公开(公告)号：US20250047684A1

公开(公告)日：2025-02-06

申请号：US18924631

申请日：2024-10-23

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells

IPC: H04L9/40 ,  H04L41/0894 ,  H04L67/14

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US20240364628A1

公开(公告)日：2024-10-31

申请号：US18769185

申请日：2024-07-10

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla ,  Ian James Wells

IPC: H04L45/74 ,  H04L69/165

CPC classification number: H04L45/74 ,  H04L69/165

Abstract: Techniques for NAT-based steering of traffic in cloud-based networks. The techniques may include establishing, by a frontend node of a network, a connection with a client device. The frontend node may receive, via the connection, a packet including an indication of an identity of a service hosted on a backend node of the network. Based at least in part on the indication, the frontend node may establish a second connection with the backend node. Additionally, the frontend node may store a mapping indicating that packets received from the client device are to be sent to the backend node. The techniques may also include receiving another packet at the frontend node or another frontend node of the network. Based at least in part on the mapping, the frontend node or other frontend node may alter one or more network addresses of the other packet and forward it to the backend node.

公开(公告)号：US20230224248A1

公开(公告)日：2023-07-13

申请号：US17572320

申请日：2022-01-10

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla ,  Ian James Wells

IPC: H04L45/74 ,  H04L69/165

CPC classification number: H04L45/74 ,  H04L69/165

Abstract: Techniques for NAT-based steering of traffic in cloud-based networks. The techniques may include establishing, by a frontend node of a network, a connection with a client device. The frontend node may receive, via the connection, a packet including an indication of an identity of a service hosted on a backend node of the network. Based at least in part on the indication, the frontend node may establish a second connection with the backend node. Additionally, the frontend node may store a mapping indicating that packets received from the client device are to be sent to the backend node. The techniques may also include receiving another packet at the frontend node or another frontend node of the network. Based at least in part on the mapping, the frontend node or other frontend node may alter one or more network addresses of the other packet and forward it to the backend node.

公开(公告)号：US20220271920A1

公开(公告)日：2022-08-25

申请号：US17324876

申请日：2021-05-19

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L9/08 ,  H04L9/30

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US20220091836A1

公开(公告)日：2022-03-24

申请号：US17028715

申请日：2020-09-22

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: G06F8/65 ,  H04L29/08

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：US12081530B2

公开(公告)日：2024-09-03

申请号：US18234247

申请日：2023-08-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L9/40 ,  H04L9/32 ,  H04L12/46

CPC classification number: H04L63/0478 ,  H04L9/321 ,  H04L12/4633 ,  H04L63/08

Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.

公开(公告)号：US11765146B2

公开(公告)日：2023-09-19

申请号：US17002170

申请日：2020-08-25

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L9/40 ,  H04L12/46 ,  H04L9/32

CPC classification number: H04L63/0478 ,  H04L9/321 ,  H04L12/4633 ,  H04L63/08

Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.

公开(公告)号：US20230281100A1

公开(公告)日：2023-09-07

申请号：US17686206

申请日：2022-03-03

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Viktor Mats Emanuel Leijon ,  Arghya Mukherjee

IPC: G06F11/34 ,  G06F11/30 ,  G06F11/32 ,  G06F11/07

CPC classification number: G06F11/3414 ,  G06F11/3051 ,  G06F11/327 ,  G06F11/0772 ,  G06F11/0754

Abstract: Techniques are described for configuring and using analytics for requested software components deployed within cloud-based and other distributed computing environments. An orchestration system may determine particular analytics for a requested component implemented within a computing environment, based on the deployed workloads and/or computing resources on which the requested component was deployed. In conjunction with orchestration of the requested component, the orchestration system may determine the associated performance metrics, including particular telemetry metrics and/or composite metrics, based on the orchestration of the requested component. The orchestration system also may manage the presentation of the performance analytics for the requested component, including customized dashboards with component-specific metrics and/or alerts to target devices associated with the requested component.

公开(公告)号：US11418394B1

公开(公告)日：2022-08-16

申请号：US17469670

申请日：2021-09-08

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: G06F15/173 ,  H04L41/0823 ,  H04L41/12 ,  H04L45/64 ,  H04L45/586 ,  H04L41/14

Abstract: Techniques and mechanisms for using a domain-specific language (DSL) to express overall network behaviors by describing what network-level behavior is desired. A compiler breaks down the DSL into portions of executable code that are to be run at different network devices and locations of the network architecture. In some instances, the executable code output from the compiler may be used to determine what network functions, network devices, and/or network topology is required to implement the overall network behavior that is desired. In other examples, an inventory and/or topology of available network devices may be fed into the compiler, and the compiler may compile the DSL into executable code that is able to be supported by the inventory and/or topology of available network devices. Thus, the DSL can be used to describe overall network behaviors to easily generate executable code that is used to implement a desired network-level behavior.

公开(公告)号：US11381526B2

公开(公告)日：2022-07-05

申请号：US16406872

申请日：2019-05-08

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells

IPC: H04L49/90 ,  H04L47/74 ,  H04L47/78 ,  H04L47/70 ,  H04L49/50

Abstract: Multi-tenant optimized serverless placement using network interface card and commodity storage may be provided. A first request to execute a first function may be received. Next, it may be determined to execute the first function at a first network interface card. The first network interface card may include a plurality of processors. Then, a container may be created at the first network interface card. The container may have at least one processor of the plurality of processors. The first function may be executed at the container.