公开(公告)号：US20150222640A1

公开(公告)日：2015-08-06

申请号：US14170750

申请日：2014-02-03

Applicant: Cisco Technology, Inc.

Inventor： Surendra Kumar ,  David Chang ,  Nagaraj Bagepalli ,  Abhijit Patra

IPC: H04L29/06 ,  H04L12/803 ,  H04L12/911

CPC classification number: H04L47/125 ,  H04L41/50 ,  H04L45/38 ,  H04L47/782 ,  H04L63/20

Abstract: Presented herein are elastic service chain techniques. In one example, a network element receives data traffic to be processed by a service chain that specifies an ordered sequence of service pools including a first service pool and second service pool, wherein each service pool comprises a plurality of network services. A network service is determined from the first service pool to be applied to the data traffic, and data traffic is forwarded to the network service in the first service pool.

Abstract translation: 这里提出的是弹性服务链技术。 在一个示例中，网络元件接收要由服务链处理的数据流量，所述服务链指定包括第一服务池和第二服务池的服务池的有序序列，其中每个服务池包括多个网络服务。 从要应用于数据流量的第一服务池确定网络服务，并将数据流量转发到第一服务池中的网络服务。

公开(公告)号：US08990885B2

公开(公告)日：2015-03-24

申请号：US13945091

申请日：2013-07-18

Applicant: Cisco Technology, Inc.

Inventor： David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Rajesh Kumar Sethuraghavan

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/931 ,  H04L12/12

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L29/08927 ,  H04L29/08972 ,  H04L49/356 ,  H04L49/70 ,  H04L63/0218 ,  H04L63/0227

Abstract: Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

Abstract translation: 提供了实现基于区域的防火墙策略的技术。 在虚拟网络设备处，定义和存储表示虚拟防火墙策略的安全管理区域的信息，该虚拟防火墙策略包括与安全区域相关联的应用的一个或多个公共属性。 定义表示安全区域的防火墙规则的信息，并且包括用于匹配与安全区域相关联的应用的通用属性的第一条件以及要对应用流量执行的动作。 接收到与正确配置的虚拟机相关联的与应用程序流量相关联的参数。 确定应用业务参数是否满足防火墙规则的条件，并且响应于确定满足条件，执行动作。