公开(公告)号：US10417025B2

公开(公告)日：2019-09-17

申请号：US14684363

申请日：2015-04-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Louis Gwyn Samuel ,  Kevin D. Shatzkamer

IPC: H04L12/70 ,  G06F9/455 ,  H04L29/08 ,  H04W4/60

Abstract: A method is provided in one example embodiment and may include communicating information between a plurality of network function virtualized (NFV) based applications; and creating at least one service chain using at least two of the plurality of NFV-based applications based on the information communicated between the plurality NFV based applications. In some instances, the information can be communicated using border gateway protocol (BGP) exchanges between the NFV-based applications. In some instances, the information can include at least one of: next-hop address information for one or more ingress points of a particular NFV-based application; one or more capabilities by which a particular NFV-based application can receive data on one or more ingress points; and a method by which one or more egress points of a previous NFV-based application in a particular service chain is to perform load balancing for a subsequent NFV-based application in the particular service chain.

公开(公告)号：US20180367621A1

公开(公告)日：2018-12-20

申请号：US15627084

申请日：2017-06-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper

IPC: H04L29/08

Abstract: In one embodiment, secure service chaining can be implemented efficiently for content delivery systems. An orchestrator can determine a service chain for processing a request from a client for content. The orchestrator can determine a capability identifying nodes of the service chain. The orchestrator can then transmit, to the client, a redirect message having the capability, wherein the redirect message redirects the request to a first node of the service chain. The nodes of the service chain can verify the capability and carry out the service chain. Service functions can be applied to the traffic flow associated with delivering the content to the user.

公开(公告)号：US20180302877A1

公开(公告)日：2018-10-18

申请号：US15486143

申请日：2017-04-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Aeneas Sean Dodd-Noble ,  Sape Jurriën Mullender ,  Timothy P. Stammers ,  Konstantin Livanos

IPC: H04W68/02 ,  H04W8/08 ,  H04L29/06

CPC classification number: H04W68/02 ,  H04L63/0281 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/123 ,  H04W8/08 ,  H04W76/10 ,  H04W84/00 ,  H04W88/02

Abstract: A method is provided in one example embodiment and may include receiving, by a mobility management frontend, an attach request for a user equipment (UE) to attach the UE to a core network slice type for a mobile core Software Defined Network (SDN) infrastructure, wherein a plurality of core network slice types are available for the mobile core SDN infrastructure to receive traffic from a plurality of UEs; determining a particular core network slice type within the mobile core SDN infrastructure to serve the UE based on subscriber information associated with the UE; selecting a particular slice instance of the particular core network slice type to receive traffic for the UE; and forwarding traffic for the UE between a Radio Access Network (RAN) and the particular slice instance by the mobility management frontend.

公开(公告)号：US10084703B2

公开(公告)日：2018-09-25

申请号：US15143253

申请日：2016-04-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Hendrikus G. P. Bosch ,  Kent K. Leung ,  Abhijit Patra

IPC: H04L12/741 ,  H04L12/935 ,  H04L12/743 ,  H04L12/701

CPC classification number: H04L45/74 ,  H04L45/00 ,  H04L45/7453 ,  H04L49/3009

Abstract: A method is provided in one example embodiment and includes receiving at a network element a packet including a Network Services Header (“NSH”), in which the NSH includes an Infrastructure (“I”) flag and a service path header comprising a Service Index (“SI”), and a Service Path ID (“SPI”) and determining whether the I flag is set to a first value. The method further includes, if the I flag is set to the first value, setting the I flag to a second value and forwarding the packet to the service function that corresponds to the SI for processing. The method still further includes, if the I flag is not set to the first value, decrementing the SI and making a forwarding decision based on a new value of the SI and the SPI.

公开(公告)号：US10063468B2

公开(公告)日：2018-08-28

申请号：US14997212

申请日：2016-01-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco

IPC: H04L12/50 ,  H04L12/721 ,  H04L12/741

CPC classification number: H04L45/38 ,  H04L45/745

Abstract: Particular embodiments described herein provide for a communication system that can be configured for receiving, at a network element, a flow offload decision for a first service node. The flow offload decision can include a portion of a service chain for processing a flow and updating next hop flow based routing information for the flow. A next hop in the flow can insert flow specific route information in its routing tables to bypass a packet forwarder serving the service that offloaded the flow in the reverse direction.

公开(公告)号：US09826025B2

公开(公告)日：2017-11-21

申请号：US13898932

申请日：2013-05-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08 ,  H04L12/715 ,  H04L12/751

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

公开(公告)号：US09479534B2

公开(公告)日：2016-10-25

申请号：US14522064

申请日：2014-10-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

Abstract translation: 在一个实施例中，提供了一种用于实现网络之间的带内数据交换的方法。 该方法可以包括通过位于第一网络中的第一包络代理接收在客户端和服务器之间建立的SSL会话的至少一个常规安全套接字层（SSL）记录; 从位于所述第一网络中的网元接收所述数据; 将数据编码成至少一个自定义SSL记录; 以及将所述至少一个常规SSL记录和所述至少一个定制SSL记录发送到包络代理。 在另一个实施例中，一种方法可以包括：在客户端和服务器之间建立的SSL会话接收至少一个常规安全套接字层（SSL）记录和至少一个定制SSL记录; 从至少一个自定义SSL提取数据; 发送所述至少一个常规SSL记录。

公开(公告)号：US09374297B2

公开(公告)日：2016-06-21

申请号：US14108994

申请日：2013-12-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  James N. Guichard ,  David D. Ward ,  Alessandro Duminuco ,  Rex E. Fernando ,  Paul Quinn

IPC: G06F15/173 ,  H04L12/733 ,  H04L12/707 ,  H04L12/713 ,  H04L12/715 ,  H04L12/703

CPC classification number: H04L45/20 ,  H04L45/04 ,  H04L45/24 ,  H04L45/28 ,  H04L45/586

Abstract: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.

Abstract translation: 在一个示例实施例中提供了示例性方法，并且包括从服务链的服务区的前一跳路由器接收会话的分组; 记录会话的上一跳路由器; 确定使用负载平衡来服务所述服务区中的分组的设备; 记录在服务区域中为会话服务的设备身份; 使用负载平衡确定所述分组的服务链中的下一跳路由器; 并为会话记录下一跳路由器。

公开(公告)号：US20150334027A1

公开(公告)日：2015-11-19

申请号：US14285843

申请日：2014-05-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Ian McDowell Campbell ,  Humberto J. La Roche ,  James N. Guichard ,  Surendra M. Kumar ,  Paul Quinn ,  Alessandro Duminuco ,  Jeffrey Napper ,  Ravi Shekhar

IPC: H04L12/851 ,  H04W72/04 ,  H04L12/801

CPC classification number: H04L47/2408 ,  H04L45/38 ,  H04L47/12 ,  H04L47/14 ,  H04W72/0493 ,  H04W88/16

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

公开(公告)号：US20150271203A1

公开(公告)日：2015-09-24

申请号：US14522064

申请日：2014-10-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.