US 11,870,691 B2
Intelligent wide area network (IWAN)
Dana L. Blair, Alpharetta, GA (US); Michael L. Sullenberger, San Jose, CA (US); Solomon T. Lucas, Sunnyvale, CA (US); Steven W. Wood, Ottawa (CA); and Anand Oswal, Pleasanton, CA (US)
Assigned to CISCO TECHNOLOGY, INC., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Mar. 18, 2022, as Appl. No. 17/698,042.
Application 17/698,042 is a continuation of application No. 17/017,861, filed on Sep. 11, 2020, granted, now 11,290,377.
Application 17/017,861 is a continuation of application No. 14/792,698, filed on Jul. 7, 2015, granted, now 10,797,992, issued on Oct. 6, 2020.
Prior Publication US 2022/0255859 A1, Aug. 11, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 45/64 (2022.01); H04L 12/46 (2006.01); H04L 45/02 (2022.01); H04L 45/74 (2022.01); H04L 41/5025 (2022.01); H04L 41/50 (2022.01)
CPC H04L 45/64 (2013.01) [H04L 12/4633 (2013.01); H04L 45/02 (2013.01); H04L 45/04 (2013.01); H04L 45/74 (2013.01); H04L 41/508 (2013.01); H04L 41/5025 (2013.01)] 22 Claims
OG exemplary drawing
 
1. A network system comprising:
a plurality of edge network devices, each edge network device comprising one or more network interfaces to communicate with a communication network, a processor coupled to the one or more network interfaces and configured to execute a process, and a memory configured to store the process, the process when executed operable to:
maintain one or more tunnel-based overlays over the communication network to one or more remote edge network devices of the plurality of edge network devices,
wherein the communication network comprises two or more physical provider networks, and
wherein each of the plurality of edge network devices are part of a first enterprise network and provide access via the one or more tunnel-based overlays to resources hosted at one or more sites associated with the first enterprise network;
apply one or more firewall functions to network traffic received via the one or more network interfaces;
receive a plurality of policies from a central network controller,
wherein at least one of the plurality of policies is an overlay network policy comprising a first mapping between a first particular application and one of the one or more tunnel-based overlays, and
wherein at least one of the plurality of policies is a domain-based policy defining a mapping between one or more application traffic types and a direct internet access path across the communication network to one or more service domains that are not part of the first enterprise network; and
route the network traffic based on the plurality of policies,
wherein the domain-based policy is operative to cause the plurality of edge network devices to route selected network traffic on the direct internet access path outside of the first enterprise network to the one or more service domains, and
wherein the overlay network policy is operative to cause the plurality of edge network devices to route the selected network traffic on a corresponding tunnel-based overlay; and
the central network controller, the central network controller comprising one or more network interfaces to communicate with the communication network, a processor coupled to the one or more network interfaces and configured to execute a process, and a memory configured to store the process, the process when executed operable to:
transmit the plurality of policies to the plurality of edge network devices.