HIERARCHICAL CLUSTERING IN A GEOGRAPHICALLY DISPERSED NETWORK ENVIRONMENT
First Claim
1. A method comprising:
- receiving a packet at one of a plurality of adaptive security appliance (ASA) units in one of a plurality of ASA clusters in a cluster domain of a network environment;
identifying the packet, by the ASA unit, as matching an inter-data center (DC) live traffic profile;
identifying, by the ASA unit, a target ASA cluster in the plurality of ASA clusters in the cluster domain;
querying, by the ASA unit, a domain director in the target ASA cluster for a flow owner;
if the flow owner is identified by the domain director, forwarding the packet to the flow owner in the target cluster; and
if the flow owner is not identified by the domain director, and the domain director includes a flow state for a flow to which the packet belongs, designating the ASA unit as the flow owner.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method for facilitating hierarchical clustering in a geographically dispersed network environment is provided and includes receiving a packet at one of a plurality of adaptive security appliance (ASA) units in one of a plurality of ASA clusters in a cluster domain of a network environment, identifying the packet as matching an inter-data center live traffic profile, identifying a target ASA cluster in the plurality of ASA clusters in the cluster domain, querying a domain director in the target ASA cluster for a flow owner, and if the flow owner is identified by the domain director, forwarding the packet to the flow owner in the target cluster, and if the flow owner is not identified by the domain director, and the domain director includes a flow state for a flow to which the packet belongs, designating the ASA unit as the flow owner.
43 Citations
20 Claims
-
1. A method comprising:
-
receiving a packet at one of a plurality of adaptive security appliance (ASA) units in one of a plurality of ASA clusters in a cluster domain of a network environment; identifying the packet, by the ASA unit, as matching an inter-data center (DC) live traffic profile; identifying, by the ASA unit, a target ASA cluster in the plurality of ASA clusters in the cluster domain; querying, by the ASA unit, a domain director in the target ASA cluster for a flow owner; if the flow owner is identified by the domain director, forwarding the packet to the flow owner in the target cluster; and if the flow owner is not identified by the domain director, and the domain director includes a flow state for a flow to which the packet belongs, designating the ASA unit as the flow owner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Non-transitory tangible media encoding logic that includes instructions for execution, which when executed by a processor of an ASA unit, is operable to perform operations comprising:
-
receiving a packet at the ASA unit, wherein the ASA unit comprises one of a plurality of ASA units in one of a plurality of ASA clusters in a cluster domain of a network environment; identifying the packet as matching an inter-DC live traffic profile; identifying a target ASA cluster in the plurality of ASA clusters in the cluster domain; querying a domain director in the target ASA cluster for a flow owner; if the flow owner is identified by the domain director, forwarding the packet to the flow owner in the target cluster; and if the flow owner is not identified by the domain director, and the domain director includes a flow state for a flow to which the packet belongs, designating the ASA unit as the flow owner. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
a memory element for storing data; and a processor, wherein the processor executes instructions associated with the data, wherein the processor and the memory element cooperate, such that the apparatus is configured as an ASA unit for; receiving a packet at the ASA unit, wherein the ASA unit comprises one of a plurality of ASA units in one of a plurality of ASA clusters in a cluster domain of a network environment; identifying the packet as matching an inter-DC live traffic profile; identifying a target ASA cluster in the plurality of ASA clusters in the cluster domain; querying a domain director in the target ASA cluster for a flow owner; if the flow owner is identified by the domain director, forwarding the packet to the flow owner in the target cluster; and if the flow owner is not identified by the domain director, and the domain director includes a flow state for a flow to which the packet belongs, designating the ASA unit as the flow owner. - View Dependent Claims (17, 18, 19, 20)
-
Specification