公开(公告)号：US11316936B2

公开(公告)日：2022-04-26

申请号：US17333716

申请日：2021-05-28

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L29/02 ,  H04L67/51 ,  H04L41/12 ,  H04L67/1019 ,  H04L67/56

Abstract: Methods and architecture for load-correcting requests for serverless functions to reduce latency of serverless computing are provided. An example technique exploits knowledge that a given server node does not have a serverless function ready to run or is overloaded. Without further processing overhead or communication, the server node shifts the request to a predetermined alternate node without assessing a current state of the alternate node, an efficient decision based on probability that a higher chance of fulfillment exists at the alternate node than at the current server, even with no knowledge of the alternate node. In an implementation, the server node refers the request but also warms up the requested serverless function, due to likelihood of repeated requests or in case the request is directed back. An example device has a front-end redirecting server and a backend serverless system in a single component.

公开(公告)号：US20210218750A1

公开(公告)日：2021-07-15

申请号：US16985720

申请日：2020-08-05

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/455

Abstract: This disclosure describes techniques for providing multiple namespace support to application(s) in containers under Kubernetes without breaking containment boundaries or escalating privileges of the application(s). A namespace service executing on a physical server may communicate with contained processes executing on the physical server by utilizing a Unix Domain Socket (UDS) endpoint in the filesystem of each of the containers. the namespace service may execute on the physical server with escalated privileges, allowing the namespace service to create a socket in a namespace and provide access and rights to utilize the socket to process(es) in a separate namespace.

公开(公告)号：US11057480B1

公开(公告)日：2021-07-06

申请号：US16846111

申请日：2020-04-10

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L29/08 ,  H04L12/24

Abstract: Methods and architecture for load-correcting requests for serverless functions to reduce latency of serverless computing are provided. An example technique exploits knowledge that a given server node does not have a serverless function ready to run or is overloaded. Without further processing overhead or communication, the server node shifts the request to a predetermined alternate node without assessing a current state of the alternate node, an efficient decision based on probability that a higher chance of fulfillment exists at the alternate node than at the current server, even with no knowledge of the alternate node. In an implementation, the server node refers the request but also warms up the requested serverless function, due to likelihood of repeated requests or in case the request is directed back. An example device has a front-end redirecting server and a backend serverless system in a single component.

公开(公告)号：US12284119B2

公开(公告)日：2025-04-22

申请号：US18129755

申请日：2023-03-31

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L47/24 ,  H04L45/50

Abstract: This disclosure describes techniques for performing application-based tagging. An example method includes receiving, at a virtual socket, non-packetized data from an application and generating, by the virtual socket, a label based on the application. One or more data packets are generated by packetizing at least a portion of the non-packetized data. A header field of the one or more data packets includes a tag based on the label.

公开(公告)号：US20230396597A1

公开(公告)日：2023-12-07

申请号：US18234247

申请日：2023-08-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L9/40 ,  H04L12/46 ,  H04L9/32

CPC classification number: H04L63/0478 ,  H04L12/4633 ,  H04L9/321 ,  H04L63/08

Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.

公开(公告)号：US20230254255A1

公开(公告)日：2023-08-10

申请号：US18129755

申请日：2023-03-31

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L47/24 ,  H04L45/50

CPC classification number: H04L47/24 ,  H04L45/507

Abstract: This disclosure describes techniques for performing application-based tagging. An example method includes receiving, at a virtual socket, non-packetized data from an application and generating, by the virtual socket, a label based on the application. One or more data packets are generated by packetizing at least a portion of the non-packetized data. A header field of the one or more data packets includes a tag based on the label.

公开(公告)号：US20230032924A1

公开(公告)日：2023-02-02

申请号：US17388754

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L12/851 ,  H04L12/723

Abstract: This disclosure describes techniques for performing application-based tagging. An example method is performed by a virtual socket of a device. The method includes receiving non-packetized data from an application, generating a label based on the application, and providing the non-packetized data and the label to a kernel of the device.

公开(公告)号：US11442703B2

公开(公告)日：2022-09-13

申请号：US17028646

申请日：2020-09-22

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: G06F9/44 ,  G06F8/34 ,  G06F8/41 ,  H04L69/22

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：US20220272102A1

公开(公告)日：2022-08-25

申请号：US17183900

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells

IPC: H04L29/06

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US11425030B2

公开(公告)日：2022-08-23

申请号：US17066223

申请日：2020-10-08

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L45/24 ,  H04L45/42 ,  H04L47/125 ,  H04L45/021 ,  H04L45/00

Abstract: A method may include, with a controller of an AS, routing a data flow from a source device, through at least one front-end node to a plurality of back-end nodes, and balancing, by the controller, the data flow to the back-end nodes equally based at least in part on ECMP routing. A number of routes from the back-end nodes to endpoint devices may be determined based at least in part on a preference for a primary route from the back-end nodes to a corresponding one of the endpoint devices, and backup routes from the back-end nodes to the corresponding one of the endpoint devices. An indication of a failure of a first endpoint device is received, and the back-end nodes utilize a first backup route that is associated with a second endpoint device to rebalance the data flow from the first endpoint device to the second endpoint device.