公开(公告)号：US20220329606A1

公开(公告)日：2022-10-13

申请号：US17846381

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L9/40 ,  H04L45/00 ,  H04L9/32 ,  H04L9/08

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

公开(公告)号：US11282160B2

公开(公告)日：2022-03-22

申请号：US16817390

申请日：2020-03-12

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Russell Paul Gyurek ,  Frank Brockners

IPC: G06T1/20 ,  G06F9/50 ,  G06F9/38 ,  G06F9/54 ,  G06F15/80

Abstract: A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.

公开(公告)号：US11277442B2

公开(公告)日：2022-03-15

申请号：US16712584

申请日：2019-12-12

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06 ,  H04L61/103

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder.

公开(公告)号：US11196634B2

公开(公告)日：2021-12-07

申请号：US16728323

申请日：2019-12-27

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L12/24 ,  H04W84/18 ,  H04L12/721 ,  H04L12/751 ,  H04W40/24

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.

公开(公告)号：US11082540B2

公开(公告)日：2021-08-03

申请号：US16231301

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/713 ,  H04L12/46

Abstract: In one embodiment, network operations are improved by performing updating operations data in an operations data field associated with the header of a particular protocol during the processing of a different protocol. A particular multiple-protocol (MP) packet is received by a particular network node in a network. The particular MP packet includes multiple protocol headers, including a first protocol header associated with a first protocol and a second protocol header associated with a second protocol. Further, the second protocol header associated with a second operations data field. During protocol processing of the first protocol on the particular MP packet, the second operations data field updated with particular operations data. The particular MP packet is sent from the particular network node, with said sent particular MP packet including said updated second operations data field with particular operations data.

公开(公告)号：US20200336360A1

公开(公告)日：2020-10-22

申请号：US16839273

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： David D. Ward ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/24 ,  H04L12/54 ,  H04L29/06 ,  H04L12/26 ,  H04L12/46 ,  H04L12/723

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

公开(公告)号：US20200322145A1

公开(公告)日：2020-10-08

申请号：US16784025

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32

Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.

公开(公告)号：US10742551B2

公开(公告)日：2020-08-11

申请号：US15188810

申请日：2016-06-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sashank Venkata Krishna Dara ,  Shwetha Subray Bhandari ,  Frank Brockners

IPC: H04L12/733 ,  H04L29/06 ,  H04L12/749 ,  H04L12/721 ,  H04L12/715 ,  H04L12/751 ,  H04L12/717

Abstract: Aspects of the embodiments are directed to systems, apparatuses and methods performed at a network element. Embodiments include receiving a packet; identifying a hop number for the network element; identifying a unique identifier for the network element; determining a path identifier based on the hop number and the unique identifier; augmenting the packet metadata with the path identifier; and transmitting the packet to a next network element.

公开(公告)号：US10582027B2

公开(公告)日：2020-03-03

申请号：US15844741

申请日：2017-12-18

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Frank Brockners ,  Akshaya Nadahalli ,  Carlos M. Pignataro

IPC: H04L12/26 ,  H04L12/24 ,  H04L12/855 ,  H04L29/06 ,  H04L29/08 ,  H04L12/741 ,  H04L12/805

Abstract: A method provided that is performed at one or more intermediate nodes in a path in a network. The node receives a packet having a header that includes metadata that has been accumulated as the packet travels along the path in the network. The node detects whether a trigger condition has occurred. In response to detecting that the trigger condition has occurred, the node exports, to a destination entity, at least a portion of the metadata that has been accumulated in the header so that the portion of the metadata is removed from the header after it has been exported.

公开(公告)号：US20190297011A1

公开(公告)日：2019-09-26

申请号：US15926292

申请日：2018-03-20

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/741 ,  H04L12/721 ,  H04L12/803 ,  H04L12/26

Abstract: Presented herein are techniques for monitoring packets in a container networking environment. A method includes receiving a packet at a network node, the packet having been routed to the network node in accordance with instructions from a container orchestration system, inserting an additional field in the packet that is configured to record a path of the packet within a first POD of the host device that includes at least one container, forwarding the packet to the first POD of the host device in accordance with the instructions from the container orchestration system, updating the additional field with container networking path information as the packet transits the first POD and the at least one container therein, storing the container path information in an analytics node of the network node, removing the additional field from the packet, and transmitting the packet from the network node to the network.