US 12,206,709 B2
Dynamic management of security rules and policies
Rajendra Kumar Thirumurthi, Milpitas, CA (US); and Praveen parthasarathy Iyengar, Newark, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jul. 29, 2022, as Appl. No. 17/876,939.
Prior Publication US 2024/0039957 A1, Feb. 1, 2024
Int. Cl. H04L 9/40 (2022.01); H04L 47/2408 (2022.01); H04L 47/32 (2022.01); H04L 69/22 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 47/2408 (2013.01); H04L 47/32 (2013.01); H04L 69/22 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of managing security rules performed by a first network device of a fabric, comprising:
extracting, by the first network device, metadata from a data packet received at the first network device, the metadata comprising network metadata and network system metadata;
distributing, by the first network device, the metadata to at least one service endpoint registered with the first network device;
receiving, by the first network device and from the at least one service endpoint, an indication as to how traffic associated with the data packet is to be handled;
enabling, by the first network device, the traffic based at least in part on feedback received from the at least one service endpoint;
generating, by the first network device and based in part on enabling the traffic, a first service flow hash entry (ServiceFlow HashEntry) in a hash table associated with the data packet and stored in memory of the first network device, the first service flow hash entry identifying each of a number of services using a unique number; and
in response to generating the first service flow hash entry, distributing, by the first network device, the hash table comprising the first service flow hash entry across the fabric to at least a second network device.