TECHNIQUES FOR SEPARATING THE PROCESSING OF CLIENTS' TRAFFIC TO DIFFERENT ZONES IN SOFTWARE DEFINED NETWORKS
First Claim
1. A method for separation of traffic processing in a software defined network (SDN), wherein the method is performed by a central controller of the SDN, comprising:
- allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone;
assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised;
triggering a zoning mode in the computing frame to mitigate a potential cyber-attack;
causing at least one network element in the SDN to divert an incoming traffic to the first group and the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element, wherein the plurality of zoning rules are determined by the central controller and determine that the traffic from a trusted client is directed to the first group of computing resources and the traffic from an un-trusted client is directed to the second group of computing resources, thereby providing guaranteed SLA to trusted clients.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for separation of traffic processing in a software defined network (SDN). The method comprises allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first ADC and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert traffic from a trusted client to the first group of computing resources and traffic from an un-trusted client to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.
166 Citations
32 Claims
-
1. A method for separation of traffic processing in a software defined network (SDN), wherein the method is performed by a central controller of the SDN, comprising:
-
allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; causing at least one network element in the SDN to divert an incoming traffic to the first group and the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element, wherein the plurality of zoning rules are determined by the central controller and determine that the traffic from a trusted client is directed to the first group of computing resources and the traffic from an un-trusted client is directed to the second group of computing resources, thereby providing guaranteed SLA to trusted clients. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for creating at least one zoning rule that allows for separation of traffic processing in a software defined network (SDN), the method is performed by a central controller of the SDN, comprising:
-
determining a trusted client based on a plurality of security risk indication parameters for each client accessing a computing farm; generating a list of trusted clients that includes an identifier of each client determined to be a trusted client; defining at least one action for traffic received from trusted clients, wherein the at least one zoning rule includes the list of trusted clients and actions defined for the trusted clients; and conveying the plurality of zoning rules to at least one network element in the SDN. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A software defined network (SDN), comprising:
-
at least one network element being connected to a plurality of clients through a computer network and to at least one application delivery controller (ADC); and a central controller for generating a plurality of zoning rules and instructing the at least one network element to implement the plurality of zoning rules, thereby enabling separation of traffic processing by a computing farm connected to the at least one ADC, wherein the separation of traffic processing is performed in a zoning mode being triggered based on an indication that a potential risk that a cyber-attack is about to take place against the computing farm or that the computing farm is currently under a cyber-attack. - View Dependent Claims (25, 26)
-
-
27. A central controller operable in a software defined network (SDN), comprising:
-
a SDN interface for communicating with at least one network element in the SDN; an external system interface for receiving at least a plurality of security risk indication parameters and a plurality of zoning trigger parameters; a zoning module for determining if a zoning mode is required and for creating at least one zoning rule to be executed by the at least one network element, wherein the at least one zoning rule allows for separation of traffic processing in the SDN during the zoning mode, wherein the zoning mode is triggered based on an indication that a potential risk that a cyber-attack is about to take place against the computing farm or that the computing farm is currently under a cyber-attack. - View Dependent Claims (28)
-
-
29. A method for separation of traffic processing in a software defined network (SDN) wherein the method is performed by a central controller of the SDN, comprising:
-
allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first application delivery controller (ADC) and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert a traffic addressed to a single address of the computing farm to the first group and the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element, wherein the plurality of zoning rules determine that the traffic from a trusted client is directed to the first ADC and the traffic from an un-trusted client is directed to the second ADC, thereby providing a guaranteed SLA to trusted clients. - View Dependent Claims (30, 31, 32)
-
Specification