公开(公告)号：US20240205138A1

公开(公告)日：2024-06-20

申请号：US18589837

申请日：2024-02-28

Applicant: Cisco Technology, Inc.

Inventor： Vijay Kumar Devendran ,  Kiran Kumar Meda ,  Rajagopalan Janakiraman ,  Shyam N. Kapadia ,  Javed Asghar

IPC: H04L45/00 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/10

CPC classification number: H04L45/22 ,  H04L43/0829 ,  H04L43/0858 ,  H04L43/087 ,  H04L43/10

Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.

公开(公告)号：US20240080309A1

公开(公告)日：2024-03-07

申请号：US18508743

申请日：2023-11-14

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US20240028489A1

公开(公告)日：2024-01-25

申请号：US18480821

申请日：2023-10-04

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Rajagopalan Janakiraman ,  Raghu Rajendra Arur

IPC: G06F11/20 ,  G06F11/30 ,  H04L67/00

CPC classification number: G06F11/203 ,  G06F11/3051 ,  H04L67/34

Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.

公开(公告)号：US11757793B2

公开(公告)日：2023-09-12

申请号：US17447773

申请日：2021-09-15

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Vallepalli ,  Javed Asghar ,  Umamaheswararao Karyampudi ,  Saad Malik ,  Amitkumar V. Patel

IPC: H04L67/563 ,  H04L49/15 ,  H04L45/02 ,  H04L45/00 ,  H04L45/745 ,  H04L47/20 ,  H04L12/66

CPC classification number: H04L49/1507 ,  H04L45/04 ,  H04L45/22 ,  H04L45/72 ,  H04L45/745 ,  H04L47/20 ,  H04L67/563 ,  H04L12/66

Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

公开(公告)号：US11336573B2

公开(公告)日：2022-05-17

申请号：US16801500

申请日：2020-02-26

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Javed Asghar ,  Azeem Muhammad Suleman

IPC: G06F15/16 ,  H04L45/74 ,  H04L43/16 ,  H04L45/00 ,  H04L49/20 ,  H04L49/25 ,  H04L61/5007 ,  H04L67/1001 ,  G06F9/455

Abstract: Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.

公开(公告)号：US20170289032A1

公开(公告)日：2017-10-05

申请号：US15084332

申请日：2016-03-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： James N. Guichard ,  Carlos M. Pignataro ,  Yixing Ruan ,  Javed Asghar

IPC: H04L12/741 ,  H04L12/723 ,  H04L12/46

CPC classification number: H04L12/4641 ,  H04L45/306

Abstract: Embodiments of the present disclosure are directed to augmenting a Network Service Header (NSH) metadata of a data packet with a virtual routing and forwarding identifier (VRF-ID) and forgoing augmenting a virtual private network (VPN) label into a multiprotocol label switched (MPLS) metadata of the data packet. A provider edge router can use the VRF-ID to identify a next hop for the data packet as a service to be applied prior to forwarding the data packet to a VPN site.

公开(公告)号：US20240314114A1

公开(公告)日：2024-09-19

申请号：US18673183

申请日：2024-05-23

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US11809292B2

公开(公告)日：2023-11-07

申请号：US17547778

申请日：2021-12-10

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Rajagopalan Janakiraman ,  Raghu Rajendra Arur

IPC: G06F11/07 ,  G06F11/30 ,  G06F11/20 ,  H04L67/00

CPC classification number: G06F11/203 ,  G06F11/3051 ,  H04L67/34

Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.

公开(公告)号：US20230031921A1

公开(公告)日：2023-02-02

申请号：US17390511

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Vijay Kumar Devendran ,  Kiran Kumar Meda ,  Rajagopalan Janakiraman ,  Shyam N. Kapadia ,  Javed Asghar

IPC: H04L12/707 ,  H04L12/26

Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.

公开(公告)号：US11201859B2

公开(公告)日：2021-12-14

申请号：US16163453

申请日：2018-10-17

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Sridhar Vallepalli ,  Govind Prasad Sharma ,  Eshwar Rao Yedavalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14

Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet. Upon receipt, the destination port header is used by the receiving site to determine that the packet is encrypted.