公开(公告)号：US12206709B2

公开(公告)日：2025-01-21

申请号：US17876939

申请日：2022-07-29

Applicant: Cisco Technology, Inc.

Inventor： Rajendra Kumar Thirumurthi ,  Praveen parthasarathy Iyengar

IPC: H04L9/40 ,  H04L47/2408 ,  H04L47/32 ,  H04L69/22

Abstract: A method of managing security rules may include extracting metadata from a data packet received at a first network device. The metadata including network metadata and network system metadata. The method may further include distributing the metadata to at least one service endpoint registered with the first network device, receiving from the at least one service endpoint, an indication as to how traffic associated with the data packet is to be handled, and enabling the traffic based at least in part on feedback received from the at least one service endpoint and creating a first service flow hash entry of a hash table associated with the data packet at the first network device. The first service flow hash entry identified each of a number of services using a unique number. The method may further include distributing the hash table including the first service flow hash entry across a fabric to at least a second network device.

公开(公告)号：US20240039957A1

公开(公告)日：2024-02-01

申请号：US17876939

申请日：2022-07-29

Applicant: Cisco Technology, Inc.

Inventor： Rajendra Kumar Thirumurthi ,  Praveen parthasarathy Iyengar

IPC: H04L9/40 ,  H04L47/32 ,  H04L47/2408 ,  H04L69/22

CPC classification number: H04L63/20 ,  H04L47/32 ,  H04L47/2408 ,  H04L69/22

Abstract: A method of managing security rules may include extracting metadata from a data packet received at a first network device. The metadata including network metadata and network system metadata. The method may further include distributing the metadata to at least one service endpoint registered with the first network device, receiving from the at least one service endpoint, an indication as to how traffic associated with the data packet is to be handled, and enabling the traffic based at least in part on feedback received from the at least one service endpoint and creating a first service flow hash entry of a hash table associated with the data packet at the first network device. The first service flow hash entry identified each of a number of services using a unique number. The method may further include distributing the hash table including the first service flow hash entry across a fabric to at least a second network device.