公开(公告)号：US20250126091A1

公开(公告)日：2025-04-17

申请号：US18909072

申请日：2024-10-08

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ajeet Pal Singh Gill ,  Sampath Sthothra Bhasham ,  Satish Kumar Mahadevan ,  Madhusudan V. Gindi ,  Tahir Ali

IPC: H04L61/256 ,  H04L12/46

Abstract: A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.

公开(公告)号：US20250071060A1

公开(公告)日：2025-02-27

申请号：US18409701

申请日：2024-01-10

Applicant: Cisco Technology, Inc.

Inventor： Steven Wood ,  Balaji Sundararajan ,  Laxmikantha Reddy Ponnuru ,  Avinash Shah ,  Pritam Baruah ,  Venkatesh Nataraj ,  Ganesh Devendrachar

IPC: H04L45/76 ,  H04L12/46

Abstract: Generally, Software-Defined Wide Area Networks (SD-WAN) generally do not support network segmentation. The concepts disclosed herein connects IPSec SD-WAN fabric to a Virtual Routing and Forwarding (VRF) router and make use of a Software Defined Cloud Interconnect (SDCI) Router to route traffic from IPSec SD-WAN to various cloud services from the SDCI Router in the fabric. The concepts disclosed herein also provides for tunnel multi-plexing that takes incoming and outgoing traffic and maps VPNs to any service VRF associated with the cloud based services.

公开(公告)号：US20250062986A1

公开(公告)日：2025-02-20

申请号：US18386203

申请日：2023-11-01

Applicant: Cisco Technology, Inc.

Inventor： Syed Arslan Ahmed ,  Raj Venkatesan ,  Ashish Sood ,  Balaji Sundararajan ,  Mahalakshmi Rajaram ,  Yogesh Mittal ,  Ankur Bhargava

IPC: H04L45/302 ,  H04L45/00 ,  H04L45/02

Abstract: This disclosure describes techniques for improving routing policy awareness in a network. The method includes detecting, by a controller, an application initiated for use at an edge node of a network. Then, generating, by an analytics engine coupled to the controller, analytical data of traffic flow at the edge node of the network wherein the traffic flow is in accordance with a routing policy for routing traffic associated with the application. Further, routing of the traffic through a path from one or more paths configured at the edge node that is in accordance with at least a Service Level Agreement (SLA) for traffic flow. Also, in response to an SLA violation during routing of the traffic, causing an action, by the controller, of routing traffic flow through another path that is in accordance with at least the SLA for traffic flow based on analytical data received of the traffic flow.

公开(公告)号：US12231444B2

公开(公告)日：2025-02-18

申请号：US18415423

申请日：2024-01-17

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L9/40 ,  G06F9/455 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

公开(公告)号：US12199942B1

公开(公告)日：2025-01-14

申请号：US18484897

申请日：2023-10-11

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ajeet Pal Singh Gill ,  Sampath Sthothra Bhasham ,  Satish Kumar Mahadevan ,  Madhusudan V. Gindi ,  Tahir Ali

IPC: G06F15/16 ,  H04L12/46 ,  H04L61/256

Abstract: A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.

公开(公告)号：US12192179B2

公开(公告)日：2025-01-07

申请号：US17817479

申请日：2022-08-04

Applicant: Cisco Technology Inc.

Inventor： Balaji Sundararajan ,  Venkatesh Gota B R ,  Sireesha Yeruva ,  Chandramouli Balasubramanian ,  Anand Oswal

IPC: H04L9/40 ,  H04L1/18 ,  H04L45/00 ,  H04L69/22

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

公开(公告)号：US20250007951A1

公开(公告)日：2025-01-02

申请号：US18215644

申请日：2023-06-28

Applicant: Cisco Technology, Inc.

Inventor： Prab Radhakrishnan ,  Balaji Sundararajan ,  Ram Dular Singh ,  Vishnuprasad Raghavan

IPC: H04L9/40 ,  H04L45/42

Abstract: Techniques for extending application-aware routing (AAR) policies to enable intelligent routing decisions based on device security posture. The techniques may include receiving, from a client device, traffic that is to be sent over a network to an application and determining a security score associated with the traffic. The security score may be based on a security posture associated with the client device, a security level associated with a connectivity network used by the client device, and the like. The techniques may also include determining, based at least in part on the security score and based at least in part on an application-aware routing policy, a path for sending the traffic to the application.

公开(公告)号：US20240348554A1

公开(公告)日：2024-10-17

申请号：US18133975

申请日：2023-04-12

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ganesh Devendrachar ,  Avinash Shah ,  Preety Mordani ,  Satyajit Das ,  Michael John Moskal

IPC: H04L47/43 ,  H04L47/36

CPC classification number: H04L47/43 ,  H04L47/36

Abstract: Techniques are described for avoiding data packet fragmentation in a routing device such as a router or network switch. Path Maximum Transport Unit (PMTU) values are monitored for a plurality of egress links of a networking device. A statistical analysis of fragmentation rates is performed. The statistical analysis can be performed on a per-link basis, per-flow basis or both per-link and per-flow basis. If the packet fragmentation rate of data flows through a particular egress link exceeds a determined threshold value, one or more data flows can be re-routed to a different egress link having a higher PMTU, thereby preventing data packet fragmentation.

公开(公告)号：US12081417B2

公开(公告)日：2024-09-03

申请号：US18166765

申请日：2023-02-09

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ankush Verma ,  Bhavana Malhotra Bodas ,  Kaushik Pratap Biswas ,  Chandramouli Balasubramanian ,  Anirudh Ramnath Ramakrishna ,  Madhuri Kolli

IPC: G06F9/455 ,  H04L41/5041 ,  H04L67/10

CPC classification number: H04L41/5041 ,  H04L67/10

Abstract: Methods, systems, and non-transitory computer-readable media are provided for deploying intent-driving cloud branches. An example method can include obtaining, by one or more controllers in a software-defined network (SDN), a branch network design template for deploying a remote branch in the SDN, wherein the branch network design template defines networking settings for a plurality of services to be provisioned at the remote branch; obtaining, by the one or more controllers, a plurality of software packages for the plurality of services to be provisioned at the remote branch; and based on the branch network design template and the plurality of software packages, provisioning, by the one or more controllers, the plurality of services at the remote branch and a network connectivity of the plurality of services.

公开(公告)号：US11962498B1

公开(公告)日：2024-04-16

申请号：US18208000

申请日：2023-06-09

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ramakumara Kariyappa ,  Nithin Bangalore Raju ,  Bhairav Dutia ,  Vivek Agarwal ,  Satish Kumar Mahadevan ,  Ankur Bhargava

IPC: H04L45/586 ,  H04L45/748 ,  H04L61/5061

CPC classification number: H04L45/586 ,  H04L45/748 ,  H04L61/5061

Abstract: Symmetric networking techniques disclosed herein can be applied by gateway routers in cloud networks. The techniques can ensure that both outbound traffic received at a cloud from a branch device and return traffic directed from the cloud back to the branch device are processed by a same gateway router. The gateway router can use network address translation to insert IP addresses from an inside pool and an outside pool assigned to the router.