Systems involving firewall of virtual machine traffic and methods of processing information associated with same
First Claim
1. A method for handling traffic over a network regarding communications between one or more virtual machines and the network, the method comprising:
- enabling, via a compute node, a firewall between the one or more virtual machine and at least a portion of a network, the firewall configured to detect undesired traffic based on a list of rules associated with communication between the one or more virtual machines and the network; and
controlling a virtual machine in response to the firewall detecting undesired traffic via monitoring and filtering traffic at layer 2 (link layer) during forwarding but prior to routing, including;
detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include a MAC address not associated with the virtual machine based on information included in the list of rules;
detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include an IP address not associated with the virtual machine based on information included in the list of rules;
detecting a rogue dynamic host communication protocol (DHCP) attack and blocking traffic having data frames or cells that include a DHCP offer based on information included in the list of rules; and
stopping the virtual machine and/or blocking all traffic from the virtual machine in response to the detecting of at least one attack;
performing processing regarding rebooting the virtual machine after detection of the undesired traffic, the processing including;
processing an instruction to the firewall to restart the virtual machine;
processing instructions regarding transmission, by the virtual machine, of a request for a network address to the network;
processing information regarding receipt, by the virtual machine, of a valid response in reply to the request; and
processing information regarding transmission, by an agent component, of an instruction to the firewall to lock the IP address with the virtual machine;
wherein the undesired traffic is discarded at the virtual hardware level prior to the undesired traffic reaching a switch or another virtual machine within the compute node;
wherein the list of rules includes forwarding data associated with communication between the compute node and the virtual machine as well as data associated with other compute node and other virtual machines associate with the other compute nodes;
wherein the firewall is configured to;
allow DHCP requests and virtual machine responses;
drop and or otherwise block DHCP requests from the virtual machine;
inspect DHCP packet headers to determine whether the address of the DHCP packet is valid;
lock the list of rules to only deliver packets to and from IP address associated with a valid DHCP address; and
lock the list of rules to only forward ARP packets from an associated IP address.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods involve compute nodes configured to define and/or otherwise process information associated with one or more virtual machines. In one exemplary implementation, a compute node may be configured to enable a firewall between the virtual machine and at least a portion of a network. Moreover, the firewall may be configured to detect undesired traffic based on a list of rules or an Ethernet bridge table associated with communication between the virtual machine and the network. Various features may also relate to the compute node being configured to lock the virtual machine in response to the firewall detecting undesired traffic associated with the virtual machine.
-
Citations
26 Claims
-
1. A method for handling traffic over a network regarding communications between one or more virtual machines and the network, the method comprising:
-
enabling, via a compute node, a firewall between the one or more virtual machine and at least a portion of a network, the firewall configured to detect undesired traffic based on a list of rules associated with communication between the one or more virtual machines and the network; and controlling a virtual machine in response to the firewall detecting undesired traffic via monitoring and filtering traffic at layer 2 (link layer) during forwarding but prior to routing, including; detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include a MAC address not associated with the virtual machine based on information included in the list of rules; detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include an IP address not associated with the virtual machine based on information included in the list of rules; detecting a rogue dynamic host communication protocol (DHCP) attack and blocking traffic having data frames or cells that include a DHCP offer based on information included in the list of rules; and stopping the virtual machine and/or blocking all traffic from the virtual machine in response to the detecting of at least one attack; performing processing regarding rebooting the virtual machine after detection of the undesired traffic, the processing including; processing an instruction to the firewall to restart the virtual machine; processing instructions regarding transmission, by the virtual machine, of a request for a network address to the network; processing information regarding receipt, by the virtual machine, of a valid response in reply to the request; and processing information regarding transmission, by an agent component, of an instruction to the firewall to lock the IP address with the virtual machine; wherein the undesired traffic is discarded at the virtual hardware level prior to the undesired traffic reaching a switch or another virtual machine within the compute node; wherein the list of rules includes forwarding data associated with communication between the compute node and the virtual machine as well as data associated with other compute node and other virtual machines associate with the other compute nodes; wherein the firewall is configured to; allow DHCP requests and virtual machine responses; drop and or otherwise block DHCP requests from the virtual machine; inspect DHCP packet headers to determine whether the address of the DHCP packet is valid; lock the list of rules to only deliver packets to and from IP address associated with a valid DHCP address; and lock the list of rules to only forward ARP packets from an associated IP address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for handling traffic over a network regarding communications between one or more virtual machines and the network, the method comprising:
-
processing information related to enabling or defining, via a compute node, a firewall between the one or more virtual machine and at least a portion of a network; processing information related to detecting, via the firewall, undesired traffic based on an Ethernet bridge table associated with communication between the one or more virtual machines and the network; and processing information related to controlling a virtual machine in response to the detection of undesired traffic via monitoring and filtering traffic at layer 2 (link layer) during forwarding but prior to routing, including; detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include a MAC address not associated with the virtual machine based on information included in the Ethernet bridge table; detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include an IP address not associated with the virtual machine based on information included in the Ethernet bridge table; detecting a rogue dynamic host communication protocol (DHCP) attack and blocking traffic having data frames or cells that include a DHCP offer based on information included in the Ethernet bridge table; and stopping the virtual machine and/or blocking all traffic from the virtual machine; performing processing regarding rebooting the virtual machine after detection of the undesired traffic, the processing including;
processing an instruction to the firewall to restart the virtual machine;processing instructions regarding transmission, by the virtual machine, of a request for a network address to the network; processing information regarding receipt, by the virtual machine, of a valid response in reply to the request;
or processing information regarding transmission, by an agent component, of an instruction to the firewall to lock the IP address with the virtual machine;
or any combination thereof;wherein the undesired traffic is discarded at the virtual hardware level prior to the undesired traffic reaching a switch or another virtual machine within the compute node; wherein the Ethernet bridge table includes forwarding data associated with communication between the compute node and the virtual machine as well as data associated with other compute node and other virtual machines associate with the other compute nodes; wherein the firewall is configured to; allow DHCP requests and virtual machine responses;
drop and/or otherwise block DHCP requests from the virtual machine;inspect DHCP packet headers to determine whether the address of the DHCP packet is valid; lock the Ethernet bridge table to only deliver packets to and from IP address associated with a valid DHCP address; and
lock the Ethernet bridge table to only forward ARP packets from an associated IP address. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system comprising:
-
a compute node comprising a memory and/or a processing component, the computer node also comprising or having access to a list of rules, the compute node configured to; define one or more virtual machines; enable a firewall between at least one virtual machine and at least a portion of a network, the firewall being configured to detect undesired traffic based on the list of rules associated with communication between the at least one virtual machine and the at least a portion of the network; control the virtual machine in response to the detection of the undesired traffic via monitoring and filtering traffic at layer 2 (link layer) during forwarding but prior to routing, including; detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include a MAC address not associated with the virtual machine based on information included in the list of rules; detecting a spoof attack of an IP address of another compute node and blocking traffic having data frames or cells that include an IP address not associated with the virtual machine based on information included in the list of rules; detecting a rogue dynamic host communication protocol (DHCP) attack and blocking traffic having data frames or cells that include a DHCP offer based on information included in the list of rules; and locking, stopping or blocking network traffic to and/or from the virtual machine in response to the firewall detecting the undesired traffic; and perform processing regarding rebooting the virtual machine after detection of the undesired traffic, the processing including; processing an instruction to the firewall to restart the virtual machine;
processing instructions regarding transmission, by the virtual machine, of a request for a network address to the network;processing information regarding receipt, by the virtual machine, of a valid response in reply to the request;
or processing information regarding transmission, by an agent component, of an instruction to the firewall to lock the IP address with the virtual machine;
or any combination thereof;wherein the undesired traffic is discarded at the virtual hardware hardware/machine level prior to the undesired traffic reaching a switch or another virtual machine within the compute node; wherein the list of rules includes forwarding data associated with communication between the compute node and the virtual machine as well as data associated with other compute node and other virtual machines associate with the other compute nodes; wherein the firewall is configured to; allow DHCP requests and virtual machine responses;
drop and or otherwise block DHCP requests from the virtual machine;inspect DHCP packet headers to determine whether the address of the DHCP packet is valid; lock the list of rules to only deliver packets to and from IP address associated with a valid DHCP address; and lock the list of rules to only forward ARP packets from an associated IP address. - View Dependent Claims (23, 24, 25, 26)
-
Specification