Cisco Systems, Inc.
Systems and methods for on-demand flow-based policy enforcement in multi-cloud environments

Abstract:

Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.