Firewall for a virtual network and related techniques

US 9,888,055 B2
Filed: 03/07/2014
Issued: 02/06/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first server device executing a first virtual machine and connected to a physical network;

a second server device executing a second virtual machine and connected to the physical network, wherein the first and second virtual machines are connected to a same virtual network;

a first firewall module that functions as a firewall for the first virtual machine and a second firewall module that functions as a firewall for the second virtual machine, the firewall modules configured to filter network traffic received by the physical servers and addressed to the respective virtual servers;

wherein the first firewall module is executed by a core processor of the first virtual machine and the second firewall module is executed by a core processor of the second virtual machine;

wherein the first and second firewall modules each include a superset of the same firewall rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for filtering traffic in virtual networks includes a first virtual machine executed by a first physical server connected to a physical network and a second virtual machine executed by a second physical server connected to the physical network. The first and second virtual machines are connected to a same virtual network. A first firewall module is executed by the first physical server and a second firewall module is executed by the second physical server. The firewall modules are configured to filter network traffic received by the physical servers and addressed to the virtual servers.

35 Citations

15 Claims

1. A system comprising:
- a first server device executing a first virtual machine and connected to a physical network;
  
  a second server device executing a second virtual machine and connected to the physical network, wherein the first and second virtual machines are connected to a same virtual network;
  
  a first firewall module that functions as a firewall for the first virtual machine and a second firewall module that functions as a firewall for the second virtual machine, the firewall modules configured to filter network traffic received by the physical servers and addressed to the respective virtual servers;
  
  wherein the first firewall module is executed by a core processor of the first virtual machine and the second firewall module is executed by a core processor of the second virtual machine;
  
  wherein the first and second firewall modules each include a superset of the same firewall rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein the firewall modules are configured to filter the network traffic prior to the network traffic being received by the virtual network.
  - 3. The system of claim 1 wherein the firewall modules are configured to filter the network traffic based on custom traffic filters.
  - 4. The system of claim 3 wherein the custom traffic filters include a rule to filter traffic based on a client ID of a client that owns a virtual machine.
  - 5. The system of claim 3 wherein the custom traffic filters include a rule to filter traffic based on which virtual machine generated the traffic filter.
  - 6. The system of claim 3 wherein the custom traffic filters include a rule to filter traffic based on a virtual network identifier.
  - 7. The system of claim 3 wherein the custom traffic filters include a rule to filter traffic based on a virtual machine that is a recipient of the traffic.

8. A method comprising:
- executing, by a first server device connected to a physical network, a first virtual machine;
  
  executing, by a second server device connected to the physical network, a second virtual machine, wherein the first and second virtual machines are connected to a same virtual network;
  
  executing a first firewall module to function as a firewall for the first virtual machine and a second firewall module to function as a firewall module for the second virtual machine, the firewall modules configured to filter network traffic received by the physical servers and addressed to the virtual machines;
  
  wherein the first firewall module is executed by a core processor of the first virtual machine and the second firewall module is executed by a core processor of the second virtual machinewherein the first and second firewall modules each include a superset of the same firewall rules.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the firewall modules are configured to filter the network traffic prior to the network traffic being received by the virtual network.
  - 10. The method of claim 8 wherein the firewall modules are configured to filter the network traffic based on custom traffic filters.
  - 11. The method of claim 10 wherein the custom traffic filters include a rule to filter traffic based on a client ID of a client that owns a virtual machine.
  - 12. The method of claim 10 wherein the custom traffic filters include a rule to filter traffic based on which virtual machine generated the traffic filter.
  - 13. The method of claim 10 wherein the custom traffic filters include a rule to filter traffic based on a virtual network identifier.
  - 14. The method of claim 10 wherein the custom traffic filters include a rule to filter traffic based on a virtual machine that is a recipient of the traffic.

15. A system comprising:
- a physical server connected to a physical network and executing a virtual machine connected to a virtual network;
  
  a firewall module executed by the virtual machine and configured to function as a firewall for the first virtual machine and to filter network traffic received by the physical server and addressed to the virtual server;
  
  wherein the firewall module includes a superset of firewall rules shared by other firewalls operating on the physical and/or virtual network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ProfitBricks GmbH (ProfitBricks, Inc.)
Original Assignee
ProfitBricks GmbH (ProfitBricks, Inc.)
Inventors
Wood, Conrad N., Weiss, Achim
Primary Examiner(s)
Gilles, Jude Jean

Application Number

US14/200,948
Publication Number

US 20140280911A1
Time in Patent Office

1,432 Days
Field of Search

709224, 709221, 709220
US Class Current
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/125   by balancing the load, e.g....

H04L 49/00   Packet switching elements

H04L 67/02   based on web technology, e....

H04L 67/1008   based on parameters of serv...

Firewall for a virtual network and related techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Firewall for a virtual network and related techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others