公开(公告)号：US20230269139A1

公开(公告)日：2023-08-24

申请号：US18304890

申请日：2023-04-21

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  H04L12/4641 ,  G06F9/45558 ,  H04L12/4633 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US11729280B2

公开(公告)日：2023-08-15

申请号：US18045202

申请日：2022-10-10

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Ramesh Yeevani-Srinivas

IPC: G06F15/173 ,  H04L67/51 ,  H04L65/1073

CPC classification number: H04L67/51 ,  H04L65/1073

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：US20230254250A1

公开(公告)日：2023-08-10

申请号：US17665868

申请日：2022-02-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vinay Saini

IPC: H04L45/745

CPC classification number: H04L45/745

Abstract: Techniques and architecture are described that utilize network address translation (NAT) based on a group tag such that legacy and third-party devices may utilize and apply “subnet” based policies, thereby allowing the subnet based policies to be as effective as “group” based policies. In particular, a subnet may be applied to a group tag where the group tag is not understandable outside an access network such as, for example, a fabric network. Thus, when a packet originates from a fabric network utilizing group tags representing source groups of endpoints and is destined for a legacy or a third-party device-based network that does not utilize and/or understand group tags, then the group is converted into a subnet. Since that subnet is different from the source host within the fabric network, network address translation (NAT) is utilized.

公开(公告)号：US20230198902A1

公开(公告)日：2023-06-22

申请号：US17558247

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： Balaji Pitta Venkatachalapathy ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L45/748

CPC classification number: H04L45/748

Abstract: Techniques for dynamically adapting a router capacity to system needs in a network. The border router may receive a list of summarized prefixes for endpoint devices associated with the router from control-plane nodes. The router may store the list of summarized prefixes in memory of the border router. Once the router receives traffic that is destined for endpoint devices associated with the border router, it may determine that the destination address is included in the summarized prefixes. In some examples, the router may download complete prefixes from the control-plane nodes, and forward the traffic to the destination address indicated by the complete prefixes.

公开(公告)号：US20230114157A1

公开(公告)日：2023-04-13

申请号：US18045202

申请日：2022-10-10

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Ramesh Yeevani-Srinivas

IPC: H04L67/51 ,  H04L65/1073

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：US20230100682A1

公开(公告)日：2023-03-30

申请号：US17486501

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Rajeev Kumar ,  Sanjay Kumar Hooda ,  Ramesh Chandra Yeevani-Srinivas

IPC: H04L29/12

Abstract: Automated techniques for converting network devices from a Layer 2 (L2) network into a Layer 3 (L3) network in a hierarchical manner are described herein. The network devices may be configured to boot such that their ports are in an initialization mode in which the ports are unable to transmit locally generated DHCP packets. When a network device detects that a neighbor (or “peer”) device has acquired an IP address or has been configured by a network controller, then the port on which the neighbor device is detected can then be transitioned from the initialization mode into a forwarding mode. In the forwarding mode, the port can be used to transmit packets to obtain an IP address. Thus, the network devices are converted from an L2 device to an L3 device in a hierarchical order such that upstream devices are discovered and converted into L3 devices before downstream devices.

公开(公告)号：US20230017053A1

公开(公告)日：2023-01-19

申请号：US17375748

申请日：2021-07-14

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L12/713 ,  H04L12/741 ,  H04L12/725 ,  H04L12/715

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US11516184B2

公开(公告)日：2022-11-29

申请号：US16561360

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam

IPC: H04L9/40 ,  H04L61/25 ,  H04L45/02 ,  H04W76/22 ,  G06F21/50 ,  H04W36/00 ,  H04W36/14

Abstract: Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.

公开(公告)号：US11502959B2

公开(公告)日：2022-11-15

申请号：US16950315

申请日：2020-11-17

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Karthik Kumar Thatikonda ,  Denis Neogi ,  Rajeev Kumar

IPC: H04L47/20 ,  H04L61/58 ,  H04L67/63 ,  H04L43/026 ,  H04L45/74 ,  H04L45/745 ,  H04L47/32 ,  H04L61/103

Abstract: A traffic flow based map cache refresh may be provided. A computing device may receive a dropped packet message when a packet associated with a flow having a destination and a source was dropped before it reached the destination. Next, in response to receiving the dropped packet message, a map request message may be sent to a Map Server (MS). In response to sending the map request message, a map response message may be received indicating an updated destination for the flow. A map cache may then be refreshed for the source of the flow based on the updated destination from the received map response message.

公开(公告)号：US20220173999A1

公开(公告)日：2022-06-02

申请号：US17672278

申请日：2022-02-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Kedar Sudhir Karmarkar ,  Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda

IPC: H04L45/16 ,  H04L45/74

Abstract: This technology enables directed broadcasts in network fabrics. A control plane node is configured to resolve directed broadcast addresses by mapping the directed broadcast address to a subnet address. A fabric border node receives a directed broadcast, extracts a destination address, and transmits a request to the control plane node to resolve the destination address. The control plane node retrieves the stored mapping and generates a map reply with a multicast destination. The fabric border node encapsulates and forwards the directed broadcast to fabric edge nodes, which decapsulate the directed broadcast and deliver a data set from the directed broadcast to appropriate end point devices. Each fabric edge node may be enabled to determine if the fabric edge node may be connected to a silent host and, based on that determination, request the fabric border node to be added to the multicast destination to receive the directed broadcast.