Providing application visibility for micro-segmentation of a network deployment
First Claim
Patent Images
1. A method of creating micro-segmentation policies for traffic flowing between compute nodes that execute distributed applications in a network, the method comprising:
- through a user interface, receiving a selection of a subset of the compute nodes as seed nodes, wherein each seed node is a node for a different distributed application;
monitoring network packet traffic flows for the set of selected seed nodes bar performing deep packet inspection (DPI) to collect network traffic flow information;
analyzing the collected network flow information to identify, for each respective seed node of the selected seed nodes, a set of one or more nodes related to the respective seed node; and
for each respective selected seed node and the set of nodes related to the respective seed node, generating micro-segmentation policies for managing network packet traffic flows for the application executed by the respective seed node and the set of nodes related to the respective seed node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of creating micro-segmentation policies for a network is provided. The method identifies a set of network nodes as seed nodes. The method monitors network packet traffic flows for the seed nodes to collect traffic flow information. The method identifies a set of related nodes for the set of seed nodes based on the collected network flow information. The method analyzes the collected network flow information to identify micro-segmentation policies for the network.
68 Citations
18 Claims
-
1. A method of creating micro-segmentation policies for traffic flowing between compute nodes that execute distributed applications in a network, the method comprising:
-
through a user interface, receiving a selection of a subset of the compute nodes as seed nodes, wherein each seed node is a node for a different distributed application; monitoring network packet traffic flows for the set of selected seed nodes bar performing deep packet inspection (DPI) to collect network traffic flow information; analyzing the collected network flow information to identify, for each respective seed node of the selected seed nodes, a set of one or more nodes related to the respective seed node; and for each respective selected seed node and the set of nodes related to the respective seed node, generating micro-segmentation policies for managing network packet traffic flows for the application executed by the respective seed node and the set of nodes related to the respective seed node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory machine readable medium storing a program which when executed by at least one processing unit creates micro-segmentation policies for traffic flowing between compute nodes that execute distributed applications in a network, the program comprising sets of instructions for:
-
through a user interface, receiving a selection of a subset of the compute nodes as seed nodes, wherein each seed node is a node for a different distributed application; monitoring network packet traffic flows for the set of selected seed nodes by performing deep packet inspection (DPI) to collect network traffic flow information; analyzing the collected network flow information to identify, for each respective seed node of the selected seed nodes, a set of one or more nodes related to the respective seed node; and for each respective selected seed node and the set of nodes related to the respective seed node, generating micro-segmentation policies for managing network packet traffic flows for the application executed by the respective seed node and the set of nodes related to the respective seed node. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification