Resolving access policies between intent-based network architectures and cloud native architectures

Assignee

• Cisco Technology, Inc. · US

Inventors

• Thomas Szigeti · Vancouver, CA
• David John Zacks · Vancouver, CA
• Walter Theodore Hulick, Jr. · Pearland, US
• Shannon McFarland · Parker, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/101
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise. After the access policies have been de-conflicted, the IBN architecture and Cloud-Native architecture may then apply consistent access policies for traffic and communications in their respective network architectures.