Source specific network scanning in a distributed environment
US-10320750-B1 · Jun 11, 2019 · US
Agent-based network scanning in software-defined networking (SDN) environments
US11522763B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11522763-B2 |
| Application number | US-201815898235-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 16, 2018 |
| Priority date | Nov 29, 2017 |
| Publication date | Dec 6, 2022 |
| Grant date | Dec 6, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example methods are provided for a network scanning controller to perform agent-based network scanning in a software-defined networking (SDN) environment. In one example, the method may comprise identifying multiple networks for which network scanning is required, performing a first network scan using a first agent to obtain first address mapping information associated with multiple first workloads, and performing a second network scan using a second agent to obtain second address mapping information associated with multiple second workloads. The first agent and the multiple first workloads may be located in a first network, and the second agent and the multiple second workloads in a second network. The method may also comprise generating aggregated address information based on the first address mapping information and the second address mapping information.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for a network scanning controller to perform agent-based network scanning in a software-defined networking (SDN) environment that includes the network scanning controller, a first agent and a second agent, wherein the method comprises: identifying multiple networks, by and at the network scanning controller, for which network scanning is required, wherein the multiple networks include a first network and a second network, wherein the first network is a first logical overlay network, the second network is a second logical overlay network, and the first network and the second network are different; generating and sending, by and at the network scanning controller, a first request to the first agent to cause the first agent to execute a first network mapper (NMAP) utility to obtain first address mapping information associated with multiple first workloads, wherein the first agent, the multiple first workloads, and the first NMAP utility are located in the first network; generating and sending, by and at the network scanning controller, a second request to the second agent to cause the second agent to execute a second NMAP utility to obtain second address mapping information associated with multiple second workloads, wherein the second agent, the multiple second workloads, and the second NMAP utility are located in the second network; and aggregating, by and at the network scanning controller, the first address mapping information associated with the first network and the second address mapping information associated with the second network to generate aggregated address mapping information. 2. The method of claim 1 , wherein the method further comprises: receiving, from the first agent, the first address mapping information specifying hardware address information and network address information associated with each of the multiple first workloads; and receiving, from the second agent, the second address mapping information specifying hardware address information and network address information associated with each of the multiple second workloads. 3. The method of claim 1 , wherein the method further comprises: prior to executing the first NMAP utility and the executing the second NMAP utility, receiving a request from a network management entity to perform network scanning in the multiple networks; and generating and sending a response to the network management entity, wherein the response includes the aggregated address mapping information. 4. The method of claim 1 , wherein the method further comprises: receiving a query identifying hardware address information of a particular workload; and based on the aggregated address mapping information, determining network address information associated with the particular workload, wherein the particular workload is one of the multiple first workloads or the multiple second workloads. 5. The method of claim 1 , wherein the first logical overlay network connects the first agent with the multiple first workloads that include first virtualized computing instances; and the second logical overlay network connects the second agent with the second workloads that include multiple second virtualized computing instances. 6. The method of claim 1 , wherein performing the first network scan and the second network scan comprises: receiving the first address mapping information via a first secure channel established between the network scanning controller and the first agent; and receiving the second address mapping information via a second secure channel established between the network scanning controller and the second agent. 7. A non-transitory computer-readable storage medium that includes a set of instructions which, in response to execution by a processor of a computer system, cause the processor to perform a method of agent-based network scanning in a software-defined networking (SDN) environment that includes the computer system, a first agent and a second agent, wherein the method comprises: identifying multiple networks, by and at the network scanning controller, for which network scanning is required, wherein the multiple networks include a first network and a second network, wherein the first network is a first logical overlay network, the second network is a second logical overlay network, and the first network and the second network are different; generating and sending, by and at the network scanning controller, a first request to the first agent to cause the first agent to execute a first network mapper (NMAP) utility to obtain first address mapping information associated with multiple first workloads, wherein the first agent, the multiple first workloads, and the first NMAP utility are located in the first network; generating and sending, by and at the network scanning controller, a second request to the second agent to cause the second agent to execute a second NMAP utility to obtain second address mapping information associated with multiple second workloads, wherein the second agent, the multiple second workloads, and the second NMAP utility are located in the second network; and aggregating, by and at the network scanning controller, the first address mapping information associated with the first network and the second address mapping information associated with the second network to generate aggregated address mapping information. 8. The non-transitory computer-readable storage medium of claim 7 , wherein the method further comprises: receiving, from the first agent, the first address mapping information specifying hardware address information and network address information associated with each of the multiple first workloads; and receiving, from the second agent, the second address mapping information specifying hardware address information and network address information associated with each of the multiple second workloads. 9. The non-transitory computer-readable storage medium of claim 7 , wherein the method further comprises: prior to executing the first NMAP utility and the executing the second NMAP utility, receiving a request from a network management entity to perform network scanning in the multiple networks; and generating and sending a response to the network management entity, wherein the response includes the aggregated address mapping information. 10. The non-transitory computer-readable storage medium of claim 7 , wherein the method further comprises: receiving a query identifying hardware address information of a particular workload; and based on the aggregated address mapping information, determining network address information associated with the particular workload, wherein the particular workload is one of the multiple first workloads or the multiple second workloads. 11. The non-transitory computer-readable storage medium of claim 7 , wherein the first logical overlay network that connects the first agent with the multiple first workloads that include first virtualized computing instances; and the second logical overlay network connects the second agent with the multiple second workloads that include second virtualized computing instances. 12. The non-transitory computer-readable storage medium of claim 7 , wherein performing the first network scan and the second network scan comprises: receiving the first address mapping information via a first secure channel established with the first agent; and receiving the second address mapping information via a second secure channel established with the second agent. 13. A computer system configured to perform agent-based network scanning in a software-defined networking (SDN) env
Assignees
Inventors
Classifications
Layer-2 addresses, e.g. medium access control [MAC] addresses · CPC title
comprising network management agents or mobile agents therefor · CPC title
- H04L41/40Primary
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP] · CPC title
using an overlay routing layer · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11522763B2 cover?
- Example methods are provided for a network scanning controller to perform agent-based network scanning in a software-defined networking (SDN) environment. In one example, the method may comprise identifying multiple networks for which network scanning is required, performing a first network scan using a first agent to obtain first address mapping information associated with multiple first workl…
- Who is the assignee on this patent?
- Nicira Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/40. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 06 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).