公开(公告)号：US20170019417A1

公开(公告)日：2017-01-19

申请号：US14802033

申请日：2015-07-17

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Kenneth S. Beck

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L43/026 ,  H04L43/062 ,  H04L43/12 ,  H04L63/14

Abstract: A method and related apparatus for performing inspection of flows within a software defined network includes identifying a security appliance within a software defined network, identifying candidate traffic flows flowing in the software defined network to be inspected, selecting one of the candidate traffic flows for security inspection, and communicating with a software defined network controller to cause the one of the candidate traffic flows to be redirected towards the security appliance for inspection or to cause the one of the candidate traffic flows to be copied and a resulting copy thereof forwarded to the security appliance for inspection.

Abstract translation: 一种在软件定义的网络内执行流程检查的方法和相关装置包括识别软件定义的网络内的安全设备，识别在待检查的软件定义的网络中流动的候选业务流，选择候选业务流中的一个进行安全检查 并且与软件定义的网络控制器进行通信，以将所述候选业务流中的一个重定向到所述安全设备进行检查，或使所述候选业务流中的一个被复制，并将其所得到的副本转发到所述安全设备 供检查。

公开(公告)号：US10205641B2

公开(公告)日：2019-02-12

申请号：US14802033

申请日：2015-07-17

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Kenneth S. Beck

IPC: H04L12/26 ,  H04L29/06

Abstract: A method and related apparatus for performing inspection of flows within a software defined network includes identifying a security appliance within a software defined network, identifying candidate traffic flows flowing in the software defined network to be inspected, selecting one of the candidate traffic flows for security inspection, and communicating with a software defined network controller to cause the one of the candidate traffic flows to be redirected towards the security appliance for inspection or to cause the one of the candidate traffic flows to be copied and a resulting copy thereof forwarded to the security appliance for inspection.

公开(公告)号：US10296744B1

公开(公告)日：2019-05-21

申请号：US14864116

申请日：2015-09-24

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Kenneth S. Beck ,  Jyoti Verma ,  Jason R. Brvenik

IPC: G06F21/56

Abstract: A method and related apparatus for performing inspection of flows within a software defined network includes monitoring an indicator indicative of a presence of malware in a selected flow in an electronic communications network, when the indicator suggests the presence of malware in the selected flow, requesting a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, and causing the security appliance to be reconfigured in response to the indicator that suggest the presence of malware in the selected flow.

公开(公告)号：US20160234234A1

公开(公告)日：2016-08-11

申请号：US14614530

申请日：2015-02-05

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Kenneth S. Beck

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L45/124 ,  H04L45/125 ,  H04L63/18 ,  H04L63/20

Abstract: Techniques are presented herein that allow for arranging traffic flows in a network, and using the capabilities for inspection, recording, and enforcement around the network, in a way that makes the best use of the resources. A software defined network (SDN) interface between the network and security applications exposes a programmatic way to control security resources around the network such that they are optimally utilized. The SDN interface prioritizes and optimizes the use of security elements in the network. Security requests with corresponding priorities are used by a network controller to direct traffic flows through appropriate security elements, such as recording, inspection, or enforcement elements. The configuration of traffic flows is optimized with respect to the capacity of the communication links, as well as the priority of the respective security requests.

Abstract translation: 本文给出了允许在网络中布置交通流并且以最佳利用资源的方式使用围绕网络进行检查，记录和执行的能力的技术。 网络和安全应用程序之间的软件定义网络（SDN）接口公开了一种编程方式来控制网络周围的安全资源，以便最佳地利用网络。 SDN接口优先考虑并优化网络中安全元素的使用。 网络控制器使用具有相应优先级的安全请求来引导流量通过适当的安全元素，例如记录，检查或强制元素。 针对通信链路的容量以及相应的安全请求的优先级，优化业务流的配置。