US 12,244,560 B2
Enforcement of inter-segment traffic policies by network fabric control plane
Prakash C. Jain, Fremont, CA (US); Sanjay Kumar Hooda, Pleasanton, CA (US); Satish Kumar Kondalam, Milpitas, CA (US); Vikram Vikas Pendharkar, San Jose, CA (US); Anoop Vetteth, Fremont, CA (US); and Solomon T Lucas, Sunnyvale, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Sep. 29, 2023, as Appl. No. 18/478,942.
Application 18/478,942 is a continuation of application No. 17/084,453, filed on Oct. 29, 2020, granted, now 11,818,096.
Prior Publication US 2024/0031333 A1, Jan. 25, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 41/0894 (2022.01); H04L 47/70 (2022.01)
CPC H04L 63/0227 (2013.01) [H04L 47/825 (2013.01); H04L 2212/00 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
determining a stateless rule corresponding to communication between a first virtual forwarding and routing (VRF) segment of a network fabric and a second VRF segment of the network fabric, the stateless rule being usable to enforce network policy on communications between the first and second VRF segments;
receiving first network layer prefixes associated with first subscriber devices in the first VRF segment and second network layer prefixes associated with second subscriber devices in the second VRF segment;
receiving a packet sent from a first subscriber device of the first VRF, the packet having a source address that is included in the first network layer prefixes and a destination address included in the second network layer prefixes; and
determining, using the stateless rule, the source address, and the destination address, that the packet is allowed to be communicated from the first VRF and to the second VRF.