公开(公告)号：US20240348549A1

公开(公告)日：2024-10-17

申请号：US18356853

申请日：2023-07-21

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Samir D. Thoria

IPC: H04L47/2408 ,  H04L45/24

CPC classification number: H04L47/2408 ,  H04L45/24

Abstract: The present disclosure is directed to making service-chains routable and intent-based within an enterprise network. In one aspect, a method for simplifying steering of network traffic includes receiving an intent-based description of one or more services to be applied to the network traffic; defining a type for a service chain that includes the one or more services based on the intent-based description, the type serving as an address for the service chain for routing the network traffic to and from the one or more service included in the service chain; implementing the service chain at one or more network hubs; and implementing a traffic steering policy in the network for steering the network traffic to the one or more network hubs to be serviced by the one or more services.

公开(公告)号：US11516104B2

公开(公告)日：2022-11-29

申请号：US16988920

申请日：2020-08-10

Applicant: Cisco Technology, Inc.

Inventor： Jianda Liu ,  Xiaorong Wang ,  Shen Yong Qing ,  Olivier Patrick Jean Pelerin ,  Frederic René Philippe Detienne ,  Pritam Baruah ,  Ruchir Jain

IPC: H04L12/26 ,  H04L43/10 ,  H04L43/062

Abstract: In one embodiment, a method includes receiving, by a network orchestrator, trace parameters from a user device. The method also includes determining, by the network orchestrator, to initiate a network path trace for the application, generating, by the network orchestrator, a filter policy for the network path trace using the trace parameters, and allocating, by the network orchestrator, a trace identification to the network path trace. The method also includes initiating, by the network orchestrator, the network path trace within a network by communicating the filter policy and the trace identification to a first node of the network and receiving, by the network orchestrator, network path trace data from a plurality of nodes of the network. The method further includes generating, by the network orchestrator, a trace report for the application using the network path trace data.

公开(公告)号：US20250126045A1

公开(公告)日：2025-04-17

申请号：US18485110

申请日：2023-10-11

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Michael Moskal ,  Satish Kumar Mahadevan ,  Vivek Agarwal ,  Pradeep Kanavihalli Subramanyasetty ,  Prabahar Radhakrishnan ,  Samir Thoria ,  Pritam Baruah ,  Samantha Misra ,  Shailendra Vinod Pardeshi

IPC: H04L45/02 ,  H04L45/122

Abstract: A process can include determining affinity information indicative of route preferences between branch routers and gateway routers. A prefix can be determined for a subnet of branch routers located at a same branch location. An affinity position of a first gateway router can be determined based on affinity information of the branch routers in the subnet. A mapping can be determined between a local preference Border Gateway Protocol (BGP) community attribute and the affinity position of the first gateway router, wherein a mapped local preference BGP community attribute and the affinity position are indicative of a same routing preference. The mapped local preference BGP community attribute can be attached to routes from the first gateway router into a cloud service provider. Affinity-based route preferences are indicated to the cloud service provider by redistributing the routes from the first gateway router with the mapped local preference BGP community attribute attached.

公开(公告)号：US20250106149A1

公开(公告)日：2025-03-27

申请号：US18471931

申请日：2023-09-21

Applicant: Cisco Technology, Inc.

Inventor： Avinash Shah ,  Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Latika Ahuja ,  Jai Prakash Agrawal

IPC: H04L45/00 ,  H04L9/40 ,  H04L45/745

Abstract: A system facilitates communication between branches of an SD-WAN and a service chain element. A hub node receives a data packet of a flow from a source branch over a VPN segment to be transmitted to a destination branch, extracts flow information from the data packet including VPN segment information to be stored in a flow table before transmitting the data packet to the service chain element over a service chain VPN. Upon return of the data packet from the service chain element, the hub node uses packet tuple information to retrieve the flow information with VPN segment information from the flow table. The hub node can then forward the data packet to the destination branch over the VPN segment. The hub node can generate and store an Auto Service Chaining Key that connects bidirectional flows so that the hub node can apply service-chaining to bidirectional traffic.

公开(公告)号：US12261919B2

公开(公告)日：2025-03-25

申请号：US18328300

申请日：2023-06-02

Applicant: Cisco Technology, Inc.

Inventor： Satish Kumar Mahadevan ,  Laxmikantha Reddy Ponnuru ,  Pritam Baruah

IPC: H04L67/51 ,  H04L45/02 ,  H04L45/12 ,  H04L45/302

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

公开(公告)号：US12231345B2

公开(公告)日：2025-02-18

申请号：US18081503

申请日：2022-12-14

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Afroze Mohammad

IPC: H04L12/24 ,  H04L41/12 ,  H04L47/2425 ,  H04L47/41

Abstract: Techniques are described for providing service level agreement performance in a link aggregation group computer networking environment. A performance measurement data packet such as a bi-directional forwarding detection (BFD) packet is received. The performance measuring data packet can be considered a parent performance measurement data packet is split into multiple child performance measurement data packets which are each different constituent links of a link aggregation database. The performance of each constituent is tested to determine which constituents satisfy service level agreement parameters. Data packets can then be sent to constituents that meet the data packet's service level agreement performance parameters while still allowing link aggregation grouping.

公开(公告)号：US20240406276A1

公开(公告)日：2024-12-05

申请号：US18328300

申请日：2023-06-02

Applicant: Cisco Technology, Inc.

Inventor： Satish Kumar Mahadevan ,  Laxmikantha Reddy Ponnuru ,  Pritam Baruah

IPC: H04L45/12 ,  H04L45/02 ,  H04L45/302 ,  H04L67/51

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

公开(公告)号：US20240348536A1

公开(公告)日：2024-10-17

申请号：US18348065

申请日：2023-07-06

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Amjad Inamdar ,  Laxmikantha Reddy Ponnuru ,  Avinash Shah ,  Jai Prakash Agrawal

IPC: H04L45/247 ,  H04L45/28

CPC classification number: H04L45/247 ,  H04L45/28

Abstract: One or more aspects of the present disclosure are directed to providing a single hierarchical construct for defining requirements (connectivity parameters) of a service in a service chain. In one aspect, a single construct for identifying a service in a service chain includes a first object identifying at least one path for accessing an instance of the service within a communication network, a second object identifying a respective communication protocol for the at least one path; and a third object identifying at least a transmission specification for the respective communication protocol in the second object, wherein the second object and the third object are embedded within the first object.

公开(公告)号：US20240333689A1

公开(公告)日：2024-10-03

申请号：US18128824

申请日：2023-03-30

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Balaji Sundararajan ,  Nithin Bangalore Raju ,  Srilatha Tangirala ,  Ramakumara Kariyappa

IPC: H04L9/40

CPC classification number: H04L63/0281 ,  H04L63/0236 ,  H04L63/20

Abstract: Techniques for utilizing a network gateway provisioned in a software-defined network to verify service readiness of one or more security service(s) of a service chain prior to redirecting network traffic along a given data-path to the security service(s). The gateway may be configured to open a specific port on a network device hosting a security service to transmit network policies and/or test network traffic to the security service. The network gateway may host a virtual source and/or a virtual destination and cause the virtual source to send test network traffic through the security service via the port and to the virtual destination. The gateway may then utilize the received test network traffic to determine whether a given security service satisfies a threshold health and/or functionality measurement. Once it is determined that the security service satisfies the thresholds, the gateway may cause network traffic to be redirected to the security service.

公开(公告)号：US12095652B1

公开(公告)日：2024-09-17

申请号：US18328566

申请日：2023-06-02

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Satish Kumar Mahadevan ,  Ramakumara Kariyappa ,  Ganesh Devendrachar ,  Arul Murugan Manickam ,  Samir D Thoria ,  Pritam Baruah ,  Deepa Rajendra Sangolli ,  Avinash Shah

IPC: H04L45/17 ,  H04L43/0817 ,  H04L45/24

CPC classification number: H04L45/17 ,  H04L43/0817 ,  H04L45/24

Abstract: Techniques are described for suppressing data plane traffic using a service monitoring policy for data plane control. If a service provided to a router becomes nonfunctional, preventing the router from being able to forward traffic to a next-hop device, data plane traffic from client devices on the data plane that requires the use of the nonfunctioning service is suppressed. Additionally, new communication pathways to the router that will use the nonfunctioning service are prevented from being established. Traffic is redirected to another router with a functioning service. Thus, traffic that may normally be directed to the router with the nonfunctioning service and not able to be forwarded (e.g., blackholing of data) can be forwarded to the other router.