What technology area does this patent fall under?

Primary CPC classification H04L41/5019. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 13 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

On-path dynamic policy enforcement and endpoint-aware policy enforcement for endpoints

US12063149B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12063149-B2
Application number	US-202318353702-A
Country	US
Kind code	B2
Filing date	Jul 17, 2023
Priority date	Apr 3, 2019
Publication date	Aug 13, 2024
Grant date	Aug 13, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving, by a network device local to a first endpoint in a network environment from a centralized network controller, a network-wide endpoint policy; receiving, by the network device from the first endpoint, first policy metadata injected into first data traffic, wherein the first policy metadata includes data specific to the first endpoint for locally applying policies to the first endpoint; determining, by the network device, a first endpoint specific policy for the first endpoint by evaluating the first policy metadata with respect to the network-wide endpoint policy; and locally applying, by the network device, the first endpoint specific policy to control additional data traffic associated with the first endpoint. 2. The method of claim 1 , wherein the network device is on-path in one or more traffic flows to or from the first endpoint and the network device receives the first policy metadata with the first data traffic through at least one of the one or more traffic flows. 3. The method of claim 1 , wherein the first policy metadata includes the data describing local operation of the first endpoint in the network environment with respect to the first data traffic. 4. The method of claim 1 , wherein the first policy metadata includes policy-specific metadata for the first endpoint, and the policy-specific metadata is generated to apply one or more explicit policies for the first endpoint. 5. The method of claim 1 , further comprising: identifying, by the network device, past policy metadata injected into past data traffic and received from the first endpoint; and determining, by the network device, the first endpoint specific policy for the first endpoint by evaluating the first policy metadata and the past policy metadata with respect to the network-wide endpoint policy. 6. A system comprising: one or more processors; and a computer-readable medium comprising instructions stored therein, which when executed by the one or more processors, cause the one or more processors to perform operations comprising: receive, by a network device local to a first endpoint in a network environment from a centralized network controller, a network-wide endpoint policy; receive, by the network device from the first endpoint, first policy metadata injected into first data traffic, wherein the first policy metadata includes data specific to the first endpoint for locally applying policies to the first endpoint; determine, by the network device, a first endpoint specific policy for the first endpoint by evaluating the first policy metadata with respect to the network-wide endpoint policy; and locally apply, by the network device, the first endpoint specific policy to control additional data traffic associated with the first endpoint. 7. The system of claim 6 , wherein the network device is on-path in one or more traffic flows to or from the first endpoint and the network device receives the first policy metadata with the first data traffic through at least one of the one or more traffic flows. 8. The system of claim 6 , wherein the first policy metadata includes the data describing local operation of the first endpoint in the network environment with respect to the first data traffic. 9. The system of claim 6 , wherein the first policy metadata includes policy-specific metadata for the first endpoint, and the policy-specific metadata is generated to apply one or more explicit policies for the first endpoint. 10. The system of claim 6 , the operations further comprising: identifying, by the network device, past policy metadata injected into past data traffic and received from the first endpoint; and determining, by the network device, the first endpoint specific policy for the first endpoint by evaluating the first policy metadata and the past policy metadata with respect to the network-wide endpoint policy. 11. A non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the one or more processors to perform operations comprising: receive, by a network device local to a first endpoint in a network environment from a centralized network controller, a network-wide endpoint policy; receive, by the network device from the first endpoint, first policy metadata injected into first data traffic, wherein the first policy metadata includes data specific to the first endpoint for locally applying policies to the first endpoint; determine, by the network device, a first endpoint specific policy for the first endpoint by evaluating the first policy metadata with respect to the network-wide endpoint policy; and locally apply, by the network device, the first endpoint specific policy to control additional data traffic associated with the first endpoint. 12. The non-transitory computer-readable storage medium of claim 11 , wherein the network device is on-path in one or more traffic flows to or from the first endpoint and the network device receives the first policy metadata with the first data traffic through at least one of the one or more traffic flows. 13. The non-transitory computer-readable storage medium of claim 11 , wherein the first policy metadata includes the data describing local operation of the first endpoint in the network environment with respect to the first data traffic. 14. The non-transitory computer-readable storage medium of claim 11 , wherein the first policy metadata includes policy-specific metadata for the first endpoint, and the policy-specific metadata is generated to apply one or more explicit policies for the first endpoint. 15. The method of claim 1 , further comprising: determining whether to expose the first policy metadata to the network environment; and removing from the first data traffic, in response to determining not to expose the first policy metadata to the network environment, the first policy metadata before transmission to one or more intended recipients. 16. The method of claim 15 , further comprising: determining how much of the first policy metadata to expose to the network environment; and removing from the first data traffic, in response to the determining how much, a portion of the first policy metadata before transmission to one or more intended recipients. 17. The system of claim 6 , further comprising: determine whether to expose the first policy metadata to the network environment; and remove from the first data traffic, in response to determining not to expose the first policy metadata to the network environment, the first policy metadata before transmission to one or more intended recipients. 18. The system of claim 6 , further comprising: determining how much of the first policy metadata to expose to the network environment; and removing from the first data traffic, in response to the determining how much, a portion of the first policy metadata before transmission to one or more intended recipients. 19. The non-transitory computer-readable storage medium of claim 11 , further comprising: determine whether to expose the first policy metadata to the network environment; and remove from the first data traffic, in response to determining not to expose the first policy metadata to the network environment, the first policy metadata before transmission to one or more intended recipients. 20. The non-transitory computer-readable storage medium of claim 11 , further comprising: determine how much of the first policy metadata to expose

Assignees

Cisco Tech Inc

Inventors

Classifications

H04L47/10
Flow control; Congestion control · CPC title
H04L41/0894
Policy-based network configuration management · CPC title
H04L41/0895
Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements · CPC title
H04L41/04
Network management architectures or arrangements · CPC title
H04L41/342
between virtual entities, e.g. orchestrators, SDN or NFV entities · CPC title

Patent family

Related publications grouped by family.

View patent family 72661689

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12063149B2 cover?: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into …
Who is the assignee on this patent?: Cisco Tech Inc
What technology area does this patent fall under?: Primary CPC classification H04L41/5019. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 13 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).