US 12,107,734 B2
Software defined access fabric without subnet restriction to a virtual network
Sanjay Kumar Hooda, Pleasanton, CA (US); Muninder Singh Sambi, Fremont, CA (US); Victor Moreno, Carlsbad, CA (US); Prakash C. Jain, Fremont, CA (US); Tarunesh Ahuja, Fremont, CA (US); and Satish Kondalam, Milpitas, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jul. 27, 2023, as Appl. No. 18/360,451.
Application 18/360,451 is a continuation of application No. 18/304,890, filed on Apr. 21, 2023.
Application 18/304,890 is a continuation of application No. 17/377,378, filed on Jul. 16, 2021, granted, now 11,658,876, issued on May 23, 2023.
Application 17/377,378 is a continuation of application No. 16/368,624, filed on Mar. 28, 2019, granted, now 11,102,074, issued on Aug. 24, 2021.
Claims priority of provisional application 62/791,212, filed on Jan. 11, 2019.
Prior Publication US 2024/0007353 A1, Jan. 4, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 41/0893 (2022.01); G06F 9/455 (2018.01); H04L 12/46 (2006.01)
CPC H04L 41/0893 (2013.01) [G06F 9/45558 (2013.01); H04L 12/4633 (2013.01); H04L 12/4641 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A non-transitory computer-readable medium storing instructions which, when executed by a computer device, causes the computer device to perform operations comprising:
discovering, based on one or more messages from one or more switches, that a plurality of endpoint hosts have joined an enterprise network, wherein the plurality of endpoint hosts comprise at least a first host and a second host, wherein each of the first host and the second host are assigned a corresponding address within a common subnet associated with the enterprise network, and the first and second hosts are endpoints in the enterprise network;
responsive to the discovering the first host, assigning to the first host a first role from a plurality of roles within the common subnet;
responsive to the discovering the second host, assigning to the second host a second role from the plurality of roles;
accessing a policy configuration defining allowable communications between endpoint hosts based on their respective roles;
dynamically generating, responsive to the discovering the first and second hosts, instructions based on the policy; and
providing the instructions to the one or more switches causing the one or more switches to permit or deny communication of data packets using the common subnet between the first and second hosts based on the first role and the second role.