公开(公告)号：US10608843B2

公开(公告)日：2020-03-31

申请号：US15485673

申请日：2017-04-12

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L12/46 ,  H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.

公开(公告)号：US10579942B2

公开(公告)日：2020-03-03

申请号：US15485701

申请日：2017-04-12

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Pascal Thubert ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/46

Abstract: In one embodiment, a networking device in a local area network (LAN) receives an instruction from a server to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server for analysis. The networking device establishes the virtual network overlay in the LAN to redirect traffic associated with the particular node to the server. The networking device determines that at least a portion of the traffic associated with the particular node should be processed locally within the LAN and not via redirection to the server and adjusts the virtual network overlay to process the at least a portion of the traffic associated with the particular node locally within the LAN and not via redirection to the server.

公开(公告)号：US20190327166A1

公开(公告)日：2019-10-24

申请号：US16160481

申请日：2018-10-15

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L12/751

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

公开(公告)号：US20190281085A1

公开(公告)日：2019-09-12

申请号：US16421858

申请日：2019-05-24

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Eliot Lear ,  Brian E. Weis

IPC: H04L29/06 ,  H04L29/12

Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.

公开(公告)号：US10356124B2

公开(公告)日：2019-07-16

申请号：US15446707

申请日：2017-03-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Eliot Lear ,  Brian E. Weis

IPC: H04L29/06 ,  H04L29/12

Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.

公开(公告)号：US20190190729A1

公开(公告)日：2019-06-20

申请号：US15845170

申请日：2017-12-18

Applicant: Cisco Technology, Inc.

Inventor： Eric Levy-Abegnoli ,  Patrick Wetterwald ,  Pascal Thubert ,  Jean-Philippe Vasseur

IPC: H04L12/18 ,  H04L12/46 ,  H04L12/715 ,  H04L12/761

Abstract: In one embodiment, a cloud-based service instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the service. The service receives multicast or broadcast traffic sent by the particular node in the LAN and redirected to the service via the virtual network overlay. The service identifies a group of nodes in the network that are to receive the traffic sent by the particular node, based in part by profiling the traffic associated with the particular node. The service sends the traffic sent by the particular node to at least one networking device in the LAN with an indication of the identified group of nodes in the network that are to receive the traffic sent by the particular node. The at least one networking device forwards the traffic sent by the particular node to the nodes in the identified group.

公开(公告)号：US10320657B2

公开(公告)日：2019-06-11

申请号：US15813810

申请日：2017-11-15

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Patrick Wetterwald ,  Jean-Philippe Vasseur

IPC: H04W52/02 ,  H04L12/707 ,  H04L12/933 ,  H04L12/741 ,  H04L12/751 ,  H04W40/02 ,  H04L12/801 ,  H04W84/18 ,  H04W36/00

Abstract: In one embodiment, a device in a network receives a notification from a neighbor of the device indicative of a child node of the device requesting a parent change from the device to the neighbor. The device updates an existing routing path from the device to the child node to be routed through the neighbor, in response to receiving the notification from the neighbor. The device receives an instruction to remove the updated routing path from the device to the child node through the neighbor. The device removes the updated routing path from the device to the child node, in response to receiving the instruction to remove the updated routing path.

公开(公告)号：US20190132784A1

公开(公告)日：2019-05-02

申请号：US15795637

申请日：2017-10-27

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W40/22 ,  H04W40/12 ,  H04W40/24 ,  H04W56/00 ,  H04W72/04 ,  H04L12/723

CPC classification number: H04W40/22 ,  H04L45/50 ,  H04W40/12 ,  H04W40/246 ,  H04W56/001 ,  H04W72/0426 ,  H04W72/044 ,  H04W84/105 ,  H04W84/18 ,  H04W88/04 ,  H04W92/18

Abstract: In one illustrative example, one or more controllers may be configured to perform a path selection procedure for selecting a connection path for multi-hop device-to-device (D2D) communications. Identifiers of candidate D2D device pairings from D2D peer discovery performed by a plurality of UEs served in a plurality of base stations and link quality data associated with each candidate D2D device pairings are obtained. D2D network topology map data including a plurality of link-state relationships are generated based on the identifiers of candidate D2D device pairings. A plurality of connection paths of UEs are computed based on the generated link-state relationships and the link quality data, where each computed connection path includes UEs indicated as required nodes and at least one UE indicated as a candidate relay node. An optimal connection path that satisfies a latency parameter is selected from the plurality of computed connection paths (e.g. based on a shortest path first or SPF algorithm). The selected connection path may be part of an operational control loop for low latency, deterministic D2D communications.

公开(公告)号：US20190124093A1

公开(公告)日：2019-04-25

申请号：US15788861

申请日：2017-10-20

Applicant: Cisco Technology, Inc.

Inventor： Govind P. Sharma ,  Gilles Rhéal Roy ,  Eric Levy-Abegnoli ,  Ajay Kumar Modi ,  Sridhar Vallepalli

IPC: H04L29/06

Abstract: Theft detection in data center networks may be provided. First, a first leaf switch may create an entry in a first distributed secure cache in response to an endpoint appearing on the first leaf switch. The entry may correspond to the endpoint and may be marked as having a tentative state. Then a request message may be sent to a plurality of leaf switches. The request message may comprise data identifying the endpoint. Next, a reply message may be received in response to the request message from a second leaf switch within the plurality of leaf switches. The tentative state may then be removed from the entry in response to the reply message indicating that the endpoint is valid.

公开(公告)号：US20180124632A1

公开(公告)日：2018-05-03

申请号：US15498715

申请日：2017-04-27

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W28/02 ,  H04L12/823 ,  H04L5/00 ,  H04L12/931

CPC classification number: H04L5/0055 ,  H04L1/00 ,  H04L1/06 ,  H04L47/34 ,  H04L49/201 ,  H04L67/12 ,  H04W28/0263 ,  H04W84/18 ,  H04W88/00

Abstract: In one embodiment, a supervisory device in a network forms a virtual access point (VAP) for a node in the network whereby a plurality of access points (APs) in the network are mapped to the VAP as part of a VAP mapping. The node treats the APs in the VAP mapping as a single AP for purposes of communicating with the network. The supervisory device determines a data traffic management strategy for the node based on traffic associated with the node. The supervisory device instructs the APs in the VAP mapping to implement the data traffic management strategy for the node.