公开(公告)号：US20220360528A1

公开(公告)日：2022-11-10

申请号：US17308224

申请日：2021-05-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L12/741 ,  H04L29/06

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US11496589B2

公开(公告)日：2022-11-08

申请号：US17097709

申请日：2020-11-13

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Ramesh Yeevani-Srinivas

IPC: G06F15/173 ,  H04L67/51 ,  H04L65/1073

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：US20220272033A1

公开(公告)日：2022-08-25

申请号：US17185279

申请日：2021-02-25

Applicant: Cisco Technology, Inc.

Inventor： Prakash Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Saravanan Radhakrishnan ,  Solomon T. Lucas ,  Ramesh Yeevani-Srinivas

IPC: H04L12/717 ,  H04L12/725 ,  H04L12/715 ,  H04L12/713 ,  H04L12/26 ,  H04L12/46

Abstract: A map server/map resolver (MS/MR) of a Locator ID Separation Protocol (LISP) control plane for an enterprise private network for group-based service insertion is described. The MS/MR may facilitate communications from a first host having a first endpoint ID (EID) and located at a first tunnel router having a first routing locator (RLOC), to a second host having a second EID and located at a second tunnel router having a second RLOC. The MS/MR receives, from the first tunnel router, a map request for requesting an EID-to-RLOC mapping associated with the second EID and including a group identifier. The MS/MR selects a service insertion policy including an address of a service border router for a service that is registered with the MS/MR, and responds with a map reply including the address for populating an overlay route for forwarding communications via the service border router for insertion of the registered service.

公开(公告)号：US11374980B1

公开(公告)日：2022-06-28

申请号：US16746167

申请日：2020-01-17

Applicant: Cisco Technology, Inc.

Inventor： Syam Sundar V Appala ,  Rex Emmanuel Fernando ,  Sanjay Kumar Hooda

IPC: H04L9/40 ,  H04L41/0893 ,  H04L41/12

Abstract: A plurality of policies to be enforced in a network environment via a plurality of devices are determined. A topology of the plurality of devices within the network environment is also determined. For each policy of the plurality of policies, a device of the plurality of devices is selected as the location at which to enforce the policy of the plurality of policies. Selecting the device for each policy of the plurality of policies includes correlating the policy of the plurality of policies with another of the plurality of policies and correlating the policy of the plurality of policies with the topology.

公开(公告)号：US20220191199A1

公开(公告)日：2022-06-16

申请号：US17118061

申请日：2020-12-10

Applicant: Cisco Technology, Inc.

Inventor： Muninder Sambi ,  Anand Oswal ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L12/46

Abstract: Cloud delivered access may be provided. A network device may provide a client device with a pre-authentication virtual network and a pre-authentication address. Next, a policy may be received in response to the client device authenticating. The client device may then be moved to a post-authentication virtual network based on the policy. A post-authentication address may then be obtained for the client device in response to moving the client device to a post-authentication virtual network. Traffic for the client device may then be translated to the post-authentication address.

公开(公告)号：US20220141181A1

公开(公告)日：2022-05-05

申请号：US17084453

申请日：2020-10-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam ,  Vikram Vikas Pendharkar ,  Anoop Vetteth ,  Solomon T Lucas

IPC: H04L29/06

Abstract: This disclosure describes techniques to operate a control plane in a network fabric. The techniques include determining a stateless rule corresponding to communication between a first segment of the network fabric and a second segment of the network fabric. The techniques further include configuring the control plane to enforce the stateless rule.

公开(公告)号：US11316782B2

公开(公告)日：2022-04-26

申请号：US16864402

申请日：2020-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vikram Vikas Pendharkar

IPC: H04L12/721 ,  H04L12/18 ,  H04L12/751 ,  H04L45/00 ,  H04L45/02

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：US11223564B2

公开(公告)日：2022-01-11

申请号：US16567324

申请日：2019-09-11

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Roberto Mitsuo Kobo ,  Sanjay Kumar Hooda ,  Anton Smirnov

IPC: H04L12/803 ,  H04L12/931 ,  H04L29/12 ,  H04L12/939

Abstract: In one embodiment, a method comprises receiving traffic to send from a router to a host in the fabric edge network, wherein the fabric edge network comprises a plurality of switches and an inter-switch link (ISL); and sending the traffic from the router to the host via at least one of the switches based on the downlink connectivity of the host. Sending the traffic from the router to the host is performed without sending the traffic through the ISL. Sending the traffic from the router to the host comprises sending the traffic through the ISL when there is a link failure on a path between the router and the host.

公开(公告)号：US20220006738A1

公开(公告)日：2022-01-06

申请号：US17476462

申请日：2021-09-15

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/747 ,  H04L12/813 ,  H04L12/741 ,  H04L12/715 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US20210344565A1

公开(公告)日：2021-11-04

申请号：US17377378

申请日：2021-07-16

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.