Intent-based enterprise security using dynamic learning of network segment prefixes

Assignee

• Juniper Networks, Inc. · US

Inventors

• Kaushik Dutta Majumdar · Bengaluru, IN
• FNU Nadeem · Fremont, US
• Shanmukh Uppuluri · Hyderabad, IN

Key dates

Classification

• Technology area (CPC —)General

Abstract

In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.