System and method for distribution of policy enforcement point
First Claim
1. A computer-implemented method for distributed policy enforcement in a network, comprising:
- receiving a packet for a traffic flow going out of the network;
performing a reverse lookup to identify an intermediate node within the network and traffic parameters associated with the packet at the identified intermediate node;
translating a policy based on the traffic parameters at the identified intermediate node; and
enabling the identified intermediate node to apply the policy to the traffic flow.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.
-
Citations
20 Claims
-
1. A computer-implemented method for distributed policy enforcement in a network, comprising:
-
receiving a packet for a traffic flow going out of the network; performing a reverse lookup to identify an intermediate node within the network and traffic parameters associated with the packet at the identified intermediate node; translating a policy based on the traffic parameters at the identified intermediate node; and enabling the identified intermediate node to apply the policy to the traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium storing computer-executable instructions that when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving a packet for a traffic flow going out of a network; performing a reverse lookup to identify an intermediate node within the network and traffic parameters associated with the packet at the identified intermediate node; translating a policy based on the traffic parameters at the identified intermediate node; and enabling the identified intermediate node to apply the policy to the traffic flow. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. An edge device for distributed policy enforcement in a network, the edge device comprising:
-
a memory; and one or more processors programmed to; receive a packet for a traffic flow going out of the network; perform a reverse lookup to identify an intermediate node within the network and traffic parameters associated with the packet at the identified intermediate node; translate a policy based on the traffic parameters at the identified intermediate node; and enable the identified intermediate node to apply the policy to the traffic flow. - View Dependent Claims (19, 20)
-
Specification