Cisco Systems, Inc.
Distributed policy enforcement proxy with dynamic EPG sharding

Abstract:

A distributed policy proxy system offloads network policy processing from an overloaded network element to policy proxy network elements. A network controller detects that policy resources are overloaded at a network element, and selects a group of policy proxy network elements. The network controller assigns an exclusive range of endpoint groups to each policy proxy network element. Each policy proxy network element is assigned to handle policy processing for its assigned range of endpoint groups. The network controller provides instructions to the policy proxy network elements to enable each policy proxy network element to apply the network policy for its assigned range of endpoint groups. The network controller also provides instructions to the overloaded network element to redirect a packet from the first endpoint group to a first policy proxy network element based on a destination of the packet.