-
公开(公告)号:US08931046B2
公开(公告)日:2015-01-06
申请号:US13842695
申请日:2013-03-15
CPC分类号: H04L63/0263 , H04L12/18 , H04L12/4641 , H04L41/20 , H04L43/50 , H04L63/10 , H04L63/101 , H04L63/20 , H04L67/143 , H04L67/146
摘要: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy.
-
公开(公告)号:US20140123211A1
公开(公告)日:2014-05-01
申请号:US13842695
申请日:2013-03-15
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L12/18 , H04L12/4641 , H04L41/20 , H04L43/50 , H04L63/10 , H04L63/101 , H04L63/20 , H04L67/143 , H04L67/146
摘要: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy.
-
公开(公告)号:US08931047B2
公开(公告)日:2015-01-06
申请号:US13911925
申请日:2013-06-06
CPC分类号: H04L63/0263 , H04L12/18 , H04L12/4641 , H04L41/20 , H04L43/50 , H04L63/10 , H04L63/101 , H04L63/20 , H04L67/143 , H04L67/146
摘要: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy.
摘要翻译: 描述了保护动态虚拟化网络的方法和装置。 在示例性实施例中,设备学习动态虚拟化网络的当前网络策略,其中动态虚拟化网络是覆盖在第3层物理网络上的虚拟化层2网络。 另外,当前网络策略包括多个网络策略元素,其中多个网络策略元素中的每一个标识动态虚拟化网络中的授权端点。 此外,第3层物理网络包括多个网络接入设备。 该设备还从当前网络策略确定动态虚拟网络的网络安全策略。 网络安全策略包括与当前网络策略的多个网络策略元素之一不同的网络策略元素的一个或多个第二网络策略元素。 另外,所述一个或多个第二网络策略网元中的每个网络元件通过所述多个网络接入设备中的一个的端口添加关于如何在所述动态虚拟化网络中处理网络流量的附加策略。 该设备还对受网络安全策略影响的每个网络接入设备应用网络安全策略。
-
公开(公告)号:US20140337497A1
公开(公告)日:2014-11-13
申请号:US14210069
申请日:2014-03-13
IPC分类号: H04L12/24
CPC分类号: H04L41/0866 , H04L12/4633 , H04L12/4645 , H04L41/0893
摘要: A method and apparatus that determines a plurality of matching policies for a segment of a dynamic virtualized network is described. A device retrieves a virtual network identifier of the segment, where the virtual network identifier includes a plurality of bits and a plurality of subnets and each of the plurality of subnets is a different subset of the plurality of bits. In addition, the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network, where the layer 3 physical network includes a plurality of network access devices, and the segment includes a plurality of endpoints. The device further determines the plurality of matching policies for the segment from the plurality of subnets of the virtual network identifier, where each of the plurality of subnets corresponds to one of the plurality of matching policies. The device additionally applies the plurality of matching policies to each network access device that corresponds to one of the plurality of matching endpoints.
摘要翻译: 描述了为动态虚拟化网络的段确定多个匹配策略的方法和装置。 设备检索段的虚拟网络标识符,其中虚拟网络标识符包括多个位和多个子网,并且多个子网中的每一个是多个位的不同子集。 此外,动态虚拟化网络是覆盖在第3层物理网络上的虚拟化层2网络,其中第3层物理网络包括多个网络接入设备,并且该段包括多个端点。 该设备还从虚拟网络标识符的多个子网中确定该段的多个匹配策略,其中多个子网中的每一个对应于多个匹配策略之一。 该设备还将多个匹配策略应用于对应于多个匹配端点之一的每个网络接入设备。
-
公开(公告)号:US09729409B2
公开(公告)日:2017-08-08
申请号:US13778042
申请日:2013-02-26
CPC分类号: H04L43/04 , H04L41/046 , H04L41/0816 , H04L41/085 , H04L43/08 , H04L43/0811 , H04L43/103
摘要: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed nodes, the device determines a command for that manage node that represents a specific change in how frequent the management data is reported to the network management system. In addition, the device sends the command to that managed node, where the agent applies the command to the managed node and the applied command implements the specific change in how frequent the management data is reported to the network management system.
-
公开(公告)号:US20150089583A1
公开(公告)日:2015-03-26
申请号:US14555441
申请日:2014-11-26
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L12/18 , H04L12/4641 , H04L41/20 , H04L43/50 , H04L63/10 , H04L63/101 , H04L63/20 , H04L67/143 , H04L67/146
摘要: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device receives a current network policy of the dynamic virtualized network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy.
摘要翻译: 描述了保护动态虚拟化网络的方法和装置。 在示例性实施例中,设备接收动态虚拟化网络的当前网络策略。 另外,当前网络策略包括多个网络策略元素,其中多个网络策略元素中的每一个标识动态虚拟化网络中的授权端点。 该设备还从当前网络策略确定动态虚拟网络的网络安全策略。 网络安全策略包括与当前网络策略的多个网络策略元素之一不同的网络策略元素的一个或多个第二网络策略元素。 另外,所述一个或多个第二网络策略网元中的每个网络元件通过所述多个网络接入设备中的一个的端口添加关于如何在所述动态虚拟化网络中处理网络流量的附加策略。 该设备还对受网络安全策略影响的每个网络接入设备应用网络安全策略。
-
公开(公告)号:US20140123212A1
公开(公告)日:2014-05-01
申请号:US13911925
申请日:2013-06-06
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L12/18 , H04L12/4641 , H04L41/20 , H04L43/50 , H04L63/10 , H04L63/101 , H04L63/20 , H04L67/143 , H04L67/146
摘要: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy.
摘要翻译: 描述了保护动态虚拟化网络的方法和装置。 在示例性实施例中,设备学习动态虚拟化网络的当前网络策略,其中动态虚拟化网络是覆盖在第3层物理网络上的虚拟化层2网络。 另外,当前网络策略包括多个网络策略元素,其中多个网络策略元素中的每一个标识动态虚拟化网络中的授权端点。 此外,第3层物理网络包括多个网络接入设备。 该设备还从当前网络策略确定动态虚拟网络的网络安全策略。 网络安全策略包括与当前网络策略的多个网络策略元素之一不同的网络策略元素的一个或多个第二网络策略元素。 另外,所述一个或多个第二网络策略网元中的每个网络元件通过所述多个网络接入设备中的一个的端口添加关于如何在所述动态虚拟化网络中处理网络流量的附加策略。 该设备还对受网络安全策略影响的每个网络接入设备应用网络安全策略。
-
公开(公告)号:US20140101308A1
公开(公告)日:2014-04-10
申请号:US13778042
申请日:2013-02-26
IPC分类号: H04L12/26
CPC分类号: H04L43/04 , H04L41/046 , H04L41/0816 , H04L41/085 , H04L43/08 , H04L43/0811 , H04L43/103
摘要: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed nodes, the device determines a command for that manage node that represents a specific change in how frequent the management data is reported to the network management system. In addition, the device sends the command to that managed node, where the agent applies the command to the managed node and the applied command implements the specific change in how frequent the management data is reported to the network management system.
摘要翻译: 描述了响应于在网络系统中检测到的事件来动态地改变如何管理管理数据的装置的方法和装置。 在示例性实施例中,设备检测在网络系统中发生的事件。 设备还确定事件是否触发如何在一个或多个受管节点上报告管理数据的系统变化。 如果事件通知确实触发系统更改,则对于一个或多个受管节点中的每一个,设备确定该管理节点的命令,该命令表示管理数据向网络管理系统报告频率的特定变化。 另外,设备将该命令发送到该被管理节点,其中该代理将该命令应用于被管理节点,并且该应用命令实现了将管理数据报告给网络管理系统的频率的具体变化。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.017 秒)
