Traitement en cours

Veuillez attendre...

PATENTSCOPE sera indisponible durant quelques heures pour des raisons de maintenance le mardi 27.07.2021 à 12:00 PM CEST
Paramétrages

Paramétrages

Aller à Demande

1. WO2021041431 - DISPOSITIF INFORMATIQUE COMPRENANT DES CONTENEURS ISOLÉS DU PROCESSUS AYANT DES FONCTIONS VIRTUELLES ATTRIBUÉES

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

CLAIMS

WHAT IS CLAIMED IS:

1. A server for hosting process isolated containers within a virtual machine, comprising:

at least one physical processor;

at least one physical computer memory storing executable code for execution by the at least one physical processor, the executable code configured to provide a host virtual machine and at least one process isolated container within the host virtual machine; and

a physical network interface controller, NIC, including a physical NIC switch configured to distribute incoming data packets to a plurality of functions, wherein the plurality of functions includes a physical function and virtual functions, wherein a respective virtual function is assigned to an individual process isolated container within the virtual machine.

2. The server of claim 1, wherein the respective virtual function for the individual process isolated container is configured to access a portion of the at least one physical computer memory allocated to the individual kernel isolated container to bypass a virtual switch of the host virtual machine.

3. The server of claim 1, wherein a host network service of the host virtual machine is configured to assign the respective virtual function to the individual process isolated container.

4. The server of claim 3, wherein the individual process isolated container is configured to communicate with the host virtual machine via the host network service to request the respective virtual function.

5. The server of claims 3 or 4, wherein the host network service is configured to configure the physical NIC switch with generic flow tables that apply policies and access control lists to the incoming data packets, wherein the generic flow tables are configured to perform rate limiting on the physical NIC switch via hardware quality of service.

6. The server of any of claims 3-5, wherein the host network service is configured to map a network virtual service client device to the respective virtual function for the individual process isolated container.

7. The server of any preceding claim, wherein the individual process isolated container is configured to execute a hardware acceleration of the physical processor or perform a direct memory access on the physical memory via the respective virtual function.

8. The server of any preceding claim, wherein each process isolated container is associated with a compartment that is configured to isolate each process isolated container from other ones of the at least one process isolated container.

9. The server of any preceding claim, such that the individual process isolated container is able to access hardware accelerations or direct memory access via the at least one respective virtual function without the need for a virtual switch in the virtual machine.

10. A method of hosting process isolated containers within a virtual machine, comprising:

instantiating, on a server including a processor, a host virtual machine and at least one process isolated container within the host virtual machine; and distributing incoming data packets to a plurality of functions via a physical network interface controller, NIC, including a physical NIC switch, wherein the plurality of functions includes a physical function and virtual functions, and wherein a respective virtual function of the virtual functions is assigned to an individual process isolated container of the at least one process isolated container within the virtual machine.

11. The method of claim 10, further comprising assigning, by a host network service of the host virtual machine, the respective virtual function to the individual process isolated container.

12. The method of claim 11, further comprising:

configuring the physical NIC switch with generic flow tables that apply policies and access control lists to the incoming data packets; and

performing, by the generic flow tables, rate limiting via hardware quality of service.

13. The method of any of claims 10-12, further comprising mapping a network virtual service client device to the respective virtual function.

14. The method of any of claims 10-13, further comprising executing, by the individual process isolated container, a hardware acceleration of the processor via the virtual function, wherein the hardware acceleration is one of:

a data plane development kit operation;

a remote direct memory access operation; or

access to physical memory by the process isolated container.

15. A non-transitory computer-readable medium storing computer executable instructions for performing the method of any of claims 10-14.