System and method for securing virtualized networks
First Claim
1. A method of securing a dynamic virtualized network, the method comprising:
- receiving, with a network automation device, a current network policy of the dynamic virtualized network, wherein the current network policy includes a first plurality of network policy elements, each of the first plurality of network policy elements identifies an authorized endpoint in the dynamic virtualized network, and the dynamic virtualized network is overlaid on a physical network;
monitoring membership in the dynamic virtualized network;
in response to changes in the membership of the dynamic virtualized network,determining a network security policy for the dynamic virtualized network from the current network policy, wherein the network security policy includes one or more second network policy elements that is a different network policy element than one of the plurality of first network policy elements of the current network policy, and each of the one or more second network policy network elements adds an additional policy on how network traffic in the dynamic virtualized network is processed by a port of one of a plurality of network access devices, andapplying the network security policy to each network access device of the plurality of network access devices that is affected by the network security policy.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device receives a current network policy of the dynamic virtualized network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy.
24 Citations
19 Claims
-
1. A method of securing a dynamic virtualized network, the method comprising:
-
receiving, with a network automation device, a current network policy of the dynamic virtualized network, wherein the current network policy includes a first plurality of network policy elements, each of the first plurality of network policy elements identifies an authorized endpoint in the dynamic virtualized network, and the dynamic virtualized network is overlaid on a physical network; monitoring membership in the dynamic virtualized network; in response to changes in the membership of the dynamic virtualized network, determining a network security policy for the dynamic virtualized network from the current network policy, wherein the network security policy includes one or more second network policy elements that is a different network policy element than one of the plurality of first network policy elements of the current network policy, and each of the one or more second network policy network elements adds an additional policy on how network traffic in the dynamic virtualized network is processed by a port of one of a plurality of network access devices, and applying the network security policy to each network access device of the plurality of network access devices that is affected by the network security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method of securing a dynamic virtualized network, the method comprising:
-
receiving, with a network automation device, a current network policy of the dynamic virtualized network, wherein the current network policy includes a first plurality of network policy elements, each of the first plurality of network policy elements identifies an authorized endpoint in the dynamic virtualized network, and the dynamic virtualized network is overlaid on a physical network; monitoring membership in the dynamic virtualized network; and in response to changes in the membership of the dynamic virtualized network, determining a network security policy for the dynamic virtualized network from the current network policy, wherein the network security policy includes one or more second network policy elements that is a different network policy element than one of the plurality of first network policy elements of the current network policy, and each of the one or more second network policy network elements adds an additional policy on how network traffic in the dynamic virtualized network is processed by a port of one of a plurality of network access devices, and applying the network security policy to each network access device of the plurality of network access devices that is affected by the network security policy. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system to secure a dynamic virtualized network, the system comprising:
-
a plurality of physical network access devices; a physical network interconnecting the plurality of physical network access devices; a dynamic virtualized network overlaid on the physical network, wherein the dynamic virtualized network includes the current network policy that further includes a first plurality of network policy elements, and each of the first plurality of network policy elements identifies an authorized endpoint in the dynamic virtualized network; and a network automation element that receives the current network policy, monitors membership in the dynamic virtualized network, and, in response to changes in the membership of the dynamic virtualized network, determines a network security policy for the dynamic virtualized network from the current network policy, wherein the network security policy includes one or more second network policy elements that are a different network policy element than one of the plurality of first network policy elements of the current network policy, and each of the one or more second network policy network elements adds an additional policy on how network traffic in the dynamic virtualized network is processed by a port of one of the plurality of physical network access devices, and applies the network security policy to each physical network access device of the plurality of physical network access devices that is affected by the network security policy. - View Dependent Claims (17, 18, 19)
-
Specification