公开(公告)号：US20230096045A1

公开(公告)日：2023-03-30

申请号：US18058113

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US11533340B2

公开(公告)日：2022-12-20

申请号：US17146204

申请日：2021-01-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US20190297114A1

公开(公告)日：2019-09-26

申请号：US16014644

申请日：2018-06-21

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US11863591B2

公开(公告)日：2024-01-02

申请号：US18058113

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

CPC classification number: H04L63/20 ,  H04L41/0806 ,  H04L41/0893 ,  H04L41/12 ,  H04L63/00 ,  H04L63/0227 ,  H04L63/101

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US20210136124A1

公开(公告)日：2021-05-06

申请号：US17146204

申请日：2021-01-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US10917436B2

公开(公告)日：2021-02-09

申请号：US16014644

申请日：2018-06-21

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.