Cisco Systems, Inc.
Policy consolidation for auto-orchestrated data centers

Abstract:

Techniques for generating and enforcing whitelist security policies in a communication network are disclosed. A first plurality of whitelist policies are consolidated into a second plurality of whitelist policies based on populating a plurality of tables. The populated tables include a first table including pairs of endpoints and associating each pair of endpoints with a service identifier, and a second table associating the service identifiers with the policy identifiers. The second plurality of whitelist policies are programmed into a network device in the communication network, based on at least one of the plurality of tables. Rules governing traffic between the pair of endpoints are enforced, at the network device, using the programmed second plurality of whitelist policies.