US 12,170,581 B2
Scalable distribution of identity information in overlay networks with identity-based policies
Bala Gautama, San Jose, CA (US); Arivu Mani Ramasamy, San Jose, CA (US); Venkata Sarat Kumar Vajrapu, Bengaluru (IN); Arun Kumar Palani, Bangalore (IN); Anil Kumar Reddy Sirigiri, Bangalore (IN); and Nagaraj A. Bagepalli, Fremont, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Dec. 22, 2022, as Appl. No. 18/145,096.
Prior Publication US 2024/0214242 A1, Jun. 27, 2024
Int. Cl. H04L 69/22 (2022.01); H04L 12/46 (2006.01)
CPC H04L 12/4633 (2013.01) [H04L 69/22 (2013.01); H04L 2212/00 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
determining, by a network controller of a first network, that a first user has been associated with an Internet Protocol (IP) address of the first network, wherein the first network is an overlay network;
identifying a first site of the first network to which the first user corresponds based on the IP address associated with the first user;
determining identity information of the user and a first index of the first user based on at least one of the IP address associated with the first user and an identifier of the first user;
filtering a plurality of identity-based policies maintained by the network controller with the identity information of the first user to determine a subset of the plurality of identity-based policies that are applicable to the first user, wherein each of the subset of identity-based policies that is applicable to the first user indicates at least a subset of the identity information; and
communicating, by the network controller, the IP address and identity information of the first user, the subset of identity-based policies, and the first index to a first network device located at the first site of the first network.