-
公开(公告)号:US20210152516A1
公开(公告)日:2021-05-20
申请号:US16685969
申请日:2019-11-15
Applicant: Cisco Technology, Inc.
Inventor: Victor Manuel Moreno , Sanjay Kumar Hooda
Abstract: This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.
-
公开(公告)号:US10887175B2
公开(公告)日:2021-01-05
申请号:US16502554
申请日:2019-07-03
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Syam Sundar V Appala , Kaushik Kumar Dam , Vimarsh Puneet
Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.
-
公开(公告)号:US10673737B2
公开(公告)日:2020-06-02
申请号:US15955493
申请日:2018-04-17
Applicant: Cisco Technology, Inc.
Inventor: Atri Indiresan , Roberto Kobo , Sanjay Kumar Hooda , Akshay Sunil Dorwat
IPC: H04W56/00 , H04L12/715 , H04L12/723 , H04L29/12 , H04L12/721 , H04L12/713
Abstract: Multi-VRF universal device Internet Protocol (IP) address for fabric edge devices may be provided. This address may be used to send and receive packets in a connectivity message for all VRFs on a fabric edge device. First, a request packet may be created by a first network device in response to receiving a connectivity message. The request packet may have a source address corresponding to an address of the first network device and a destination address corresponding to an address of a first client device. Next, the first network device may encapsulate the request packet. The first network device may then forward the encapsulated request packet to a second network device associated with the first client device.
-
104.发明申请公开(公告)号:US20200162467A1
公开(公告)日:2020-05-21
申请号:US16368695
申请日:2019-03-28
Applicant: Cisco Technology, Inc.
Inventor: Parag M. Panse , Brian Russell Kean , Sanjay Kumar Hooda
Abstract: Present technology is directed to a system and method for implementing an offline scheme to automatically and efficiently transform a set of conventional IP-based Access Control Entries in a supplied configuration into compressed form that can then be represented as Object-Group based Access Control Entries. The compression is performed on contiguous blocks of the supplied Access Control List having a common prescribed filtering access. The compression is performed by iteratively selecting a data field with mismatching data values across the ACEs and merging the data values into a corresponding data field of the output ACE. The common values of other data fields are then imported to the corresponding data fields of the output ACE. The process is repeated in an iterative manner by assigning a different data field as the selected data field for each iteration round.
-
105.发明申请公开(公告)号:US20190327150A1
公开(公告)日:2019-10-24
申请号:US16502554
申请日:2019-07-03
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Syam Sundar V Appala , Kaushik Kumar Dam , Vimarsh Puneet
Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.
-
Patent Agency Ranking
公开(公告)号:US20190319871A1
公开(公告)日:2019-10-17
申请号:US15955493
申请日:2018-04-17
Applicant: Cisco Technology, Inc.
Inventor: Atri Indiresan , Roberto Kobo , Sanjay Kumar Hooda , Akshay Sunil Dorwat
IPC: H04L12/715 , H04L12/723 , H04L12/713 , H04L12/721 , H04L29/12
Abstract: Multi-VRF universal device Internet Protocol (IP) address for fabric edge devices may be provided. This address may be used to send and receive packets in a connectivity message for all VRFs on a fabric edge device. First, a request packet may be created by a first network device in response to receiving a connectivity message. The request packet may have a source address corresponding to an address of the first network device and a destination address corresponding to an address of a first client device. Next, the first network device may encapsulate the request packet. The first network device may then forward the encapsulated request packet to a second network device associated with the first client device.
-
公开(公告)号:US10298717B2
公开(公告)日:2019-05-21
申请号:US15368633
申请日:2016-12-04
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Sanjay Kumar Hooda , Sarath Gorthi Subrahmanya
IPC: H04L12/46 , H04L29/08 , H04L12/715
Abstract: Aspects of the embodiments are directed to a network element that is configured for receiving, from an access point, a data packet originating from a client, the data packet comprising a packet header that comprises a packet header augmented with context information; decapsulating the packet header to identify the context information; applying a client-specific policy on the packet based, at least in part, on the context information; and forwarding the packet to a next hop in the network. The network element can be part of a network, such as a datacenter fabric architecture.
-
公开(公告)号:US20190020489A1
公开(公告)日:2019-01-17
申请号:US15649479
申请日:2017-07-13
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Victor Manuel Moreno , Shyam Kapadia , Sanjay Kumar Hooda
CPC classification number: H04L12/18 , H04L12/4633 , H04L41/0893 , H04L45/16 , H04L45/20 , H04L69/03
Abstract: A Location/Identifier Separation Protocol (LISP) mapping server, including: a network interface for communicating with a LISP-enabled network; a mapping database; an extranet policy table; and a shared subnetwork mapping engine (SSME), including at least a hardware platform, configured to: receive a map request from a first endpoint serviced by a first xTR, the first endpoint on a first subnetwork, the map request for a second endpoint; determine that the second endpoint is not a member of the first subnetwork; query the extranet policy table to identify a second subnetwork that the first subnetwork subscribes to, and to determine that the second endpoint is a member of the second subnetwork; and provide to the first subnetwork a routing locator (RLOC) of an xTR servicing the second endpoint.
-
公开(公告)号:US20180367328A1
公开(公告)日:2018-12-20
申请号:US15792180
申请日:2017-10-24
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Prakash C. Jain , Rishabh Parekh , Atri Indiresan , Satish Kondalam , Victor Moreno
CPC classification number: H04L12/1886 , H04L12/1818 , H04L12/185 , H04L45/48 , H04L45/74 , H04L47/2416 , H04L61/103 , H04L61/2069 , H04L61/2084 , H04L65/1093
Abstract: A method including determining that network traffic being transmitted is unicast or multicast; mapping to which virtual network and locator address each host belongs; generating leaking data for unicast and multicast traffic, wherein the leaking data indicates that a first virtual network leaks traffic to a second virtual network; receiving a request from the second virtual network to receive traffic from a host in the first virtual network; determining, based on the leaking data and the type of traffic being transmitted, if the first virtual network leaks traffic to the second virtual network; if the first virtual network leaks traffic to the second virtual network, determining a locator address for the host in the first virtual network using the mapping data; and transmitting the locator address for the host to the second virtual network to enable traffic leaking from the host to the second virtual network is disclosed.
-
公开(公告)号:US20180270133A1
公开(公告)日:2018-09-20
申请号:US15460620
申请日:2017-03-16
Applicant: Cisco Technology, Inc.
CPC classification number: H04L41/0893 , H04L41/0853 , H04L43/026 , H04L43/08 , H04L45/00 , H04L47/00
Abstract: Presented herein are techniques for determining the impact a policy change might have on a network. The techniques include receiving configuration information from a plurality of network devices in a network, receiving traffic flow records from the plurality of network devices, receiving an indication of an intent to apply a new policy on the network devices, and based on the configuration information, traffic flow records and the new policy, determining an impact of the new policy on the network devices and traffic flowing through the network.
-
-
-
-
-
-
-
-
-
Search Results
214
records
(took 0.022 seconds)
