Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: In general, techniques are described for an efficient exportation of metrics data within a software defined network (SDN) architecture. A network controller for a software-defined networking (SDN) architecture system comprising processing circuitry may implement the techniques. A telemetry node configured for execution by the processing circuitry may process a request by which to enable a metric group that defines a subset of metrics from a plurality of metrics to export from compute nodes. The telemetry node may also transform, based on the request to enable the metric group, the subset of the one or more metrics into telemetry exporter configuration data that configures a telemetry exporter deployed at the compute nodes to export the subset of the metrics. The telemetry node may also interface with the telemetry exporter to configure, based on the telemetry exporter configuration data, the telemetry exporter to export the subset of the metrics.

Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

Abstract: A disclosed method may include (1) querying, in connection with a monitoring service, a network device for device-specific data that identifies features of the network device, (2) determining, based at least in part on the device-specific data, identities of a set of ports on the network device, (3) identifying, based at least in part on the device-specific data, one or more port-specific data objects corresponding to the set of ports, (4) dynamically creating, based at least in part on the device-specific data, a device-visualization interface of the network device by (A) generating a graphical chassis widget that illustrates a logical view of the set of ports and (B) generating a graphical table that illustrates the port-specific data objects, and then (5) providing, in connection with the monitoring service, the device-visualization interface for presentation on a computing device. Various other systems and methods are also disclosed.

Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.

Abstract: A method includes determining, by a controller device that manages a plurality of network devices, device characteristic information for a network device of the plurality of network devices and selecting, by the controller device, one or more sensors from a plurality of sensors based on the device characteristic information for the network device. The method further includes outputting, by the controller device, an instruction to cause the network device to generate the one or more selected sensors at the network device and receiving, by the controller device, sensor information from the one or more selected sensors generated at the network device.

Abstract: A method includes determining, by a controller device that manages a plurality of network devices, device characteristic information for a network device of the plurality of network devices and selecting, by the controller device, one or more sensors from a plurality of sensors based on the device characteristic information for the network device. The method further includes outputting, by the controller device, an instruction to cause the network device to generate the one or more selected sensors at the network device and receiving, by the controller device, sensor information from the one or more selected sensors generated at the network device.

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

Abstract: A disclosed method may include (1) querying, in connection with a monitoring service, a network device for device-specific data that identifies features of the network device, (2) determining, based at least in part on the device-specific data, identities of a set of ports on the network device, (3) identifying, based at least in part on the device-specific data one or more port-specific data objects corresponding to the set of ports, (4) dynamically creating, based at least in part on the device-specific data, a device-visualization interface of the network device by (A) generating a graphical chassis widget that illustrates a logical view of the set of ports and (B) generating a graphical table that illustrates the port-specific data objects, and then (5) providing, in connection with the monitoring service, the device-visualization interface for presentation on a computing device. Various other systems and methods are also disclosed.

Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.

Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.