Traffic distribution over multiple paths in a network while maintaining flow affinity
US-9716592-B1 · Jul 25, 2017 · US
Symmetric bi-directional policy based redirect of traffic flows
US10819753B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10819753-B2 |
| Application number | US-201916567995-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 11, 2019 |
| Priority date | Jun 17, 2016 |
| Publication date | Oct 27, 2020 |
| Grant date | Oct 27, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for managing traffic through a switch fabric having a border defined at least by a plurality of leaf nodes connected by at least one spine node, the plurality of leaf nodes including at least first and second leaf nodes, the method comprising: first receiving, by the first leaf node connected to a first endpoint, a first data packet transmitted by the switch fabric to the first endpoint from a second endpoint connected to the second leaf node; first enforcing, at exit of the first data packet from the switch fabric at the first leaf node, an egress data policy to the first data packet by applying a symmetrical hashing algorithm to at least a portion of the first data packet, resulting in a hash value of the first data packet; first routing, after the first enforcing and before the first data packet exits the switch fabric, the first data packet to a first service node based on the hash value of the first data packet; second receiving, by the second leaf node, a second data packet transmitted by the switch fabric to the second endpoint from the first endpoint; second enforcing, at exit of the second data packet from the switch fabric at the second leaf node, an egress data policy to the second data packet by applying the symmetrical hashing algorithm to at least a portion of the second data packet, resulting in a hash value of the second data packet; and second routing, after the second enforcing and before the second data packet exits the switch fabric, the second data packet to the first service node based on the hash value of the first data packet; wherein, due to the symmetrical nature of the symmetrical hashing algorithm, data between the first and second endpoints are sent to the first service node regardless of the direction in which the data was sent. 2. The method of claim 1 , further comprising: in response to determining that the second endpoint has moved from the second leaf node to a third leaf node of the switch fabric, dynamically reconfiguring the first leaf node to stop enforcing the egress data policy to data packets transmitted from the second endpoint to the first endpoint. 3. The method of claim 2 , further comprising: after dynamically reconfiguring the first leaf node to stop enforcing the egress data policy, receiving a second data packet transmitted by the second endpoint to the first endpoint; and transmitting the second data packet to the third leaf node; enforcing, by the third leaf node, the egress data policy. 4. The method of claim 3 , wherein the enforcing comprises applying the symmetrical hashing algorithm. 5. The method of claim 4 , wherein the enforcing comprises applying the symmetrical hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the second data packet, resulting in a hash value of the second data packet, wherein the third leaf node routes the second data packet to the first service node based on the hash value of the second data packet. 6. The method of claim 1 , wherein the first service node is a firewall. 7. The method of claim 1 , wherein a protocol value of the first data packet is also applied to the symmetrical hashing algorithm to result in the hash value of the first data packet. 8. A system comprising: a switch fabric having a border defined at least by a plurality of leaf nodes connected by at least one spine node, the plurality of leaf nodes including at least first and second leaf nodes; a memory storing instructions that, when executed by any of the leaf nodes, cause the leaf nodes to perform operations comprising: first receiving, by the first leaf node connected to a first endpoint, a first data packet transmitted by the switch fabric to the first endpoint from a second endpoint connected to the second leaf node; first enforcing, at exit of the first data packet from the switch fabric at the first leaf node, an egress data policy to the first data packet by applying a symmetrical hashing algorithm to at least a portion of the first data packet, resulting in a hash value of the first data packet; first routing, after the first enforcing and before the first data packet exits the switch fabric, the first data packet to a first service node based on the hash value of the first data packet; second receiving, by the second leaf node, a second data packet transmitted by the switch fabric to the second endpoint from the first endpoint; second enforcing, at exit of the second data packet from the switch fabric at the second leaf node, an egress data policy to the second data packet by applying the symmetrical hashing algorithm to at least a portion of the second data packet, resulting in a hash value of the second data packet; and second routing, after the second enforcing and before the second data packet exits the switch fabric, the second data packet to the first service node based on the hash value of the first data packet; wherein, due to the symmetrical nature of the symmetrical hashing algorithm, data between the first and second endpoints are sent to the first service node regardless of the direction in which the data was sent. 9. The system of claim 8 , the operations further comprising: in response to determining that the second endpoint has moved from the second leaf node to a third leaf node of the switch fabric, dynamically reconfiguring the first leaf node to stop enforcing the egress data policy to data packets transmitted from the second endpoint to the first endpoint. 10. The system of claim 9 , the operations further comprising: after dynamically reconfiguring the first leaf node to stop enforcing the egress data policy, receiving a second data packet transmitted by the second endpoint to the first endpoint; and transmitting the second data packet to the third leaf node; enforcing, by the third leaf node, the egress data policy. 11. The system of claim 10 , wherein the enforcing comprises applying the symmetrical hashing algorithm. 12. The system of claim 11 , wherein the enforcing comprises applying the symmetrical hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the second data packet, resulting in a hash value of the second data packet, wherein the third leaf node routes the second data packet to the first service node based on the hash value of the second data packet. 13. The system of claim 8 , wherein the first service node is a firewall. 14. The system of claim 8 , wherein a protocol value of the first data packet is also applied to the symmetrical hashing algorithm to result in the hash value of the first data packet. 15. A non-transitory computer-readable media storing instructions that, when executed by a switch fabric having a border defined at least by a plurality of leaf nodes connected by at least one spine node, the plurality of leaf nodes including at least first and second leaf nodes, cause the switch fabric to perform operations comprising: first receiving, by the first leaf node connected to a first endpoint, a first data packet transmitted by the switch fabric to the first endpoint from a second endpoint connected to the second leaf node; first enforcing, at exit of the first data packet from the switch fabric at the first leaf node, an egress data policy to the first data packet by applying a symmetrical hashing algorithm to at least a portion of the first data packet, resulting in a hash value of the first data packet; first routing, after the first enforcing and before the first data packet exits the switch fabric, the first data packet to a
Assignees
Inventors
Classifications
- H04L65/1104Primary
Session initiation protocol [SIP] · CPC title
using hashing · CPC title
- H04L65/1006Primary
Electricity · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10819753B2 cover?
- Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by apply…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L65/1104. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 27 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).