TECHNIQUES FOR SEPARATING THE PROCESSING OF CLIENTS' TRAFFIC TO DIFFERENT ZONES IN SOFTWARE DEFINED NETWORKS,申请号US201514957876-传众专利搜索

发明名称	TECHNIQUES FOR SEPARATING THE PROCESSING OF CLIENTS' TRAFFIC TO DIFFERENT ZONES IN SOFTWARE DEFINED NETWORKS
摘要	A central controller and a method for separation of traffic processing in a software defined network (SDN). The method comprises: identifying, based on at least one zoning trigger parameter, a potential cyber-attack; triggering a zoning mode for mitigating the potential cyber-attack; dynamically allocating, based on a load profile, a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised; and causing at least one network element in the SDN to divert incoming traffic to the first group and to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.
申请公布号	US2016156648(A1)	申请公布日期	2016.06.02
申请号	US201514957876	申请日期	2015.12.03
申请人	RADWARE, LTD.	发明人	ZISAPEL Yehuda;CHESLA Avi;NAEH Shay;AVIV David;DORON Ehud
分类号	H04L29/06	主分类号	H04L29/06
代理机构		代理人
主权项	1. A method for separation of traffic processing in a software defined network (SDN), wherein the method is performed by a central controller of the SDN, comprising: identifying, based on at least one zoning trigger parameter, a potential cyber-attack; upon identifying the potential cyber-attack, triggering a zoning mode for mitigating the potential cyber-attack; upon triggering the zoning mode, dynamically allocating, based on a load profile, a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised; and causing at least one network element in the SDN to divert incoming traffic to the first group and to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element, wherein the plurality of zoning rules are determined by the central controller and determine that the traffic from a known trusted client is directed to the first group of computing resources and the traffic from an un-trusted client is directed to the second group of computing resources, thereby providing guaranteed service-level agreement to trusted clients.
地址	TEL AVIV IL