Selective traffic leaking in enterprise fabric with extranet
US-2018367328-A1 · Dec 20, 2018 · US
Distributed internet access in an overlay fabric using combined local and remote extranet policies
US10735217B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10735217-B2 |
| Application number | US-201916368006-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 28, 2019 |
| Priority date | Nov 21, 2018 |
| Publication date | Aug 4, 2020 |
| Grant date | Aug 4, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present technology provides a system, method, and computer-readable medium directed to dynamic implementation and management of multi-provider internet access featuring multiple access points across a multi-site overlay network fabric. An aspect of the technology is directed to the implementation of a common fabric-wide Virtual Network (VN) with a unique Internet Instance Identifier (Internet IID) that is dedicated to internet access traffic. Default access routes from multiple service providers (SP) are leaked into the VN with the Internet IID at exit points of the fabric using local Extranet policies. Internet-bound traffic generated from any point within the overlay fabric network is then redirected into the Internet IID, using remote Extranet policies. Internet-bound traffic, once in the Internet IID, follows the SP default access route(s) towards the exit points where SP specific access policies may be applied to the traffic which is then forwarded to the corresponding SP network.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer-implemented method for providing isolated multi-provider internet access in an overlay fabric comprising: creating an isolated Internet Virtual Network (VN) in the overlay fabric network, wherein the isolated Internet VN spans across a plurality of domains in the overlay fabric; leaking into the isolated Internet VN at least one default access route to at least one Service Provider, using one or more local extranet policies; redirecting at least one traffic flow destined for the at least one Service Provider into the Internet VN in the overlay fabric, using one or more remote extranet policies. 2. The computer-implemented method of claim 1 , wherein the at least one default access route to at least one Service provider is leaked into the isolated internet VN at one or more exit points of the overlay fabric. 3. The computer-implemented method of claim 2 , wherein the at least one traffic flow in the Internet VN is routed towards the one or more exit points of the overlay fabric using the at least one default access route to the at least one Service Provider. 4. The computer-implemented method of claim 3 , wherein the at least one traffic flow in the Internet VN is routed to one or more Service Providers based on one or more internet policy parameters specified at the one or more exit points of the overlay fabric. 5. The computer-implemented method of claim 4 , wherein the one or more internet policy parameters comprises a set of priorities and weights assigned to each of the one or more Service Providers. 6. The computer-implemented method of claim 1 , wherein the Internet VN is assigned an Internet instance identifier (IID) that is accessible across the plurality of domains in the overlay fabric. 7. The computer-implemented method of claim 1 , wherein a prefix of the at least one Service Provider is not exposed in the overlay fabric. 8. The computer-implemented method of claim 1 , wherein the at least one default access route to the at least one Service Provider is registered with one or more fabric controllers. 9. The computer-implemented method of claim 8 , wherein the one or more fabric controllers publish the at least one default access route to the at least one Service Provider to one or more fabric border routers. 10. A system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to: create an isolated Internet Virtual Network (VN) in an overlay fabric network, wherein the isolated Internet VN spans across a plurality of domains in the overlay fabric network; leak into the isolated Internet VN at least one default access route to at least one Service Provider, using one or more local extranet policies; redirect at least one traffic flow destined for the at least one Service Provider into the Internet VN in the overlay fabric, using one or more remote extranet policies. 11. The system of claim 10 , wherein the at least one default access route to the at least one Service provider is leaked into the isolated internet VN at one or more exit points of the overlay fabric network. 12. The system of claim 11 , wherein the at least one traffic flow in the Internet VN is routed towards the one or more exit points of the overlay fabric network using the at least one default access route to the at least one Service Provider. 13. The system of claim 12 , wherein the at least one traffic flow in the Internet VN is routed to the at least one Service Provider based on one or more internet policy parameters specified at the one or more exit points of the overlay fabric. 14. The system of claim 13 , wherein the one or more internet policy parameters comprises a set of priorities and weight assigned to each of the one or more Service Providers. 15. The system of claim 10 , wherein the Internet VN is assigned an Internet instance identifier (IID) that is accessible across the plurality of domains in the overlay fabric network. 16. The system of claim 10 , wherein the at least one default access route to the at least one Service Provider is registered with one or more fabric controllers. 17. The system of claim 16 , wherein the one or more fabric controllers publish the at least one default access route to the at least one Service Provider to one or more fabric border routers. 18. At least one non-transitory computer-readable storage medium comprising instructions stored thereon which, when executed by one or more processors, cause the one or more processors to: create an isolated Internet Virtual Network (VN) in an overlay fabric network, wherein the isolated Internet VN spans across a plurality of domains in the overlay fabric network; leak into the isolated Internet VN at least one default access route to at least one Service Provider, using one or more local extranet policies; redirect at least one traffic flow destined for the at least one Service Provider into the Internet VN in the overlay fabric, using one or more remote extranet policies. 19. The non-transitory computer-readable storage medium of claim 18 , wherein the at least one default access route to at least one Service provider is leaked into the isolated internet VN at one or more exit points of the overlay fabric network. 20. The non-transitory computer-readable storage medium of claim 19 , wherein the at least one traffic flow in the Internet VN is routed towards the one or more exit points of the overlay fabric network using the at least one default access route to the at least one Service Provider.
Assignees
Inventors
Classifications
Policy-based network configuration management · CPC title
- H04L12/2858Primary
Access network architectures · CPC title
- H04L12/4645Primary
Details on frame tagging (routing of packets H04L45/00; support for virtual LAN H04L49/354) · CPC title
Arrangements for the registration or de-registration of VLAN attribute values, e.g. VLAN identifiers, port VLAN membership · CPC title
Configuration setting · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10735217B2 cover?
- The present technology provides a system, method, and computer-readable medium directed to dynamic implementation and management of multi-provider internet access featuring multiple access points across a multi-site overlay network fabric. An aspect of the technology is directed to the implementation of a common fabric-wide Virtual Network (VN) with a unique Internet Instance Identifier (Intern…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L12/2858. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 04 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).