公开(公告)号：US11924119B2

公开(公告)日：2024-03-05

申请号：US17749930

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Victor Manuel Moreno ,  Prakash C. Jain

IPC: H04L49/253 ,  H04L47/31 ,  H04L49/25 ,  H04L49/35 ,  H04L67/2885

CPC classification number: H04L49/252 ,  H04L47/31 ,  H04L67/2885

Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.

公开(公告)号：US11799767B2

公开(公告)日：2023-10-24

申请号：US17684376

申请日：2022-03-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vikram Vikas Pendharkar

IPC: H04L45/00 ,  H04L12/18 ,  H04L45/02

CPC classification number: H04L45/32 ,  H04L12/18 ,  H04L45/02

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：US11716284B2

公开(公告)日：2023-08-01

申请号：US17308224

申请日：2021-05-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L12/741 ,  H04L45/74 ,  H04L9/40

CPC classification number: H04L45/74 ,  H04L63/205

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US11165702B1

公开(公告)日：2021-11-02

申请号：US16864442

申请日：2020-05-01

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/28 ,  H04L12/747 ,  H04L12/741 ,  H04L12/801 ,  H04L12/715 ,  H04L12/813 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US20210075767A1

公开(公告)日：2021-03-11

申请号：US16561360

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam

IPC: H04L29/06 ,  H04L12/715 ,  H04L29/12

Abstract: Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.

公开(公告)号：US20250081157A1

公开(公告)日：2025-03-06

申请号：US18242430

申请日：2023-09-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Aaditya Nitin Vadnere ,  Parthiv Shah

IPC: H04W64/00 ,  H04W28/02

Abstract: Techniques for identifying locations of network devices in a fabric network. The method includes a network controller and/or control plane of a network fabric coupled to an access switch at a software-defined access (SDA) site. At least one mapping is registered at the SDA site and sent with the location data from the access switch to the network controller. The network controller and/or control plane is configured to at least one of to learn, update, and publish location data of a destination address from at least one mapping received from the access switch by the location data being associated with a mapping at the SDA site and destination address. The network controller identifies the location of the destination address from a received request based on associating the destination address with the location learned from the location data of at least one mapping that has been registered at the SDA site.

公开(公告)号：US12114198B2

公开(公告)日：2024-10-08

申请号：US18359392

申请日：2023-07-26

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay K. Hooda ,  Vinay Saini

IPC: H04W28/02 ,  H04L12/46 ,  H04W84/12 ,  H04W88/08

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04W84/12 ,  H04W88/08

Abstract: An enterprise network may receive a WiFi packet associated with a 5G service (or other type of service) at an access point (AP) in the enterprise network. The enterprise network determines whether the WiFi packet satisfies a first-packet policy associated with the 5G service, where the first-packet policy controls access to a tunnel for traversing the enterprise network to reach the 5G service. If the packet satisfies the policy, the enterprise network queries a map server to identify a location of a 5G border in the enterprise network that is connected to the 5G service. The enterprise network can transmit the WiFi packet on the tunnel with priority to meet SLA using the location of the 5G border.

公开(公告)号：US12028250B2

公开(公告)日：2024-07-02

申请号：US18323263

申请日：2023-05-24

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/28 ,  H04L45/00 ,  H04L45/02 ,  H04L45/74 ,  H04L47/20 ,  H04L47/33 ,  H04L9/40

CPC classification number: H04L45/742 ,  H04L45/04 ,  H04L45/54 ,  H04L47/20 ,  H04L47/33 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US20240039839A1

公开(公告)日：2024-02-01

申请号：US18487021

申请日：2023-10-13

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vikram Vikas Pendharkar

IPC: H04L45/00 ,  H04L12/18 ,  H04L45/02

CPC classification number: H04L45/32 ,  H04L12/18 ,  H04L45/02

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：US20230379270A1

公开(公告)日：2023-11-23

申请号：US17749930

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Victor Manuel Moreno ,  Prakash C. Jain

IPC: H04L49/25 ,  H04L67/2885 ,  H04L47/31

CPC classification number: H04L49/252 ,  H04L67/2885 ,  H04L47/31

Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.