公开(公告)号：US11595441B2

公开(公告)日：2023-02-28

申请号：US16700838

申请日：2019-12-02

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Reshad Rahman ,  Eric Albin Voit

IPC: H04L9/40 ,  H04L41/0668 ,  H04L45/12 ,  H04L45/00

Abstract: In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path.

公开(公告)号：US11431617B2

公开(公告)日：2022-08-30

申请号：US15930803

申请日：2020-05-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Reshad Rahman ,  Pascal Thubert

IPC: G06F15/16 ,  H04L45/00 ,  H04L43/10

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

公开(公告)号：US20210075722A1

公开(公告)日：2021-03-11

申请号：US16566680

申请日：2019-09-10

Applicant: Cisco Technology, Inc.

Inventor： Reshad Rahman ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Eric Vyncke

IPC: H04L12/721 ,  H04L12/749 ,  H04L12/703 ,  H04L12/733 ,  H04L12/707 ,  H04L12/46

Abstract: Techniques and mechanisms to enable a Bidirectional Forwarding Detection (BFD) Echo function to be used for IP multi-hop paths using IP encapsulation. A source device may encapsulate one or more BFD Echo packets as payloads in IP packets. The resulting IP packets may then be sent from a source device to a destination device over a multi-hop path such that one or more intermediary devices forward the IP packets onto the destination device. Upon receiving the IP packets, the destination device may echo back the one or more BFD Echo packets in the forwarding plane to indicate connectivity of the forwarding path between the devices. However, if the BFD Echo packets are not echoed back to the source device, the source device may determine that the multi-hop path has experienced a fault, and that traffic is to be rerouted through other paths.

公开(公告)号：US10917343B2

公开(公告)日：2021-02-09

申请号：US16709310

申请日：2019-12-10

Applicant: Cisco Technology, Inc.

Inventor： Sanjay K. Hooda ,  Satish K. Kondalam ,  Fabio R. Maino ,  Victor M. Moreno ,  Reshad Rahman

IPC: H04L12/56 ,  H04L12/747 ,  H04L12/715 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L12/931

Abstract: A first map request message is sent from a source network device to a mapping network device to determine a destination network device associated with a destination endpoint device and a security association between the source network device and the destination network device. A first response message is received at the source network device that includes data indicating a mapping between the destination network device and the destination endpoint device and data indicating a security association between the source network device and the destination network device. The data is stored at the source network device. A second map request message is sent from the source network device to the mapping network device to update the data indicative of the mapping or the security association. A second response message is received at the source network device from the mapping network device.

公开(公告)号：US20230216788A1

公开(公告)日：2023-07-06

申请号：US18174711

申请日：2023-02-27

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Reshad Rahman ,  Eric Albin Voit

IPC: H04L45/42 ,  H04L45/24 ,  H04L9/32

CPC classification number: H04L45/42 ,  H04L45/24 ,  H04L9/3213

Abstract: In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path.

公开(公告)号：US11108690B2

公开(公告)日：2021-08-31

申请号：US16118709

申请日：2018-08-31

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Alberto Rodriguez Natal ,  Vina Ermagan ,  Reshad Rahman ,  Johnson Leong

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/707 ,  H04L12/743 ,  H04L12/747

Abstract: A method and a router device for managing memory for network overlay routes with fallback route support prioritization may be provided. A network overlay route as a candidate network overlay route may be obtained at a router for storage in a memory. The memory may store a plurality of network overlay routes for forwarding user plane traffic in a network. An assessment for storage of the candidate network overlay route based on a priority level indicator of the candidate network overlay route may be performed. The priority level indicator may be indicative of a fallback route support level of the candidate network overlay route in the router. Based on the assessment, at least one of the following may be performed: adding the candidate network overlay route to the memory and refraining from adding the candidate network overlay route to the memory.

公开(公告)号：US10972381B2

公开(公告)日：2021-04-06

申请号：US16392299

申请日：2019-04-23

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Reshad Rahman ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/707 ,  H04L12/703 ,  H04L29/06 ,  H04L12/24

Abstract: In one embodiment, in-band operations data (e.g., In-situ Operations, Administration, Maintenance and/or other operations data) is added to Seamless Bidirectional Forwarding (S-BFD) packets. In one embodiment, a S-BFD packet received by a node includes a BFD discriminator and operations data. Reactive processing is identified based on the BFD discriminator. The S-BFD packet and the operations data (e.g., in an operations data field in a header of the received S-BFD packet, in an IOAM Type-Length-Value (TLV), etc.) is processed according to the identified reactive function. Examples of these reactive actions include, but are not limited to, determining a result based on processing of said particular operations data by the local node or a remote analytics server, and sending a response packet including unprocessed and/or a result of the processed operations data (e.g., performance, loss, jitter, an indication of compliance with a service level agreement, and/or another data measurement or result).