公开(公告)号：US11824770B2

公开(公告)日：2023-11-21

申请号：US17689029

申请日：2022-03-08

Applicant: Cisco Technology, Inc.

Inventor： Laxmikantha Reddy Ponnuru ,  Arul Murugan Manickam ,  Michael David Tracy ,  Kannan Kumar ,  Hamzah Kardame

IPC: G06F15/173 ,  H04L45/00 ,  H04L45/028 ,  H04L45/44

CPC classification number: H04L45/38 ,  H04L45/028 ,  H04L45/44

Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.

公开(公告)号：US20230188461A1

公开(公告)日：2023-06-15

申请号：US17689029

申请日：2022-03-08

Applicant: Cisco Technology, Inc.

Inventor： Laxmikantha Reddy Ponnuru ,  Arul Murugan Manickam ,  Michael David Tracy ,  Kannan Kumar ,  Hamzah Kardame

IPC: H04L45/00 ,  H04L45/44 ,  H04L45/028

CPC classification number: H04L45/38 ,  H04L45/44 ,  H04L45/028

Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.

公开(公告)号：US20180316673A1

公开(公告)日：2018-11-01

申请号：US15582113

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Rashmikant B. Shah ,  Brian E. Weis ,  Kannan Kumar ,  Manoj Kumar Nayak

IPC: H04L29/06

CPC classification number: H04L63/0892 ,  H04L63/166 ,  H04L63/20

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

公开(公告)号：US20180316563A1

公开(公告)日：2018-11-01

申请号：US15582294

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Kannan Kumar ,  Brian E. Weis ,  Rashmikant B. Shah ,  Manoj Kumar Nayak

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L41/0893 ,  H04L41/0853 ,  H04L41/5051 ,  H04L63/029 ,  H04L63/101 ,  H04L63/20 ,  H04L67/12 ,  H04W4/50 ,  H04W4/70 ,  H04W12/0023 ,  H04W12/0808 ,  H04W12/1002

Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.