Layer 7 network security for container workloads
US12101244B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 14, 2023 |
| Grant date | Sep 24, 2024 |
| Priority date | — |
| Expiry date | Jul 14, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/329
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed forwarding elements (MFEs) executing on the host computer that are candidate interfaces for receiving flows that need to be directed based on the TC CR to a layer 7 packet processor. Based on the identified set of interfaces, the method provides a set of flow records to the set of MFEs to process in order to direct a subset of flows that the set of MFEs receive to the layer 7 packet processor.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.