DATA-PLANE APPROACH FOR POLICY CONFIGURATION

Organization Name

VMware, Inc.

Inventor(s)

VASANTHA KUMAR Dhanasekar of Pune (IN)

DIMITRIOS Sikeridis of Mountain Veiw CA (US)

SHIRISH Vijayvargiya of Pune (IN)

SRIRAM Gopalakrishnan of Pune (IN)

DATA-PLANE APPROACH FOR POLICY CONFIGURATION

This abstract first appeared for US patent application 18230695 titled 'DATA-PLANE APPROACH FOR POLICY CONFIGURATION

Original Abstract Submitted

Example methods and systems for policy configuration using a data-plane approach are described. In one example, a first computer system may detect first data- plane packet(s) for establishing a connection between (a) a first virtualized computing instance and (b) a second computer system from which a resource is accessible. The first computer system may extract, from the first data-plane packet(s), parameter information associated with the connection; and configure a policy that is applicable for access control of the resource based on the parameter information. In response to detecting second data-plane packet(s) to access the resource, the computer system may apply the policy to allow or block forwarding of the second data-plane packet towards the second computer system. The second data-plane packet may originate from (a) the first virtualized computing instance or (b) a second virtualized computing instance supported by the first computer system.