What technology area does this patent fall under?

Primary CPC classification H04L63/20. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Jan 07 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Providing services to virtual overlay network traffic

US2016006769A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016006769-A1
Application number	US-201514856377-A
Country	US
Kind code	A1
Filing date	Sep 16, 2015
Priority date	Oct 1, 2012
Publication date	Jan 7, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In one embodiment, an apparatus includes a processor and logic integrated with and/or executable by the processor. The logic is configured to communicate with a first physical switch, a second physical switch, and an overlay network that connects the first physical switch to the second physical switch. The logic is also configured to receive a request for a communication path through the overlay network for a packet, the request including at least the packet, first information about a source of the packet, the source of the packet being connected to the first physical switch, and second information about a most closely connected physical switch to a destination of the packet. Moreover, the logic is configured to determine the destination of the packet, the destination of the packet being connected to the second physical switch. Also, the logic is configured to determine whether to apply a security policy to the packet.

First claim

Opening claim text (preview).

What is claimed is: 1 . An apparatus, comprising: a processor and logic integrated with and/or executable by the processor, the logic being configured to: communicate with a first physical switch, a second physical switch, and an overlay network that connects the first physical switch to the second physical switch; receive a request for a communication path through the overlay network for a particular packet, the request comprising at least: the packet; first information about a source of the packet, the source of the packet being connected to the first physical switch; and second information about a most closely connected physical switch to a destination of the packet; determine the destination of the packet, the destination of the packet being connected to the second physical switch; and determine whether to apply a security policy to the packet. 2 . The apparatus as recited in claim 1 , wherein the logic is configured to select a communication path between the first physical switch and the second physical switch for the packet. 3 . The apparatus as recited in claim 2 , wherein the selected communication path directly connects the first physical switch to the second physical switch in response to a determination to not apply the security policy to the packet. 4 . The apparatus as recited in claim 2 , wherein the selected communication path connects the first physical switch to the second physical switch via a security appliance in response to a determination to apply the security policy to the packet. 5 . The apparatus as recited in claim 2 , wherein the logic is configured to send at least a portion of the selected communication path to the first physical switch. 6 . The apparatus as recited in claim 2 , wherein the logic is configured to instruct a switch controller to program overlay network nodes in the overlay network to transfer packets between their source and their destination along the selected communication path. 7 . The apparatus as recited in claim 2 , wherein the logic is configured to instruct a switch controller to inform a second server about the source of the packet being present on a first server in response to receiving the request for the communication path through the overlay network, the second server hosting the destination of the packet. 8 . The apparatus as recited in claim 4 , wherein the security policy directs application of one or more services by the security appliance, the services being selected from the group consisting of: firewall services; intrusion prevention services (IPS); intrusion detection services (IDS); server load balancing services; virtual private network (VPN) services; video optimization services; and wide area network (WAN) optimization services. 9 . The apparatus as recited in claim 1 , wherein the logic configured to determine the destination of the packet is configured to determine the destination of the packet based on information selected from a group consisting of: contents of the packet, the first information, and the second information. 10 . The apparatus as recited in claim 1 , wherein the first information comprises an address of the source of the packet, and wherein the second information comprises an address of the second physical switch. 11 . The apparatus as recited in claim 1 , wherein the logic configured to determine whether to apply the security policy to the packet is configured to: determine to not apply the security policy in response to a determination that the source of the packet and the destination of the packet are in a common group or domain; and determine to apply the security policy in response to a determination that the source of the packet and the destination of the packet are not in a common group or domain. 12 . The apparatus as recited in claim 1 , wherein the logic configured to determine whether to apply the security policy to the packet is configured to apply one or more Access Control Lists (ACLs) to the packet to determine whether the security policy is to be applied to the packet. 13 . A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the embodied program instructions readable/executable by a processor to cause the processor to: communicate, by the processor, with a first physical switch, a second physical switch, and an overlay network that connects the first physical switch to the second physical switch; receive, by the processor, a request for a communication path through the overlay network for a particular packet, the request comprising at least: the packet; first information about a source of the packet, the source of the packet being connected to the first physical switch; and second information about a most closely connected physical switch to a destination of the packet; determine, by the processor, the destination of the packet, the destination of the packet being connected to the second physical switch; and determine, by the processor, whether to apply a security policy to the packet. 14 . The computer program product as recited in claim 13 , wherein the embodied program instructions are readable/executable by the processor to cause the processor to select a communication path, by the processor, between the first physical switch and the second physical switch for the packet. 15 . The computer program product as recited in claim 14 , wherein the selected communication path directly connects the first physical switch to the second physical switch in response to a determination to not apply the security policy to the packet. 16 . The computer program product as recited in claim 14 , wherein the selected communication path connects the first physical switch to the second physical switch via a security appliance in response to a determination to apply the security policy to the packet. 17 . The computer program product as recited in claim 14 , wherein the embodied program instructions are readable/executable by the processor to cause the processor to send, by the processor, at least a portion of the selected communication path to the first physical switch. 18 . The computer program product as recited in claim 14 , wherein the embodied program instructions are readable/executable by the processor to cause the processor to instruct, by the processor, a switch controller to program overlay network nodes in the overlay network to transfer packets between their source and their destination along the selected communication path. 19 . The computer program product as recited in claim 14 , wherein the embodied program instructions are readable/executable by the processor to cause the processor to instruct, by the processor, a switch controller to inform a second server about the source of the packet being present on a first server in response to receiving the request for the communication path through the overlay network, the second server hosting the destination of the packet. 20 . The computer program product as recited in claim 16 , wherein the security policy directs application of one or more services by the security appliance, the services being selected from the group consisting of: firewall services; intrusion prevention services (IPS); intrusion detection services (IDS); server load balancing services; virtual private network (VPN) services; video optimization services; and wide area network (

Assignees

Inventors

Classifications

H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L12/4641
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/0272
Virtual private networks · CPC title
H04L63/101
Access control lists [ACL] · CPC title

Patent family

Related publications grouped by family.

View patent family 50386579

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016006769A1 cover?: In one embodiment, an apparatus includes a processor and logic integrated with and/or executable by the processor. The logic is configured to communicate with a first physical switch, a second physical switch, and an overlay network that connects the first physical switch to the second physical switch. The logic is also configured to receive a request for a communication path through the overla…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Jan 07 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).