公开(公告)号：US20240244029A1

公开(公告)日：2024-07-18

申请号：US18153930

申请日：2023-01-12

Applicant: Cisco Technology, Inc.

Inventor： Amjad Inamdar ,  Syed Arslan Ahmed ,  Anoop V A

IPC: H04L61/2567 ,  H04L9/40 ,  H04L61/256

CPC classification number: H04L61/2567 ,  H04L61/2564 ,  H04L63/061 ,  H04L63/0876

Abstract: A method of implementing controller-based distributed remote access may include connecting a plurality of edge devices to a controller via a network. The plurality of edge devices may perform hole punching to traverse a network address translation (NAT) gateway to create a NAT hole. The method may also include connecting a client device to the controller. The client device may be directly connected to one of the plurality of edge devices via the NAT hole in the network. The method may further include directly connecting the client device to one of the plurality of edge devices by receiving a query from the client device and returning public IP/ports of a most relevant edge device to the client device, the most relevant edge device being based on attributes of the client device, attributes of the plurality of edge devices, or combinations thereof.

公开(公告)号：US20180191669A1

公开(公告)日：2018-07-05

申请号：US15398601

申请日：2017-01-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Robert Edgar Barton ,  Patrick Grossetete ,  Laurent Aubert ,  Frederic Detienne ,  Graham Bartlett ,  Amjad Inamdar

IPC: H04L29/12 ,  H04L12/751

CPC classification number: H04L45/02 ,  H04L61/251 ,  H04L61/6068

Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.

公开(公告)号：US20250106170A1

公开(公告)日：2025-03-27

申请号：US18472052

申请日：2023-09-21

Applicant: Cisco Technology, Inc.

Inventor： Avinash Shah ,  Pritam Baruah ,  Jai Prakash Agrawal ,  Amjad Inamdar

IPC: H04L47/34 ,  H04L41/14

Abstract: Disclosed are systems, apparatuses, methods, computer readable medium, and circuits for ordering services in a service chain comprising: receiving, at an edge router, one or more data packets; determining, at the edge router, a sequence order of service chain elements for the one or more data packets based upon an established sequence, the sequence order modifies the established sequence to performing an altering service that alters a payload of the one or more packets prior to one or more remaining services that inspect the one or more packets; transmitting and receiving, by the edge router in the sequence order, the one or more data packets to and from the service chain elements; transmitting, by the edge router, the one more data packets to a destination after a last of the service chain elements has been performed.

公开(公告)号：US20250106150A1

公开(公告)日：2025-03-27

申请号：US18472011

申请日：2023-09-21

Applicant: Cisco Technology, Inc.

Inventor： Avinash Shah ,  Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Latika Ahuja ,  Jai Prakash Agrawal

IPC: H04L45/00 ,  H04L9/40

Abstract: A system facilitates communication between branches of an SD-WAN and a service chain element. A hub node receives a data packet of a flow from a source branch over a VPN segment to be transmitted to a destination branch, extracts flow information from the data packet including VPN segment information to be stored in a flow table before transmitting the data packet to the service chain element over a service chain VPN. Upon return of the data packet from the service chain element, the hub node uses packet tuple information to retrieve the flow information with VPN segment information from the flow table. The hub node can then forward the data packet to the destination branch over the VPN segment. The hub node can generate and store an Auto Service Chaining Key that connects bidirectional flows so that the hub node can apply service-chaining to bidirectional traffic.

公开(公告)号：US20240348549A1

公开(公告)日：2024-10-17

申请号：US18356853

申请日：2023-07-21

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Samir D. Thoria

IPC: H04L47/2408 ,  H04L45/24

CPC classification number: H04L47/2408 ,  H04L45/24

Abstract: The present disclosure is directed to making service-chains routable and intent-based within an enterprise network. In one aspect, a method for simplifying steering of network traffic includes receiving an intent-based description of one or more services to be applied to the network traffic; defining a type for a service chain that includes the one or more services based on the intent-based description, the type serving as an address for the service chain for routing the network traffic to and from the one or more service included in the service chain; implementing the service chain at one or more network hubs; and implementing a traffic steering policy in the network for steering the network traffic to the one or more network hubs to be serviced by the one or more services.

公开(公告)号：US11258694B2

公开(公告)日：2022-02-22

申请号：US15398601

申请日：2017-01-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Robert Edgar Barton ,  Patrick Grossetete ,  Laurent Aubert ,  Frederic Detienne ,  Graham Bartlett ,  Amjad Inamdar

IPC: H04L12/751 ,  H04L29/12 ,  H04L45/02 ,  H04L61/251 ,  H04L101/668

Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.

公开(公告)号：US20210226782A1

公开(公告)日：2021-07-22

申请号：US16749299

申请日：2020-01-22

Applicant: Cisco Technology, Inc.

Inventor： Lionel Florit ,  Scott Roy Fluhrer ,  Amjad Inamdar ,  David Arthur McGrew

IPC: H04L9/08 ,  H04L9/32 ,  G06N10/00 ,  H04L9/30

Abstract: Presented herein are methodologies for establishing secure communications in a post-quantum computer context. The methodology includes receiving, from a first communications device, at a second communications device, a secret seed value, or otherwise obtaining the secret seed value; initializing a session key service with the secret seed value; receiving, from the first communications device, at the second communications device, a pre-shared key identifier; querying the session key service for a pre-shared key corresponding the pre-shared key identifier; receiving, from the session key service, the pre-shared key; deriving a session key based, at least in part, on the pre-shared key; receiving from the first communications device, at the second communications device, data encrypted with the session key; and decrypting the data at the second communications device using the session key.

公开(公告)号：US20250106149A1

公开(公告)日：2025-03-27

申请号：US18471931

申请日：2023-09-21

Applicant: Cisco Technology, Inc.

Inventor： Avinash Shah ,  Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Latika Ahuja ,  Jai Prakash Agrawal

IPC: H04L45/00 ,  H04L9/40 ,  H04L45/745

Abstract: A system facilitates communication between branches of an SD-WAN and a service chain element. A hub node receives a data packet of a flow from a source branch over a VPN segment to be transmitted to a destination branch, extracts flow information from the data packet including VPN segment information to be stored in a flow table before transmitting the data packet to the service chain element over a service chain VPN. Upon return of the data packet from the service chain element, the hub node uses packet tuple information to retrieve the flow information with VPN segment information from the flow table. The hub node can then forward the data packet to the destination branch over the VPN segment. The hub node can generate and store an Auto Service Chaining Key that connects bidirectional flows so that the hub node can apply service-chaining to bidirectional traffic.

公开(公告)号：US20240348536A1

公开(公告)日：2024-10-17

申请号：US18348065

申请日：2023-07-06

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Avinash Shah ,  Jai Prakash Agrawal

IPC: H04L45/247 ,  H04L45/28

CPC classification number: H04L45/247 ,  H04L45/28

Abstract: One or more aspects of the present disclosure are directed to providing a single hierarchical construct for defining requirements (connectivity parameters) of a service in a service chain. In one aspect, a single construct for identifying a service in a service chain includes a first object identifying at least one path for accessing an instance of the service within a communication network, a second object identifying a respective communication protocol for the at least one path; and a third object identifying at least a transmission specification for the respective communication protocol in the second object, wherein the second object and the third object are embedded within the first object.

公开(公告)号：US11909872B2

公开(公告)日：2024-02-20

申请号：US18054219

申请日：2022-11-10

Applicant: Cisco Technology, Inc.

Inventor： Amjad Inamdar ,  Lionel Florit ,  Eric Voit ,  Sujal Sheth ,  Chennakesava Reddy Gaddam

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/0852 ,  H04L9/0827 ,  H04L9/0869 ,  H04L9/304

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.