公开(公告)号：US20210119993A1

公开(公告)日：2021-04-22

申请号：US16654160

申请日：2019-10-16

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Mikhail Davidov ,  Lorand Jakab ,  Richard James Smith ,  Fabio Maino

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/34 ,  G06F21/60

Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.

公开(公告)号：US09763135B1

公开(公告)日：2017-09-12

申请号：US14453393

申请日：2014-08-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Lev Shvarts ,  Marco Pessi ,  Fabio Maino

IPC: H04W28/08 ,  H04W28/02

CPC classification number: H04W28/08 ,  H04W28/0226

Abstract: In one embodiment, a method includes discovering at a network device, a change in a resource at a local network site, notifying a load balancer at the local network site of the change in the resource, dynamically updating a weight associated with the resource, and transmitting the weight from the network device to a mapping system configured for mapping endpoint identifiers to routing locators. An apparatus and logic are also disclosed herein.

公开(公告)号：US09479433B1

公开(公告)日：2016-10-25

申请号：US14155190

申请日：2014-01-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Darrel Lewis ,  Gregg Schudel ,  John Mullooly ,  Isidoros Kouvelas ,  Jesper Skriver ,  Christian Cassar ,  Dino Farinacci ,  Fabio Maino

IPC: H04L12/715 ,  H04L12/24 ,  H04L12/911 ,  H04L12/723

CPC classification number: H04L12/4633 ,  H04L12/46 ,  H04L12/4641 ,  H04L12/66 ,  H04L45/50 ,  H04L47/825

Abstract: In one embodiment, a method includes receiving at a first network device in a first virtual private network, a packet destined for a second network device in communication with a second virtual private network, and transmitting the packet over the second network, wherein the packet is encapsulated for transmittal on a tunnel extending from the first network device to the second network device. The first network device is in communication with a system operable to map and encapsulate the packet and provide an overlay that traverses over the second virtual private network. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在第一虚拟专用网络中的第一网络设备处接收目的地是与第二虚拟专用网络通信的第二网络设备的分组，以及通过所述第二网络发送所述分组，其中所述分组是 封装在从第一网络设备延伸到第二网络设备的隧道上传输。 第一网络设备与可操作以映射和封装分组的系统通信，并提供穿过第二虚拟专用网络的覆盖。 本文还公开了一种装置和逻辑。

公开(公告)号：US20230362067A1

公开(公告)日：2023-11-09

申请号：US18353702

申请日：2023-07-17

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriquez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US11201800B2

公开(公告)日：2021-12-14

申请号：US16782769

申请日：2020-02-05

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G. P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20190005045A1

公开(公告)日：2019-01-03

申请号：US15661109

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Vina Ermagan ,  Fabio Maino

IPC: G06F17/30 ,  H04L12/745

CPC classification number: G06F16/24578 ,  G06F16/2282 ,  G06F16/90344 ,  H04L45/748

Abstract: Systems and methods for automatically executing an efficient longest internet protocol prefix match on non-relational and/or No-SQL databases, such as Cassandra. Clustering prefixes around common and/or standard prefix lengths ensures efficient use of Cassandra's underlying mechanisms and minimizes costly scan operations.

公开(公告)号：US09912584B2

公开(公告)日：2018-03-06

申请号：US14536381

申请日：2014-11-07

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Victor Moreno ,  Satyam Sinha

IPC: G06F9/455 ,  G06F15/16 ,  H04L12/723 ,  G06F9/50 ,  G06F21/53 ,  H04L12/46 ,  H04L12/713 ,  H04L12/715 ,  H04L29/08 ,  H04L12/721 ,  H04L12/931

CPC classification number: H04L45/505 ,  G06F9/45558 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L45/586 ,  H04L45/64 ,  H04L45/66 ,  H04L49/70 ,  H04L67/1002 ,  H04L67/28

Abstract: Methods and apparatus for optimizing data center routing in the event of virtual machine (VM) mobility are provided. In one embodiment, a first gateway router, acting as an interface between an Ethernet Virtual Private Network (EVPN) domain and a Locator/ID Separation Protocol (LISP) domain, detects EVPN mobility messages advertised when a VM that has moved connects to a gateway router at a data center. The first gateway router then initiates a LISP mobility event that registers the new location of the moved VM to a LISP mapping system. In another embodiment, the first gateway router may notify a second gateway router, located at another data center from which the VM departed, to clean up the state maintained in that data center. This notification may be made via EVPN or LISP mechanisms. In response, the second gateway router may insert a new sequence into the other data center.

公开(公告)号：US09887936B2

公开(公告)日：2018-02-06

申请号：US14816406

申请日：2015-08-03

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Vina Ermagan ,  Christopher Spain

IPC: H04L12/911 ,  H04L12/851 ,  H04L12/741

CPC classification number: H04L47/825 ,  H04L45/74 ,  H04L47/24

Abstract: In one embodiment, a first device in a network receives application traffic sent from a source device towards a destination address. The first device sends the application traffic to a traffic identification service. The first device receives an instruction to establish a network tunnel to send the application traffic from the source device towards the destination address. The instruction is based on a classification of the application traffic by the traffic identification service. The first device establishes the network tunnel to send the application traffic from the source device towards the destination address.

公开(公告)号：US10783153B2

公开(公告)日：2020-09-22

申请号：US15661109

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Vina Ermagan ,  Fabio Maino

IPC: G06F16/24 ,  G06F16/2457 ,  H04L12/745 ,  G06F16/22 ,  G06F16/903

Abstract: Systems and methods for automatically executing an efficient longest internet protocol prefix match on non-relational and/or No-SQL databases, such as Cassandra. Clustering prefixes around common and/or standard prefix lengths ensures efficient use of Cassandra's underlying mechanisms and minimizes costly scan operations.

公开(公告)号：US09871675B2

公开(公告)日：2018-01-16

申请号：US15267007

申请日：2016-09-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Darrel Lewis ,  Gregg Schudel ,  John Mullooly ,  Isidoros Kouvelas ,  Jesper Skriver ,  Christian Cassar ,  Dino Farinacci ,  Fabio Maino

IPC: H04L12/46 ,  H04L12/66 ,  H04L12/723 ,  H04L12/911

CPC classification number: H04L12/4633 ,  H04L12/46 ,  H04L12/4641 ,  H04L12/66 ,  H04L45/50 ,  H04L47/825

Abstract: In one embodiment, a method includes receiving at a first network device in a first virtual private network, a packet destined for a second network device in communication with a second virtual private network, and transmitting the packet over the second network, wherein the packet is encapsulated for transmittal on a tunnel extending from the first network device to the second network device. The first network device is in communication with a system operable to map and encapsulate the packet and provide an overlay that traverses over the second virtual private network. An apparatus and logic are also disclosed herein.