PROVIDING A FAST PATH BETWEEN TWO ENTITIES
9 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.
128 Citations
49 Claims
-
1-25. -25. (canceled)
-
26. At least one machine readable non-transitory storage medium having instructions stored thereon for providing network security in a software defined network (SDN) environment, wherein the instructions when executed by at least one processor cause the at least one processor to perform the following operations:
-
providing control logic by one or more SDN controllers, wherein routing of network traffic using one or more SDN switches in the SDN environment is controlled by the control logic; receiving one or more security policies for the SDN environment from a security appliance at the one or more SDN controllers, wherein the one or more security policies specify one or more of the following;
security zone(s), network access right(s), data access right(s), insertion of a security appliance, and removal of a security appliance; andin response to receiving the one or more security policies, reconfiguring the control logic using the one or more SDN controllers according to the one or more security policies received from the security appliance. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. At least one machine readable non-transitory storage medium having instructions stored thereon for providing network security in a software defined network (SDN) environment, wherein the instructions when executed by at least one processor cause the at least one processor to perform the following operations:
-
receiving one or more flow table entries for one or more flow tables for routing or switching network traffic at a SDN switch from one or more SDN controllers, wherein the one or more SDN controllers are configured with control logic which controls routing of network traffic through one or more SDN switches in the SDN environment using the one or more flow table entries, wherein the control logic is configured to implement one or more security policies for the SDN environment provided by a security appliance to the one or more SDN controllers, and wherein the one or more security policies specify one or more of the following;
security zone(s), network access right(s), data access right(s), insertion of a security appliance, and removal of a security appliance; andin response to receiving the one or more flow table entries, reconfiguring the one or more flow tables according to the flow entries received from the SDN controller in accordance with the one or more security policies. - View Dependent Claims (42, 43, 44, 45)
-
-
46. An apparatus for providing network security in a software defined network (SDN) environment, the apparatus comprising:
-
at least one memory element; at least one processor coupled to the at least one memory element; one or more SDN controllers that when executed by the at least one processor is configured to; provide control logic by one or more SDN controllers, wherein routing of network traffic using one or more SDN switches in the SDN environment is controlled by the control logic; receive one or more security policies for the SDN environment from a security appliance at the one or more SDN controllers, wherein the one or more security policies specify one or more of the following;
security zone(s), network access right(s), data access right(s), insertion of a security appliance, and removal of a security appliance; andin response to receiving the one or more security policies, reconfigure the control logic using the one or more SDN controllers according to the one or more security policies received from the security appliance. - View Dependent Claims (47)
-
-
48. An apparatus for providing network security in a software defined network (SDN) environment, the apparatus comprising:
-
at least one memory element; at least one processor coupled to the at least one memory element; and a SDN switching module that when executed by the at least one processor is configured to; receive one or more flow table entries for one or more flow tables for routing or switching network traffic at a SDN switch from one or more SDN controllers, wherein the one or more SDN controllers are configured with control logic which controls routing of network traffic through one or more SDN switches in the SDN environment using the one or more flow table entries, wherein the control logic is configured to implement one or more security policies for the SDN environment provided by a security appliance to the one or more SDN controllers, and wherein the one or more security policies specify one or more of the following;
security zone(s), network access right(s), data access right(s), insertion of a security appliance, and removal of a security appliance; andin response to receiving the one or more flow table entries, reconfigure the one or more flow tables according to the flow entries received from the SDN controller in accordance with the one or more security policies. - View Dependent Claims (49)
-
Specification