Systems and methods of stateless processing in a fault-tolerant microservice environment

US 10,218,730 B2
Filed: 07/29/2016
Issued: 02/26/2019
Est. Priority Date: 07/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a first microservice, packet data and a context, wherein the context is associated with the packet data;

receiving, by a second microservice, the packet data and the context, the second microservice to;

send a request for a service state to one of a plurality of redundant message services, use the context and the requested service state to determine what security processing to perform, to perform the security processing over the packet data, and to transmit resulting data and the context to a third microservice; and

receiving, by the third microservice, the resulting data and the context, the third microservice to;

use the context to determine what security processing to perform, and to perform the security processing over the resulting data;

wherein the second microservice to extract data from the packet data, and perform the security processing over the data extracted from the packet data, and wherein the third microservice to extract data from the resulting data, and to perform the security processing over the data extracted from the resulting data;

wherein the second microservice and the third microservice to extract higher-level data from the received data;

wherein the second microservice does not maintain a copy of the service state, such that, in case of its failure, a different microservice accesses and uses the service state; and

wherein the method is performed by a security service comprising a hierarchy of microservices, including, at the lowest level, an interface microservice to generate the context.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and non-transitory computer-readable relating to network security are disclosed. In particular, embodiments described generally relate to systems and methods of stateless processing in a fault-tolerant microservice environment. In one example, a method is disclosed, which includes transmitting, by a first microservice, packet data and a context associated therewith; receiving the packet data and the context by a second microservice, the second microservice to: use the context to determine what security processing to perform, perform the security processing over the packet data, and transmit resulting data and the context to a third microservice; and receiving the resulting data and the context by the third microservice, the third microservice to: use the context to determine what security processing to perform, and perform the security processing over the resulting data.

Citations

17 Claims

1. A method comprising:
- transmitting, by a first microservice, packet data and a context, wherein the context is associated with the packet data;
  
  receiving, by a second microservice, the packet data and the context, the second microservice to;
  
  send a request for a service state to one of a plurality of redundant message services, use the context and the requested service state to determine what security processing to perform, to perform the security processing over the packet data, and to transmit resulting data and the context to a third microservice; and
  
  receiving, by the third microservice, the resulting data and the context, the third microservice to;
  
  use the context to determine what security processing to perform, and to perform the security processing over the resulting data;
  
  wherein the second microservice to extract data from the packet data, and perform the security processing over the data extracted from the packet data, and wherein the third microservice to extract data from the resulting data, and to perform the security processing over the data extracted from the resulting data;
  
  wherein the second microservice and the third microservice to extract higher-level data from the received data;
  
  wherein the second microservice does not maintain a copy of the service state, such that, in case of its failure, a different microservice accesses and uses the service state; and
  
  wherein the method is performed by a security service comprising a hierarchy of microservices, including, at the lowest level, an interface microservice to generate the context.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the second microservice and the third microservice to use the context to perform the security processing.
  - 3. The method of claim 1, wherein the second microservice is a transmission control protocol/internet protocol (TCP/IP) microservice, and the third microservice is a deep packet inspection (DPI) microservice.
  - 4. The method of claim 1, wherein the second microservice to use a service state and a context state to perform security processing.
  - 5. The method of claim 4, wherein the second microservice to retrieve the service state and the context state from a state service.
  - 6. The method of claim 4, wherein the second microservice to use the context to perform the security processing and avoid retrieving the service state and the context state from a state service.

7. A system comprising:
- a memory;
  
  a processor to use the memory and to execute instructions to implement a first security microservice, the first security microservice to perform a process comprising;
  
  transmitting, by a first microservice, packet data and a context associated therewith;
  
  receiving the packet data and the context by a second microservice, the second microservice to;
  
  send a request for a service state to one of a plurality of redundant message services, use the context and the requested service state to determine what security processing is requested of the second microservice, to perform the requested security processing over the packet data, and to transmit resulting data and the context to a third microservice; and
  
  receiving the resulting data and the context by the third microservice, the third microservice to;
  
  use the context to determine what security processing is requested of the third microservice, and to perform the requested security processing over the resulting data;
  
  wherein the second microservice to extract data from the packet data and perform the requested security processing over the data extracted from the packet data, and wherein the third microservice to extract data from the resulting data and perform the requested security processing over the data extracted from the resulting data;
  
  wherein the second microservice and the third microservice to extract higher-level data from the received data;
  
  wherein the second microservice does not maintain a copy of the service state, such that, in case of its failure, a different microservice accesses and uses the service state; and
  
  wherein the processor comprise a hierarchy of microservices, including, at the lowest level, an interface microservice to generate the context.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the second microservice is a transmission control protocol/internet protocol (TCP/IP) microservice, and the third microservice is a deep packet inspection (DPI) microservice.
  - 9. The system of claim 7, wherein the second microservice to use a service state and a context state to perform security processing.
  - 10. The system of claim 9, wherein the second microservice to retrieve the service state and the context state from a state service.
  - 11. The system of claim 7, wherein the second microservice to use the context to perform the security processing and avoid retrieving a service state and a context state from a state service.
  - 12. The system of claim 9, wherein second microservice to use the context to perform the security processing and avoid retrieving the service state and the context state from a state service.

13. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to:
- transmit, by a first microservice, packet data and a context associated therewith;
  
  receive the packet data and the context by a second microservice, the second microservice to;
  
  send a request for a service state to one of a plurality of redundant message services, use the context and the requested service state to determine what security processing is requested of the second microservice, perform the requested security processing over the packet data, and transmit resulting data and the context to a third microservice; and
  
  receive the resulting data and the context by the third microservice, the third microservice to;
  
  use the context to determine what security processing is requested of the third microservice, and perform the requested security processing over the resulting data;
  
  wherein the second microservice to extract data from the packet data and perform security processing over the data extracted from the packet data, and wherein the third microservice to extract data from the resulting data and perform security processing over the data extracted from the resulting data;
  
  wherein the second microservice does not maintain a copy of the service state, such that, in case of its failure, a different microservice accesses and uses the service state; and
  
  wherein the computer-executable instructions are to be executed by a security service comprising a hierarchy of microservices, including, at the lowest level, an interface microservice to generate the context.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the second microservice is a transmission control protocol/internet protocol (TCP/IP) microservice, and the third microservice is a deep packet inspection (DPI) microservice.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the second microservice to use a service state and a context state to perform security processing.
  - 16. The non-transitory computer-readable medium of claim 13, wherein second microservice to retrieve a service state and a context state from a state service.
  - 17. The non-transitory computer-readable medium of claim 13, wherein the second microservice to use the context to perform the security processing and avoid retrieving a service state and a context state from a state service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
ShieldX Networks, Inc. (Fortinet Inc.)
Inventors
Ahuja, Ratinder Paul Singh, Nedbal, Manuel
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Wade, Shaqueal D

Application Number

US15/224,385
Publication Number

US 20180034839A1
Time in Patent Office

942 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0668   by dynamic selection of rec...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

H04L 67/142   Managing session states for...

H04L 67/51   Discovery or management the...

Systems and methods of stateless processing in a fault-tolerant microservice environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of stateless processing in a fault-tolerant microservice environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links