SYSTEMS, METHODS, AND DEVICES FOR SMART MAPPING AND VPN POLICY ENFORCEMENT
First Claim
1. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
- program, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system;
receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol, the mapping request comprising an EID tuple that includes a source identifier and a destination identifier;
identify an RLOC based, at least in part, on the destination identifier of the EID tuple from the mapping database; and
transmit the RLOC to the first tunneling router.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the embodiments are directed to systems, methods, and computer program products to program, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol, the mapping request comprising an EID tuple that includes a source identifier and a destination identifier; identify an RLOC based, at least in part, on the destination identifier of the EID tuple from the mapping database; and transmit the RLOC to the first tunneling router implementing an high level policy that has been dynamically resolved into a state of the mapping database.
122 Citations
28 Claims
-
1. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
-
program, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol, the mapping request comprising an EID tuple that includes a source identifier and a destination identifier; identify an RLOC based, at least in part, on the destination identifier of the EID tuple from the mapping database; and transmit the RLOC to the first tunneling router. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
-
program, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an RLOC tuple that includes a source identifier and a destination identifier, the RLOC tuple an extension of an EID; identify an endpoint identifier for a destination based, at least in part, on the destination identifier of the EID tuple; and transmit the RLOC to the first tunneling router. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
-
program, via a northbound interface, a mapping between a device identifier and a location identifier directly into a mapping database at a mapping system; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP); determine a mapping to a destination address based on the mapping request; determine that the mapping comprises a traffic engineering format; based on determining that the mapping comprises a traffic engineering format; compare an ingress tunneling router locator field in the mapping request with a locator address of the mapping; determine whether a match exists between the ingress tunneling router locator field and the locator address of the mapping; and if a match exists between the ingress tunneling router locator field and the locator address of the mapping, return, to the first tunneling router, a next hop locator as a single locator in a map reply message. - View Dependent Claims (14)
-
-
15. A method comprising:
-
programing, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receiving, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an endpoint identifier (EID) tuple that includes a source identifier and a destination identifier; identifying a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple; and transmitting the RLOC to the first tunneling router. - View Dependent Claims (16, 17)
-
-
18. A method comprising:
-
programing, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receiving, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an router locator (RLOC) tuple that includes a source identifier and a destination identifier, the RLOC tuple an extension of an endpoint identifier (EID); identifying an endpoint identifier for a destination based, at least in part, on the destination identifier of the EID tuple; and transmitting the RLOC to the first tunneling router.
-
-
19. A method comprising:
-
programing, via a northbound interface, a mapping between a device identify and a routing location identification directly into a mapping database at a mapping system; receiving, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP); determining a mapping to a destination address based on the mapping request; determining that the mapping comprises a traffic engineering format; based on determining that the mapping comprises a traffic engineering format; comparing an ingress tunneling router locator field in the mapping request with a locator address of the mapping; determining whether a match exists between the ingress tunneling router locator field and the locator address of the mapping; and if a match exists between the ingress tunneling router locator field and the locator address of the mapping, return, to the first tunneling router, a next hop locator as a single locator in a map reply message. - View Dependent Claims (20)
-
-
21. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
-
receive a policy associated with a virtual private network (VPN) via a service orchestrator; identify one or more mapping states for the policy; associate the one or more forwarding states with one or more source and destination identifiers; and provide the one or more forwarding states and one or more source and destination identifiers to a mapping server. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification