公开(公告)号：US20220159083A1

公开(公告)日：2022-05-19

申请号：US17097709

申请日：2020-11-13

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Ramesh Yeevani-Srinivas

IPC: H04L29/08 ,  H04L29/06

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：US20220131898A1

公开(公告)日：2022-04-28

申请号：US17569285

申请日：2022-01-05

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: G06F21/41 ,  H04L47/125

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US11258621B2

公开(公告)日：2022-02-22

申请号：US16897110

申请日：2020-06-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Kedar Sudhir Karmarkar ,  Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda

IPC: H04L12/18 ,  H04L12/741 ,  H04L12/46 ,  H04L12/761 ,  H04L12/751 ,  H04L45/745 ,  H04L45/16 ,  H04L45/02

Abstract: This technology enables directed broadcasts in network fabrics. To enable a directed broadcast, a control plane node is configured to resolve directed broadcast addresses by mapping the directed broadcast address to a subnet address associated with the network fabric. A fabric border node receives a directed broadcast, extracts a destination address associated with the directed broadcast, and transmits a request to the control plane node to resolve the destination address. The control plane node retrieves the stored mapping and generates a map reply to the fabric border node with a multicast destination comprising the network fabric subnet address. The fabric border node encapsulates the directed broadcast with a header comprising the multicast destination and forwards the encapsulated directed broadcast to fabric edge nodes, which decapsulate the directed broadcast and deliver a data set from the directed broadcast to appropriate end point devices.

公开(公告)号：US20210368004A1

公开(公告)日：2021-11-25

申请号：US17397269

申请日：2021-08-09

Applicant: Cisco Technology, Inc.

Inventor： Prakash Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam

IPC: H04L29/08 ,  H04L12/721

Abstract: Presented herein are techniques to provide an endpoint in a multi-site Software-defined network (SDN) fabric with an Internet access route that is optimal for the specific site in which the endpoint is located. In particular, a control plane node in a first site of a multi-site SDN fabric registers a border node in the first site as a Default Egress Tunnel Router (ETR) for Internet access or unknown endpoint identifier (EID) of the first site. The first site includes at least one endpoint. The control plane node receives a request for Internet access for the at least one endpoint and provides a dynamically-selected Internet access route via a same or different virtual instance (e.g., Virtual Routing and Forwarding (VRF) function(s), Virtual Private Network(s) (VPNs), Virtual Networks (VNs), etc.) for Internet traffic sent by the at least one endpoint.

公开(公告)号：US20210344591A1

公开(公告)日：2021-11-04

申请号：US16864402

申请日：2020-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vikram Vikas Pendharkar

IPC: H04L12/721 ,  H04L12/18 ,  H04L12/751

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：US11115426B1

公开(公告)日：2021-09-07

申请号：US16219596

申请日：2018-12-13

Applicant: Cisco Technology, Inc.

Inventor： Rajesh S. Pazhyannur ,  Manoj Gupta ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L12/26 ,  H04W12/00

Abstract: Distributed packet capture for network anomaly detection may be provided. An anomaly may be detected at a first network device of a plurality of network devices. One or more target network devices of the plurality of network devices may be identified based on a property associated with the anomaly. A set of packets may be received from the one or more target network devices. A source of the anomaly may be determined based on the received set of packets.

公开(公告)号：US20210083933A1

公开(公告)日：2021-03-18

申请号：US16571365

申请日：2019-09-16

Applicant: Cisco Technology, Inc.

Inventor： Oliver James Bull ,  Rex Emmanuel Fernando ,  Anand Oswal ,  Kausik Majumdar ,  Darren Russell Dukes ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/813 ,  H04L12/851 ,  H04L12/815

Abstract: An enterprise controller of an enterprise network sends to a service gateway of a service provider network a request for network slice information about network slices provisioned on a data plane of the service provider network. Responsive to the sending, the enterprise controller receives from the service gateway the network slice information including identifiers of and properties associated with the network slices. Responsive to receiving a request for the network slice information from a network device at a border of a forwarding plane of the enterprise network, the enterprise controller sends the network slice information to the network device to cause the network device to perform configuring network traffic in the forwarding plane with identifiers of ones of the network slices that match the network traffic, and to perform forwarding the network traffic configured with the identifiers to the data plane of the service provider network.

公开(公告)号：US20210075728A1

公开(公告)日：2021-03-11

申请号：US16567324

申请日：2019-09-11

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Roberto Mitsuo Kobo ,  Sanjay Kumar Hooda ,  Anton Smirnov

IPC: H04L12/803 ,  H04L12/931 ,  H04L12/939 ,  H04L29/12

Abstract: In one embodiment, a method comprises receiving traffic to send from a router to a host in the fabric edge network, wherein the fabric edge network comprises a plurality of switches and an inter-switch link (ISL); and sending the traffic from the router to the host via at least one of the switches based on the downlink connectivity of the host. Sending the traffic from the router to the host is performed without sending the traffic through the ISL. Sending the traffic from the router to the host comprises sending the traffic through the ISL when there is a link failure on a path between the router and the host.

公开(公告)号：US10791004B2

公开(公告)日：2020-09-29

申请号：US16173487

申请日：2018-10-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand Jain ,  Sanjay Kumar Hooda ,  Victor M. Moreno ,  Satish Kumar Kondalam

IPC: G06F15/177 ,  H04L12/46 ,  H04L12/741 ,  H04L12/713 ,  H04L12/715

Abstract: In one example, a router is configured to process communications according to a tunneling protocol to provide network overlay tunnels to facilitate virtual private networks (VPNs) for hosts, and to process communications associated with an external network with use of a provider virtualization routing and forwarding (VRF) instance. With use of a subscription function, the router receives an initial set of extranet VPN prefixes associated with the network overlays for storage in association with the provider VRF, as well as regularly receive publications of updates to extranet VPN prefixes associated with the network overlays. With use of a route obtaining function, the router, in response to receiving a communication associated with one of the stored extranet VPN prefixes at the provider VRF, sends to a communications management server a message indicating request for a host-to-router mapping and receive from the communications management server a reply including the host-to-router mapping.

公开(公告)号：US20200177503A1

公开(公告)日：2020-06-04

申请号：US16535519

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Anil Edathara ,  Munish Mehta

IPC: H04L12/715 ,  H04L12/46

Abstract: Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.