Invented by Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai, Cisco Technology Inc

The market for seamless multi-cloud routing and policy interconnectivity is rapidly growing as businesses increasingly adopt multi-cloud strategies to meet their diverse computing needs. With the rise of cloud computing, organizations are leveraging multiple cloud providers to take advantage of the unique capabilities and services offered by each platform. However, managing and integrating these disparate cloud environments can be complex and challenging. Seamless multi-cloud routing and policy interconnectivity solutions aim to address these challenges by providing a unified and efficient way to manage and connect multiple cloud environments. These solutions enable organizations to seamlessly route network traffic across different cloud providers, ensuring optimal performance, scalability, and reliability. One of the key benefits of seamless multi-cloud routing is the ability to distribute workloads across multiple cloud providers, thereby avoiding vendor lock-in and reducing dependence on a single provider. This flexibility allows organizations to leverage the strengths of different cloud platforms, such as cost-effectiveness, performance, or specific services, based on their unique requirements. Policy interconnectivity is another critical aspect of multi-cloud management. It involves defining and enforcing consistent security, compliance, and governance policies across different cloud environments. With seamless policy interconnectivity, organizations can ensure that their data and applications adhere to the same security standards, regardless of the cloud provider they are hosted on. This not only simplifies compliance efforts but also enhances overall security posture. The market for seamless multi-cloud routing and policy interconnectivity is driven by several factors. Firstly, the increasing adoption of multi-cloud strategies by organizations is fueling the demand for solutions that can effectively manage and integrate multiple cloud environments. According to a survey conducted by Flexera, 93% of enterprises have a multi-cloud strategy, and 87% have a hybrid cloud strategy. Secondly, the growing complexity of multi-cloud environments necessitates robust solutions that can simplify management and streamline operations. As organizations expand their cloud footprint, they face challenges such as network latency, data transfer costs, and data sovereignty requirements. Seamless multi-cloud routing and policy interconnectivity solutions help address these challenges by optimizing network traffic and ensuring compliance with data regulations. Furthermore, the COVID-19 pandemic has accelerated the adoption of cloud computing as businesses seek to enable remote work and ensure business continuity. This increased reliance on cloud services has further amplified the need for seamless multi-cloud routing and policy interconnectivity solutions to ensure uninterrupted access to critical applications and data. Several vendors are actively competing in the market for seamless multi-cloud routing and policy interconnectivity. These vendors offer a range of solutions, including software-defined networking (SDN) solutions, cloud-native networking platforms, and managed service offerings. Some of the key players in this market include Cisco Systems, VMware, Juniper Networks, and Aviatrix Systems. In conclusion, the market for seamless multi-cloud routing and policy interconnectivity is witnessing significant growth as organizations embrace multi-cloud strategies. These solutions enable businesses to efficiently manage and integrate multiple cloud environments, ensuring optimal performance, scalability, and security. As the adoption of cloud computing continues to rise, the demand for seamless multi-cloud routing and policy interconnectivity solutions is expected to further increase, presenting lucrative opportunities for vendors in this space.

The Cisco Technology Inc invention works as follows

Technologies are provided for interconnecting policies and multi-cloud routing. A method may include assigning data planes routers from different sets to traffic in a multicloud site to produce a distributed map of data plan traffic and data routers. The method may also include sending, to an on premises site in the multi cloud fabric, routing entries based on the distributed mapping, identifying for each address area which data plan router handles dataplan traffic for that space.

Background for Seamless Multi-Cloud Routing and Policy Interconnectivity

The ubiquity and accessibility of Internet-enabled gadgets has led to a huge demand for Internet content and services. In a connected world, users rely more and more on content and network services. The Internet revolution has presented significant challenges to content and service providers, who struggle to meet the demands of a large number of users without compromising on performance. Cloud providers, for example, need to build large datacenters that can handle the network and content requirements of users. These datacenters typically include server farms that are configured to host certain services. They also have numerous switches and routers, which are programmed to route traffic within the datacenter and enforce many security policies. A datacenter may be expected to handle millions in traffic and adhere to numerous security policies.

Private networks, such as those owned by enterprises and organizations, also have similar demands on computing resources and performance. Cloud providers often provide compute resources and services to meet these increasing demands. To increase their compute resources, these entities can connect a virtual network or private cloud on a cloud to their on-premises or private network. The entities can connect their on-premises or private datacenter to a remote cloud datacenter and extend their private network.

Unfortunately the lack of consistency in policy models and configuration constraints between datacenter and Cloud provider solutions severely limits an entity’s capability to integrate disparate datacenter environments and apply a consistent routing and policy model across datacenter environments. Cisco’s Application-Centric Infrastructure, a software-defined datacenter and network management solution, supports hundreds of thousands security policies. This includes 128K contract rule, 64K Internet Protocol addresses (IPs), and 4K Endpoint Groups (EPGs). Amazon Web Services, Amazon’s cloud-based public solution, has a limit of 250 security policies per endpoint. This is orders of magnitude less than the ACI. The disparate policy models, configuration restrictions and cloud-to-datacenter solutions can limit the uniformity and scalability of policies in hybrid cloud deployments.

Below, we will discuss in detail the various embodiments of this disclosure. It is important to understand that the specific implementations discussed are only for illustration. Persons skilled in the art will understand that other components or configurations can be used without departing from the scope and spirit of the disclosure. The following description and illustrations are intended to serve as examples and not limit the disclosure. To provide a complete understanding of the disclosure, many specific details are provided. In some instances, however, well-known details or conventional ones are left out of the description to avoid confusing it. Referring to one embodiment or another in the present disclosure is not necessarily a reference to the same embodiment, but can refer to any embodiment. Such references also mean that at least one embodiment has been described.

Reference to one embodiment” or ?an embodiment? It means that the feature, structure or characteristic described with respect to the embodiment is present in at least one embodiment. The phrase “in one embodiment” appears in various places throughout the specification. The phrase “in one embodiment” appears at various places throughout the specification. It does not mean that all of these references are to the same embodiment. Separate or alternative embodiments are also not mutually exclusive. “Also, certain features may only be present in some embodiments.

The terms used herein have their usual meanings within the art and the context in which they are used. The terms discussed in this document may be expressed using alternative language or synonyms. It is not important whether or how a term has been elaborated. Some synonyms are given for specific terms. The use of synonyms is not excluded by a list of one or several synonyms. Examples are provided in this specification to illustrate the meaning and scope of the disclosure. The disclosure is also not limited to the various embodiments described in this specification.

Below are examples of instruments and apparatuses, methods, and results that relate to embodiments of this disclosure. Please note that the titles and subtitles in the examples are for the reader’s convenience only, not to limit the scope. The meaning of technical and scientific words used in this document is that which would be understood by a person with ordinary knowledge in the field to which the disclosure relates, unless otherwise defined. If there is a conflict, this document will take precedence, including its definitions.

Additional features of the disclosure are described in the following description. In part, they will be evident from the description or can be learnt by applying the principles disclosed herein. Features and advantages of disclosure can be obtained and realized by using the instruments and combinations specifically mentioned in the appended claim. The following description and the appended claims will make these and other features more apparent, or they can be learned through the application of the principles herein.

OVERVIEW

Disclosed are systems, methods and computer-readable mediums for seamless routing, policy interconnectivity, and normalization of multi-cloud fabrics. In some examples, there is a method for seamless routing, policy interconnectivity, and normalization of multi-cloud fabric. This method may include assigning different data plane routing sets from a plurality to data plane traffic in a multicloud fabric cloud site associated with different address space. Multi-cloud fabrics can include one or more cloud sites, as well as on-premises locations. The different address spaces may include, for example, different private networks, virtual private clouds (VPCs), virtual networks (e.g. VNETs), network segments, network contexts and so on.

The method may also include providing to a cloud site, control plane routing entries, from a router located on an on-premises location in the multicloud fabric. The routing entries may reflect the distributed mapping between data plane traffic, data plane routers, and address spaces. They can also identify for each address area which set of data plan routers is responsible for data plane traffic in that address space. The control plane can be part of a group of control planes that reside in the cloud. These routers are configured to exchange routing information between the cloud and the on-premises sites (and/or other devices or sites in the multicloud fabric). The set of control plan routers may include two control planes per remote site within the multi-cloud fabrics. “The at least two control plan routers can include some or all of the routes within the cloud site. They can also provide redundancy in control planes and establish control plane sessions with other sites, such as Border Gateway Protocol (BGP) Sessions, to exchange routing information.

The method may also include providing updated routing information to the on-premises location in response to one of more data planes routers deployed at the cloud. The updated routing can identify one or more data plan routers as the next hop for data-plane traffic associated with an address space. The cloud site can update its table of routes and receive updated routing information from the on-premises site.

In certain cases, one or multiple data planes routers (and other data planes routers) can be deployed on demand, depending on one or several conditions. For example, traffic overload, bandwidth availability reaching a minimum threshold or maximum routing capacity exceeding a threshold or a performance requirement. One or more conditions may trigger the deployment of or deployment for one or multiple data plane routers. In some cases, a set of control planes routers may also be used as data planes routers. This can happen in conjunction with or instead of data planes routers. “For example, in place of (or additionally to) triggering deployment of one data plane router, one or several conditions could trigger the set of control plan routers to also double as data planes.

In some aspects, there is provided a system that allows seamless policy interconnectivity in multi-cloud fabric. The system may include one processor and at least one storage medium that contains instructions that, when executed by one or both of the processors, cause it to: assign different sets to data plan routers in a plurality to data traffic associated with various address spaces on a cloud-site on a multicloud fabric including one or two on-premises or cloud-sites; provide to an on premises site routing entries that reflect the distributed map of data-plane traffic and data-plane routers, and identify for each address-space which

The cloud site’s on-premises location can update its table of routes and receive updated routing information. In some cases, one or multiple data planes (or any other data plan router) can be deployed on demand, depending on one or several conditions. For example, traffic overload, reaching a minimum bandwidth threshold, reaching a maximum routing capability threshold, or meeting a performance requirement are all examples. One or more conditions may trigger the deployment or deployment one or multiple data plane routers.

The different address spaces may include, for instance, different private networks or virtual private clouds, as well as different virtual networks such as VNETs. They can also include different network segments and different network contexts. The control plane can also be part of a group of control planes configured in the cloud to exchange routing information between the on-premises location (and/or devices and sites in the multicloud fabric) and the cloud. The set of control plan routers may include two control planes per remote site within the multi-cloud fabrics. “The at least two control plan routers can include some or all of the routes within the cloud site. They can also provide control plane redundancy and establish control plane sessions with other sites, such as BGP Sessions, to exchange routing updates and information.

In some aspects, there is provided a non-transitory storage medium that can be used for seamless routing, policy interconnectivity, and normalization of multi-cloud fabrics. The non-transitory storage medium can have instructions thereon that, when executed by a processor, cause that processor to assign different sets to data plan routers in a plurality to data traffic associated with various address spaces on a cloud-site on a multicloud fabric including one or multiple on-premises or cloud-sites.

The cloud site’s on-premises location can update its table of routes and receive updated routing information. In some cases, one or multiple data planes (or any other data plan router) can be deployed on demand, depending on one or several conditions. For example, traffic overload, reaching a minimum bandwidth threshold, reaching a maximum routing capability threshold, or meeting a performance requirement are all examples. One or more conditions may trigger the deployment or deployment one or multiple data plane routers.

The different address spaces may include, for instance, different private networks or virtual private clouds, as well as different virtual networks such as VNETs. They can also include different network segments and different network contexts. The control plane can also be part of a group of control planes configured in the cloud to exchange routing information between the on-premises location (and/or devices and sites in the multicloud fabric) and the cloud. The set of control plan routers may include two control planes per remote site within the multi-cloud fabrics. “The at least two control plan routers can include some or all of the routes within the cloud site. They can also provide control plane redundancy and establish control plane sessions with other sites, such as BGP Sessions, to exchange routing updates and information.

In some aspects, the method, system, and non-transitory machine-readable medium described herein can include translating each type of private or network construct (e.g. VPC, VNET etc.). In the one- or more cloud-sites, matching a set policies and configuration settings with a particular type of virtual or private network construct (e.g. VRF) on the on-premises-site to yield a standardized private or network across the multicloud fabric.

In some aspects, the method, system, and non-transitory machine-readable medium described in the above paragraph can include normalizing multiple policy constructs within the multi-cloud fabric. In some examples the normalization of policy constructions can include mapping policy constructed in an on-premises location to respective policy structures in one or more cloud locations; translating each of the respective policies constructs into a mirror of a policy from the site on-premises that is mapped with the policy from the various policy forms; and, in response to traffic associated with endpoints within the policy from either the respective and/or one of those policy frames from the site on-premises, applying a set associated with the particular policy from

Click here to view the patent on Google Patents.