US 11,658,876 B2
Software defined access fabric without subnet restriction to a virtual network
Sanjay Kumar Hooda, Pleasanton, CA (US); Muninder Singh Sambi, Fremont, CA (US); Victor Moreno, Carlsbad, CA (US); Prakash C. Jain, Fremont, CA (US); Tarunesh Ahuja, Fremont, CA (US); and Satish Kondalam, Milpitas, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jul. 16, 2021, as Appl. No. 17/377,378.
Application 17/377,378 is a continuation of application No. 16/368,624, filed on Mar. 28, 2019, granted, now 11,102,074.
Claims priority of provisional application 62/791,212, filed on Jan. 11, 2019.
Prior Publication US 2021/0344565 A1, Nov. 4, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 41/0893 (2022.01); H04L 12/46 (2006.01); G06F 9/455 (2018.01)
CPC H04L 41/0893 (2013.01) [G06F 9/45558 (2013.01); H04L 12/4633 (2013.01); H04L 12/4641 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)] 17 Claims
OG exemplary drawing
1. A method comprising:
detecting a host of a site has requested to join a network, wherein the detecting is performed based on a message received at a switch;
in response to the host being allowed to join the network, assigning an address within a common subnet associated with the network to the host;
in response to the host being assigned the address within the common subnet associated with the network, generating a policy for the host, wherein the policy defines a role of the host and allowable communication for the host, wherein the policy defines that the role is either a provider which can receive or transmit data packets or a subscriber which cannot receive data packets from hosts of different sites within the same common subnet that are subscriber sites;
receiving a transmission request for a data packet, wherein the request includes identification of the host and a second host in the common subnet;
evaluating the data packet transmission request based on the policy for the host and a policy for the second host; and
in response the evaluation, providing instructions to the switch to drop or allow the data packet.