公开(公告)号：US20230096045A1

公开(公告)日：2023-03-30

申请号：US18058113

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US11533340B2

公开(公告)日：2022-12-20

申请号：US17146204

申请日：2021-01-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US11012299B2

公开(公告)日：2021-05-18

申请号：US16252115

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Gianluca Mardente ,  Giovanni Meo ,  Patel Amitkumar Valjibhai

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/46 ,  H04L12/751 ,  H04L12/715 ,  H04L12/721

Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.

公开(公告)号：US20200235990A1

公开(公告)日：2020-07-23

申请号：US16252115

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Gianluca Mardente ,  Giovanni Meo ,  Patel Amitkumar Valjibhai

IPC: H04L12/24 ,  H04L12/751 ,  H04L12/715 ,  H04L12/721 ,  H04L12/46

Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.

公开(公告)号：US20190297114A1

公开(公告)日：2019-09-26

申请号：US16014644

申请日：2018-06-21

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.