System and method for transport-layer level identification and isolation of container traffic
First Claim
Patent Images
1. A method comprising:
- receiving, at a component in a network, a packet having a data field;
extracting, at a network layer, container identification data from the data field, the container identification data identifying a software destination container on the network; and
applying a policy to the packet at the component based on the container identification data;
wherein the container identification data includes at least a unique container ID and/or a container name;
wherein the data field comprises one of an IPv6 extension header and an option field of an IPv4 packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes receiving, at a component in a network, a packet having a data field, extracting, at a network layer, container identification data from the data field and applying a policy to the packet at the component based on the container identification data. The data field can include one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an optional field of an IPv4 packet.
425 Citations
18 Claims
-
1. A method comprising:
-
receiving, at a component in a network, a packet having a data field; extracting, at a network layer, container identification data from the data field, the container identification data identifying a software destination container on the network; and applying a policy to the packet at the component based on the container identification data; wherein the container identification data includes at least a unique container ID and/or a container name; wherein the data field comprises one of an IPv6 extension header and an option field of an IPv4 packet. - View Dependent Claims (2, 3, 4, 5, 16)
-
-
6. A system comprising:
-
one or more processors; and a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving, at a component in a network, a packet having a data field; extracting, at a network layer, container identification data from the data field, the container identification data identifying a software destination container on the network; and applying a policy to the packet at the component based on the container identification data; wherein the container identification data includes at least a unique container ID and/or a container name; wherein the data field comprises one of an IPv6 extension header and an option field of an IPv4 packet. - View Dependent Claims (7, 8, 9, 10, 17)
-
-
11. A non-transitory computer-readable storage media storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving, at a component in a network, a packet having a data field; extracting, at a network layer, container identification data from the data field, the container identification data identifying a software destination container on the network; and applying a policy to the packet at the component based on the container identification data; wherein the container identification data includes at least a unique container ID and/or a container name; wherein the data field comprises one of an IPv6 extension header and an option field of an IPv4 packet. - View Dependent Claims (12, 13, 14, 15, 18)
-
Specification