Methods and systems for controller-based data forwarding rules without routing protocols

US 10,097,403 B2
Filed: 09/16/2015
Issued: 10/09/2018
Est. Priority Date: 09/16/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining a plurality of network segments comprising a network;

determining a manner in which the plurality of network segments are connected by determining a plurality of entities connected via the plurality of network segments and identifying, for each entity of the plurality of entities, whether the entity is a hub device or a spoke device;

wherein the determining the plurality of network segments comprising the network and the manner in which the plurality of network segments are connected, are determined, at least in part, without use of a routing protocol;

discovering a plurality of external network segments via an identified hub device associated with the network;

storing the plurality of network segments, the manner in which the plurality of network segments are connected, and the plurality of external network segments in a database of a multi-tenant controller; and

utilizing the plurality of network segments comprising the network, the manner in which the plurality of network segments are connected, the plurality of external network segments, by the multi-tenant controller, and a set of rules to create a forwarding table, wherein the set of rules includes a rule that no traffic is allowed to transit through a spoke device, a rule that traffic is allowed to transit through a hub device, a rule that no direct traffic is allowed between hub devices, and a rule that each hub device has at most one path for a given IP prefix.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes determining a plurality of network segments comprising a network, determining a manner in which the plurality of segments are connected, determining network segments and how segments are connected, at least in part, without a routing protocol, discovering a plurality of external network segments via a hub device associated with the network and utilizing the plurality of network segments comprising the network, the manner in which the plurality of segments are connected and the plurality of external network segments.

Citations

14 Claims

1. A method comprising:
- determining a plurality of network segments comprising a network;
  
  determining a manner in which the plurality of network segments are connected by determining a plurality of entities connected via the plurality of network segments and identifying, for each entity of the plurality of entities, whether the entity is a hub device or a spoke device;
  
  wherein the determining the plurality of network segments comprising the network and the manner in which the plurality of network segments are connected, are determined, at least in part, without use of a routing protocol;
  
  discovering a plurality of external network segments via an identified hub device associated with the network;
  
  storing the plurality of network segments, the manner in which the plurality of network segments are connected, and the plurality of external network segments in a database of a multi-tenant controller; and
  
  utilizing the plurality of network segments comprising the network, the manner in which the plurality of network segments are connected, the plurality of external network segments, by the multi-tenant controller, and a set of rules to create a forwarding table, wherein the set of rules includes a rule that no traffic is allowed to transit through a spoke device, a rule that traffic is allowed to transit through a hub device, a rule that no direct traffic is allowed between hub devices, and a rule that each hub device has at most one path for a given IP prefix.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the utilizing further comprises performing network topology identification, simulation, and load testing.
  - 3. The method of claim 2, wherein the identification, simulation, and load testing are controlled by the multi-tenant controller.
  - 4. The method of claim 1, further comprising detecting asymmetric network data traffic and associated network devices.
  - 5. The method of claim 1, wherein the network comprises connectivity selected from a group including hybrid, physical, and logical.
  - 6. The method of claim 1, wherein the network employs routing protocols selected from a group including BGP, IS-IS, EIGRP, and OSPF.
  - 7. The method of claim 1, wherein routing in the network is based, at least in part, on a network prefix type.

8. A centrally controllable multi-tenant controller for controlling a plurality of assets across a plurality of distributed computing environments wherein the controller includes a database for storing program instructions and is configured to:
- determine a plurality of network segments comprising a network;
  
  determine a manner in which the plurality of network segments are connected;
  
  identify, for each asset of the plurality of assets, whether the asset is a hub device or a spoke device;
  
  where the determination of the plurality of network segments comprising the network and the manner in which the plurality of network segments are connected, are determined, at least in part, without use of a routing protocol;
  
  discover a plurality of external network segments via an identified hub device associated with the network;
  
  store the plurality of network segments, the manner in which the plurality of network segments are connected, and the plurality of external segments in the database; and
  
  utilize the plurality of network segments and addresses comprising the network, the manner in which the plurality of segments are connected, the plurality of external network segments, and a set of rules to establish at least one forwarding table, wherein the set of rules includes a rule that no traffic is allowed to transit through a spoke device, a rule that traffic is allowed to transit through a hub device, a rule that no direct traffic is allowed between hub devices, and a rule that each hub device has at most one path for a given IP prefix.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The centrally controllable multi-tenant controller of claim 8, wherein the utilizing further comprises performing network topology identification, simulation and load testing.
  - 10. The centrally controllable multi-tenant controller of claim 9, wherein the identification, simulation and load testing are controlled by a multi-tenant controller.
  - 11. The centrally controllable multi-tenant controller of claim 8, further configured to detect asymmetric network data traffic and associated network devices.
  - 12. The centrally controllable multi-tenant controller of claim 8, wherein the network comprises connectivity selected from a group including hybrid, physical and logical.
  - 13. The centrally controllable multi-tenant controller of claim 8, wherein the network employs routing protocols selected from a group including BGP, IS-IS, EIGRP and OSPF.
  - 14. The centrally controllable multi-tenant controller of claim 8, wherein routing in the network is based, at least in part, on a network prefix type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Cloudgenix, Inc. (Palo Alto Networks Incorporated)
Inventors
Anand, Venkataraman, Ramasamy, Arivu
Primary Examiner(s)
Shin, Kyung H

Application Number

US14/856,342
Publication Number

US 20160080211A1
Time in Patent Office

1,119 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/285   Clustering or classification

G06F 16/955   using information identifie...

G06F 17/18   for evaluating statistical ...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0668   by dynamic selection of rec...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 41/14   Network analysis or design

H04L 41/34   Signalling channels for net...

H04L 41/40   using virtualisation of net...

H04L 43/04   Processing captured monitor...

H04L 43/062   related to network traffic

H04L 43/065   related to network devices

H04L 43/0811   by checking connectivity

H04L 43/0817   by checking functioning

H04L 43/0864   Round trip delays

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/10   Active monitoring, e.g. hea...

H04L 45/02   Topology update or discovery

H04L 45/125 : based on throughput or band...

H04L 45/22 : Alternate routing

H04L 45/28 : using route fault recovery

H04L 45/302 : Route determination based o...

H04L 45/306 : Route determination based o...

H04L 45/38 : Flow based routing

H04L 47/125 : by balancing the load, e.g....

H04L 47/22 : Traffic shaping

H04L 47/24 : Traffic characterised by sp...

H04L 47/32 : by discarding or delaying d...

H04L 47/781 : Centralised allocation of r...

H04L 47/825 : Involving tunnels, e.g. MPLS

H04L 61/2503 : Translation of Internet pro...

H04L 61/4511 : using domain name system [DNS]

H04L 61/4523 : using lightweight directory...

H04L 63/061 : for key exchange, e.g. in p...

H04L 67/141 : Setup of application sessio...

H04L 67/52 : specially adapted for the l...

H04L 67/63 : Routing a service request d...

H04L 69/40 : for recovering from a failu...

H04W 84/04 : Large scale networks; Deep ...

View All

Methods and systems for controller-based data forwarding rules without routing protocols

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for controller-based data forwarding rules without routing protocols

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links