公开(公告)号：US20240214425A1

公开(公告)日：2024-06-27

申请号：US18089252

申请日：2022-12-27

Applicant: Cisco Technology, Inc.

Inventor： Andrew E. Ossipov ,  Janardhanan Radhakrishnan ,  Robert Tappenden ,  Jared Tierney Smith

IPC: H04L9/40 ,  G06F9/451

CPC classification number: H04L63/20 ,  G06F9/451 ,  H04L63/105

Abstract: Techniques for using an end-to-end policy controller to automatically discover and inventory enforcement points in a network. A network controller may leverage data associated with network devices in a network to identify paths between source endpoints and destination endpoints to establish an inventory of enforcement points along the paths. For example, the controller may consume telemetry data indicative of network events (e.g., firewall events, IPS event logs, netflow events, etc.) to figure out where enforcement points are provisioned with respect to traffic being observed. Additionally, the SDN controller may dynamically build a network topology providing indications of roles and/or locations of enforcement points.