US 11,888,901 B2
Enabling restriction on transmission of data packets at ingress network device
Vinayak Joshi, Bangalore (IN); Venkatavaradhan Devarajan, Bangalore (IN); Rajib Majila, Bangalore (IN); and Tathagata Nandy, Bangalore (IN)
Assigned to Hewlett Packard Enterprise Development LP, Spring, TX (US)
Filed by HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, Houston, TX (US)
Filed on Aug. 23, 2021, as Appl. No. 17/409,179.
Claims priority of application No. 202141028153 (IN), filed on Jun. 23, 2021.
Prior Publication US 2022/0417287 A1, Dec. 29, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 9/32 (2006.01)
CPC H04L 63/20 (2013.01) [H04L 63/0236 (2013.01); H04L 63/105 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by a first network device in a network, data packets directed to a first entity from a second entity, wherein the second entity is connected to a second network device in the network, and wherein each data packet includes a source role tag corresponding to the second entity;
dropping, by the first network device, the data packets received from the second entity based on enforcement of an egress access policy between the source role tag and a destination role tag corresponding to the first entity;
determining, by the first network device, whether a number of the data packets that are dropped is greater than a pre-defined threshold; and
in response to determining that the number of the data packets that are dropped is greater than the pre-defined threshold, communicating, by the first network device, a command to the second network device instructing the second network device to create a restriction on transmission of subsequent data packets originating from the second entity that is directed towards the first entity,
wherein the first network device is an egress network device and the second network device is an ingress network device.