FACILITATING SOFTWARE-DEFINED NETWORKING COMMUNICATIONS IN A CONTAINER-BASED NETWORKED COMPUTING ENVIRONMENT

US 20170149843A1
Filed: 11/20/2015
Published: 05/25/2017
Est. Priority Date: 11/20/2015
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating a software-defined networking (SDN) communication in a container-based networked computing environment, comprising:

creating a SDN policy agent in the container-based networked computing environment, the SDN policy agent being a container virtual machine (VM) that provides SDN communications to other VMs in the container-based networked computing environment;

forwarding, in response to a request by a container in the container-based networked computing environment to establish a SDN connection with a SDN controller, an authentication request to the SDN policy agent;

determining, by the SDN policy agent, whether the container is eligible to establish the connection; and

establishing, by the SDN policy agent, the connection between the container and the SDN controller in response to a determination that the VM is eligible.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the present invention provide an approach for facilitating a software-defined networking (SDN) communication in a container-based networked computing environment. In an embodiment, a SDN policy agent is created in the container-based networked computing environment. This SDN policy agent is created as a container virtual machine (VM) in the container-based networked computing environment. When a request is made by a VM to establish a SDN connection with the SDN controller for the server, the SDN controller forwards the request to the SDN policy agent. The SDN policy agent is responsible for determining whether the VM is eligible to establish the connection. If the SDN policy agent determines that the VM is eligible, the VM is allowed to become part of the SDN network.

67 Citations

View as Search Results

20 Claims

1. A method for facilitating a software-defined networking (SDN) communication in a container-based networked computing environment, comprising:
- creating a SDN policy agent in the container-based networked computing environment, the SDN policy agent being a container virtual machine (VM) that provides SDN communications to other VMs in the container-based networked computing environment;
  
  forwarding, in response to a request by a container in the container-based networked computing environment to establish a SDN connection with a SDN controller, an authentication request to the SDN policy agent;
  
  determining, by the SDN policy agent, whether the container is eligible to establish the connection; and
  
  establishing, by the SDN policy agent, the connection between the container and the SDN controller in response to a determination that the VM is eligible.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - setting, prior to the creating of the SDN policy agent, a default address for the SDN policy agent in a virtual switch of an operating system of the container-based networked computing environment;
      
      establishing, during the creating of the SDN policy agent, a location of the SDN policy agent to be the default address; and
      
      accessing, in response to the request, the virtual switch by the SDN controller to retrieve the address.
  - 3. The method of claim 1, further comprising:
    - inserting, in response to the creating of the SDN policy agent, an address corresponding to the SDN policy agent into a kernel of an operating system of the container-based networked computing environment; and
      
      accessing, in response to the request, the kernel by the SDN controller to retrieve the address.
  - 4. The method of claim 3, wherein the address is inserted into the kernel and accessed from the kernel using an hosting utility.
  - 5. The method of claim 1, further comprising:
    - forwarding, in response to the request by the container, a challenge packet in the request to the SDN policy agent by the SDN controller;
      
      hashing, by the SDN policy agent, the challenge packet to obtain a password; and
      
      performing the determining based on the password.
  - 6. The method of claim 1, further comprising, marking, in response to a determination that the container is not eligible to establish the connection, the container to the SDN controller.
  - 7. The method of claim 1, wherein the networked computing environment is a cloud computing environment and wherein the container is a cloud resource.

8. A system for facilitating a software-defined networking (SDN) communication, comprising:
- a physical server having an operating system;
  
  a plurality of containers running on the physical server, each container of the plurality of containers being a virtual machine (VM) running on the operating system;
  
  a communications port that connects the physical server to a network;
  
  a SDN controller, configured to;
  
  forward, in response to a request by a VM in one of the plurality of containers to establish a connection with the SDN controller, an authentication request; and
  
  provide, in response to the authentication request being approved, a virtualized network connection between the VM and the communications port; and
  
  a SDN policy agent, the SDN policy agent being a container virtual machine (VM) that provides SDN communications to other VMs in the plurality of containers on the physical server and configured to;
  
  obtain the authentication request sent by the SDN controller;
  
  determine whether the VM is eligible to establish the connection; and
  
  establish the connection between the VM and the SDN controller in response to a determination that the VM is eligible.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - setting, prior to the creating of the SDN policy agent, a default address for the SDN policy agent in a virtual switch of an operating system of the container-based networked computing environment;
      
      establishing, during the creating of the SDN policy agent, a location of the SDN policy agent to be the default address; and
      
      accessing, in response to the request, the virtual switch by the SDN controller to retrieve the address.
  - 10. The system of claim 8, further comprising:
    - inserting, in response to the creating of the SDN policy agent, an address corresponding to the SDN policy agent into a kernel of an operating system of the container-based networked computing environment; and
      
      accessing, in response to the request, the kernel by the SDN controller to retrieve the address.
  - 11. The system of claim 10, wherein the address is inserted into the kernel and accessed from the kernel using an hosting utility.
  - 12. The system of claim 8, further comprising:
    - forwarding, in response to the request by the container, a challenge packet in the request to the SDN policy agent by the SDN controller;
      
      hashing, by the SDN policy agent, the challenge packet to obtain a password; and
      
      performing the determining based on the password.
  - 13. The system of claim 8, further comprising, marking, in response to a determination that the container is not eligible to establish the connection, the container to the SDN controller.
  - 14. The system of claim 8, wherein the networked computing environment is a cloud computing environment and wherein the container is a cloud resource.

15. A computer program product embodied in a computer readable medium that, when executed by a computer device, performs a method for facilitating a software-defined networking (SDN) communication in a container-based networked computing environment, the method comprising:
- creating a SDN policy agent in the container-based networked computing environment, the SDN policy agent being a container virtual machine (VM) that provides SDN communications to other VMs in the container-based networked computing environment;
  
  forwarding, in response to a request by a VM in the container-based networked computing environment to establish a SDN connection with a SDN controller, an authentication request to the SDN policy agent;
  
  determining, by the SDN policy agent, whether the VM is eligible to establish the connection; and
  
  establishing, by the SDN policy agent, the connection between the VM and the SDN controller in response to a determination that the VM is eligible.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The program product of claim 15, the method further comprising:
    - setting, prior to the creating of the SDN policy agent, a default address for the SDN policy agent in a virtual switch of an operating system of the container-based networked computing environment;
      
      establishing, during the creating of the SDN policy agent, a location of the SDN policy agent to be the default address; and
      
      accessing, in response to the request, the virtual switch by the SDN controller to retrieve the address.
  - 17. The program product of claim 15, the method further comprising:
    - inserting, in response to the creating of the SDN policy agent, an address corresponding to the SDN policy agent into a kernel of an operating system of the container-based networked computing environment; and
      
      accessing, in response to the request, the kernel by the SDN controller to retrieve the address.
  - 18. The program product of claim 15, the method further comprising:
    - forwarding, in response to the request by the container, a challenge packet in the request to the SDN policy agent by the SDN controller;
      
      hashing, by the SDN policy agent, the challenge packet to obtain a password; and
      
      performing the determining based on the password.
  - 19. The program product of claim 15, the method further comprising, marking, in response to a determination that the container is not eligible to establish the connection, the container to the SDN controller.
  - 20. The program product of claim 15, wherein the networked computing environment is a cloud computing environment and wherein the container is a cloud resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Shukla, Vishal, Amulothu, Venkata S., Kapur, Ashish

Granted Patent

US 10,037,220 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/083   using passwords cryptograph...

FACILITATING SOFTWARE-DEFINED NETWORKING COMMUNICATIONS IN A CONTAINER-BASED NETWORKED COMPUTING ENVIRONMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FACILITATING SOFTWARE-DEFINED NETWORKING COMMUNICATIONS IN A CONTAINER-BASED NETWORKED COMPUTING ENVIRONMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links