SYSTEM AND METHOD FOR TRANSPORT-LAYER LEVEL IDENTIFICATION AND ISOLATION OF CONTAINER TRAFFIC

US 20180027100A1
Filed: 07/20/2016
Published: 01/25/2018
Est. Priority Date: 07/20/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a component in a network, a packet having a data field;

extracting, at a network layer, container identification data from the data field, the container identification data identifying a software container on the network; and

applying a policy to the packet at the component based on the container identification data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes receiving, at a component in a network, a packet having a data field, extracting, at a network layer, container identification data from the data field and applying a policy to the packet at the component based on the container identification data. The data field can include one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an optional field of an IPv4 packet.

14 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, at a component in a network, a packet having a data field;
  
  extracting, at a network layer, container identification data from the data field, the container identification data identifying a software container on the network; and
  
  applying a policy to the packet at the component based on the container identification data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the data field comprises one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an option field of an IPv4 packet.
  - 3. The method of claim 1, wherein applying the policy to the packet comprises applying the policy on a per-container basis or a per-container-flow basis.
  - 4. The method of claim 1, wherein the policy is associated with at least one of QoS, prioritization, accounting, billing, cloud-based classification, a container-based policy, and a workload-based policy.
  - 5. The method of claim 1, wherein applying a policy to the packet at the component based on the container identification data further comprises applying the policy to a workload associated with the packet.
  - 6. The method of claim 1, wherein the component comprises a virtual switch.

7. A system comprising:
- one or more processors; and
  
  a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, at a component in a network, a packet having a data field;
  
  extracting, at a network layer, container identification data from the data field; and
  
  applying a policy to the packet at the component based on the container identification data.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the data field comprises one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an option field of an IPv4 packet.
  - 9. The system of claim 7, wherein applying the policy to the packet comprises applying the policy on a per-container basis or a per-container-flow basis.
  - 10. The system of claim 7, wherein the policy is associated with at least one of QoS, prioritization, accounting, billing, cloud-based classification, a container-based policy, a workload-based policy.
  - 11. The system of claim 7, wherein applying a policy to the packet at the component based on the container identification data further comprises applying the policy to workload associated with the packet.
  - 12. The system of claim 7, wherein the component comprises a virtual switch.

13. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
- receiving, at a component in a network, a packet having a data field;
  
  extracting, at a network layer, container identification data from the data field; and
  
  applying a policy to the packet at the component based on the container identification data.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-readable storage device of claim 13, wherein the data field comprises one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an option field of an IPv4 packet.
  - 15. The computer-readable storage device of claim 13, wherein applying the policy to the packet comprises applying the policy on a per-container basis or a per-container-flow basis.
  - 16. The computer-readable storage device of claim 13, wherein the policy is associated with at least one of QoS, prioritization, accounting, billing, cloud-based classification, a container-based policy, a workload-based policy.
  - 17. The computer-readable storage device of claim 13, wherein applying a policy to the packet at the component based on the container identification data further comprises applying the policy to workload associated with the packet.
  - 18. The computer-readable storage device of claim 13 wherein the component comprises a virtual switch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Jeuk, Sebastian, Salgueiro, Gonzalo

Granted Patent

US 10,382,597 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/45533   Hypervisors; Virtual machin...

H04L 2101/659   Internet protocol version 6...

H04L 47/20   Traffic policing

H04L 49/70   Virtual switches

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/34   involving the movement of s...

H04L 69/22   Parsing or analysis of headers

H04L 69/326   in the transport layer [OSI...

SYSTEM AND METHOD FOR TRANSPORT-LAYER LEVEL IDENTIFICATION AND ISOLATION OF CONTAINER TRAFFIC

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR TRANSPORT-LAYER LEVEL IDENTIFICATION AND ISOLATION OF CONTAINER TRAFFIC

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links