公开(公告)号：US12021748B2

公开(公告)日：2024-06-25

申请号：US17390677

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anoop Vetteth ,  Himanshu Mehra ,  Rajeev Kumar

IPC: H04L12/721 ,  H04L12/26 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L45/00

CPC classification number: H04L45/70 ,  H04L43/0829 ,  H04L43/0858 ,  H04L43/087

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network edge device can determine at least a first path and a second path for routing a data packet. The network edge device can obtain a first plurality of values for at least one network metric, wherein the first plurality of values corresponds to the first path and at least a first backup path associated with the first path. The network edge device can obtain a second plurality of values for the at least one network metric, wherein the second plurality of values corresponds to the second path and at least a second backup path associated with the second path. The network edge device can select one of the first path or the second path for routing the data packet based on a comparison of the first plurality of values and the second plurality of values.

公开(公告)号：US20240171457A1

公开(公告)日：2024-05-23

申请号：US18426498

申请日：2024-01-30

Applicant: Cisco Technology, Inc.

Inventor： Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Shree N. Murthy ,  Sonal Prem Kumar Chhabria ,  Akshay Dorwat

IPC: H04L41/0813 ,  H04L12/46 ,  H04L67/306

CPC classification number: H04L41/0813 ,  H04L12/4641 ,  H04L67/306 ,  H04L2212/00

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

公开(公告)号：US20240073127A1

公开(公告)日：2024-02-29

申请号：US17897634

申请日：2022-08-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/00 ,  H04L45/12

CPC classification number: H04L45/38 ,  H04L45/126 ,  H04L45/22

Abstract: Techniques for a Software-Defined Networking (SDN) controller associated with a multisite network to implement jurisdictional data sovereignty polices in a multisite network, route network traffic flows between user sites and destination services over one or more provider sites, and/or perform a routing operation on the network traffic flow(s) based on the jurisdictional data sovereignty policies. The jurisdictional data sovereignty polices may be implemented using destination group tags (DGTs) and/or source group tags (SGTs). A secure access service edge (SASE) associated with the network controller may generate, store, and distribute the DGTs to provider sites and/or the SGTs to user sites. Based on the SGT and/or DGT associated with a network traffic flow, one or more services may be applied to the network traffic flow, and the network traffic flow may be routed through a particular region of a software-defined access (SDA) transit.

公开(公告)号：US11909591B2

公开(公告)日：2024-02-20

申请号：US18322236

申请日：2023-05-23

Applicant: Cisco Technology, Inc.

Inventor： Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Shree N. Murthy ,  Sonal Prem Kumar Chhabria ,  Akshay Dorwat

IPC: H04L41/0813 ,  H04L12/46 ,  H04L67/306

CPC classification number: H04L41/0813 ,  H04L12/4641 ,  H04L67/306 ,  H04L2212/00

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

公开(公告)号：US20240056412A1

公开(公告)日：2024-02-15

申请号：US17886942

申请日：2022-08-12

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Denis Neogi

IPC: H04L61/103 ,  H04L61/5084 ,  H04L12/46

CPC classification number: H04L61/103 ,  H04L61/5084 ,  H04L12/4633

Abstract: Techniques and architecture are described for service and/or application specific underlay path selection in fabric access networks. An egress tunnel router (ETR) registers service requirements of a connected application server, e.g., an end point known by host/device detection, config, or CDC type protocols, to a fabric control plane, e.g., a map server/map resolver (MSMR). The fabric control plane, while replying to a map request from an ingress tunnel router (ITR), sends service parameters in the map reply. While installing a tunnel forwarding path in hardware, i.e., map cache, the ITR may utilize a probing mechanism to ensure that the ITR chooses the right underlay adjacency, e.g., routing locator(s) (RLOC(s)), that can satisfy the service requirements provided by the fabric control plane. Only RLOC(s) that comply with the service requirements are installed in the map cache along with the required service parameters.

公开(公告)号：US20240031333A1

公开(公告)日：2024-01-25

申请号：US18478942

申请日：2023-09-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam ,  Vikram Vikas Pendharkar ,  Anoop Vetteth ,  Solomon T. Lucas

IPC: H04L9/40

CPC classification number: H04L63/0227 ,  H04L47/825

Abstract: This disclosure describes techniques to operate a control plane in a network fabric. The techniques include determining a stateless rule corresponding to communication between a first segment of the network fabric and a second segment of the network fabric. The techniques further include configuring the control plane to enforce the stateless rule.

公开(公告)号：US11863521B2

公开(公告)日：2024-01-02

申请号：US17486501

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Rajeev Kumar ,  Sanjay Kumar Hooda ,  Ramesh Chandra Yeevani-Srinivas

IPC: H04L61/5014

CPC classification number: H04L61/5014

Abstract: Automated techniques for converting network devices from a Layer 2 (L2) network into a Layer 3 (L3) network in a hierarchical manner are described herein. The network devices may be configured to boot such that their ports are in an initialization mode in which the ports are unable to transmit locally generated DHCP packets. When a network device detects that a neighbor (or “peer”) device has acquired an IP address or has been configured by a network controller, then the port on which the neighbor device is detected can then be transitioned from the initialization mode into a forwarding mode. In the forwarding mode, the port can be used to transmit packets to obtain an IP address. Thus, the network devices are converted from an L2 device to an L3 device in a hierarchical order such that upstream devices are discovered and converted into L3 devices before downstream devices.

公开(公告)号：US11838779B2

公开(公告)日：2023-12-05

申请号：US17556765

申请日：2021-12-20

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Sanjay Kumar Hooda ,  Venkatesh Ramachandra Gota ,  Chandramouli Balasubramanian ,  Anand Oswal

IPC: H04W24/08 ,  H04W28/02 ,  H04W36/22 ,  H04W28/24 ,  H04W48/06

CPC classification number: H04W24/08 ,  H04W28/0221 ,  H04W28/0284 ,  H04W28/0289 ,  H04W28/24 ,  H04W36/22 ,  H04W48/06

Abstract: Systems and methods for managing traffic in a hybrid environment include monitoring traffic load of a local network to determine whether the traffic load exceeds or is likely to exceed a maximum traffic load, where the maximum traffic load is a traffic load for which a service can be provided by the local network, based on a license. An excess traffic load is determined if the traffic load exceeds or is likely to exceed the maximum traffic load. One or more external networks which have a capacity to provide the service to the excess traffic load are determined, to which the excess traffic load is migrated. The local network includes one or more service instances for providing the service for up to the maximum traffic load, and the service to the excess traffic load is provided by one or more additional service instances in the one or more external networks.

公开(公告)号：US11818096B2

公开(公告)日：2023-11-14

申请号：US17084453

申请日：2020-10-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam ,  Vikram Vikas Pendharkar ,  Anoop Vetteth ,  Solomon T Lucas

IPC: H04L41/0894 ,  H04L9/40 ,  H04L47/70

CPC classification number: H04L63/0227 ,  H04L47/825 ,  H04L2212/00

Abstract: This disclosure describes techniques to operate a control plane in a network fabric. The techniques include determining a stateless rule corresponding to communication between a first segment of the network fabric and a second segment of the network fabric. The techniques further include configuring the control plane to enforce the stateless rule.

公开(公告)号：US20230344898A1

公开(公告)日：2023-10-26

申请号：US18106304

申请日：2023-02-06

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L41/0893 ,  H04L45/76 ,  H04L67/1001 ,  H04L67/51 ,  H04L41/122

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.