System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)

US 10,263,898 B2
Filed: 07/20/2016
Issued: 04/16/2019
Est. Priority Date: 07/20/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning, by a software defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant, to yield universal cloud classification details;

extracting, from a data flow, the universal cloud classification details;

generating flow rules based on a received policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and

transmitting the flow rules to an application to confine packet forwarding decisions for the data flow.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.

Citations

20 Claims

1. A method comprising:
- assigning, by a software defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant, to yield universal cloud classification details;
  
  extracting, from a data flow, the universal cloud classification details;
  
  generating flow rules based on a received policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and
  
  transmitting the flow rules to an application to confine packet forwarding decisions for the data flow.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - storing the service-ID and the tenant-ID.
  - 3. The method of claim 1, wherein the universal cloud classification details are stored in a header of a packet in the data flow.
  - 4. The method of claim 1, wherein the flow rules are defined using a 5-tuple classification.
  - 5. The method of claim 1, wherein the flow rules are defined without direct understanding of the service-ID.
  - 6. The method of claim 1, wherein the software defined network controller communicates via an application programming interface.
  - 7. The method of claim 1, wherein the policy is based on the service-ID and the tenant-ID.
  - 8. The method of claim 1, wherein the policy is defined on one of a per service-ID basis and per tenant-ID basis.
  - 9. The method of claim 1, wherein the extracting comprises extracting the universal cloud classification details at one of an openflow application and a universal cloud classification as a service component.
  - 10. The method of claim 1, wherein a controller module in the software-defined network-enable cloud environment assigns the service-ID to the service and the tenant-ID to the tenant.
  - 11. The method of claim 1, further comprising:
    - assigning a workload-ID to workload of the tenant,wherein the universal cloud classification details comprise the service-ID, the tenant-ID and the workload-ID.
  - 12. The method of claim 11, further comprising:
    - generating the flow rules based on the universal cloud classification details.

13. A system comprising:
- one or more processors; and
  
  a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  assigning, by a software-defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant to yield universal cloud classification details;
  
  extracting, at a switch and from a data flow, the universal cloud classification details;
  
  receiving a policy;
  
  generating flow rules based on the policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and
  
  transmitting the flow rules to an application to confine packet forwarding decisions for the data flow.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the flow rules are defined using a 5-tuple classification.
  - 15. The system of claim 13, wherein the universal cloud classification details are stored in a header of a packet in the data flow.
  - 16. The system of claim 13, wherein the software-defined network controller communicates via an application programming interface.
  - 17. The system of claim 13, wherein the policy is based on the service-ID and the tenant-ID.
  - 18. The system of claim 13, wherein the policy is defined on one of a per service-ID basis and per tenant-ID basis.
  - 19. The system of claim 13, wherein the computer-readable medium stores additional instructions which, when executed by the processor, cause the processor to perform further operations comprising assigning a workload-ID to workload of the tenant, wherein the universal cloud classification details comprise the service-ID, the tenant-ID and the workload-ID.

20. A computer-readable storage device storing instructions via a non-transitory storage medium which, when executed by a processor, cause the processor to perform operations comprising:
- assigning, by a software-defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant to yield universal cloud classification details;
  
  extracting, at a switch and from a data flow, the universal cloud classification details;
  
  receiving a policy;
  
  generating flow rules based on the policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and
  
  transmitting the flow rules to an application to confine packet forwarding decisions for the data flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Jeuk, Sebastian, Salgueiro, Gonzalo
Primary Examiner(s)
Pham, Chi H
Assistant Examiner(s)
Chowdhury, Fahmida S

Application Number

US15/215,499
Publication Number

US 20180026893A1
Time in Patent Office

1,000 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 41/40   using virtualisation of net...

H04L 41/5051   Service on demand, e.g. def...

H04L 47/20   Traffic policing

H04L 47/2441   relying on flow classificat...

H04L 47/2475   for supporting traffic char...

System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links