System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
First Claim
Patent Images
1. A method comprising:
- assigning, by a software defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant, to yield universal cloud classification details;
extracting, from a data flow, the universal cloud classification details;
generating flow rules based on a received policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and
transmitting the flow rules to an application to confine packet forwarding decisions for the data flow.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.
-
Citations
20 Claims
-
1. A method comprising:
-
assigning, by a software defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant, to yield universal cloud classification details; extracting, from a data flow, the universal cloud classification details; generating flow rules based on a received policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and transmitting the flow rules to an application to confine packet forwarding decisions for the data flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
- one or more processors; and
a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; assigning, by a software-defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant to yield universal cloud classification details; extracting, at a switch and from a data flow, the universal cloud classification details; receiving a policy; generating flow rules based on the policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and transmitting the flow rules to an application to confine packet forwarding decisions for the data flow. - View Dependent Claims (14, 15, 16, 17, 18, 19)
- one or more processors; and
-
20. A computer-readable storage device storing instructions via a non-transitory storage medium which, when executed by a processor, cause the processor to perform operations comprising:
-
assigning, by a software-defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant to yield universal cloud classification details; extracting, at a switch and from a data flow, the universal cloud classification details; receiving a policy; generating flow rules based on the policy and universal cloud classification details, the flow rules defined without inspecting each device to obtain a direct understanding of the tenant-ID; and transmitting the flow rules to an application to confine packet forwarding decisions for the data flow.
-
Specification