CN112003750A - Data center host Overlay network access control method - Google Patents
Data center host Overlay network access control method Download PDFInfo
- Publication number
- CN112003750A CN112003750A CN202010854460.6A CN202010854460A CN112003750A CN 112003750 A CN112003750 A CN 112003750A CN 202010854460 A CN202010854460 A CN 202010854460A CN 112003750 A CN112003750 A CN 112003750A
- Authority
- CN
- China
- Prior art keywords
- network access
- access control
- cluster
- strategy
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000011217 control strategy Methods 0.000 claims abstract description 36
- 238000001914 filtration Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data center host Overlay network access control method, relating to the field of network communication; configuring a network access control strategy, configuring iptables rules to restrict the flow between virtual machines in the cluster according to the network access control strategy, and configuring a routing strategy to restrict the data flow between an internal network and an external network of the cluster at a gateway side according to the network access control strategy so as to control the cluster network access; the difficulty of using network access control by a user is reduced, and the availability, safety and reliability of the data center network are improved.
Description
Technical Field
The invention discloses a network access control method, relates to the field of network communication, and particularly relates to a data center host Overlay network access control method.
Background
The convergence becomes an important mark of the internet + era, and the data center has interconnection and intercommunication with an external network regardless of the size. In order to prevent unstable situations such as network attacks during interconnection and intercommunication, reliability and security of network communication need to be improved.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a data center host Overlay network access control method, which avoids the problems of network attack of a public network, uncontrollable network flow in a cluster and the like, thereby achieving the purpose of preventing abnormal network attack and improving the safety and reliability of a network.
The specific scheme provided by the invention is as follows:
a network access control method for a data center host Overlay is characterized by configuring a network access control strategy, configuring iptables rules to limit the flow among virtual machines in a cluster according to the network access control strategy, configuring a routing strategy on a gateway side according to the network access control strategy to limit the data flow among internal networks and external networks of the cluster, and further controlling cluster network access.
The network access control strategy in the data center host Overlay network access control method comprises an internal network access control strategy and an external network access control strategy, the internal network access control strategy is converted into iptables rules according to network access control rules configured by a user, and the external network access control strategy is converted into a routing strategy according to the network access control rules configured by the user.
In the method for controlling the Overlay network access of the data center host, iptables rules are issued to the vSwitch host, and the corresponding iptables rules are added to the vSwitch host and executed.
In the data center host Overlay network access control method, the gateway is informed of the routing strategy, and the routing strategy is used for limiting the flow of the external network entering and exiting the cluster.
In the method for controlling the Overlay network access of the data center host, the virtual port is used for binding the internal network access control strategy, the iptables rule is issued to the vSwitch host through the RPC,
and unbinding the internal network access control policy by using the virtual port, and deleting the iptables rule by the vSwitch host.
In the method for controlling the network access of the host Overlay of the data center, the virtual router is utilized to bind the external network access control strategy, all the routing strategies are issued to the gateway through netconf connection,
and unbinding the last external network access control strategy by using the virtual router, and deleting the routing strategy of the gateway.
A data center host Overlay network access control system comprises a configuration module and a current limiting module,
the configuration module configures a network access control strategy, the current limiting module configures iptables rules to restrict the flow between virtual machines in the cluster according to the network access control strategy, and configures a routing strategy to restrict the flow of data between internal and external networks in the cluster on a gateway side according to the network access control strategy, so as to control cluster network access.
A data center host Overlay network access control device comprises: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is used for calling the machine readable program and executing the data center host Overlay network access control method.
The invention has the advantages that:
the invention provides a data center host Overlay network access control method, which integrates a network access control strategy into a data center network, realizes UI configuration of iptables and routing strategies, realizes that the interior of a cluster is limited to pass through flow between virtual machines according to iptables rules, and a gateway is limited to pass through flow between the interior and the exterior of the cluster according to the routing strategies, thereby not only reducing the difficulty of using network access control by a user, but also improving the availability, the safety and the reliability of the data center network.
Drawings
Fig. 1 is a schematic diagram of networking of an application data center host Overlay environment in the method of the present invention.
Detailed Description
Network Access Control (NAC) restricts traffic communication of a data center to traffic in a Network according to a protocol type, a port number, an Access direction, and the like, so that data packets are communicated according to a predetermined track, thereby achieving security and controllability of data packets.
The data center network provides an interface capable of configuring the network access control strategy, so that a user can conveniently operate complex control rules, the operation flow of the data center is simplified, the use threshold of the user is reduced, and the high availability of the system is improved.
IPTABLES is a Linux kernel integrated IP packet filtering tool that facilitates better control of IP packet filtering and firewall configuration on Linux systems if the Linux system is connected to the internet or a LAN, a server or a proxy server connecting LAN and internet.
When making packet filtering decisions, firewalls have a set of following and composing rules, which are stored in dedicated packet filtering tables integrated in the Linux kernel, where the rules are grouped in so-called chains (chain). While a netfilter/iptables IP packet filtering tool may be used to add, edit, and remove rules.
The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.
The invention provides a data center host Overlay network access control method, which is characterized by configuring a network access control strategy, configuring iptables rules to restrict the flow between virtual machines in a cluster according to the network access control strategy, configuring a routing strategy at a gateway side according to the network access control strategy to restrict the flow of data between an internal network and an external network of the cluster, and further controlling cluster network access.
The invention provides a scheme for limiting network access control for a host Overlay network, aiming at the characteristics of a host Overlay flow forwarding mode, the flow in a cluster and from the cluster to an external network is limited, an iptables white box mode is configured on a vSwitch host to open the flow between virtual machines, and a routing strategy is configured on a gateway side to limit the flow from the external network to the internal network and from the internal network to the external network, so that the problems of network attack of a public network, uncontrollable network flow in the cluster and the like are avoided, the purpose of preventing network abnormal attack is achieved, and the safety and reliability of the network are improved.
In one embodiment of the method, a data center manages a vSwitch host and a Spine gateway, the two devices are connected with the data center in an OpenFlow mode, the data center performs information intercommunication to the vSwitch host and the Spine gateway respectively in RPC and NetConf modes, network access control is divided into an NAC strategy and an NAC rule, the NAC strategy is divided into an internal NAC strategy and an external NAC strategy, the NAC rule belongs to the NAC strategy and can be divided into an entry direction NAC rule and an exit direction NAC rule, the NAC strategy is an entity associated with a virtual port, a virtual subnet and a virtual router,
internal NAC is applied to a virtual port and a virtual subnet in a data center, the data center is converted into an iptables rule according to an NAC rule configured by a user, a source address and a source port number are specified by an incoming direction rule, a destination address and a destination port number are specified by an outgoing direction rule, the generated rule is notified to a vSwitch host through RPC, and the vSwitch host generates a corresponding rule in a Forward chain of iptables and executes the rule;
the virtual router applies external NAC, the data center converts the routing strategy into a routing strategy according to an NAC rule configured by a user, and the data center informs the converted routing strategy to a Spine gateway through netconf and issues the routing strategy to an external network port of the gateway, so that the routing strategy limits external network traffic entering and exiting the cluster.
Through the process, the vSwitch host can limit the flow between virtual machines according to the NAC rule configured by the user, and the routing strategy is configured on the gateway side to limit the flow from the external network to the internal network and from the internal network to the external network, so that the problems of uncontrollable network flow and the like in the cluster are effectively avoided, abnormal attack of the network is prevented, and the safety and the reliability of the network are improved.
On the basis of the foregoing embodiment, with reference to the specific application in fig. 1, a specific flow of associating NAC policies with a virtual port (VM for short), a virtual Subnet (Subnet for short), and a virtual router (vrrouter for short) is further described.
When the cluster internal network is limited to be open, an internal nac policy 1 is bound to vm1 activated by data center operation, the data center converts rules under the nac policy 1 into iptables commands according to priority, if vm1 is a virtual port which is located under vSwitch1 and is bound with nac policy 1 for the first time, an iptables rule of a default dent can be added, the generated iptables rule is notified to vSwitch through RPC, and the iptables rule is added to a Forward chain under a namespace by the vSwitch; otherwise, when vm1 unbinds internal nac policy 1, the data center informs vSwitch to delete the iptables rule, if vm1 is the last virtual port binding nac policy, the iptables rule of default dent needs to be deleted, and if the iptables rule of dent is default, all traffic will be blocked,
if the data center operates subnet1 to bind internal nac policy 1, if the virtual port is not activated under the subnet, no operation is performed;
if the activated virtual port exists in the subnet, an iptables rule is issued to a vSwitch host where the virtual port is located, and the flow is bound with vm1 to obtain an internal nac policy 1; if the subnet where the virtual port is located is activated and the bound nac policy already exists, the data center can calculate iptables which needs to be issued to the vSwitch host according to the nac policy bound by the port and the nac policy bound by the subnet, and optionally, the nac policy priority of the port is higher than the nac policy of the subnet.
The process is that the inside of the data center cluster is converted into an iptables command which can be identified by the vSwitch host according to a network access control strategy configured by a user, and the iptables command is issued to the vSwitch host to generate a linked list for limiting data message communication, so that the purpose of controlling the inter-access of the internal network of the cluster environment is achieved.
In another embodiment of the method of the present invention, still referring to fig. 1, operating vRouter to bind an external NAC policy 2 in a data center, the data center converting rules under the NAC policy 2 into routing policies according to priorities, if the router does not bind an NAC policy, adding a default deny routing policy, and sending all routing policies to a Spine gateway through netconf connection; otherwise, when the vRouter unbinds the NAC policy 2, if the last NAC policy binding the vRouter is determined, the default routing policy is deleted at the same time.
The above embodiments specifically describe a process of restricting network access control between an internal network and an external network of a data center cluster, improving the security and reliability of the data center network, and occurring simultaneously with the restriction of the internal network of the cluster to the previous direction.
The invention also provides a system for controlling the Overlay network access of the data center host, which comprises a configuration module and a current limiting module,
the configuration module configures a network access control strategy, the current limiting module configures iptables rules to restrict the flow between virtual machines in the cluster according to the network access control strategy, and configures a routing strategy to restrict the flow of data between internal and external networks in the cluster on a gateway side according to the network access control strategy, so as to control cluster network access.
The configuration module in the system configures a network access control strategy at a vSwitch host based on a virtual machine and a subnet and configures a network access control strategy at a gateway based on a virtual router, and the current limiting module specifically performs the operation of a restricted access network according to the network access control strategy.
Because the information interaction, execution process and other contents between the modules of the system are based on the same concept as the method embodiment of the present invention, specific contents can be referred to the description in the method embodiment of the present invention, and are not described herein again.
The invention also provides a data center host Overlay network access control device, which comprises: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is used for calling the machine readable program and executing the data center host Overlay network access control method.
The device of the present invention can be applied in a cluster, and the processor of the device performs information interaction, executing readable program process, etc., and the specific content can refer to the description in the embodiment of the method of the present invention because the same concept is based on the embodiment of the method of the present invention, and will not be described herein again.
It should be noted that not all steps and modules in the above flows and system structures are necessary, and some steps or modules may be omitted according to actual needs. The execution order of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or some components in a plurality of independent devices may be implemented together.
The above-mentioned embodiments are merely preferred embodiments for fully illustrating the present invention, and the scope of the present invention is not limited thereto. The equivalent substitution or change made by the technical personnel in the technical field on the basis of the invention is all within the protection scope of the invention. The protection scope of the invention is subject to the claims.
Claims (8)
1. A data center host Overlay network access control method is characterized in that a network access control strategy is configured, iptables rules are configured according to the network access control strategy to limit the flow among virtual machines in a cluster, a routing strategy is configured on a gateway side according to the network access control strategy to limit the flow of data among internal networks and external networks of the cluster, and then cluster network access is controlled.
2. The method as claimed in claim 1, wherein the network access control policy includes an internal network access control policy and an external network access control policy, the internal network access control policy is converted into iptables rules according to the network access control rules configured by the user, and the external network access control policy is converted into a routing policy according to the network access control rules configured by the user.
3. The method as claimed in claim 1 or 2, wherein the iptables rule is issued to the vSwitch host, and the vSwitch host adds the iptables rule and executes the iptables rule.
4. The method as claimed in claim 3, wherein the gateway is informed of a routing policy, and the routing policy is used to restrict the flow of extranet traffic to and from the cluster.
5. The method as claimed in claim 3 or 4, wherein the virtual port is used to bind the internal network access control policy, the iptables rule is issued to the vSwitch host through RPC,
and unbinding the internal network access control policy by using the virtual port, and deleting the iptables rule by the vSwitch host.
6. The method as claimed in claim 5, wherein the virtual router is used to bind the external network access control policy, and all the routing policies are issued to the gateway through netconf connection,
and unbinding the last external network access control strategy by using the virtual router, and deleting the routing strategy of the gateway.
7. A data center host Overlay network access control system is characterized by comprising a configuration module and a current limiting module,
the configuration module configures a network access control strategy, the current limiting module configures iptables rules to restrict the flow between virtual machines in the cluster according to the network access control strategy, and configures a routing strategy to restrict the flow of data between internal and external networks in the cluster on a gateway side according to the network access control strategy, so as to control cluster network access.
8. A data center host Overlay network access control device is characterized by comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine readable program to execute a data center host Overlay network access control method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010854460.6A CN112003750B (en) | 2020-08-24 | 2020-08-24 | Data center host computer Overlay network access control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010854460.6A CN112003750B (en) | 2020-08-24 | 2020-08-24 | Data center host computer Overlay network access control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112003750A true CN112003750A (en) | 2020-11-27 |
| CN112003750B CN112003750B (en) | 2023-11-21 |
Family
ID=73473066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010854460.6A Active CN112003750B (en) | 2020-08-24 | 2020-08-24 | Data center host computer Overlay network access control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112003750B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112929290A (en) * | 2021-02-02 | 2021-06-08 | 湖南快乐阳光互动娱乐传媒有限公司 | Current limiting method, device, system, storage medium, equipment and gateway |
| CN114679290A (en) * | 2021-05-20 | 2022-06-28 | 腾讯云计算(北京)有限责任公司 | Network security management method and electronic equipment |
| CN115001906A (en) * | 2022-06-02 | 2022-09-02 | 广东电网有限责任公司 | Safety gateway |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090310517A1 (en) * | 2008-06-17 | 2009-12-17 | Qualcomm Incorporated | Methods and apparatus for discovery of peer to peer overlaying networks |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| CA2763109A1 (en) * | 2011-02-15 | 2012-08-15 | Peerialism AB | P2p engine |
| CN103152256A (en) * | 2013-02-22 | 2013-06-12 | 浪潮电子信息产业股份有限公司 | Virtual routing network design method based on cloud computing data center |
| US20140140213A1 (en) * | 2009-01-28 | 2014-05-22 | Headwater Partners I Llc | Service Policy Implementation for an End-User Device Having a Control Application or a Proxy Agent for Routing an Application Traffic Flow |
| WO2015192584A1 (en) * | 2014-06-18 | 2015-12-23 | 中兴通讯股份有限公司 | Virtual routing system and method |
| CN105391771A (en) * | 2015-10-16 | 2016-03-09 | 张陵 | Multi-tenant-oriented cloud network architecture |
| CN106878484A (en) * | 2017-02-27 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of method of configuration Docker cluster external containers IP |
| CN107395781A (en) * | 2017-06-29 | 2017-11-24 | 北京小度信息科技有限公司 | Network communication method and device |
| CN107454207A (en) * | 2017-08-14 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of method and Docker clusters of configuration Overlay web container external IPs |
| US20180241624A1 (en) * | 2017-02-21 | 2018-08-23 | Alibaba Group Holding Limited | Virtual dedicated network and rule table generation method and apparatus, and routing method |
| CN109756422A (en) * | 2019-03-27 | 2019-05-14 | 山东浪潮云信息技术有限公司 | A kind of forwarding routing node choosing method |
| US10326845B1 (en) * | 2016-06-28 | 2019-06-18 | Virtustream Ip Holding Company Llc | Multi-layer application management architecture for cloud-based information processing systems |
| CN111314196A (en) * | 2020-01-21 | 2020-06-19 | 山东汇贸电子口岸有限公司 | Data center network hybrid overlay communication method |
-
2020
- 2020-08-24 CN CN202010854460.6A patent/CN112003750B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090310517A1 (en) * | 2008-06-17 | 2009-12-17 | Qualcomm Incorporated | Methods and apparatus for discovery of peer to peer overlaying networks |
| CN102067525A (en) * | 2008-06-17 | 2011-05-18 | 高通股份有限公司 | Methods and apparatus for discovery of peer-to-peer overlay networks |
| US20140140213A1 (en) * | 2009-01-28 | 2014-05-22 | Headwater Partners I Llc | Service Policy Implementation for an End-User Device Having a Control Application or a Proxy Agent for Routing an Application Traffic Flow |
| CA2763109A1 (en) * | 2011-02-15 | 2012-08-15 | Peerialism AB | P2p engine |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| CN103152256A (en) * | 2013-02-22 | 2013-06-12 | 浪潮电子信息产业股份有限公司 | Virtual routing network design method based on cloud computing data center |
| WO2015192584A1 (en) * | 2014-06-18 | 2015-12-23 | 中兴通讯股份有限公司 | Virtual routing system and method |
| CN105391771A (en) * | 2015-10-16 | 2016-03-09 | 张陵 | Multi-tenant-oriented cloud network architecture |
| US10326845B1 (en) * | 2016-06-28 | 2019-06-18 | Virtustream Ip Holding Company Llc | Multi-layer application management architecture for cloud-based information processing systems |
| US20180241624A1 (en) * | 2017-02-21 | 2018-08-23 | Alibaba Group Holding Limited | Virtual dedicated network and rule table generation method and apparatus, and routing method |
| CN106878484A (en) * | 2017-02-27 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of method of configuration Docker cluster external containers IP |
| CN107395781A (en) * | 2017-06-29 | 2017-11-24 | 北京小度信息科技有限公司 | Network communication method and device |
| CN107454207A (en) * | 2017-08-14 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of method and Docker clusters of configuration Overlay web container external IPs |
| CN109756422A (en) * | 2019-03-27 | 2019-05-14 | 山东浪潮云信息技术有限公司 | A kind of forwarding routing node choosing method |
| CN111314196A (en) * | 2020-01-21 | 2020-06-19 | 山东汇贸电子口岸有限公司 | Data center network hybrid overlay communication method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112929290A (en) * | 2021-02-02 | 2021-06-08 | 湖南快乐阳光互动娱乐传媒有限公司 | Current limiting method, device, system, storage medium, equipment and gateway |
| CN112929290B (en) * | 2021-02-02 | 2023-02-24 | 湖南快乐阳光互动娱乐传媒有限公司 | Current limiting method, device, system, storage medium, equipment and gateway |
| CN114679290A (en) * | 2021-05-20 | 2022-06-28 | 腾讯云计算(北京)有限责任公司 | Network security management method and electronic equipment |
| CN115001906A (en) * | 2022-06-02 | 2022-09-02 | 广东电网有限责任公司 | Safety gateway |
| CN115001906B (en) * | 2022-06-02 | 2024-03-29 | 广东电网有限责任公司 | Security gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112003750B (en) | 2023-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11159487B2 (en) | Automatic configuration of perimeter firewalls based on security group information of SDN virtual firewalls | |
| US9979694B2 (en) | Managing communications between virtual computing nodes in a substrate network | |
| US9025468B1 (en) | Custom routing decisions | |
| CN112003750A (en) | Data center host Overlay network access control method | |
| US8239572B1 (en) | Custom routing decisions | |
| US8693344B1 (en) | Systems and methods for generating packet forwarding rules based on network policy | |
| EP3143733B1 (en) | Virtual flow network in a cloud environment | |
| EP1712056B1 (en) | Tunneled security groups | |
| EP3014851B1 (en) | Apparatus and method for distribution of policy enforcement point | |
| US9385887B2 (en) | Virtualization mapping | |
| US8327014B2 (en) | Multi-layer hardware-based service acceleration (MHSA) | |
| US7738457B2 (en) | Method and system for virtual routing using containers | |
| US10044643B2 (en) | Virtual insertion into a network | |
| US20060095960A1 (en) | Data center topology with transparent layer 4 and layer 7 services | |
| KR20140143155A (en) | Offloading packet processing for networking device virtualization | |
| CN103905523A (en) | Cloud computing network virtualization method and system based on SDN | |
| US8442041B2 (en) | Virtual service domains | |
| KR20110026415A (en) | Network-aware adapter for applications | |
| US20190158505A1 (en) | Data packet forwarding unit in software defined networks | |
| EP1845657A1 (en) | A method for realizing the network security by segmenting the ttl | |
| KR101629089B1 (en) | Hybrid openFlow method for combining legacy switch protocol function and SDN function | |
| US20060064484A1 (en) | Method and apparatus for controlling data to be routed in a data communications network | |
| CN112968879B (en) | Method and equipment for realizing firewall management | |
| CN110661721B (en) | Message anti-attack method and device | |
| KR20220039345A (en) | System and method for providing network separation service based on software-defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |