公开(公告)号：US20180034732A1

公开(公告)日：2018-02-01

申请号：US15220441

申请日：2016-07-27

Applicant: Cisco Technology, Inc.

Inventor： Victor M. Moreno ,  Sanjay Kumar Hooda

IPC: H04L12/741 ,  G06F17/30 ,  H04L12/751 ,  H04L12/813 ,  H04L29/12 ,  H04L12/715

CPC classification number: H04L45/745 ,  H04L45/741 ,  H04L47/20

Abstract: A first network device may receive a frame from a first client device that may be destined for a second client device. Then a request may be sent to a network control plane of a network by the first network device in response to receiving the frame. The request may be for information on reachability for the second client device and may comprise an identifier of the second client device and first metadata corresponding to the first client device. The first network device may receive, from the network control plane, in response to sending the request, a policy rule-set for a flow corresponding to the frame and for a location of the second client device. The network control plane may use the identifier of the second client device and the first metadata as keys to lookup the location of the second client device and the policy rule-set.

公开(公告)号：US09461965B2

公开(公告)日：2016-10-04

申请号：US13645694

申请日：2012-10-05

Applicant: Cisco Technology, Inc.

Inventor： Khalil A. Jabr ,  Ray Blair ,  Victor M. Moreno ,  Massimiliano Ardica

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0218 ,  H04L63/0254 ,  H04L67/1027

Abstract: Techniques are presented herein for redirection between any number of network devices that are distributed to any number of sites. A first message of a flow is received from a network endpoint at a first network device. A relationship between the endpoint and the first network device is registered in a directory that maps endpoints for network devices. A state for the flow is stored at the first network device. A second message is received for the flow which is indicative of the first endpoint at a second network device. It is determined that the second network device does not store the flow state for the flow. Querying is performed to receive information indicative of the relationship between the endpoint and the first network device. The received information is stored in a cache at the second network device. Services are applied to the second message according to the stored information.

Abstract translation: 本文介绍了分发给任何数量的站点的任意数量的网络设备之间的重定向技术。 从第一网络设备的网络端点接收流的第一消息。 端点和第一个网络设备之间的关系被注册到映射网络设备端点的目录中。 流的状态存储在第一网络设备。 接收到指示第二网络设备上的第一端点的流的第二消息。 确定第二网络设备不存储流的流状态。 执行查询以接收指示端点和第一网络设备之间的关系的信息。 所接收的信息被存储在第二网络设备的高速缓存中。 根据存储的信息将服务应用于第二消息。

公开(公告)号：US11563682B2

公开(公告)日：2023-01-24

申请号：US17180090

申请日：2021-02-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sanjay K. Hooda ,  Victor M. Moreno ,  Satish Kumar Kondalam

IPC: H04L45/74 ,  H04L49/10 ,  H04L45/64 ,  H04L45/02

Abstract: In one embodiment, a method generally includes a first edge (E) node in a network receiving an encapsulated data packet, wherein the encapsulated data packet comprises an outer header and a data packet, wherein the outer header comprises a first router locator (RLOC) corresponding to the first E node, wherein the data packet comprises an internet protocol (IP) header, and wherein the IP header comprises a destination endpoint identification (EID) corresponding to a host H. The first E node determines whether the host H is attached to the first E node. And in response to the first E node determining the host is attached to the first E node, the first E node forwards the data packet to the host H. The first E node receives a message from another node after the host H detaches from the first E node and reattaches to another E node, wherein the message comprises the destination EID.

公开(公告)号：US11546254B2

公开(公告)日：2023-01-03

申请号：US17098633

申请日：2020-11-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand Jain ,  Sanjay Kumar Hooda ,  Victor M. Moreno ,  Satish Kumar Kondalam

IPC: H04L45/302 ,  H04L45/586 ,  H04L45/64 ,  H04L47/80 ,  H04L49/25

Abstract: In one embodiment, a method is performed at a node in a multi-site enterprise fabric. The method includes obtaining map entries from a fabric control plane of the multi-site enterprise fabric, where the map entries are associated with identifiers of endpoints in external networks, site and virtual network identifiers of sites in the multi-site enterprise fabric, location identifiers of border nodes, and characteristics of the border nodes. The method further includes receiving a request from a source to connect to an external endpoint. After deriving an external endpoint identifier and source parameters, the method additionally includes establishing at least one connection between the source and the external endpoint via border node(s) that are selected from the map entries based at least in part on the source parameters, the external endpoint identifier, and characteristics of the border node(s) with their site and virtual network identifier(s) along the at least one connection.

公开(公告)号：US10778430B2

公开(公告)日：2020-09-15

申请号：US15968189

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Victor M. Moreno ,  Sanjay Kumar Hooda ,  Muhammad Ahmad Imam

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/08

Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.

公开(公告)号：US10749799B2

公开(公告)日：2020-08-18

申请号：US15968205

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand Jain ,  Sanjay Kumar Hooda ,  Victor M. Moreno

IPC: H04L12/28 ,  H04L12/747 ,  H04L29/12

Abstract: In accordance with various embodiments, a method is performed including receiving, at a first node associated with a first instance identifier, a packet from a first host addressed to a second host. The method includes sending, from the first node to the second node, the packet. The method includes receiving, from the second node, a solicit map-request for the second host including the first instance identifier of the first node and the second instance identifier of the second node for the second host. The method includes sending, in response to receiving the solicit map-request for the second host, a map-request for the second host. The method includes receiving, in response to sending the map-request for the second host, a map-reply indicating a third node associated with the second instance identifier. The method includes sending, from the first node to the third node, the packet.

公开(公告)号：US10541919B1

公开(公告)日：2020-01-21

申请号：US16141123

申请日：2018-09-25

Applicant: Cisco Technology, Inc.

Inventor： Sanjay K. Hooda ,  Satish K. Kondalam ,  Fabio R. Maino ,  Victor M. Moreno ,  Reshad Rahman

IPC: H04L12/56 ,  H04L12/747 ,  H04L12/715 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L12/931

Abstract: A first map request message is sent from a source network device to a mapping network device to determine a destination network device associated with a destination endpoint device and a security association between the source network device and the destination network device. A first response message is received at the source network device that includes data indicating a mapping between the destination network device and the destination endpoint device and data indicating a security association between the source network device and the destination network device. The data is stored at the source network device. A second map request message is sent from the source network device to the mapping network device to update the data indicative of the mapping or the security association. A second response message is received at the source network device from the mapping network device.

公开(公告)号：US20180367302A1

公开(公告)日：2018-12-20

申请号：US15968189

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Victor M. Moreno ,  Sanjay Kumar Hooda ,  Muhammad Ahmad Imam

IPC: H04L9/30 ,  H04L9/08

CPC classification number: H04L9/30 ,  H04L9/0841 ,  H04L9/085 ,  H04L9/0866

Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.

公开(公告)号：US20180255002A1

公开(公告)日：2018-09-06

申请号：US15446802

申请日：2017-03-01

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Kaushik Kumar Dam ,  Sandesh Kumar Narappa Bheemanakone ,  Victor M. Moreno ,  Shivangi Sharma

IPC: H04L12/931 ,  H04W72/12 ,  H04W74/00

CPC classification number: H04L49/201 ,  H04W72/121 ,  H04W74/002

Abstract: Group based multicasts may be provided. First, a request may be received. The request may comprise a receiver tag, a request source identifier, and a request multicast group identifier. Next, a source tag corresponding to the request source identifier may be obtained and then it may be determined that a group corresponding to the receiver tag is allowed to access content from a source corresponding to the obtained source tag. In response to determining that the group corresponding to the receiver tag is allowed to access content from the source corresponding to the obtained source tag, content may be received from the source at a multicast group corresponding to the request multicast group identifier. The content may then be forwarded to a receiver corresponding to the request.

公开(公告)号：US20170339053A1

公开(公告)日：2017-11-23

申请号：US14934295

申请日：2015-11-06

Applicant: Cisco Technology, Inc.

Inventor： Dhananjaya Rao ,  Victor M. Moreno ,  Sameer D. Merchant ,  Hasmit S. Grover

IPC: H04L12/741 ,  H04L12/715

Abstract: According to one embodiment, a method includes receiving, by a first edge device at a first site, a first site overlay control plane message including control plane information. The first edge device translates the first site overlay control plane message into a core overlay control plane message. The first edge device sends the core overlay control plane message over a core network to a second edge device at a second site.