ENHANCED VISIBILITY AND FORWARDING IN A TELCOMMUNICATION DATA CENTER FABRIC

In current telecommunication (telco) deployments, data center networks do not have visibility into subscriber traffic and cannot apply functions related to the subscriber traffic. Techniques presented herein provide for a methodology through which a General Packet Radio Service (GPRS) Tunneling Protocol (GTP) tunnel ID (TEID) in a packet GTP header can be used as endpoint security group classification criteria. Classifying packets into security groups may allow for aggregating subscriber mobile traffic and for facilitating the enforcement of granular policies

GROUP-BASED POLICIES FOR MICRO-SEGMENTATION WITH STANDARD VIRTUAL EXTENSIBLE LOCAL AREA NETWORK (VXLAN) OVERLAY

Standard Virtual Extensible Local Area Network (VXLAN) headers do not provide the space to carry policy information from ingress Network Virtual Ethernet (NVE) devices to egress NVE devices. The option to provide the bits/bytes to carry this information is provided with different header formats, however, some bases are unable to parse these other frame formats. According to techniques described herein, group-based policies may be implemented over standard VXLAN overlays, thereby eliminating the cost of implementing custom protocol modifications and helping data center customers by remaining with their existing fabrics without costly upgrades