Universal cloud classification [UCC]as a service
First Claim
Patent Images
1. A method comprising:
- assigning, by a controller in a cloud service provider network, one or more identifiers to yield cloud identification information;
extracting, from a data flow, the cloud identification information;
generating one or more policies based on the cloud identification information, wherein the one or more policies are defined without device inspection to obtain a direct understanding of the one or more identifiers; and
transmitting the one or more policies to an application to conform packet handling of the data flow.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.
-
Citations
20 Claims
-
1. A method comprising:
-
assigning, by a controller in a cloud service provider network, one or more identifiers to yield cloud identification information; extracting, from a data flow, the cloud identification information; generating one or more policies based on the cloud identification information, wherein the one or more policies are defined without device inspection to obtain a direct understanding of the one or more identifiers; and transmitting the one or more policies to an application to conform packet handling of the data flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
one or more processors; and a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; assigning, by a controller in a cloud service provider network, one or more identifiers to yield cloud identification information; extracting, from a data flow, the cloud identification information; generating one or more policies based on the cloud identification information, the one or more policies defined without device inspection to obtain a direct understanding of the one or more identifiers; and transmitting the one or more policies to an application to conform packet handling of the data flow. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable storage device storing instructions via a non-transitory storage medium which, when executed by a processor, cause the processor to perform operations comprising:
-
assigning, by a controller in a cloud environment, one or more identifier to yield cloud identification information; extracting, from a data flow, the cloud identification information; generating one or more policies based on the cloud identification information, the one or more policies defined without device inspection to obtain a direct understanding of the one or more identifiers; and transmitting the one or more policies to an application to conform packet handling of the data flow.
-
Specification