Dynamic management of security rules and policies

    公开(公告)号:US12206709B2

    公开(公告)日:2025-01-21

    申请号:US17876939

    申请日:2022-07-29

    Abstract: A method of managing security rules may include extracting metadata from a data packet received at a first network device. The metadata including network metadata and network system metadata. The method may further include distributing the metadata to at least one service endpoint registered with the first network device, receiving from the at least one service endpoint, an indication as to how traffic associated with the data packet is to be handled, and enabling the traffic based at least in part on feedback received from the at least one service endpoint and creating a first service flow hash entry of a hash table associated with the data packet at the first network device. The first service flow hash entry identified each of a number of services using a unique number. The method may further include distributing the hash table including the first service flow hash entry across a fabric to at least a second network device.

    DYNAMIC MANAGEMENT OF SECURITY RULES AND POLICIES

    公开(公告)号:US20240039957A1

    公开(公告)日:2024-02-01

    申请号:US17876939

    申请日:2022-07-29

    CPC classification number: H04L63/20 H04L47/32 H04L47/2408 H04L69/22

    Abstract: A method of managing security rules may include extracting metadata from a data packet received at a first network device. The metadata including network metadata and network system metadata. The method may further include distributing the metadata to at least one service endpoint registered with the first network device, receiving from the at least one service endpoint, an indication as to how traffic associated with the data packet is to be handled, and enabling the traffic based at least in part on feedback received from the at least one service endpoint and creating a first service flow hash entry of a hash table associated with the data packet at the first network device. The first service flow hash entry identified each of a number of services using a unique number. The method may further include distributing the hash table including the first service flow hash entry across a fabric to at least a second network device.

Patent Agency Ranking