公开(公告)号：US20230007620A1

公开(公告)日：2023-01-05

申请号：US17931333

申请日：2022-09-12

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Hendrikus G.P. Bosch ,  Vamsidhar Valluri ,  Stefan Olofsson

IPC: H04W64/00 ,  H04L61/2585 ,  H04W24/08 ,  H04W48/16

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.

公开(公告)号：US20200036717A1

公开(公告)日：2020-01-30

申请号：US16210817

申请日：2018-12-05

Applicant: Cisco Technology, Inc.

Inventor： Anand Venkata Ramana Murthy Akella ,  Vishnuprasad Raghavan ,  Vamsidhar Valluri ,  Raghuram S. Sudhaakar ,  Shesha Bhushan Sreenivasamurthy

IPC: H04L29/06 ,  H04L12/403 ,  H04L29/08

Abstract: In one embodiment, a device of a vehicle receives a packet comprising a source address, a destination address, an internet protocol (IP) encapsulated controller area network (CAN) message, and CAN message identifier information. The device compares the source address, the destination address, and the CAN message identifier information to an access control list (ACL). The device makes a determination that delivery of the CAN message to the destination address would be a policy violation based on the comparison. The device drops the packet based on the determination that delivery of the CAN message to the destination address would be a policy violation.

公开(公告)号：US09154541B2

公开(公告)日：2015-10-06

申请号：US13861210

申请日：2013-04-11

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Anantha Ramaiah ,  Kaushik Biswas

IPC: H04L12/28 ,  H04L29/08 ,  H04L12/66

CPC classification number: H04L67/02 ,  H04L12/66

Abstract: In one embodiment, an apparatus comprises logic for optimizing return traffic paths using network address translation (NAT). The logic is operable to receive outbound data from a source node in a source network, and to replace a source address in a source address field in the outbound data with a first address from a first address pool associated with a first connection. The logic is operable to determine that return traffic on the first connection needs to be switched over to a second connection, where a second address pool is associated with the second connection. The logic is operable to generate a mapping that associates the first address with a second address from the second address pool and, based on the mapping, to replace the first address in the source address field in the outbound data with the second address. The logic is also operable to send the outbound data to the destination node over the second connection.

Abstract translation: 在一个实施例中，装置包括用于使用网络地址转换（NAT）来优化返回业务路径的逻辑。 该逻辑可操作以从源网络中的源节点接收出站数据，并且使用来自与第一连接相关联的第一地址池的第一地址来替换出站数据中的源地址字段中的源地址。 逻辑可操作以确定第一连接上的返回流量需要切换到第二连接，其中第二地址池与第二连接相关联。 逻辑可操作以生成将第一地址与来自第二地址池的第二地址相关联的映射，并且基于该映射，以用第二地址替换出站数据中的源地址字段中的第一地址。 该逻辑还可用于通过第二连接将出站数据发送到目的地节点。

公开(公告)号：US20130258852A1

公开(公告)日：2013-10-03

申请号：US13901833

申请日：2013-05-24

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Kerry Lynn ,  Martin Djernaes ,  Dana Blair

IPC: H04L12/70

CPC classification number: H04L47/122 ,  G01V1/28 ,  H04L29/06027 ,  H04L41/00 ,  H04L41/0213 ,  H04L41/0866 ,  H04L45/00 ,  H04L45/02 ,  H04L45/04 ,  H04L45/12 ,  H04L45/123 ,  H04L45/125 ,  H04L45/70 ,  H04L47/125

Abstract: In one embodiment, a best exit from an autonomous system (AS) for a controlled prefix is determined. A network device of the AS influences a route for the controlled prefix to be over the best exit. Traffic statistics for the controlled prefix are selected. The network device verifies, based on the traffic statistics, whether the influence has caused at least a configured amount of traffic for the controlled prefix to be over the best exit. When at least the configured amount of the traffic is not directed over the best exit, the network device further influences the route for the controlled prefix to be over the best exit.

Abstract translation: 在一个实施例中，确定用于受控前缀的自治系统（AS）的最佳出口。 AS的网络设备影响受控前缀的路由超过最佳出口。 选择受控前缀的流量统计信息。 网络设备基于流量统计来验证受影响的至少一个配置的受控前缀流量是否超过最佳出口。 当至少配置的流量的数量不指向最佳出口时，网络设备进一步影响受控前缀的路由超过最佳出口。

公开(公告)号：US12232077B2

公开(公告)日：2025-02-18

申请号：US17931333

申请日：2022-09-12

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Hendrikus G. P. Bosch ,  Vamsidhar Valluri ,  Stefan Olofsson

IPC: H04W64/00 ,  H04L61/2585 ,  H04W24/08 ,  H04W48/16

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.

公开(公告)号：US20220377089A1

公开(公告)日：2022-11-24

申请号：US17817724

申请日：2022-08-05

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: H04L9/40 ,  H04L45/00 ,  H04L61/4511

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

公开(公告)号：US11483796B2

公开(公告)日：2022-10-25

申请号：US16694509

申请日：2019-11-25

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Hendrikus G. P. Bosch ,  Vamsidhar Valluri ,  Stefan Olofsson

IPC: H04W64/00 ,  H04L61/2585 ,  H04W24/08 ,  H04W48/16

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.

公开(公告)号：US11411967B2

公开(公告)日：2022-08-09

申请号：US16567435

申请日：2019-09-11

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: G06F15/173 ,  H04L9/40 ,  H04L61/4511 ,  H04L45/00

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

公开(公告)号：US11025632B2

公开(公告)日：2021-06-01

申请号：US16210817

申请日：2018-12-05

Applicant: Cisco Technology, Inc.

Inventor： Anand Venkata Ramana Murthy Akella ,  Vishnuprasad Raghavan ,  Vamsidhar Valluri ,  Raghuram S. Sudhaakar ,  Shesha Bhushan Sreenivasamurthy

IPC: H04L29/06 ,  H04L12/403 ,  H04L29/08 ,  G06F21/44 ,  G06F21/60 ,  H04L12/813 ,  H04L12/40

Abstract: In one embodiment, a device of a vehicle receives a packet comprising a source address, a destination address, an internet protocol (IP) encapsulated controller area network (CAN) message, and CAN message identifier information. The device compares the source address, the destination address, and the CAN message identifier information to an access control list (ACL). The device makes a determination that delivery of the CAN message to the destination address would be a policy violation based on the comparison. The device drops the packet based on the determination that delivery of the CAN message to the destination address would be a policy violation.

公开(公告)号：US20210160813A1

公开(公告)日：2021-05-27

申请号：US16694509

申请日：2019-11-25

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Hendrikus G.P. Bosch ,  Vamsidhar Valluri ,  Stefan Olofsson

IPC: H04W64/00 ,  H04W48/16 ,  H04W24/08 ,  H04L29/12

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.