| CPC H04L 45/38 (2013.01) [H04L 45/126 (2013.01); H04L 45/22 (2013.01)] | 20 Claims |
|
1. A method performed at least partly by a Software-Defined-Networking (SDN) controller for implementing jurisdictional data sovereignty policies to route network traffic between user sites and destination services over one or more provider sites, comprising:
receiving site-specific data sovereignty policies for individual ones of the provider sites indicating how to route the network traffic based on the destination services associated with the network traffic and geographic regions in which the provider sites are located;
defining, using the site-specific data sovereignty policies, destination group tags (DGTs) that indicate how the provider sites are to route the network traffic based at least in part on the geographic regions in which the provider sites are located and the destination services to which the network traffic is destined;
obtaining source group tags (SGTs) indicating how to route the network traffic sent from different sources in the user sites and toward the destination services;
receiving, at a border router associated with a user site of the user sites, a network traffic flow originating from a user device in the user site;
communicating, from the border router and to the SDN controller, an indication of the network traffic flow;
receiving, at the border router and from the SDN controller, a DGT associated with a destination service of the network traffic flow and an SGT associated with the user device in the user site;
determining, based at least in part on the DGT and the SGT, a routing operation to perform associated with the network traffic flow; and
performing the routing operation associated with the network traffic flow.
|