CN107241283B - Cross-host tenant east-west network traffic mirror image acquisition method - Google Patents

Cross-host tenant east-west network traffic mirror image acquisition method Download PDF

Info

Publication number
CN107241283B
CN107241283B CN201710367940.8A CN201710367940A CN107241283B CN 107241283 B CN107241283 B CN 107241283B CN 201710367940 A CN201710367940 A CN 201710367940A CN 107241283 B CN107241283 B CN 107241283B
Authority
CN
China
Prior art keywords
flow
acquisition
tenant
flow acquisition
acquired
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710367940.8A
Other languages
Chinese (zh)
Other versions
CN107241283A (en
Inventor
马秀娟
吴震
李传海
孙伟
唐积强
毛洪亮
徐小磊
何清林
张家琦
王子厚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Priority to CN201710367940.8A priority Critical patent/CN107241283B/en
Publication of CN107241283A publication Critical patent/CN107241283A/en
Application granted granted Critical
Publication of CN107241283B publication Critical patent/CN107241283B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing

Abstract

The invention provides a cross-host tenant east-west network flow mirror image acquisition method, which comprises the following steps: 1) the flow acquisition control server generates flow acquisition configuration parameters corresponding to the tenants to be acquired according to the tenant names of the tenants to be acquired, network configuration information of the tenants acquired from the cloud service master control server and distribution information of virtual machines of the tenants on the physical host; 2) the flow acquisition control server issues the flow acquisition configuration parameters to a flow acquisition driving program through a flow acquisition Agent of the cloud service host; 3) and the flow acquisition driving program mirrors the acquisition flow specified by the flow acquisition configuration parameters and sends the acquisition flow of the mirror image to the flow acquisition Agent. The method can dynamically acquire the east-west network flow of the tenant on a Linux kernel driver layer according to the tenant name, the network configuration information of the tenant and the distribution information of the virtual machine of the tenant on the physical host.

Description

Cross-host tenant east-west network traffic mirror image acquisition method
Technical Field
The invention relates to the field of communication technology security, in particular to a cross-host tenant east-west network traffic mirror image acquisition method.
Background
With the wide development of cloud computing services, due to the need for security, east-west network traffic in a cloud needs to be monitored, which requires mirroring of east-west network traffic of tenants in the cloud. To complete the mirror image of the network traffic in the east-west direction, the following functions need to be implemented:
1) network traffic of tenants is distinguished;
2) and effectively mirroring the network traffic of the tenant and transmitting the mirrored network traffic to a network data analysis center for analysis.
At present, network traffic mirroring is generally realized by adopting a light splitting or switch mirroring port mode. The light splitting refers to cloning light in the optical fiber through a light splitter, and in fact, the light in the optical fiber is copied through a lens; for example, the incident light is split into two beams, one beam has 70% of energy, and the other beam has 30% of energy, because the light is the carrier of the data, the light is duplicated, which means that the data transmitted by the network is duplicated. However, the optical splitter is generally used at an interface between a data center and an external network, that is, for collecting network traffic in the north-south direction.
The switch image port is configured on a switch, and data transmitted on one interface is copied to the image port, so that the copied data can be received at the image port. Because a tenant's virtual machines may be distributed across multiple physical hosts, network traffic may involve multiple racks, and thus it is not possible to determine which physical interfaces the tenant's network traffic relates to, and to mirror all switch ports. Therefore, the two ways are not applicable to the east-west network traffic of tenants in the cloud.
Disclosure of Invention
The invention aims to provide a cross-host tenant east-west network traffic mirror image acquisition method, which is characterized in that a tenant name needing traffic mirror image is set on a configuration interface based on the tenant's own tenant name so as to finish acquisition and analysis of the tenant network traffic.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a cross-host tenant east-west network traffic mirror image collection method comprises the following steps:
1) the flow acquisition control server generates flow acquisition configuration parameters corresponding to the tenants to be acquired according to the tenant names of the tenants to be acquired, network configuration information of the tenants acquired from the cloud service master control server and distribution information of virtual machines of the tenants on the physical host;
2) the flow acquisition control server issues the flow acquisition configuration parameters to a flow acquisition driving program through a flow acquisition Agent of the cloud service host;
3) and the flow acquisition driving program mirrors the acquisition flow specified by the flow acquisition configuration parameters and sends the acquisition flow of the mirror image to the flow acquisition Agent.
Further, the method steps further comprise: and the flow acquisition Agent sends the acquired flow of the mirror image to a flow analysis server, and the flow analysis server analyzes the acquired flow of the mirror image so as to verify the corresponding condition of the acquired flow and the tenant to be acquired according to an analysis result.
Further, the traffic collection configuration parameters in step 1) refer to the type and ID of the virtual network of the tenant.
Further, the traffic collection Agent in the step 2) is deployed on the cloud service host.
Further, the steps 2) and 3) specifically include the following steps:
a) the flow acquisition Agent receives a command of a flow acquisition control server and sets an identifier of flow of a tenant to be acquired in the flow acquisition configuration parameters into a flow acquisition driver;
b) the flow acquisition driving program receives a command of a flow acquisition Agent and configures flow acquisition configuration parameters of the tenant according to the flow identification of the tenant to be acquired;
c) and the flow acquisition driving program filters the network flow of the physical host according to the configured flow acquisition configuration parameters, mirrors the acquisition flow specified by the configured flow acquisition configuration parameters, and sends the acquisition flow of the mirror image to the flow acquisition Agent.
Further, the traffic collection driver in step 3) is deployed in a Linux kernel of the cloud service host.
Further, the traffic collection driver in step 3) sends the collected traffic of the mirror image to the traffic collection Agent in a manner of simulating TCP.
The invention has the beneficial effects that: the invention provides a cross-host tenant east-west network traffic mirror image acquisition method, which is realized by a software implementation scheme supporting dynamic configuration and more flexible cross-host tenant east-west traffic mirror image acquisition. Because the tenant's network data may be distributed across multiple network switches of the data center, the tenant's virtual machines are also dynamically distributed across the physical hosts. Because the mirror image port of the switch is limited, the network traffic of the tenant is acquired by adopting the method of the mirror image port of the switch, so that the network traffic and the specific tenant are difficult to correspond, and the method is not easy to realize; the optical splitting method is generally used on interfaces of a data center and an external network, namely for the acquisition of network traffic in the north-south direction; because of the large scale of network traffic between switches in a data center, the cost of analyzing and processing using optical spectroscopy is high. The method can dynamically acquire the east-west network flow of the tenant on a Linux kernel driver layer according to the tenant name, the network configuration information of the tenant and the distribution information of the virtual machine of the tenant on the physical host.
Drawings
Fig. 1 is a schematic diagram of an image collection method for east-west network traffic of a cross-host tenant according to the present invention.
Fig. 2 is a schematic diagram of network traffic mirroring implemented by the present invention.
Fig. 3 is a schematic diagram of a traffic collection driver simulating TCP according to the present invention.
Detailed Description
In order to make the aforementioned and other features and advantages of the invention more comprehensible, embodiments accompanied with figures are described in detail below.
The invention provides a cross-host tenant east-west network traffic mirror image acquisition method which is suitable for an acquisition system.
Referring to fig. 1, the traffic collection control server is configured to perform the following functions:
1) acquiring network configuration information of a tenant and distribution information of a virtual machine of the tenant on a physical host from a cloud service master control server;
2) receiving a tenant name of a tenant to be acquired from a system console, and generating a flow acquisition configuration parameter corresponding to the tenant according to the tenant name, network configuration information of the tenant and distribution information of a virtual machine of the tenant on a physical host;
the traffic collection configuration parameters refer to the type and ID of the virtual network of the tenant. If the virtual network type of the tenant is a VLAN (virtual local area network) network, the traffic collection configuration parameters corresponding to the tenant refer to the VLAN network and the VLAN id. If the virtual network type of the tenant is a VXLAN (extensible virtual local area network) network, the traffic collection configuration parameters corresponding to the tenant refer to the VXLAN network and a VXLAN ID.
3) And sending the flow acquisition configuration parameters to a flow acquisition Agent of a cloud service host related to tenant resources to complete the setting of flow mirror image parameters, and calling a flow acquisition driving program by the flow acquisition Agent according to the flow mirror image parameters to acquire the flow mirror images.
The flow acquisition Agent is deployed on the cloud service host and mainly completes the following functions:
1) receiving a command of a flow acquisition control server, and setting an identifier of flow of a tenant to be acquired in the flow acquisition configuration parameters into a flow acquisition driver;
2) and receiving the collection flow of the mirror image of the flow collection driving program, and sending the collection flow of the mirror image to a flow analysis server for analysis.
The flow acquisition driver is deployed in a Linux kernel of the cloud service host and mainly completes the following functions:
1) receiving a command of a flow acquisition Agent, and configuring flow acquisition configuration parameters of a tenant according to an identifier of flow of the tenant to be acquired;
2) filtering the network flow of the physical host according to the configured flow acquisition configuration parameters, and mirroring the acquisition flow specified by the configured flow acquisition configuration parameters;
3) and sending the collection flow of the mirror image to a flow collection Agent from the inside of the flow collection driving program.
The flow analysis server is used for receiving the acquired flow of the flow acquisition driving program mirror image sent by the flow acquisition Agent and analyzing the acquired flow, so that the corresponding situation of the acquired flow and the tenant to be acquired is verified according to the analysis result, and support is provided for subsequent acquired flow analysis.
The following embodiment is provided to better illustrate the method of the present invention, and the specific implementation of the method comprises the following steps:
1) and the traffic acquisition control server generates traffic acquisition configuration parameters corresponding to the tenant to be acquired according to the tenant name of the tenant to be acquired, the network configuration information of the tenant acquired from the cloud service master control server and the distribution information of the virtual machine of the tenant on the physical host.
The following is a specific form of network configuration information of the tenant. Currently, a virtual network of a tenant generally adopts a VLAN or VXLAN form, so that a function of mirroring tenant data can be completed only by mirroring data (traffic) of the corresponding VLAN or VXLAN.
Within the same cloud service range, the adopted virtual network forms are consistent, and if the cloud service adopts a VLAN network, the virtual networks adopted by all tenants are the VLAN network; if a VXLAN network is employed, then the virtual network employed by all tenants is a VXLAN network.
Table 1: network configuration information of tenant under VLAN network
Tenant ID Network VLAN ID
Tenant 1 Tenant1_network1 1010
Tenant 1 Tenant1_network2 1011
Tenant 2 Tenant2_network1 2020
Tenant 2 Tenant2_network2 2021
Tenant 3 Tenant3_network1 2301
Assuming that the cloud service deployment adopts a VLAN network, as shown in table 1, the traffic collection control service may obtain network configuration information of the following tenants:
the VLAN IDs corresponding to the network traffic of tenant 1 are 1010 and 1011;
the VLAN IDs corresponding to the network traffic of the tenant 2 are 2020 and 2021;
the VLAN ID corresponding to the network traffic of tenant 3 is 2031;
if the network of the cloud service employs a VXLAN network, then the corresponding ID is the VXLAN ID.
2) And the flow acquisition control server only issues the flow acquisition configuration parameters to the flow acquisition agent on the cloud service host related to the tenant according to the distribution information of the virtual machine of the tenant on the physical host, so as to complete the setting of the flow mirror image parameters.
3) And the flow acquisition agent receives a command of the flow acquisition control server, sets the identification of the flow of the tenant to be acquired into a flow acquisition driving program, calls the flow acquisition driving program according to the flow mirror image parameters and acquires the flow mirror image.
4) The flow acquisition driving program receives a command of a flow acquisition Agent and configures flow acquisition configuration parameters of the tenant according to the flow identification of the tenant to be acquired; and filtering the network traffic of the physical host according to the configured traffic collection configuration parameters, wherein the key implementation is to mount a filtering hook of a traffic collection driver in the netfilter to realize mirroring and collection of the network traffic. Referring to fig. 2, the filter Hook is a flow collection Hook in the figure. Netfilter is a standard network traffic handler for the Linux kernel, and other hooks in the figure are owned. The invention realizes the mirroring and collection of the network flow through the Netfilter.
The mirror image is realized by the following specific steps: realizing zero copy through the characteristics of the sk buffer, and mirroring the network traffic sent and received by the tenant by the traffic acquisition driver;
5) and the collection flow of the mirror image is sent to the flow collection Agent from the flow collection driving program. The realization process is as follows: as shown in fig. 3, in the traffic collection driver, a TCP protocol stack is implemented, and the traffic collection driver establishes a TCP connection with the traffic collection Agent deployed in the cloud service host operating system through TCP three-way handshake (for the traffic collection Agent, the TCP connection is a normal TCP connection, and normal TCP data transceiving can be performed on the TCP connection), and sends the collected data to the traffic collection Agent through the TCP connection.
The method has the advantages that the tenant information can be identified by using the TCP connection, so that the data of the tenant can be directly sent to the TCP connection, and the subsequent tenant data does not need to be provided with the tenant identification, thereby effectively saving the transmission cost; and the TCP is linked in a state, so that the receiving efficiency is high, and high-efficiency and reliable data transmission can be realized.
6) When the virtual network of the tenant or the virtual machine distribution of the tenant changes, the traffic collection control server updates the traffic collection configuration parameters of the traffic collection Agent on the relevant cloud service host.
The above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and a person skilled in the art can make modifications or equivalent substitutions to the technical solution of the present invention without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.

Claims (6)

1. A cross-host tenant east-west network traffic mirror image collection method comprises the following steps:
1) the flow acquisition control server generates flow acquisition configuration parameters corresponding to the tenants to be acquired according to the tenant names of the tenants to be acquired, network configuration information of the tenants acquired from the cloud service master control server and distribution information of virtual machines of the tenants on the physical host;
2) the flow acquisition control server issues the flow acquisition configuration parameters to a flow acquisition driving program through a flow acquisition Agent of the cloud service host;
3) the flow acquisition driving program mirrors the acquisition flow specified by the flow acquisition configuration parameters and sends the acquisition flow of the mirror image to the flow acquisition Agent, and the flow acquisition driving program comprises the following steps:
the flow acquisition driving program receives a command of a flow acquisition Agent and configures flow acquisition configuration parameters of the tenant according to the flow identification of the tenant to be acquired;
the flow acquisition driving program filters the network flow of the physical host according to the configured flow acquisition configuration parameters, mirrors the acquisition flow specified by the configured flow acquisition configuration parameters, and sends the acquisition flow of the mirror image to a flow acquisition Agent;
the flow collection driver is deployed in a Linux kernel of the cloud service host.
2. The method of claim 1, wherein the method steps further comprise: and the flow acquisition Agent sends the acquired flow of the mirror image to a flow analysis server, and the flow analysis server analyzes the acquired flow of the mirror image so as to verify the corresponding condition of the acquired flow and the tenant to be acquired according to an analysis result.
3. The method of claim 1, wherein the traffic collection configuration parameters in step 1) refer to a type and an ID of a virtual network of a tenant.
4. The method of claim 1, wherein the traffic collection Agent in step 2) is deployed on a cloud service host.
5. The method according to claim 1, wherein step 2) comprises in particular the steps of:
and the flow acquisition Agent receives a command of the flow acquisition control server and sets the flow identification of the tenant to be acquired in the flow acquisition configuration parameters into a flow acquisition driver.
6. The method according to claim 1, wherein the traffic collection driver in step 3) sends the mirrored collection traffic to the traffic collection Agent by simulating TCP.
CN201710367940.8A 2017-05-23 2017-05-23 Cross-host tenant east-west network traffic mirror image acquisition method Expired - Fee Related CN107241283B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710367940.8A CN107241283B (en) 2017-05-23 2017-05-23 Cross-host tenant east-west network traffic mirror image acquisition method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710367940.8A CN107241283B (en) 2017-05-23 2017-05-23 Cross-host tenant east-west network traffic mirror image acquisition method

Publications (2)

Publication Number Publication Date
CN107241283A CN107241283A (en) 2017-10-10
CN107241283B true CN107241283B (en) 2020-06-05

Family

ID=59985661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710367940.8A Expired - Fee Related CN107241283B (en) 2017-05-23 2017-05-23 Cross-host tenant east-west network traffic mirror image acquisition method

Country Status (1)

Country Link
CN (1) CN107241283B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109785606A (en) * 2019-02-02 2019-05-21 中能瑞通(北京)科技有限公司 A kind of power information acquisition system acquisition quality analysis method and device
CN113709017B (en) * 2021-08-17 2022-10-04 中盈优创资讯科技有限公司 Method and device for acquiring virtualization traffic
CN114006839B (en) * 2021-09-27 2023-06-23 中盈优创资讯科技有限公司 Flow acquisition method and device based on eBPF
CN114285667B (en) * 2021-12-30 2023-06-02 湖南泛联新安信息科技有限公司 Real-time acquisition system and method for network target range flow

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245504A (en) * 2015-09-10 2016-01-13 北京汉柏科技有限公司 North-south flow safety protection system in cloud computing network

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9602334B2 (en) * 2013-01-22 2017-03-21 International Business Machines Corporation Independent network interfaces for virtual network environments
CN103139315A (en) * 2013-03-26 2013-06-05 烽火通信科技股份有限公司 Application layer protocol analysis method suitable for home gateway
CN105591833A (en) * 2014-11-26 2016-05-18 中国银联股份有限公司 Flow-acquiring method based on rule engine
CN106375384B (en) * 2016-08-28 2019-06-18 北京瑞和云图科技有限公司 The management system and control method of image network flow in a kind of virtual network environment
CN106100999B (en) * 2016-08-28 2019-05-24 北京瑞和云图科技有限公司 Image network flow control methods in a kind of virtualized network environment
CN106452856A (en) * 2016-09-28 2017-02-22 杭州鸿雁智能科技有限公司 Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245504A (en) * 2015-09-10 2016-01-13 北京汉柏科技有限公司 North-south flow safety protection system in cloud computing network

Also Published As

Publication number Publication date
CN107241283A (en) 2017-10-10

Similar Documents

Publication Publication Date Title
CN107241283B (en) Cross-host tenant east-west network traffic mirror image acquisition method
WO2017162011A1 (en) Network element performance data processing method and device, and nms
CN111371640B (en) SDN controller-based traffic collection analysis method and system
US20130054521A1 (en) Method and device for automactic migration of system configuration item
CN106911648B (en) Environment isolation method and equipment
CN105867837A (en) Method, equipment and system for updating configurations of clients in distributed high-speed cache systems
CN110138876B (en) Task deployment method, device, equipment and platform
CN113742031B (en) Node state information acquisition method and device, electronic equipment and readable storage medium
CN108028827A (en) The management method and device of certificate in network function virtualization architecture
CN102752215B (en) Processing method for VDP (vertical data processing) request messages and edge switch
WO2014023160A1 (en) Forwarding packet in stacking system
CN105243012A (en) Linux based cluster network performance evaluating method
CN112351106B (en) Service grid platform containing event grid and communication method thereof
CN105607606A (en) Data acquisition device and data acquisition method based on double-mainboard framework
CN107547277B (en) Method for realizing virtualization control board and network communication equipment
CN108900603A (en) A kind of server discovery methods, devices and systems
CN102393887B (en) Application centralized management system and method based on Linux security module (LSM) mechanism
CN106657360A (en) Synchronization method and system for NIS servers under Linux system
CN106571943A (en) Distributed-type configuration cluster capacity-expanding method and device
US7830880B2 (en) Selective build fabric (BF) and reconfigure fabric (RCF) flooding
CN110795212B (en) Main/standby main control configuration synchronization method and device based on frame type equipment
US11108637B1 (en) Wireless relay consensus for mesh network architectures
CN103765837B (en) The message processing method of multi-CPU and system, crosspoint, veneer
CN103379151A (en) Method, device and system for flux exchange
CN110248261B (en) Scheduling processing method and device and transmission processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200605