公开(公告)号：US09215177B2

公开(公告)日：2015-12-15

申请号：US13925483

申请日：2013-06-24

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan ,  Todd Sabin

IPC: H04L29/12 ,  H04L29/06 ,  H04L12/813 ,  H04L29/08

CPC classification number: H04L47/20 ,  H04L61/2514 ,  H04L63/0218 ,  H04L63/0263 ,  H04L67/1002

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

Abstract translation: 本文的公开内容描述了用于分布式策略实施的网络的边缘设备。 在操作期间，边缘设备接收用于出站业务流的初始分组，并且识别由初始分组触发的策略。 边缘设备执行反向查找以识别先前由初始分组穿过的中间节点和与所识别的中间节点处的初始分组相关联的业务参数。 边缘设备根据中间节点的流量参数转换策略，并将转换的策略转发到中间节点，从而便于中间节点将策略应用于业务流。

公开(公告)号：US20140376367A1

公开(公告)日：2014-12-25

申请号：US13925483

申请日：2013-06-24

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan ,  Todd Sabin

IPC: H04L12/813

CPC classification number: H04L47/20 ,  H04L61/2514 ,  H04L63/0218 ,  H04L63/0263 ,  H04L67/1002

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

Abstract translation: 本文的公开内容描述了用于分布式策略实施的网络的边缘设备。 在操作期间，边缘设备接收用于出站业务流的初始分组，并且识别由初始分组触发的策略。 边缘设备执行反向查找以识别先前由初始分组穿过的中间节点和与所识别的中间节点处的初始分组相关联的业务参数。 边缘设备根据中间节点的流量参数来转换策略，并将转换的策略转发到中间节点，从而有助于中间节点将策略应用于业务流。