公开(公告)号：US09439075B2

公开(公告)日：2016-09-06

申请号：US14722925

申请日：2015-05-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Parviz Yegani ,  Jayaraman Iyer ,  Venkateshwara Sastry

IPC: G06F15/173 ,  H04W12/08 ,  G06Q20/10 ,  H04L12/14 ,  H04L12/54 ,  H04L12/24 ,  H04L12/723 ,  H04L12/801 ,  H04L12/913 ,  H04L12/927 ,  H04L12/911 ,  H04L29/12 ,  H04L29/06 ,  H04W36/00 ,  H04W36/12 ,  H04L29/08 ,  H04W12/06 ,  H04W8/26 ,  H04W28/18 ,  H04W36/14 ,  H04W48/14 ,  H04W60/00 ,  H04W80/04 ,  H04W80/10 ,  H04W92/02

CPC classification number: H04W12/08 ,  G06Q20/102 ,  H04L12/14 ,  H04L12/1403 ,  H04L41/0893 ,  H04L41/5029 ,  H04L41/5061 ,  H04L45/50 ,  H04L47/10 ,  H04L47/14 ,  H04L47/15 ,  H04L47/70 ,  H04L47/724 ,  H04L47/805 ,  H04L47/824 ,  H04L61/2015 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/102 ,  H04L63/162 ,  H04L65/1006 ,  H04L65/1016 ,  H04L67/141 ,  H04L69/14 ,  H04L69/24 ,  H04W8/26 ,  H04W12/06 ,  H04W28/18 ,  H04W36/0033 ,  H04W36/12 ,  H04W36/14 ,  H04W48/14 ,  H04W60/00 ,  H04W80/04 ,  H04W80/10 ,  H04W92/02

Abstract: In one embodiment, during an authentication process between a network device and an access terminal, an authentication message for access to the network is received. The network device is configured to allow access to an IP network. The network device determines one or more capabilities of the access terminal from the authentication message. An action is then performed based on the one or more capabilities of the access terminal. The action may include using the capabilities to set up a session with the access terminal. Also, the network device may send its own capabilities to the access terminal in an authentication response. Accordingly, a capability negotiation between the access terminal and network device may be provided during an authentication process. This may facilitate a faster session setup as capabilities are exchanged during authentication can be used in the configuration of the session.

公开(公告)号：US20210135995A1

公开(公告)日：2021-05-06

申请号：US16674693

申请日：2019-11-05

Applicant: Cisco Technology, Inc.

Inventor： Samir Dilipkumar Saklikar ,  Jayaraman Iyer ,  Robin Edgard Martherus ,  Morteza Ansari ,  Jyoti Verma

IPC: H04L12/813 ,  H04L12/26 ,  H04L12/24

Abstract: One or more lower-level attributes of a first network policy are translated to one or more higher-level attributes of the first network policy, and one or more lower-level attributes of a second network policy are translated to one or more higher-level attributes of the second network policy. The first network policy controls how first network traffic is handled, and the second network policy controls how second network traffic is handled. The one or more higher-level attributes of the first network policy are compared with the one or more higher-level attributes of the second network policy. Based on the comparing, it is determined whether the first network traffic and the second network traffic are handled in a functionally equivalent manner. If not, the first network policy is dynamically updated to generate an updated first network policy that causes the first network traffic to be handled in the functionally equivalent manner.

公开(公告)号：US10659484B2

公开(公告)日：2020-05-19

申请号：US15898915

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Saman Taghavi Zargar ,  Subharthi Paul ,  Prashanth Patil ,  Jayaraman Iyer ,  Hari Shankar

IPC: H04L29/06 ,  H04L12/24 ,  G06N20/00

Abstract: In one embodiment, a centralized controller maintains a plurality of hierarchical behavioral modules of a behavioral model, and distributes initial behavioral modules to data plane entities to cause them to apply the initial behavioral modules to data plane traffic. The centralized controller may then receive data from a particular data plane entity based on its having applied the initial behavioral modules to its data plane traffic. The centralized controller then distributes subsequent behavioral modules to the particular data plane entity to cause it to apply the subsequent behavioral modules to the data plane traffic, the subsequent behavioral modules selected based on the previously received data from the particular data plane entity. The centralized controller may then iteratively receive data from the particular data plane entity and distribute subsequently selected behavioral modules until an attack determination is made on the data plane traffic of the particular data plane entity.

公开(公告)号：US09614739B2

公开(公告)日：2017-04-04

申请号：US14168447

申请日：2014-01-30

Applicant: Cisco Technology, Inc.

Inventor： Surendra Kumar ,  Nagaraj Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James Guichard ,  Jayaraman Iyer

IPC: G06F15/16 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L43/026 ,  H04L41/5041

Abstract: Presented herein are service-function chaining techniques. In one example, a service controller in a network comprising a plurality of service nodes receives one is configured to identify one or more service-functions hosted by each of the service nodes. The service controller defines a service-function chain in terms of service-functions to be applied to traffic in the network and provides information descriptive of the service-function chain to a classifier node.

公开(公告)号：US09203753B2

公开(公告)日：2015-12-01

申请号：US14089006

申请日：2013-11-25

Applicant: Cisco Technology, Inc.

Inventor： Kent Leung ,  Hy Quoc Pham ,  Jayaraman Iyer ,  Xun Wang ,  Andrew E. Ossipov

IPC: H04L12/741 ,  H04L29/08

CPC classification number: H04L45/745 ,  H04L45/54 ,  H04L67/327

Abstract: Techniques are presented herein for optimizing and load balancing network traffic exchanged between devices in a network environment. At a first device in a cluster of devices in a network, a packet is received from a second device in the cluster. The packet comprises identifier information that is assigned to the first device. The identifier information is reassigned to the second device in the cluster such that subsequent packets with the identifier information are sent directly to the second device. A mapping table is updated to indicate that the identifier information is reassigned to the second device.

Abstract translation: 本文介绍了技术来优化和负载平衡网络环境中设备之间交换的网络流量。 在网络中的设备集群中的第一设备处，从群集中的第二设备接收分组。 分组包括分配给第一设备的标识符信息。 标识符信息被重新分配给群集中的第二设备，使得具有标识符信息的后续分组被直接发送到第二设备。 映射表被更新以指示标识符信息被重新分配给第二设备。

公开(公告)号：US08990247B2

公开(公告)日：2015-03-24

申请号：US14163619

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： Bhaskar Bhupalam ,  Jayaraman Iyer ,  Vivek Kansal ,  Biswaranjan Panda

IPC: G06F7/00 ,  G06F17/30 ,  H04L29/06 ,  H04L29/08 ,  H04N21/2343 ,  H04N21/239 ,  H04N21/24 ,  H04N21/262 ,  H04N21/472 ,  H04N21/61 ,  H04N21/658

CPC classification number: H04L65/601 ,  H04L65/4084 ,  H04L65/602 ,  H04L65/80 ,  H04L67/06 ,  H04N21/2343 ,  H04N21/2393 ,  H04N21/2402 ,  H04N21/262 ,  H04N21/47202 ,  H04N21/6131 ,  H04N21/6581

Abstract: Network operators are striving to find ways to provide stable video services amid a rapid increase in video traffic. In order to provide stable video services with constrained network resources, network operators attempted to reduce video file sizes using a content adaptation engine (CAE). However, network operators failed to efficiently readdress video flows to CAEs. This disclosure provides systems and methods for efficiently readdressing video flows to CAEs.

Abstract translation: 网络运营商正在努力寻求在视频流量快速增长的情况下提供稳定视频服务的方法。 为了提供具有受限网络资源的稳定视频服务，网络运营商尝试使用内容适配引擎（CAE）来减少视频文件大小。 然而，网络运营商无法有效地将视频流读取到CAE。 本公开提供了用于有效地将视频流重新定位到CAE的系统和方法。

公开(公告)号：US20210218771A1

公开(公告)日：2021-07-15

申请号：US16741794

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Michel Khouderchah ,  Jayaraman Iyer ,  Kent K. Leung ,  Jianxin Wang ,  Donovan O'Hara ,  Saman Taghavi Zargar ,  Subharthi Paul

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08

Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.

公开(公告)号：US10469913B2

公开(公告)日：2019-11-05

申请号：US15186447

申请日：2016-06-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sanjay Dixit ,  Biswaranjan Panda ,  Jayaraman Iyer ,  Bhaskar Bhupalam

IPC: H04N21/61 ,  H04N21/647 ,  H04L29/06 ,  H04W28/02 ,  H04L29/08

Abstract: Systems and methods are used for receiving a video request from a user equipment for video to be downloaded; determining a link bandwidth status associated with the user equipment; in response to the link bandwidth status associated with the user equipment, determining whether to implement one or more additional processing functions associated with the video delivery; during the video delivery, repeating the determining such that the one or more additional processing functions associated with the video delivery can be implemented or not implemented at different times during the video delivery. These processing functions can include transrating, HTTP optimization, TCP optimization, and video pacing.

公开(公告)号：US20170085652A1

公开(公告)日：2017-03-23

申请号：US15365432

申请日：2016-11-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Wei-Jen Hsu ,  Biswaranjan Panda ,  Jayaraman Iyer ,  Bhaskar Bhupalam ,  Pranav Bhargava

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/14 ,  H04L47/10 ,  H04L65/608 ,  H04L67/02 ,  H04L67/10 ,  H04L69/161 ,  H04N5/76 ,  H04N21/234345 ,  H04N21/64746 ,  H04N21/8358

Abstract: User equipments can download a video file by instantiating multiple video requests, each request specifying different parts of the video file. If each video request initiates a separate transmission control protocol (TCP) session, which is the case with an hypertext transfer protocol (HTTP) partial get request, then a network device in a communications network would be oblivious of contextual information, which indicates that the TCP sessions download different portions of the same video file. This disclosure provides systems and methods for correlating multiple TCP sessions so that a network device in a communications network can be aware of the contextual information.

公开(公告)号：US20150215172A1

公开(公告)日：2015-07-30

申请号：US14168447

申请日：2014-01-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra Kumar ,  Nagaraj Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James Guichard ,  Jayaraman Iyer

IPC: H04L12/24

CPC classification number: H04L43/026 ,  H04L41/5041

Abstract: Presented herein are service-function chaining techniques. In one example, a service controller in a network comprising a plurality of service nodes receives one is configured to identify one or more service-functions hosted by each of the service nodes. The service controller defines a service-function chain in terms of service-functions to be applied to traffic in the network and provides information descriptive of the service-function chain to a classifier node.

Abstract translation: 这里提供的是服务功能链接技术。 在一个示例中，包括多个服务节点的网络中的服务控制器接收一个服务控制器被配置为识别由每个服务节点托管的一个或多个服务功能。 服务控制器根据服务功能定义服务功能链，以应用于网络中的流量，并向分类器节点提供描述服务功能链的信息。