SYSTEM AND METHOD FOR TRANSPORT-LAYER LEVEL IDENTIFICATION AND ISOLATION OF CONTAINER TRAFFIC
First Claim
Patent Images
1. A method comprising:
- receiving, at a component in a network, a packet having a data field;
extracting, at a network layer, container identification data from the data field, the container identification data identifying a software container on the network; and
applying a policy to the packet at the component based on the container identification data.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes receiving, at a component in a network, a packet having a data field, extracting, at a network layer, container identification data from the data field and applying a policy to the packet at the component based on the container identification data. The data field can include one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an optional field of an IPv4 packet.
14 Citations
18 Claims
-
1. A method comprising:
-
receiving, at a component in a network, a packet having a data field; extracting, at a network layer, container identification data from the data field, the container identification data identifying a software container on the network; and applying a policy to the packet at the component based on the container identification data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
one or more processors; and a computer-readable medium, storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving, at a component in a network, a packet having a data field; extracting, at a network layer, container identification data from the data field; and applying a policy to the packet at the component based on the container identification data. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving, at a component in a network, a packet having a data field; extracting, at a network layer, container identification data from the data field; and applying a policy to the packet at the component based on the container identification data. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification