Discovering and grouping application endpoints in a network environment

US 9,781,004 B2
Filed: 10/16/2014
Issued: 10/03/2017
Est. Priority Date: 10/16/2014
Status: Active Grant

First Claim

Patent Images

1. A method executed by a network element in network environment, comprising:

discovering endpoints communicating in a network environment;

calculating affinity between the discovered endpoints;

grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries, wherein grouping the endpoints comprises;

creating a peer relationship matrix comprising the discovered endpoints;

sorting the endpoints in the peer relationship matrix according to a total number of connected peers;

selecting a specific endpoint as a seed;

sequentially comparing affinity of the seed with other endpoints in the peer relationship matrix; and

grouping the other endpoints having affinity greater than a predetermined threshold into a same EPG as the seed; and

generating, using the grouped endpoints, application profiles, to allow for stateless network policy definition and enforcement free from dependencies on locality and forwarding.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in a network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries. In specific embodiments, the affinity includes a weighted average of network affinity, compute affinity and user specified affinity.

Citations

17 Claims

1. A method executed by a network element in network environment, comprising:
- discovering endpoints communicating in a network environment;
  
  calculating affinity between the discovered endpoints;
  
  grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries, wherein grouping the endpoints comprises;
  
  creating a peer relationship matrix comprising the discovered endpoints;
  
  sorting the endpoints in the peer relationship matrix according to a total number of connected peers;
  
  selecting a specific endpoint as a seed;
  
  sequentially comparing affinity of the seed with other endpoints in the peer relationship matrix; and
  
  grouping the other endpoints having affinity greater than a predetermined threshold into a same EPG as the seed; and
  
  generating, using the grouped endpoints, application profiles, to allow for stateless network policy definition and enforcement free from dependencies on locality and forwarding.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the affinity comprises a weighted average of network affinity, compute affinity and user specified affinity.
  - 3. The method of claim 2, wherein the network affinity comprises a percentage of server peers and client peers and associated traffic attributes common between each pair of discovered endpoints.
  - 4. The method of claim 2, wherein the compute affinity comprises a percentage of process and socket attributes common between each pair of discovered endpoints.
  - 5. The method of claim 2, wherein the user specified affinity comprises a percentage of common user specified attributes between each pair of discovered endpoints.
  - 6. The method of claim 1, wherein the EPGs are used to generate application profiles comprising a collection of EPGs, connections among the EPGs, and the policies associated with the connections.
  - 7. The method of claim 1, wherein grouping the endpoints further comprises:
    - editing the peer relationship matrix to remove the grouped endpoints;
      
      selecting another specific endpoint in the edited peer relationship matrix as a next seed; and
      
      repeating the sequentially comparing affinity, grouping, and selecting the next seed until all endpoints in the peer relationship matrix are grouped into the separate EPGs.
  - 8. The method of claim 1, wherein the endpoints in the peer relationship matrix are sorted in an order according to the total number of connected peers.
  - 9. The method of claim 1, wherein the network element includes a collection engine, a grouping analysis module, and a reporting module, wherein the collection engine securely captures configuration information of the endpoints, wherein the grouping analysis module analyzes communication patters among the endpoints and groups the endpoints, wherein the reporting module arranges grouping results in a user presentable form.

10. A non-transitory tangible media that includes instructions for execution, which when executed by a processor of a network element, is operable to perform operations comprising:
- discovering endpoints communicating in a network environment;
  
  calculating affinity between the discovered endpoints;
  
  grouping the endpoints into separate EPGs according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries, wherein grouping the endpoints comprises;
  
  creating a peer relationship matrix comprising the discovered endpoints;
  
  sorting the endpoints in the peer relationship matrix according to a total number of connected peers;
  
  selecting a specific endpoint as a seed;
  
  sequentially comparing affinity of the seed with other endpoints in the peer relationship matrix; and
  
  grouping the other endpoints having affinity greater than a predetermined threshold into a same EPG as the seed; and
  
  generating, using the grouped endpoints, application profiles, to allow for stateless network policy definition and enforcement free from dependencies on locality and forwarding.
- View Dependent Claims (11, 12, 13)
- - 11. The media of claim 10, wherein the affinity comprises a weighted average of network affinity, compute affinity and user specified affinity.
  - 12. The media of claim 10, wherein the EPGs are used to generate application profiles comprising a collection of EPGs, connections among the EPGs, and the policies associated with the connections.
  - 13. The media of claim 10, wherein grouping the endpoints further comprises:
    - editing the peer relationship matrix to remove the grouped endpoints;
      
      selecting another specific endpoint in the edited peer relationship matrix as a next seed; and
      
      repeating the sequentially comparing affinity, grouping, and selecting the next seed until all endpoints in the peer relationship matrix are grouped into the separate EPGs.

14. An apparatus, comprising:
- a collection engine;
  
  a grouping analysis module;
  
  a reporting module;
  
  a memory element for storing data; and
  
  discovering endpoints communicating in a network environment;
  
  calculating affinity between the discovered endpoints;
  
  grouping the endpoints into separate EPGs according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries, wherein grouping the endpoints comprises;
  
  creating a peer relationship matrix comprising the discovered endpoints;
  
  sorting the endpoints in the peer relationship matrix according to a total number of connected peers;
  
  selecting a specific endpoint as a seed;
  
  sequentially comparing affinity of the seed with other endpoints in the peer relationship matrix; and
  
  grouping the other endpoints having affinity greater than a predetermined threshold into a same EPG as the seed; and
  
  generating, using the grouped endpoints, application profiles, to allow for stateless network policy definition and enforcement free from dependencies on locality and forwarding.
- View Dependent Claims (15, 16, 17)
- - 15. The apparatus of claim 14, wherein the affinity comprises a weighted average of network affinity, compute affinity and user specified affinity.
  - 16. The apparatus of claim 14, wherein the EPGs are used to generate application profiles comprising a collection of EPGs, connections among the EPGs, and the policies associated with the connections.
  - 17. The apparatus of claim 14, wherein grouping the endpoints further comprises:
    - editing the peer relationship matrix to remove the grouped endpoints;
      
      selecting another specific endpoint in the edited peer relationship matrix as a next seed; and
      
      repeating the sequentially comparing affinity, grouping, and selecting the next seed until all endpoints in the peer relationship matrix are grouped into the separate EPGs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Danait, Sachin Waman, Ponnuswamy, Kannan, Lesiak, Paul John
Primary Examiner(s)
Keehn, Richard G
Assistant Examiner(s)
MCADAMS, BRAD

Application Number

US14/516,354
Publication Number

US 20160112270A1
Time in Patent Office

1,083 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/122   of virtualised topologies, ...

H04L 41/142   using statistical or mathem...

Discovering and grouping application endpoints in a network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Discovering and grouping application endpoints in a network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links