Implementing logical network security on a hardware switch
US10200343B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 31, 2016 |
| Grant date | Feb 5, 2019 |
| Priority date | — |
| Expiry date | Feb 21, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Some embodiments provide a method for configuring a hardware switch to implement a security policy associated with a logical router of a logical network. The method receives a logical router definition. The logical router logically connects a physical machine, connected to a physical port of the hardware switch, to several VMs that execute on a set of host machines. The method defines a set of routing components for the logical router, each of which, has several interfaces. The method receives a security policy that includes a set of security rules for the physical machine and populates an ACL table with ACL rules data generated based on the received set of security rules. The method then for at least one interface of one of the routing components, generates linking data that links a set of one or more ACL rules in the ACL table to the interface of the routing component.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.