| 发明名称 |
SYSTEM AND METHOD FOR DISTRIBUTION OF POLICY ENFORCEMENT POINT |
| 摘要 |
The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow. |
| 申请公布号 |
US2016191396(A1) |
申请公布日期 |
2016.06.30 |
| 申请号 |
US201514968890 |
申请日期 |
2015.12.14 |
| 申请人 |
VMware, Inc. |
发明人 |
Jain Jayant;Sengupta Anirban;Basak Debashis;Maskalik Serge;Wu Weiqing;Srinivasan Aravind;Sabin Todd |
| 分类号 |
H04L12/813 |
主分类号 |
H04L12/813 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method for distributed policy enforcement in a network, comprising:
receiving a packet for a traffic flow going out of the network; performing a reverse lookup to identify an intermediate node and traffic parameters associated with the packet at the identified intermediate node; translating a policy based on the traffic parameters at the identified intermediate node; and enabling the identified intermediate node to be apply the policy to the traffic flow. |
| 地址 |
Palo Alto CA US |
