Localized connectivity management for isolation networks

US 10,298,542 B2
Filed: 04/12/2017
Issued: 05/21/2019
Est. Priority Date: 10/14/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing, by a networking device in a local area network (LAN), a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis;

receiving, at the networking device, an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN;

adjusting, by the networking device, the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server;

collecting, by the networking device, characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay;

sending, by the networking device, the collected characteristic information to the server for analysis.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a networking device in a local area network (LAN) establishes a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis. The networking device receives an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN and adjusts the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server. The networking device collects characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay and sends the collected characteristic information to the server for analysis.

14 Citations

View as Search Results

20 Claims

1. A method comprising:
- establishing, by a networking device in a local area network (LAN), a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis;
  
  receiving, at the networking device, an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN;
  
  adjusting, by the networking device, the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server;
  
  collecting, by the networking device, characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay;
  
  sending, by the networking device, the collected characteristic information to the server for analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as in claim 1, further comprising:
    - receiving, at the networking device and from the server, an indication that the trusted portion of the traffic associated with the particular node in the LAN is no longer trusted based on the collected characteristic information; and
      
      reverting, by the networking device, the virtual network overlay to again redirect the portion of the traffic to the server for analysis.
  - 3. The method as in claim 1, wherein the virtual network overlay comprises one or more tunnels.
  - 4. The method as in claim 1, wherein the trusted portion of the traffic is associated with a particular protocol, destination group, or traffic type.
  - 5. The method as in claim 1, further comprising:
    - receiving, at the networking device and from the server, a set of one or more rules for the portion of the traffic associated with the particular node that is locally sent within the LAN via the adjusted virtual network overlay without redirection to the server; and
      
      assessing, by the networking device, the locally sent portion of the traffic within the LAN by applying the set of one or more rules to the locally sent portion of the traffic.
  - 6. The method as in claim 5, further comprising:
    - blocking, by the networking device, the locally sent portion of the traffic, when one of the set of one or more rules is violated.
  - 7. The method as in claim 5, further comprising:
    - redirecting, by the networking device, the locally sent portion of the traffic to the server, when one of the set of one or more rules is violated.
  - 8. The method as in claim 1, wherein the networking device is a network gateway for the LAN.
  - 9. The method as in claim 1, wherein the virtual network overlay is unique to the particular node.

10. An apparatus comprising:
- one or more network interfaces to communicate with a local area network (LAN);
  
  a processor coupled to the network interfaces and configured to execute one or more processes; and
  
  a memory configured to store a process executable by the processor, the process when executed configured to;
  
  establish a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis;
  
  receive an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN;
  
  adjust the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server;
  
  collect characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay;
  
  send the collected characteristic information to the server for analysis.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus as in claim 10, wherein the process when executed is further configured to:
    - receive, from the server, an indication that the trusted portion of the traffic associated with the particular node in the LAN is no longer trusted based on the collected characteristic information; and
      
      revert the virtual network overlay to again redirect the portion of the traffic to the server for analysis.
  - 12. The apparatus as in claim 10, wherein the virtual network overlay comprises one or more tunnels.
  - 13. The apparatus as in claim 10, wherein the trusted portion of the traffic is associated with a particular protocol, destination group, or traffic type.
  - 14. The apparatus as in claim 10, wherein the process when executed is further configured to:
    - receive, from the server, a set of one or more rules for the portion of the traffic associated with the particular node that is locally sent within the LAN via the adjusted virtual network overlay without redirection to the server; and
      
      assess the locally sent portion of the traffic within the LAN by applying the set of one or more rules to the locally sent portion of the traffic.
  - 15. The apparatus as in claim 14, wherein the process when executed is further configured to:
    - block the locally sent portion of the traffic, when one of the set of one or more rules is violated.
  - 16. The apparatus as in claim 14, wherein the process when executed is further configured to:
    - redirect the locally sent portion of the traffic to the server, when one of the set of one or more rules is violated.
  - 17. The apparatus as in claim 10, wherein the apparatus is a network gateway for the LAN.
  - 18. The apparatus as in claim 10, wherein the virtual network overlay is unique to the particular node.

19. A tangible, non-transitory, computer-readable medium storing program instructions that, when executed by a networking device in a local area network (LAN) to perform a process comprising:
- establishing, by the networking device, a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis;
  
  receiving, at the networking device, an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN;
  
  adjusting, by the networking device, the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server;
  
  collecting, by the networking device, characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay;
  
  sending, by the networking device, the collected characteristic information to the server for analysis.
- View Dependent Claims (20)
- - 20. The computer-readable medium as in claim 19, wherein the virtual network overlay is unique to the particular node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Thubert, Pascal, Vasseur, Jean-Philippe, Wetterwald, Patrick, Levy-Abegnoli, Eric
Primary Examiner(s)
Potratz, Daniel B

Application Number

US15/485,708
Publication Number

US 20180109496A1
Time in Patent Office

769 Days
Field of Search
US Class Current
CPC Class Codes

G06N 20/00   Machine learning

H04L 12/462   LAN interconnection over a ...

H04L 63/0236   Filtering by address, proto...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Localized connectivity management for isolation networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Localized connectivity management for isolation networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links