future flows exchanged between the first and second compute sites).
-
公开(公告)号:US11601356B2
公开(公告)日:2023-03-07
申请号:US17227044
申请日:2021-04-09
申请人: VMware, Inc.
发明人: Rohan Gandhi , Avinash Nigam , Sandip Shah , Philip Brighten Godfrey , Ambarish P. Pande , Gourab Ghosh , Prashant Jain , Shashank Ranjan
IPC分类号: H04L43/12 , H04L45/50 , H04L43/0876
摘要: Some embodiments provide a novel method for assessing the suitability of network links for connecting compute nodes located at different geographic sites. The method of some embodiments identifies and analyzes sample packets from a set of flows exchanged between first and second compute sites that are connected through a first network link in order to identify attributes of the sampled packets. The method also computes attributes of predicted packets between the identified samples in order to identify attributes of each flow in the set of flows. The method then uses the identified and computed attributes of each flow in the set of flows to emulate the set of flows passing between the two compute sites through the second network link in order to assess whether a second network link should be used for future flows (e.g., future flows exchanged between the first and second compute sites).
-
公开(公告)号:US11343231B2
公开(公告)日:2022-05-24
申请号:US16547634
申请日:2019-08-22
申请人: VMWARE, INC.
IPC分类号: H04L29/06
摘要: The present disclosure provides an approach for creating one or more firewall rules to regulate communication between containers. The approach includes calculating a trust score for each container. To generate a rule for any two containers, a difference between the trust scores is computed, and if the difference in trust levels is too large, then the more trustworthy container is not allowed to communicate with the less trustworthy container. If the difference in trust scores is not too large, then the trustworthy container is allowed to communicate with the other trustworthy container, or an untrustworthy container is allowed to communicate with another untrustworthy container.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.014 秒)
