20240028358. A GENERAL NETWORK POLICY FOR NAMESPACES simplified abstract (VMware, Inc.)

From WikiPatents
Jump to navigation Jump to search

A GENERAL NETWORK POLICY FOR NAMESPACES

Organization Name

VMware, Inc.

Inventor(s)

Danting Liu of Beijing (CN)

Qian Sun of Beijing (CN)

Jianjun Shen of Redwood City CA (US)

Wenfeng Liu of Beijing (CN)

Donghai Han of Beijing (CN)

A GENERAL NETWORK POLICY FOR NAMESPACES - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240028358 titled 'A GENERAL NETWORK POLICY FOR NAMESPACES

Simplified Explanation

The patent application describes a system and method for controlling network traffic between different namespaces, such as virtual machines, pod virtual machines, and a container orchestration system like Kubernetes. The entities in these namespaces have access to a network with one or more firewalls. The allowed traffic between the namespaces is determined by a security policy definition, which is posted to a master node in a supervisor cluster that manages the namespaces. The master node uses a network manager to generate firewall rules and program the firewalls to enforce these rules.

  • The patent application proposes a system and method for managing network traffic between different namespaces in a network.
  • The entities in the namespaces include virtual machines, pod virtual machines, and a container orchestration system like Kubernetes.
  • The network includes one or more firewalls that control the flow of traffic.
  • A security policy definition is used to determine the allowed traffic between the namespaces.
  • The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces.
  • The master node invokes a network manager to generate firewall rules based on the security policy definition.
  • The generated firewall rules are then programmed into the one or more firewalls to enforce the defined traffic rules.

Potential Applications:

  • This technology can be applied in cloud computing environments where multiple namespaces need to communicate securely.
  • It can be used in containerized applications managed by container orchestration systems like Kubernetes.
  • The system can be implemented in network infrastructure to provide secure communication between different entities.

Problems Solved:

  • The system solves the problem of controlling network traffic between different namespaces in a secure and efficient manner.
  • It addresses the challenge of managing firewall rules and enforcing security policies in a dynamic and scalable environment.
  • The technology provides a centralized approach to define and enforce network traffic rules across multiple namespaces.

Benefits:

  • The system allows for fine-grained control over network traffic between namespaces, enhancing security.
  • It simplifies the management of firewall rules by automating the generation and programming process.
  • The technology improves the scalability and flexibility of network infrastructure in environments with multiple namespaces.
  • It enables efficient communication between different entities while maintaining security and compliance.


Original Abstract Submitted

disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as kubernetes, reside and operate. the entities have access to a network that includes one or more firewalls. the traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. the security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. the master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.