Universal cloud classification [UCC]as a service

US 10,652,155 B2
Filed: 04/15/2019
Issued: 05/12/2020
Est. Priority Date: 07/20/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning, by a controller in a cloud service provider network, one or more identifiers to yield cloud identification information;

extracting, from a data flow, the cloud identification information;

generating one or more policies based on the cloud identification information, wherein the one or more policies are defined without device inspection to obtain a direct understanding of the one or more identifiers; and

transmitting the one or more policies to an application to conform packet handling of the data flow.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.

Citations

20 Claims

1. A method comprising:
- assigning, by a controller in a cloud service provider network, one or more identifiers to yield cloud identification information;
  
  extracting, from a data flow, the cloud identification information;
  
  generating one or more policies based on the cloud identification information, wherein the one or more policies are defined without device inspection to obtain a direct understanding of the one or more identifiers; and
  
  transmitting the one or more policies to an application to conform packet handling of the data flow.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - storing the one or more identifiers,wherein the one or more identifiers include at least one of a service identifier or a tenant identifier.
  - 3. The method of claim 1, wherein the cloud identification information includes universal cloud classification details stored in a header of a packet in the data flow.
  - 4. The method of claim 1, wherein the one or more policies include flow rules defined using a 5-tuple classification.
  - 5. The method of claim 1, wherein the one or more policies include flow rules defined without direct understanding of a service identifier.
  - 6. The method of claim 1, wherein the controller communicates via an application programming interface.
  - 7. The method of claim 1, further comprising:
    - generating the one or more policies based on the cloud identification information and a received policy,wherein the received policy is based on at least one of a service identifier or a tenant identifier.
  - 8. The method of claim 1, further comprising:
    - generating the one or more policies based on the cloud identification information and a received policy,wherein the received policy is defined on a per service identifier basis or a per tenant identifier basis.
  - 9. The method of claim 1, wherein the cloud identification information is extracted by a software-defined network controller service.
  - 10. The method of claim 1, further comprising:
    - assigning a service identifier to a service and a tenant identifier to a tenant.
  - 11. The method of claim 1, further comprising:
    - assigning a workload identifier to workload of a tenant,wherein the cloud identification information includes a service identifier, a tenant identifier, and the workload identifier.
  - 12. The method of claim 11, further comprising:
    - generating the one or more policies based on universal cloud classification details.

13. A system comprising:
- one or more processors; and
  
  a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  assigning, by a controller in a cloud service provider network, one or more identifiers to yield cloud identification information;
  
  extracting, from a data flow, the cloud identification information;
  
  generating one or more policies based on the cloud identification information, the one or more policies defined without device inspection to obtain a direct understanding of the one or more identifiers; and
  
  transmitting the one or more policies to an application to conform packet handling of the data flow.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the one or more policies include flow rules defined using a 5-tuple classification.
  - 15. The system of claim 13, wherein the cloud identification information includes universal cloud classification details stored in a header of a packet in the data flow.
  - 16. The system of claim 13, wherein the controller communicates via an application programming interface.
  - 17. The system of claim 13, wherein the one or more policies are generated based on the cloud identification information and a received policy, and the received policy is based on at least one of a service identifier or a tenant identifier.
  - 18. The system of claim 13, wherein the one or more policies are generated based on the cloud identification information and a received policy, and the received policy is defined on a per service identifier basis or a per tenant identifier basis.
  - 19. The system of claim 13, wherein the one or more identifiers include at least one workload identifier assigned to a workload of a tenant, and the cloud identification information includes a service identifier, a tenant identifier, and the at least one workload identifier.

20. A computer-readable storage device storing instructions via a non-transitory storage medium which, when executed by a processor, cause the processor to perform operations comprising:
- assigning, by a controller in a cloud environment, one or more identifier to yield cloud identification information;
  
  extracting, from a data flow, the cloud identification information;
  
  generating one or more policies based on the cloud identification information, the one or more policies defined without device inspection to obtain a direct understanding of the one or more identifiers; and
  
  transmitting the one or more policies to an application to conform packet handling of the data flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Jeuk, Sebastian, Salgueiro, Gonzalo
Primary Examiner(s)
Pham, Chi H
Assistant Examiner(s)
Chowdhury, Fahmida S

Application Number

US16/384,464
Publication Number

US 20190245791A1
Time in Patent Office

393 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/40   using virtualisation of net...

H04L 41/5051   Service on demand, e.g. def...

H04L 47/20   Traffic policing

H04L 47/2441   relying on flow classificat...

H04L 47/2475   for supporting traffic char...

Universal cloud classification [UCC]as a service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Universal cloud classification [UCC]as a service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links