公开(公告)号：US10560421B2

公开(公告)日：2020-02-11

申请号：US15607248

申请日：2017-05-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jesus Arango ,  Vina Ermagan ,  Johnson Leong ,  Sanjay Kumar Hooda

IPC: H04B3/20 ,  H04L29/12

Abstract: A Location/Identifier Separation Protocol (LISP) mapping server, including: a network interface for communicating with a LISP-enabled network; a mapping database; a subscription database; and an overlapping subscription publication engine (OSPE) to: receive a first mapping of a first subnetwork to a first routing locator (RLOC); add the first mapping to the mapping database; receive from a first ingress tunnel router (ITR) a subscription request for an endpoint identifier (EID) within the first subnetwork; add to a first subscription entry for the first subnetwork in the subscription database a subscription for the first ITR; receive a second mapping of a second subnetwork to a second RLOC, wherein the second subnetwork overlaps the first subnetwork; add the second mapping to the mapping database; and copy at least part of the first subscription entry to a second subscription entry for the second subnetwork.

公开(公告)号：US10462007B2

公开(公告)日：2019-10-29

申请号：US15193482

申请日：2016-06-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Victor Moreno ,  Mark Montanez ,  Sridhar Subramanian

IPC: H04L29/06 ,  G06F17/30 ,  G06F15/16 ,  G06F7/04 ,  H04L12/24 ,  H04L29/08 ,  H04L12/715

Abstract: Changes are made to a virtual network for an endpoint based on the authenticated user identity of the endpoint. The system includes a server and a controller associated with a network fabric to which the endpoint is connected. The network fabric includes network elements to carry network traffic for the endpoint. The server authenticates the endpoint associated with a network address and determines a user identity of the endpoint based on the authentication. The server determines a first virtual network associated with the user identity. The controller receives a notification from the server that the network traffic for the endpoint associated with the network address is to be routed over the first virtual network. The controller updates routing information to associate the network address with the first virtual network and sends the updated routing information to the network elements of the network fabric.

公开(公告)号：US10432578B2

公开(公告)日：2019-10-01

申请号：US15276818

申请日：2016-09-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Sandesh Kumar Narappa Bheemanakone ,  Shivangi Sharma ,  Atri Indiresan ,  Kaushik Kumar Dam

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/24

Abstract: Client address based forwarding of dynamic host configuration protocol response packets may be provided. First, a first relay agent on a first network device may receive a first discovery message associated with a first client device. The first discovery message may include a first discovery message identifier field comprising a first identifier corresponding to the first client device. The first client device may be associated with a subnet. Then the first relay agent may register, with a map server, the first identifier with an address of the first network device and add a gateway address corresponding to the first relay agent to the first discovery message. Next, the first relay agent may encapsulate the first discovery message and forward the encapsulated first discovery message over a network to a border device.

公开(公告)号：US10397141B2

公开(公告)日：2019-08-27

申请号：US15721914

申请日：2017-10-01

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Atri Indiresan ,  Da-Yuan Tung ,  Kaushik Kumar Dam ,  Anand Pulicat Gopalakrishnan

IPC: H04L12/931 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06

Abstract: In one embodiment a network device includes a plurality of ports. The network device is adapted to receive at least one configuring instruction, and adapted, after receipt of any of the at least one configuring instruction, to configure one or more access ports, of the plurality of ports, for endpoint virtual local area network (VLAN) assignment that is in accordance with at least one VLAN assignment algorithm. The at least one VLAN assignment algorithm allows at least two endpoints to be assigned to at least two different respective VLANs of a plurality of VLANs in a network, the at least one VLAN assignment algorithm enabling the at least two endpoints to connect to a same access port of the one or more access ports and provide data which is not VLAN tagged when received at the same access port.

公开(公告)号：US10389594B2

公开(公告)日：2019-08-20

申请号：US15460620

申请日：2017-03-16

Applicant: Cisco Technology, Inc.

Inventor： Kiran Kumar Yedavalli ,  Shyamsundar Nandkishor Maniyar ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/70 ,  H04L12/701

Abstract: Presented herein are techniques for determining the impact a policy change might have on a network. The techniques include receiving configuration information from a plurality of network devices in a network, receiving traffic flow records from the plurality of network devices, receiving an indication of an intent to apply a new policy on the network devices, and based on the configuration information, traffic flow records and the new policy, determining an impact of the new policy on the network devices and traffic flowing through the network.

公开(公告)号：US10334445B2

公开(公告)日：2019-06-25

申请号：US14882700

申请日：2015-10-14

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Poon Kuen Leung ,  Liu Huang ,  Vishwas Vijendra Bhat ,  Shweta Arvind Saraf

IPC: H04L29/06 ,  H04W12/12 ,  H04W88/16 ,  H04W12/10 ,  H04W84/12

Abstract: A computer-implemented method is provided for a management entity to detect where a rogue access point is connected to the network infrastructure. The management entity receives from a wireless network controller an indication of an unauthorized frame wirelessly intercepted by an authorized access point. The unauthorized frame carries data between a rogue access point and a wireless client device. The rogue access point is connected to a compromised network element in a managed network at a compromised port of the compromised network element. The management entity extracts a client network address and a gateway network address from the indication of the unauthorized frame. The management entity traces a path through the managed network from a gateway network element associated with the gateway network address to the compromised network element. The management entity determines the compromised port in the compromised network element at which the rogue access point is connected.

公开(公告)号：US20180351810A1

公开(公告)日：2018-12-06

申请号：US15610475

申请日：2017-05-31

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rex Emmanuel Fernando ,  Balaji Sundararajan ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/801 ,  H04L12/931

CPC classification number: H04L47/12 ,  H04L47/25 ,  H04L47/26 ,  H04L47/263 ,  H04L47/35

Abstract: A method is described and in some embodiments includes receiving at a network element a transmission control protocol (“TCP”) packet with TCP options set on a link between a controller and a destination node; if the network element comprises a transit node, comparing a bandwidth value indicated in a TCP options field of the received TCP packet with an outgoing link bandwidth of the network element; if the bandwidth value indicated in the TCP options field is greater than the outgoing link bandwidth of the network element, updating the bandwidth value indicated in the TCP options field to be equal to the outgoing link bandwidth of the network element; and forwarding the TCP packet to a next network element. If the bandwidth value indicated in the TCP options field is not greater than the outgoing link bandwidth, the bandwidth value indicated in the TCP options field is not changed.

公开(公告)号：US09917771B2

公开(公告)日：2018-03-13

申请号：US14820636

申请日：2015-08-07

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Nalinaksh M. Pai ,  Atri Indiresan

IPC: H04L12/721 ,  H04L12/751 ,  H04L12/931 ,  H04L12/947 ,  H04L12/933 ,  H04L29/12

CPC classification number: H04L45/66 ,  H04L45/02 ,  H04L49/15 ,  H04L49/25 ,  H04L61/2007

Abstract: Methods and systems are provided for virtual expansion of a fabric network edge to include edge network devices. For example, unique virtual Internet Protocol (IP) addresses may be assigned to a plurality of L2 switches, wherein the L2 switches are connected to one or more fabric edge devices in a fabric, and wherein the L2 switches are located outside of the fabric. Next, the unique virtual IP addresses may be announced in an underlay of the fabric.

公开(公告)号：US20180069809A1

公开(公告)日：2018-03-08

申请号：US15260048

申请日：2016-09-08

Applicant: Cisco Technology, Inc.

Inventor： Anand Oswal ,  Muninder Singh Sambi ,  Sanjay Kumar Hooda

IPC: H04L12/931 ,  H04L12/46 ,  H04L29/12

CPC classification number: H04L49/351 ,  H04L12/4641 ,  H04L49/355 ,  H04L61/103 ,  H04L61/6022

Abstract: An application switch instantiates two application-side network service instances for the same application. Each network service instance is characterized by a common Internet Protocol (IP) address, a common Open Systems Interconnection (OSI) reference model layer 2 (L2) media access control (MAC) address, and a unique (for the application) supplemental L2 identifier. The application switch maintains a mapping between a {client IP address, client port} tuple and a particular instantiated network service instance based at least in part on the supplemental L2 identifier of a particular one of the instantiated first and second network service instances. When the application switch receives a client communication via an application switch client-side network, the application switch determines the particular instantiated network service instance corresponding to the { , } tuple based on the mapping, and switches the received client communication to the determined application-side network service instance.

公开(公告)号：US09800551B2

公开(公告)日：2017-10-24

申请号：US14831557

申请日：2015-08-20

Applicant: Cisco Technology, Inc.

Inventor： Ripon Bhattacharjee ,  Sanjay Kumar Hooda ,  Nalinaksh M. Pai ,  Saravanan Radhakrishnan

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/725 ,  H04L12/721

CPC classification number: H04L63/0281 ,  H04L41/5003 ,  H04L41/5096 ,  H04L43/026 ,  H04L45/306 ,  H04L45/38 ,  H04L45/72 ,  H04L63/0254 ,  H04L63/08 ,  H04L67/322 ,  H04L69/22

Abstract: Techniques for tagging packets within a network fabric. An authentication device for a network fabric receives a first packet originating from a source device, in transit to a destination device, corresponding to a first network flow. User identification information corresponding to an authenticated user of the source device is inserted into a Network Services Header of the first packet. Embodiments receive a second packet that corresponds to the first network flow at the authentication device, the second packet including service identification information within a Network Services Header of the second packet that identifies a service type of the network flow. Upon receiving a third packet for the first network flow, the authentication device inserts the user identification and the service identification information into a Network Services Header of the third packet.