CN107346259B - Method for realizing dynamic deployment safety capability - Google Patents

Method for realizing dynamic deployment safety capability Download PDF

Info

Publication number
CN107346259B
CN107346259B CN201710326354.9A CN201710326354A CN107346259B CN 107346259 B CN107346259 B CN 107346259B CN 201710326354 A CN201710326354 A CN 201710326354A CN 107346259 B CN107346259 B CN 107346259B
Authority
CN
China
Prior art keywords
virtual machine
security
cloud
safety
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710326354.9A
Other languages
Chinese (zh)
Other versions
CN107346259A (en
Inventor
马秀娟
吴震
张露晨
李传海
胡国华
王秀文
苏沐冉
何清林
张家琦
王子厚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Priority to CN201710326354.9A priority Critical patent/CN107346259B/en
Publication of CN107346259A publication Critical patent/CN107346259A/en
Application granted granted Critical
Publication of CN107346259B publication Critical patent/CN107346259B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5022Mechanisms to release resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for realizing dynamic deployment of safety capability. The method comprises the following steps: 1) a cloud security center of a cloud network creates a security virtual machine and loads a mirror image of security capability to the security virtual machine; the safety virtual machine is a virtual machine for running safety service; 2) the cloud security center sends the routing strategy to a virtual router of the cloud tenant network, and corresponding service flow is drawn to the security virtual machine; 3) when a plurality of security virtual machines exist in the cloud network, the cloud security center selects one security virtual machine as a main security virtual machine; and the flow needing safety protection is drawn to the main safety virtual machine; 4) the main safety virtual machine distributes the flow to other safety virtual machines and establishes a shunting rule table; 5) the cloud security center monitors the set key performance indexes of each security virtual machine and determines whether the security virtual machine needing to be released exists or not; and releasing the safety virtual machine when the number of the safety virtual machine stream connections to be released is 0. The invention can perform elastic expansion and contraction according to the actual service flow of the user.

Description

Method for realizing dynamic deployment safety capability
Technical Field
The invention relates to a method for realizing dynamic deployment of security capability, belonging to the technical field of network security.
Background
With the wide development of cloud computing services, cloud security services are also developed synchronously. Two main deployment forms of cloud security product capability are currently available:
1) the hardware deployment scheme comprises the following steps: the direct bypass is deployed at a core switch of the cloud data center or is connected in series at an outlet network of the cloud data center, and the safety protection aiming at the whole cloud platform service is realized.
2) The software deployment scheme comprises the following steps: the traditional safety capacity is converted into software, a server cluster is built to form safety capacity pooling, and safety protection is provided for tenant services on the cloud.
In the current cloud security deployment scheme, no matter a hardware scheme or a software scheme, fully-automatic dynamic flexible deployment is difficult to realize.
Currently, the cloud security capacity is preset by a user, a cloud tenant is required to select how large security capacity of a service needs to be opened, for example, a virtual firewall service of 1Gbps needs to be opened, and if the traffic exceeds the opened security service carrying capacity, the traffic is discarded.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention aims to provide a method for realizing dynamic elastic deployment safety capability, which can elastically stretch and contract according to the actual service flow of a user and can realize automatic drainage of the service flow of the user.
The technical scheme of the invention is as follows:
a method for realizing dynamic deployment of security capability comprises the following steps:
1) a cloud security center of a cloud network creates a security virtual machine and loads a mirror image of security capability to the security virtual machine; the safety virtual machine is a virtual machine for running safety service;
2) the cloud security center sends the generated routing strategy to a virtual router of a target cloud tenant network, and the virtual router pulls corresponding service flow to the security virtual machine according to the routing strategy;
3) the cloud security center acquires set key performance indexes of the security virtual machine, and when a plurality of key performance indexes of the security virtual machine reach a preset threshold value, a new security virtual machine is created and a mirror image of security capacity is loaded; when one or more security virtual machines exist in the cloud network, the cloud security center selects one security virtual machine as a main security virtual machine; the traffic needing safety protection in all the cloud tenant networks in the cloud network is pulled to the main safety virtual machine;
4) the main safety virtual machine distributes the flow to other safety virtual machines and establishes and maintains a shunting rule table according to the quintuple of the flow; the flow distribution rule table comprises a plurality of flow distribution rules, and each flow distribution rule comprises a flow quintuple and a safety virtual machine address for processing the flow;
5) the cloud security center monitors set key performance indexes of each security virtual machine and determines whether the security virtual machine needing to be released exists or not; if the safe virtual machine to be released exists, the main safe virtual machine removes the address of the safe virtual machine to be released from the shunting rule table, maintains the established shunting rule in the shunting rule table, releases the safe virtual machine when the connection number of the safe virtual machine to be released is 0, and deletes the corresponding shunting rule in the shunting rule table.
Further, the method for determining whether the security virtual machine needing to be released exists comprises the following steps: the cloud security center monitors index values of set key performance indexes of each security virtual machine; for N security virtual machines for processing the flow of the same target cloud tenant network, if each key performance index of the N security virtual machines meets a set condition, selecting one security virtual machine from the N security virtual machines for release, wherein the selected security virtual machine is not the main security virtual machine; the setting conditions are as follows: (C1+ C2+ … … + CN)<(N-1) M, M is a set threshold, C1, C2, … … CNRespectively the index values of the same key performance index of each safety virtual machine.
Further, the master security virtual machine allocates traffic polling to other security virtual machines according to the five-tuple of the traffic.
Further, the master security virtual machine is a first security virtual machine created by a cloud security center of the cloud network.
Furthermore, a core switch is arranged in the cloud network, and each cloud tenant network in the cloud network is connected with other service units in the cloud network and the external internet through the core switch.
Further, the key performance indexes include a CPU utilization rate, a memory utilization rate, and a virtual network card occupancy rate.
The invention has the beneficial effects that:
the invention realizes the elastic expansion scheme of performance monitoring based on the safety capability through the mechanism of the elastic expansion or release of the safety virtual machine.
Drawings
Fig. 1 is a networking diagram of the scheme of the invention.
Detailed Description
In order to make the aforementioned and other features and advantages of the invention more comprehensible, embodiments accompanied with figures are described in detail below.
As shown in fig. 1, in a Cloud network, there are multiple Cloud tenant networks — VPCs (virtual private clouds), each VPC is internally a virtual classical network including a virtual router (vRouter), a virtual switch (vSwitch) and a virtual host (VM). All VPCs are connected with other service units in the cloud network and the external Internet through a core switch of the cloud network.
The dynamic deployment cloud security scheme mainly has two core functional components:
1) cloud security center: the method mainly realizes resource monitoring of cloud security capability, flexible deployment and scheduling of cloud security capability and the like.
2) A safety pool: all created or released security virtual machines (SEC, i.e. virtual machines running security services) are incorporated into the security pool for unified management and control.
The key processing flow of the overall scheme comprises the following aspects:
1) the cloud security center dynamically deploys security capability according to the service flow;
2) the cloud security center issues a drainage strategy to the vRouter;
3) the vRouter pulls traffic to the security capability for processing.
The key implementation involved in dynamically deploying a security capability scheme is as follows:
1) the cloud security center initially calls a cloud platform interface to create a security virtual machine and loads a mirror image of security capability; security capabilities include virtual firewalls, virtual IPS, virtual WAFs, virtual database audits, virtual bastion machines, and the like.
2) The cloud security center calls a route interface of the vRouter, the generated strategy route is issued to the virtual router, and the virtual router pulls the corresponding service flow to the security virtual machine according to the route strategy;
the policy routing has different policies according to different security services, for example, if the security service is a firewall, the policy routing needs to pull the traffic of the virtual server, which is the source IP or the destination IP, to the security virtual machine, that is, it is ensured that the traffic of the virtual server entering and exiting all enters the security virtual machine; if the security service is database audit, the policy routing needs to pull the flow of the database server with the source IP or the destination IP to a security virtual machine; if the security service is WAF, the policy routing needs to pull the traffic of which the source IP or the destination IP is a WEB server to the security virtual machine.
3) The cloud security center acquires key performance indexes of the security virtual machine through SNMP, wherein the key performance indexes comprise CPU utilization rate, memory utilization rate and virtual network card occupancy rate;
4) if the performance index of the part of the security virtual machine reaches a threshold value (such as 90%) preset by a user, the cloud platform interface is called to create a security virtual machine and load a mirror image of security capability.
5) The distribution strategy among the multiple security virtual machines is realized by a routing rule issued by the cloud security center to the vRouter, and the realization scheme is as follows: if there are 3 security virtual machines (security virtual machine 1, security virtual machine 2, security virtual machine 3) currently, the cloud security center issues a routing rule to the virtual router to pull all VPC traffic that needs security protection to the security virtual machine 1, and the security virtual machine 1 determines a flow rule according to a traffic quintuple (source IP address, destination IP address, source port number, destination port number, protocol ID), where different quintuples are different flows. The security virtual machine 1 polls to allocate a part of traffic to the security virtual machine 2 and the security virtual machine 3 according to the receiving sequence of different streams. The security virtual machine 1 needs to maintain this offload rule table (where the next hop address is 127.0.0.1 for native, 12.0.0.1 for security virtual machine 2, and 12.0.0.2 for security virtual machine 3):
source IP address Destination IP address Source port number Destination port number Protocol ID Next hop address
10.0.0.1 11.0.0.1 10345 8080 6 127.0.0.1
10.0.0.2 11.0.0.2 23456 23 6 12.0.0.1
10.0.0.3 11.0.0.3 4567 3456 17 12.0.0.2
In the invention, no matter one or more safety virtual machines, all safety flows are drawn to the safety virtual machine 1 as a main safety virtual machine. If only 1 security virtual machine exists, the security virtual machine 1 processes all the traffic by itself; if there are multiple security virtual machines, the security virtual machine 1 will perform the shunting policy again. The security virtual machine 1 marks the next hop address as itself (127.0.0.1) for the original traffic it handles, i.e. the existing traffic will continue to be maintained before the new security virtual machine is created.
The aging of the shunting rule table is realized based on two mechanisms of a protocol and overtime, wherein the protocol aging refers to that the shunting rule is aged when the protocols such as TCP and the like are monitored to be terminated; the overtime aging refers to that the shunting rule of the message which is still not received can be automatically aged within the overtime, and the overtime can be set by a user and is defined as 3600 s.
6) If the cloud security center simultaneously monitors key performance indexes of a plurality of security virtual machines for the same cloud tenant network (that is, if the same VPC network needs a plurality of security virtual machines for security protection, the cloud security center needs to monitor the performance indexes of the security virtual machines), whether a security virtual machine needs to be released is determined based on the following implementation method: if there are N security virtual machines currently and if the threshold set by the user is M, the CPU of each security virtual machine is usedThe utilization rates are respectively C1, C2 and … … CN,(C1+C2+……+CN)<(N-1) M. If each performance parameter (CPU utilization rate, memory utilization rate and virtual network card occupancy rate) meets the algorithm, the cloud security center selects one security virtual machine for releasing.
The safe virtual machine release scheme comprises the following steps: and the cloud security center selects one of the security virtual machines 1 to release, and the selection rule is the one with the lowest network card utilization rate. Before releasing, the security virtual machine 1 will remove the next-hop IP of the security virtual machine that needs to be released from the shunting rule table, and the security virtual machine 1 does not create the next-hop IP as the shunting rule of the security virtual machine to be released any more, but the created shunting rule is continuously maintained until the number of connections of the security virtual machine to be released is 0, and then the security virtual machine is released, and meanwhile the shunting rule is cleared. And meanwhile, the cloud security center can monitor the stream connection number of each security virtual machine in real time, and when the stream connection number of the released security virtual machine is 0, the cloud security center brings the security virtual machine into a security pool for centralized management.
The above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and a person skilled in the art can make modifications or equivalent substitutions to the technical solution of the present invention without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.

Claims (5)

1. A method for realizing dynamic deployment of security capability comprises the following steps:
1) a cloud security center of a cloud network creates a security virtual machine and loads a mirror image of security capability to the security virtual machine; the safety virtual machine is a virtual machine for running safety service;
2) the cloud security center sends the generated routing strategy to a virtual router of a target cloud tenant network, and the virtual router pulls corresponding service flow to the security virtual machine according to the routing strategy;
3) the cloud security center acquires set key performance indexes of the security virtual machine, and when a plurality of key performance indexes of the security virtual machine reach a preset threshold value, a new security virtual machine is created and a mirror image of security capacity is loaded; when one or more security virtual machines exist in the cloud network, the cloud security center selects one security virtual machine as a main security virtual machine; the traffic needing safety protection in all the cloud tenant networks in the cloud network is pulled to the main safety virtual machine; the key performance indexes comprise CPU utilization rate, memory utilization rate and virtual network card occupancy rate;
4) the main safety virtual machine distributes the flow to other safety virtual machines and establishes and maintains a shunting rule table according to the quintuple of the flow; the flow distribution rule table comprises a plurality of flow distribution rules, and each flow distribution rule comprises a flow quintuple and a safety virtual machine address for processing the flow;
5) the cloud security center monitors set key performance indexes of each security virtual machine and determines whether the security virtual machine needing to be released exists or not; if the safe virtual machine to be released exists, the main safe virtual machine removes the address of the safe virtual machine to be released from the shunting rule table, maintains the established shunting rule in the shunting rule table, releases the safe virtual machine when the connection number of the safe virtual machine to be released is 0, and deletes the corresponding shunting rule in the shunting rule table.
2. The method of claim 1, wherein determining whether there is a secure virtual machine that needs to be released is by: the cloud security center monitors index values of set key performance indexes of each security virtual machine; for N security virtual machines for processing the flow of the same target cloud tenant network, if each key performance index of the N security virtual machines meets a set condition, selecting one security virtual machine from the N security virtual machines for release, wherein the selected security virtual machine is not the main security virtual machine; the setting conditions are as follows: (C1+ C2+ … … + CN)<(N-1) M, M is a set threshold, C1, C2, … … CNRespectively the index values of the same key performance index of each safety virtual machine.
3. The method of claim 1 or 2, wherein the master security virtual machine assigns traffic polls to other security virtual machines based on a five-tuple of traffic.
4. The method of claim 1, wherein the primary security virtual machine is a first security virtual machine created by a cloud security center of the cloud network.
5. The method as claimed in claim 1, wherein a core switch is disposed in the cloud network, and each cloud tenant network in the cloud network is connected to other service units in the cloud network and an external internet through the core switch.
CN201710326354.9A 2017-05-10 2017-05-10 Method for realizing dynamic deployment safety capability Expired - Fee Related CN107346259B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710326354.9A CN107346259B (en) 2017-05-10 2017-05-10 Method for realizing dynamic deployment safety capability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710326354.9A CN107346259B (en) 2017-05-10 2017-05-10 Method for realizing dynamic deployment safety capability

Publications (2)

Publication Number Publication Date
CN107346259A CN107346259A (en) 2017-11-14
CN107346259B true CN107346259B (en) 2020-09-08

Family

ID=60254423

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710326354.9A Expired - Fee Related CN107346259B (en) 2017-05-10 2017-05-10 Method for realizing dynamic deployment safety capability

Country Status (1)

Country Link
CN (1) CN107346259B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10855584B2 (en) * 2018-12-28 2020-12-01 Alibaba Group Holding Limited Client-equipment-peering virtual route controller
US11012299B2 (en) * 2019-01-18 2021-05-18 Cisco Technology, Inc. Seamless multi-cloud routing and policy interconnectivity
CN111031091B (en) * 2019-10-30 2022-10-21 安天科技集团股份有限公司 Automatic adaptation method and device for cloud platform virtual diversion technology
CN110890979B (en) * 2019-11-14 2023-10-31 光通天下网络科技股份有限公司 Automatic deployment method, device, equipment and medium for fort machine
CN112688847A (en) * 2020-08-17 2021-04-20 紫光云技术有限公司 Method for realizing VPC (virtual private network) peer-to-peer connection in cloud network environment
CN113612785A (en) * 2021-08-09 2021-11-05 华云数据控股集团有限公司 SDN-based protection system and control method thereof

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9417922B2 (en) * 2012-12-03 2016-08-16 Cutting Edge Consulting Associates, Inc. Systems and methods for protecting an identity in network communications
US9060025B2 (en) * 2013-02-05 2015-06-16 Fortinet, Inc. Cloud-based security policy configuration
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN105487916B (en) * 2015-11-24 2018-11-20 上海君是信息科技有限公司 A kind of secure virtual machine reinforcement means under desktop cloud environment
CN105634998B (en) * 2016-03-30 2020-04-10 中国联合网络通信集团有限公司 Method and system for unified monitoring of physical machine and virtual machine in multi-tenant environment
CN106095532B (en) * 2016-06-12 2019-07-02 北京大学 A kind of virtual machine load balancing sacurity dispatching method in cloud environment

Also Published As

Publication number Publication date
CN107346259A (en) 2017-11-14

Similar Documents

Publication Publication Date Title
CN107346259B (en) Method for realizing dynamic deployment safety capability
US9535764B2 (en) Resource allocation mechanism
EP2882162B1 (en) Data stream security processing method and apparatus
JP6648892B2 (en) Conformity network function chain
WO2011074516A1 (en) Network system, method for controlling same, and controller
Chou et al. A genetic-based load balancing algorithm in openflow network
EP3541028B1 (en) Adaptive load-balancing over a multi-point logical interface
JP2016536939A (en) Diameter load and overload information and methods, systems and computer readable media for virtualization
WO2013125342A1 (en) Network system, and method for improving resource usage
CN108234211B (en) Network control method, system and storage medium
DE102018004111B4 (en) COMPUTING SYSTEM, COMPUTER-READABLE MEDIA AND ON-DEMAND SCALING ENGINE FOR COMMUNICATIVELY COUPLING TO A PROCESSOR
US20070268825A1 (en) Fine-grain fairness in a hierarchical switched system
Paganini et al. Network stability under alpha fair bandwidth allocation with general file size distribution
Han et al. SAVE: Energy-aware virtual data center embedding and traffic engineering using SDN
Celenlioglu et al. An SDN based intra-domain routing and resource management model
Gharbaoui et al. On virtualization-aware traffic engineering in OpenFlow data centers networks
CN111343097B (en) Link load balancing method and device, electronic equipment and storage medium
Bagci et al. Queue-allocation optimization for adaptive video streaming over software defined networks with multiple service-levels
JP2013175810A (en) Network resource management apparatus
Habibi et al. QRVE: QoS-aware routing and energy-efficient VM Placement for Software-Defined DataCenter Networks
Liatifis et al. Fault-tolerant SDN solution for cybersecurity applications
US9577957B2 (en) Facilitating congestion control in a network switch fabric based on group traffic rates
US20150180796A1 (en) Network resource management for parallel computing
Yao et al. Toward live inter-domain network services on the exogeni testbed
WO2013137875A1 (en) Allocating bandwidth in a network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200908

CF01 Termination of patent right due to non-payment of annual fee