Isolation and segmentation in multi-cloud interconnects

Assignee

• Cisco Technology, Inc. · US

Inventors

• Sivakumar Ganapathy · Fremont, US
• Rajagopalan Janakiraman · Cupertino, US
• Suresh Pasupula · Vemula, IN
• Sachin Gupta · Bengaluru, IN
• Shashank Chaturvedi · San Jose, US
• Prashanth Matety · Fremont, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2012/4629
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.