公开(公告)号：US11778038B2

公开(公告)日：2023-10-03

申请号：US17709877

申请日：2022-03-31

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Rahul Hardikar ,  Sheikh Qumruzzaman ,  Ravi Kiran Chintallapudi ,  Samir Thoria ,  Ajeet Pal Singh Gill ,  Vivek Agarwal

IPC: H04L67/141 ,  H04L9/40 ,  H04L45/76 ,  H04L41/122

CPC classification number: H04L67/141 ,  H04L41/122 ,  H04L45/76 ,  H04L63/0428

Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.

公开(公告)号：US11588752B2

公开(公告)日：2023-02-21

申请号：US17389003

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ananya Raval ,  Prabahar Radhakrishnan ,  Vivek Agarwal ,  Balaji Sundararajan

IPC: H04L47/80 ,  H04L47/70 ,  H04L45/64 ,  H04L45/02 ,  H04L47/762 ,  H04L47/78

Abstract: Route exchange in a plurality of network controller appliances on a per-tenant basis is disclosed. In one aspect, a method includes receiving, from a network management system and at a first network controller appliance, a designation of at least two tenants to be hosted on the first network controller appliance, the first network controller appliance being one of a plurality of network controller appliances in a SD-WAN; sending, from the first network controller appliance to other network controller appliances of the plurality of network controller appliances, a tenant list query message to obtain a corresponding tenant list of each of the other network controller appliances; and receiving a corresponding response from each of the other network controller appliances indicating the corresponding tenant list of each of the other network controller appliances, the corresponding response being used to update the tenant list on the first network controller appliance.

公开(公告)号：US20250039089A1

公开(公告)日：2025-01-30

申请号：US18775523

申请日：2024-07-17

Applicant: Cisco Technology, Inc.

Inventor： Ganesh Devendrachar ,  Ajeet Pal Singh Gill ,  Balaji Sundararajan ,  Srilatha Tangirala ,  Satish Varadarajula ,  Satyajit Das

IPC: H04L45/76 ,  H04L45/24 ,  H04L47/125

Abstract: Techniques for automatically providing per tenant weighted DCMP over shared transport interfaces and automated flow has load balancing are described. The techniques may include onboarding, by an SD-WAN controller, the tenant with a resource profile to a first multi-tenant edge device, where the resource profile defines a traffic allowance per transport interface for the tenant on the first multi-tenant edge device. The SD-WAN controller receives, from the first multi-tenant edge device, information including a first weight per transport interface of the first multi-tenant edge device for the tenant. The SD-WAN controller transmits the information to a second multi-tenant device. The SD-WAN controller receives, from the second multi-tenant edge device, information including a second weight per transport interface of the second multi-tenant edge device, and transmits the information to the first multi-tenant edge device.

公开(公告)号：US12160370B2

公开(公告)日：2024-12-03

申请号：US18166786

申请日：2023-02-09

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ananya Raval ,  Prabahar Radhakrishnan ,  Vivek Agarwal ,  Balaji Sundararajan

IPC: H04L47/80 ,  H04L45/02 ,  H04L45/64 ,  H04L47/70 ,  H04L47/762 ,  H04L47/78

Abstract: Route exchange in a plurality of network controller appliances on a per-tenant basis is disclosed. In one aspect, a method includes receiving, from a network management system and at a first network controller appliance, a designation of at least two tenants to be hosted on the first network controller appliance, the first network controller appliance being one of a plurality of network controller appliances in a SD-WAN; sending, from the first network controller appliance to other network controller appliances of the plurality of network controller appliances, a tenant list query message to obtain a corresponding tenant list of each of the other network controller appliances; and receiving a corresponding response from each of the other network controller appliances indicating the corresponding tenant list of each of the other network controller appliances, the corresponding response being used to update the tenant list on the first network controller appliance.

公开(公告)号：US20240146565A1

公开(公告)日：2024-05-02

申请号：US17979255

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： Ajeet Pal Singh Gill ,  Balaji Sundararajan ,  Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ravi Kiran Chintallapudi ,  Pradeepan Kannawadi ,  Ganesh Devendrachar

IPC: H04L12/28 ,  H04L67/10

CPC classification number: H04L12/28 ,  H04L67/10

Abstract: Techniques for virtualizing tenant transport interfaces configured to implement per-tenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.

公开(公告)号：US20230188502A1

公开(公告)日：2023-06-15

申请号：US17709922

申请日：2022-03-31

Applicant: Cisco Technology, Inc.

Inventor： Samir Thoria ,  Ajeet Pal Singh Gill ,  Srilatha Tangirala ,  Balaji Sundararajan ,  Nithin Bangalore Raju ,  Vivek Agarwal

IPC: H04L9/40 ,  H04L12/46 ,  H04L45/74

CPC classification number: H04L63/0272 ,  H04L12/4641 ,  H04L45/74

Abstract: In one embodiment, a method includes identifying, by a router, a first tenant. The first tenant is associated with a first tenant virtual private network (VPN). The method also includes determining, by the router, a mapping of the first tenant VPN to a first device VPN and generating, by the router, a first label representing the first device VPN. The method further includes adding, by the router, the first label to a first network packet and communicating, by the router, the first network packet with the first label to a controller.

公开(公告)号：US20220326995A1

公开(公告)日：2022-10-13

申请号：US17390187

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Xiaohu Wang ,  Ajeet Pal Singh Gill ,  Srilatha Tangirala ,  Nithin Bangalore Raju ,  Prabahar Radhakrishnan ,  Vivek Agarwal ,  Balaji Sundararajan

IPC: G06F9/50 ,  G06F9/455

Abstract: A method for allocating resources of a virtual controller is disclosed. The method comprises: allocating resources of a virtual controller to a first tenant, wherein the first tenant is allocated a first tenant quantity of guaranteed resources of the virtual controller and a second tenant is allocated a second tenant quantity of guaranteed resources of the virtual controller; determining that resources requested by the first tenant are greater than the first tenant quantity of guaranteed resources; determining that the virtual controller has unutilized resources sufficient to at least partially provide additional resources beyond the first tenant quantity of guaranteed resources to the first tenant; and temporarily provisioning the additional resources to the first tenant, wherein the additional resources are greater than the first tenant quantity of guaranteed resources.

公开(公告)号：US20250030737A1

公开(公告)日：2025-01-23

申请号：US18224220

申请日：2023-07-20

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Venkatesh Nataraj ,  Ambika Basappa Chandrappa ,  Kartik Katti ,  Sasi Veera ,  Balaji Sundararajan

IPC: H04L9/40

Abstract: Techniques for automatically integrating SD-WAN constructs to security policies are described. The techniques may include defining, by a security cloud provider, a security policy for an entity, the entity represented by a VPN security policy label and the security policy absent source and destination CIDR IP addresses. The security cloud provider notifies an SD-WAN controller of the security policy. The SD-WAN controller maps the VPN security policy label to an IP address pool and a VPN ID. The SD-WAN controller generates an enhanced security policy by automatically adding source and destination CIDR IP addresses to the security policy. The SD-WAN controller deploys the enhanced security policy to an SD-WAN branch router and generates a VPN segment between the SD-WAN branch router and the security cloud provider to establish a common secure internet gateway tunnel for the IP address pool.

公开(公告)号：US12132660B2

公开(公告)日：2024-10-29

申请号：US17718775

申请日：2022-04-12

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

CPC classification number: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US20240333689A1

公开(公告)日：2024-10-03

申请号：US18128824

申请日：2023-03-30

Applicant: Cisco Technology, Inc.

Inventor： Pritam Baruah ,  Balaji Sundararajan ,  Nithin Bangalore Raju ,  Srilatha Tangirala ,  Ramakumara Kariyappa

IPC: H04L9/40

CPC classification number: H04L63/0281 ,  H04L63/0236 ,  H04L63/20

Abstract: Techniques for utilizing a network gateway provisioned in a software-defined network to verify service readiness of one or more security service(s) of a service chain prior to redirecting network traffic along a given data-path to the security service(s). The gateway may be configured to open a specific port on a network device hosting a security service to transmit network policies and/or test network traffic to the security service. The network gateway may host a virtual source and/or a virtual destination and cause the virtual source to send test network traffic through the security service via the port and to the virtual destination. The gateway may then utilize the received test network traffic to determine whether a given security service satisfies a threshold health and/or functionality measurement. Once it is determined that the security service satisfies the thresholds, the gateway may cause network traffic to be redirected to the security service.