| 发明名称 | System and method for securing virtualized networks | ||
| 摘要 | A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices. The device further applies the network security policy to each network access device that is affected by the network security policy. | ||
| 申请公布号 | US8931046(B2) | 申请公布日期 | 2015.01.06 |
| 申请号 | US201313842695 | 申请日期 | 2013.03.15 |
| 申请人 | Stateless Networks, Inc. | 发明人 | Wanser Kelly;Antonopoulos Andreas Markos |
| 分类号 | G06F17/00;H04L29/06 | 主分类号 | G06F17/00 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A method of securing a dynamic virtualized network, the method comprising: learning, with a network automation device, a current network policy of the dynamic virtualized network by analyzing membership requests communicated to the dynamic virtualized network, wherein a membership request is selected from the group consisting of a request to join the dynamic virtualized network and a request to drop from the dynamic virtualized network, the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network, the current network policy includes a first plurality of network policy elements, each of the first plurality of network policy elements identifies an authorized endpoint in the dynamic virtualized network, and the layer 3 physical network includes a plurality of network access devices; determining a network security policy for the dynamic virtualized network from the current network policy, wherein the network security policy includes one or more second network policy elements that is a different network policy element than one of the plurality of first network policy elements of the current network policy, and each of the one or more second network policy network elements adds an additional policy on how network traffic in the dynamic virtualized network is processed by a port of one of the plurality of network access devices; and applying the network security policy to each network access device of the plurality of network access devices that is affected by the network security policy. | ||
| 地址 | San Francisco CA US | ||