公开(公告)号：US10069762B1

公开(公告)日：2018-09-04

申请号：US15446802

申请日：2017-03-01

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Kaushik Kumar Dam ,  Sandesh Kumar Narappa Bheemanakone ,  Victor M. Moreno ,  Shivangi Sharma

IPC: H04H20/71 ,  H04L12/931 ,  H04W72/12 ,  H04W74/00

Abstract: Group based multicasts may be provided. First, a request may be received. The request may comprise a receiver tag, a request source identifier, and a request multicast group identifier. Next, a source tag corresponding to the request source identifier may be obtained and then it may be determined that a group corresponding to the receiver tag is allowed to access content from a source corresponding to the obtained source tag. In response to determining that the group corresponding to the receiver tag is allowed to access content from the source corresponding to the obtained source tag, content may be received from the source at a multicast group corresponding to the request multicast group identifier. The content may then be forwarded to a receiver corresponding to the request.

公开(公告)号：US20180176218A1

公开(公告)日：2018-06-21

申请号：US15384365

申请日：2016-12-20

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

公开(公告)号：US20180091471A1

公开(公告)日：2018-03-29

申请号：US15276818

申请日：2016-09-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Sandesh Kumar Narappa Bheemanakone ,  Shivangi Sharma ,  Atri Indiresan ,  Kaushik Kumar Dam

IPC: H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L12/46

CPC classification number: H04L61/2015 ,  H04L12/4633 ,  H04L41/046 ,  H04L61/6022

Abstract: Client address based forwarding of dynamic host configuration protocol response packets may be provided. First, a first relay agent on a first network device may receive a first discovery message associated with a first client device. The first discovery message may include a first discovery message identifier field comprising a first identifier corresponding to the first client device. The first client device may be associated with a subnet. Then the first relay agent may register, with a map server, the first identifier with an address of the first network device and add a gateway address corresponding to the first relay agent to the first discovery message. Next, the first relay agent may encapsulate the first discovery message and forward the encapsulated first discovery message over a network to a border device.

公开(公告)号：US09641462B2

公开(公告)日：2017-05-02

申请号：US13868214

申请日：2013-04-23

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sanjay Kumar Hooda ,  Pags Krishnamoorthy ,  Shreeram Bhide ,  Sridhar Subramanian

IPC: G06F15/177 ,  H04L12/931 ,  H04W40/24

CPC classification number: H04L49/65 ,  H04W40/24

Abstract: Accelerating network convergence may be provided. Consistent with embodiments of the disclosure, a mapping server may be configured to map an interconnection of various network elements comprising at least the following: a wireless host, at least two access switches, a plurality of distribution switches, a core switch, a mobility controller, and a mapping database. The mapping server may then receive an indication from the mobility controller that the wireless host has roamed from a first access switch to a second access switch. In response to the indication, the mapping server may remap the interconnection of network elements in the mapping database to update network routing information associated with the wireless host.

公开(公告)号：US09219687B2

公开(公告)日：2015-12-22

申请号：US13839159

申请日：2013-03-15

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Rajagopalan Janakiraman ,  Vinay Parameswarannair ,  Vijay Sampath

IPC: H04L12/801 ,  H04L12/931 ,  H04L12/721

CPC classification number: H04L47/12 ,  H04L45/66 ,  H04L49/70

Abstract: Embodiments provide techniques for optimizing paths in a network environment with a virtual network device that includes a first physical network device and a second physical network device, connected using a virtual network device layer link. Embodiments receive a first data packet belonging to a first data flow, at the first physical network device, from the second physical network device, over the virtual network device layer link. An adjacent network device from which the second physical network device received the first data packet is determined. Embodiments also determine one or more links connecting the first physical network device and the adjacent network device. A network message is transmitted to the adjacent network device, where the adjacent network device is configured to transmit subsequent data packets from the first data flow to the virtual network device, using only the determined one or more links, responsive to receiving the network message.

Abstract translation: 实施例提供了利用包括使用虚拟网络设备层链路连接的第一物理网络设备和第二物理网络设备的虚拟网络设备来优化网络环境中的路径的技术。 实施例通过虚拟网络设备层链路从第二物理网络设备接收属于第一物理网络设备的第一数据流的第一数据包。 确定第二物理网络设备从其接收到第一数据分组的相邻网络设备。 实施例还确定连接第一物理网络设备和相邻网络设备的一个或多个链路。 将网络消息发送到相邻网络设备，其中相邻网络设备被配置为仅响应于接收到该网络消息而使用所确定的一个或多个链路，将后续数据分组从第一数据流发送到虚拟网络设备。

公开(公告)号：US20250080474A1

公开(公告)日：2025-03-06

申请号：US18241079

申请日：2023-08-31

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Sanjay Kumar Hooda ,  Sonal Prem Kumar Chhabria

IPC: H04L47/74 ,  H04L41/0604 ,  H04L47/80

Abstract: Techniques that include a network that is configured in the first mode of a reactive mode to respond to a client attempting to access an endpoint of the network by providing information to be sent to a map server and by checking whether at least an IP address associated with the client corresponds to a registration produced for the client by a wireless controller. Further, the network is configured in a second mode of a proactive mode to determine based on a count maintained by a wireless controller of a number of client IP addresses whether to allow access or not to allow access to one or more clients to the network.

公开(公告)号：US20250039144A1

公开(公告)日：2025-01-30

申请号：US18919222

申请日：2024-10-17

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Prakash C. Jain

IPC: H04L9/40 ,  H04L45/745

Abstract: Techniques and architecture are described for providing a service, e.g., a security service such as a firewall, across different virtual networks/VRFs/VPN IDs. The techniques and architecture provide modifications in enterprise computing fabrics by modifying pull-based overlay protocols such as, for example, locator/identifier separation protocol (LISP), border gateway protocol ethernet virtual private network (BGP EVPN), etc. A map request carries additional information to instruct a map-server that even though mapping (destination prefix and firewall service RLOC for the destination) is known within the map-server's own virtual network/VRF for firewall service insertion, the map-server still should do a lookup across virtual networks/VRFs and discover the final destination's DGT (destination group tag) and include that in the map reply.

公开(公告)号：US12170614B2

公开(公告)日：2024-12-17

申请号：US18545931

申请日：2023-12-19

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L45/586 ,  H04L12/46 ,  H04L45/00 ,  H04L45/02 ,  H04L45/302

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US20240396945A1

公开(公告)日：2024-11-28

申请号：US18791151

申请日：2024-07-31

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Mitsuo Kobo ,  Rajagopal Venkatraman

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5007 ,  H04L61/5014

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US20240314036A1

公开(公告)日：2024-09-19

申请号：US18677720

申请日：2024-05-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L41/0893 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.