公开(公告)号：US11647019B2

公开(公告)日：2023-05-09

申请号：US16654160

申请日：2019-10-16

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Mikhail Davidov ,  Lorand Jakab ,  Richard James Smith ,  Fabio Maino

IPC: H04L9/40 ,  H04L9/32 ,  G06F21/34 ,  G06F21/60

CPC classification number: H04L63/0853 ,  G06F21/34 ,  G06F21/602 ,  H04L9/32 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/10

Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.

公开(公告)号：US20230026450A1

公开(公告)日：2023-01-26

申请号：US17949422

申请日：2022-09-21

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Timothy Peter Stammers

IPC: H04L12/46 ,  H04L49/25 ,  H04L47/24 ,  H04L69/22 ,  H04L61/2592 ,  H04L45/74 ,  H04L101/622

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

公开(公告)号：US11202276B2

公开(公告)日：2021-12-14

申请号：US16743258

申请日：2020-01-15

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Louis Gwyn Samuel ,  Timothy Peter Stammers ,  Alberto Rodriguez Natal ,  Fabio R. Maino

IPC: H04W68/00 ,  H04W52/02

Abstract: In one example, a control plane entity obtains an indication that a User Equipment (UE) has entered an idle mode. The control plane entity sets a routing locator corresponding to the UE to cause the control plane entity to trigger a paging request toward the UE to prompt the UE to transition from the idle mode when a first network node obtains a downlink packet destined for the UE. The control plane entity obtains a notification that the first network node has obtained the downlink packet and initiates the paging request toward the UE. The control plane entity updates the routing locator corresponding to the UE to cause the first network node to transmit further downlink packets destined for the UE toward a second network node configured to handle traffic on behalf of the UE.

公开(公告)号：US11201818B2

公开(公告)日：2021-12-14

申请号：US16783843

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Syed Khalid Raza ,  Alberto Rodriguez Natal ,  Marc Portoles Comeras

IPC: H04L12/725 ,  H04L29/08 ,  H04L12/46 ,  H04L12/851 ,  H04L29/06 ,  H04L12/715 ,  H04L12/813

Abstract: Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.

公开(公告)号：US20210119993A1

公开(公告)日：2021-04-22

申请号：US16654160

申请日：2019-10-16

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Mikhail Davidov ,  Lorand Jakab ,  Richard James Smith ,  Fabio Maino

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/34 ,  G06F21/60

Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.

公开(公告)号：US20160119196A1

公开(公告)日：2016-04-28

申请号：US14612691

申请日：2015-02-03

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Preethi Natarajan ,  Alberto Rodriguez Natal ,  Fabio Rodolfo Maino ,  Alberto Cabellos Aparicio ,  Vasileios Lakafosis ,  Lorand Jakab

IPC: H04L12/24 ,  H04L12/707

CPC classification number: H04L41/5054 ,  H04L45/24 ,  H04L47/125 ,  H04L47/193 ,  H04L69/14 ,  H04L69/16 ,  H04L69/161

Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.

Abstract translation: 为网络中的网络映射服务器设备提供技术，以接收包括信息的连接升级消息，以便根据多路径协议从不支持第一数据流的多个子流的第一端点建立第一数据流，其中多个子流 第一个数据流跨越两个或多个网络路径细分。 分析连接升级消息中的信息以便解析网络连接以确定到第二端点的至少两个子流的第一数据流的潜在网络连接。 发送响应消息，包括被配置为为第一端点和第二端点之间的第一数据流建立至少两个子流的信息。

公开(公告)号：US12137093B2

公开(公告)日：2024-11-05

申请号：US17814410

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Marc Portoles Comeras ,  David Delano Ward ,  Alberto Rodriguez Natal

IPC: H04L9/40

Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.

公开(公告)号：US20240214319A1

公开(公告)日：2024-06-27

申请号：US18201998

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  John A. Joyce ,  Saswat Praharaj ,  Timothy James Swanson ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L47/2475 ,  H04L67/564

CPC classification number: H04L47/2475 ,  H04L67/564

Abstract: Techniques for signaling, to a network controller, a connection state of a proxy for use by the network controller to correlate proxied-connections with application pairs for traffic optimization. In some examples, the techniques may include receiving, at a controller of a network, control plane information associated with a proxy that manages a proxied flow through the network. Based on the control plane information, the controller may determine that application traffic is flowing across the proxied flow between a first application and a second application. In this way, based at least in part on a policy associated with at least one of the first application or the second application, the controller may reconfigure a network element of the network for optimizing the application traffic flowing across the proxied flow.

公开(公告)号：US20230261999A1

公开(公告)日：2023-08-17

申请号：US18139449

申请日：2023-04-26

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/00 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

CPC classification number: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/20 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US11582066B2

公开(公告)日：2023-02-14

申请号：US16720755

申请日：2019-12-19

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Timothy Peter Stammers

IPC: H04L12/46 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L101/622

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.