Bit indexed explicit replication based multicast for locator identifier separation protocol
US-2020245206-A1 · Jul 30, 2020 · US
Group based classification and policy enforcement for external network traffic
US11716284B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11716284-B2 |
| Application number | US-202117308224-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 5, 2021 |
| Priority date | May 5, 2021 |
| Publication date | Aug 1, 2023 |
| Grant date | Aug 1, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: registering, at a control plane of a network, a border node that is configured to route traffic between the network and an external network; receiving, at the control plane and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination, the request including an address prefix value that is associated with the destination; determining, at the control plane and based at least in part on the address prefix value, that the destination is located in the external network; determining, at the control plane, a group identifier that is associated with the border node, the group identifier indicating that the destination is located in the external network; and sending, by the control plane and to the edge node, a reply to the request including an indication of the group identifier, the edge node configured to utilize the group identifier to determine a policy decision for routing the packet. 2. The method of claim 1 , wherein determining the policy decision for routing the packet comprises determining, at the edge node, to: drop the packet; send the packet to the destination; or send the packet to the destination via a security service. 3. The method of claim 1 , further comprising storing, at the control plane, mapping data comprising multiple known address prefix values associated with registered user devices of the network, each known address prefix value of the multiple known address prefix values being associated with a respective edge node of the network, wherein determining that the destination is located in the external network is based at least in part on the stored mapping data. 4. The method of claim 1 , wherein sending the indication of the group identifier to the edge node further comprises sending a router identifier that is associated with the border node. 5. The method of claim 1 , wherein the group identifier is cached by the edge node in a memory accessible to the edge node for a predetermined period of time. 6. The method of claim 1 , wherein the destination comprises an internet destination and the group identifier indicates that the packet comprises internet traffic. 7. The method of claim 1 , wherein registering the border node comprises associating the group identifier with the border node for address prefix values associated with a negative map reply (NMR) hole. 8. A system comprising: one or more processors; and one or more non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: registering, at a control plane of a network, a border node that is configured to route traffic between the network and an external network; receiving, at the control plane and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination, the request including an address prefix value that is associated with the destination; determining, at the control plane and based at least in part on the address prefix value, that the destination is located in the external network; determining, at the control plane, a group identifier that is associated with the border node, the group identifier indicating that the destination is located in the external network; and sending, by the control plane and to the edge node, a reply to the request including an indication of the group identifier, the edge node configured to utilize the group identifier to determine a policy decision for routing the packet. 9. The system of claim 8 , wherein determining the policy decision for routing the packet comprises determining, at the edge node, to: drop the packet; send the packet to the destination; or send the packet to the destination via a security service. 10. The system of claim 8 , the operations further comprising storing, at the control plane, mapping data comprising multiple known address prefix values associated with registered user devices of the network, each known address prefix value of the multiple known address prefix values being associated with a respective edge node of the network, wherein determining that the destination is located in the external network is based at least in part on the stored mapping data. 11. The system of claim 8 , wherein sending the indication of the group identifier to the edge node further comprises sending a router identifier that is associated with the border node. 12. The system of claim 8 , wherein the group identifier is cached by the edge node in a memory accessible to the edge node for a predetermined period of time. 13. The system of claim 8 , wherein the destination comprises an internet destination and the group identifier indicates that the packet comprises internet traffic. 14. The system of claim 8 , wherein registering the border node comprises associating the group identifier with the border node for address prefix values associated with a negative map reply (NMR) hole. 15. One or more non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: registering, at a control plane of a network, a border node that is configured to route traffic between the network and an external network; receiving, at the control plane and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination, the request including an address prefix value that is associated with the destination; determining, at the control plane and based at least in part on the address prefix value, that the destination is located in the external network; determining, at the control plane, a group identifier that is associated with the border node, the group identifier indicating that the destination is located in the external network; and sending, by the control plane and to the edge node, a reply to the request including an indication of the group identifier, the edge node configured to utilize the group identifier to determine a policy decision for routing the packet. 16. The non-transitory computer-readable media of claim 15 , wherein determining the policy decision for routing the packet comprises determining, at the edge node, to: drop the packet; send the packet to the destination; or send the packet to the destination via a security service. 17. The non-transitory computer-readable media of claim 15 , the operations further comprising storing, at the control plane, mapping data comprising multiple known address prefix values associated with registered user devices of the network, each known address prefix value of the multiple known address prefix values being associated with a respective edge node of the network, wherein determining that the destination is located in the external network is based at least in part on the stored mapping data. 18. The non-transitory computer-readable media of claim 15 , wherein sending the indication of the group identifier to the edge node further comprises sending a router identifier that is associated with the border node. 19. The non-transitory computer-readable media of claim 15 , wherein the group identifier is cached by the edge node in a memory accessible to the edge node for a predetermined period of time. 20. The non-transitory computer-readable media of claim 15 , wherein registering the border node comprises assoc
Assignees
Inventors
Classifications
- H04L45/74Primary
Address processing for routing · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Grouping of entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11716284B2 cover?
- Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L45/74. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 01 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).