公开(公告)号：US11924119B2

公开(公告)日：2024-03-05

申请号：US17749930

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Victor Manuel Moreno ,  Prakash C. Jain

IPC: H04L49/253 ,  H04L47/31 ,  H04L49/25 ,  H04L49/35 ,  H04L67/2885

CPC classification number: H04L49/252 ,  H04L47/31 ,  H04L67/2885

Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.

公开(公告)号：US11706303B2

公开(公告)日：2023-07-18

申请号：US17237885

申请日：2021-04-22

Applicant: Cisco Technology, Inc.

Inventor： Raja Janardanan ,  Sanjay Kumar Hooda ,  Victor Manuel Moreno

IPC: G06F15/173 ,  H04L67/146 ,  H04L43/0811 ,  H04L45/745 ,  H04L49/10 ,  H04L49/201 ,  H04L67/147

CPC classification number: H04L67/146 ,  H04L43/0811 ,  H04L45/745 ,  H04L49/10 ,  H04L49/201 ,  H04L67/147

Abstract: The present disclosure provides systems, methods and computer-readable media for maintaining network connectivity, in a LISP based network, when one or more network edge nodes lose connectivity to a LISP control plane of the network, using multicast messaging. In one example, a method includes receiving a connection request from a first endpoint to a second endpoint communicatively coupled to a second edge node; determining, by the first edge node, that a connection session to a control plane for locating the second endpoint has failed; querying one or more available edge nodes for locating the second endpoint using a multicast message; locating the second endpoint based on at least one query response received from the one or more available edge nodes, at least one query response including an identifier of the second endpoint; and establishing the connection request between the first endpoint and the second endpoint upon locating the second endpoint.

公开(公告)号：US20220345531A1

公开(公告)日：2022-10-27

申请号：US17237885

申请日：2021-04-22

Applicant: Cisco Technology, Inc.

Inventor： Raja Janardanan ,  Sanjay Kumar Hooda ,  Victor Manuel Moreno

IPC: H04L29/08 ,  H04L12/931 ,  H04L12/933 ,  H04L12/741 ,  H04L12/26

Abstract: The present disclosure provides systems, methods and computer-readable media for maintaining network connectivity, in a LISP based network, when one or more network edge nodes lose connectivity to a LISP control plane of the network, using multicast messaging. In one example, a method includes receiving a connection request from a first endpoint to a second endpoint communicatively coupled to a second edge node; determining, by the first edge node, that a connection session to a control plane for locating the second endpoint has failed; querying one or more available edge nodes for locating the second endpoint using a multicast message; locating the second endpoint based on at least one query response received from the one or more available edge nodes, at least one query response including an identifier of the second endpoint; and establishing the connection request between the first endpoint and the second endpoint upon locating the second endpoint.

公开(公告)号：US11115375B2

公开(公告)日：2021-09-07

申请号：US16577330

申请日：2019-09-20

Applicant: Cisco Technology, Inc.

Inventor： Rex Emmauel Fernando ,  Victor Manuel Moreno ,  Shyam Kapadia ,  Liqin Dong ,  Murali Venkateshaiah

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/24

Abstract: A system and a method are disclosed for enabling interoperability between data plane learning endpoints and control plane learning endpoints in an overlay network environment. An exemplary method for managing network traffic in the overlay network environment includes receiving network packets in an overlay network from data plane learning endpoints and control plane learning endpoints, wherein the overlay network extends Layer 2 network traffic over a Layer 3 network; operating in a data plane learning mode when a network packet is received from a data plane learning endpoint; and operating in a control plane learning mode when the network packet is received from a control plane learning endpoint. Where the overlay network includes more than one overlay segment, the method further includes operating as an anchor node for routing inter-overlay segment traffic to and from hosts that operate behind the data plane learning endpoints.

公开(公告)号：US09281955B2

公开(公告)日：2016-03-08

申请号：US14644828

申请日：2015-03-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Manuel Moreno ,  Ian Bruce Bernard Cox

IPC: H04L12/18 ,  H04L12/46 ,  H04L12/761 ,  H04L12/715 ,  H04L29/12

CPC classification number: H04L12/1886 ,  H04L12/4633 ,  H04L45/64 ,  H04L61/103 ,  H04L61/2038

Abstract: Technologies are provided in example embodiments for intercepting a packet being multicast from a first tunnel endpoint in a network, determining first address mapping information of the first tunnel endpoint and a first host, wherein the first host created the packet, generating a control protocol message with the first address mapping information, and communicating the control protocol message through a control plane in the network. In more specific example embodiments, the communicating the control protocol message includes sending the control protocol message to a network repository, where the first address mapping information is registered in the network repository. In other more specific example embodiments, the communicating the control protocol message includes pushing the control protocol message to one or more other tunnel endpoints. Further embodiments include decapsulating the packet to determine an endpoint identifier of the first host and a location of the first tunnel endpoint.

公开(公告)号：US12170614B2

公开(公告)日：2024-12-17

申请号：US18545931

申请日：2023-12-19

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L45/586 ,  H04L12/46 ,  H04L45/00 ,  H04L45/02 ,  H04L45/302

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US20230344898A1

公开(公告)日：2023-10-26

申请号：US18106304

申请日：2023-02-06

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L41/0893 ,  H04L45/76 ,  H04L67/1001 ,  H04L67/51 ,  H04L41/122

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US20230254250A1

公开(公告)日：2023-08-10

申请号：US17665868

申请日：2022-02-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vinay Saini

IPC: H04L45/745

CPC classification number: H04L45/745

Abstract: Techniques and architecture are described that utilize network address translation (NAT) based on a group tag such that legacy and third-party devices may utilize and apply “subnet” based policies, thereby allowing the subnet based policies to be as effective as “group” based policies. In particular, a subnet may be applied to a group tag where the group tag is not understandable outside an access network such as, for example, a fabric network. Thus, when a packet originates from a fabric network utilizing group tags representing source groups of endpoints and is destined for a legacy or a third-party device-based network that does not utilize and/or understand group tags, then the group is converted into a subnet. Since that subnet is different from the source host within the fabric network, network address translation (NAT) is utilized.

公开(公告)号：US20230017053A1

公开(公告)日：2023-01-19

申请号：US17375748

申请日：2021-07-14

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L12/713 ,  H04L12/741 ,  H04L12/725 ,  H04L12/715

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US10742511B2

公开(公告)日：2020-08-11

申请号：US15990340

申请日：2018-05-25

Applicant: Cisco Technology, Inc.

Inventor： Girija Raghavendra Rao ,  Victor Manuel Moreno ,  Marc Binderberger ,  Lev Shvarts ,  Vrushali Ashtaputre

IPC: H04L12/24 ,  H04L12/751

Abstract: A method for assisting communication of a source host upon movement from a first Data center (DC) to a second DC is disclosed. The method includes identifying that the source host has moved from the first DC to the second DC, ensuring that packets identifying a source as the source host in the second DC are copied to a control plane network element, and, for a first destination host identified in a first packet copied to the control plane network element and identified as a host that is not in the second DC, updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host.