公开(公告)号：US20190005045A1

公开(公告)日：2019-01-03

申请号：US15661109

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Vina Ermagan ,  Fabio Maino

IPC: G06F17/30 ,  H04L12/745

CPC classification number: G06F16/24578 ,  G06F16/2282 ,  G06F16/90344 ,  H04L45/748

Abstract: Systems and methods for automatically executing an efficient longest internet protocol prefix match on non-relational and/or No-SQL databases, such as Cassandra. Clustering prefixes around common and/or standard prefix lengths ensures efficient use of Cassandra's underlying mechanisms and minimizes costly scan operations.

公开(公告)号：US10117066B2

公开(公告)日：2018-10-30

申请号：US14485050

申请日：2014-09-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sateesh K. Addepalli ,  Lillian Lei Dai ,  Flavio Bonomi ,  Xiaoqing Zhu ,  Fabio R. Maino ,  Pere Monclus ,  Rong Pan ,  Preethi Natarajan ,  Vina Ermagan ,  Alexander Loukissas

IPC: H04W4/00 ,  H04W4/04 ,  H04W76/45 ,  H04W72/04 ,  H04W28/06 ,  H04W52/12 ,  G06F9/54 ,  H04W48/06 ,  H04W48/18 ,  B60W50/10 ,  G06F3/01 ,  G06F3/16 ,  H04L12/26 ,  H04L29/06 ,  H04W12/08 ,  G06F21/45 ,  H04W12/06 ,  H04W28/02 ,  H04W40/20 ,  H04W48/02 ,  H04L29/08 ,  B60R16/023 ,  H04L12/721 ,  H04L29/12 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W40/02 ,  H04L1/00 ,  H04W4/10 ,  H04W12/02 ,  H04W12/04 ,  H04W76/00 ,  H04W80/02 ,  H04Q9/00 ,  H04L12/58 ,  H04W48/16 ,  H04W84/00 ,  H04W36/08 ,  H04W52/14 ,  H04W52/22 ,  H04W52/24 ,  H04W52/34 ,  H04W84/12 ,  H04W92/18

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

公开(公告)号：US09887936B2

公开(公告)日：2018-02-06

申请号：US14816406

申请日：2015-08-03

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Vina Ermagan ,  Christopher Spain

IPC: H04L12/911 ,  H04L12/851 ,  H04L12/741

CPC classification number: H04L47/825 ,  H04L45/74 ,  H04L47/24

Abstract: In one embodiment, a first device in a network receives application traffic sent from a source device towards a destination address. The first device sends the application traffic to a traffic identification service. The first device receives an instruction to establish a network tunnel to send the application traffic from the source device towards the destination address. The instruction is based on a classification of the application traffic by the traffic identification service. The first device establishes the network tunnel to send the application traffic from the source device towards the destination address.

公开(公告)号：US20150264554A1

公开(公告)日：2015-09-17

申请号：US14664101

申请日：2015-03-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sateesh K. Addepalli ,  Raghuram S. Sudhaakar ,  Lillian Lei Dai ,  Vina Ermagan ,  Preethi Natarajan ,  Kevin C. Lee ,  Pere Monclus ,  Robert Edward Somers

IPC: H04W8/06 ,  H04W8/26 ,  B60R16/023 ,  H04L12/721 ,  H04L29/12 ,  H04W8/08 ,  H04W40/02

CPC classification number: H04W4/046 ,  B60R16/023 ,  B60W50/10 ,  G06F3/017 ,  G06F3/167 ,  G06F9/542 ,  G06F21/45 ,  H04L1/008 ,  H04L29/06578 ,  H04L43/0811 ,  H04L43/0858 ,  H04L43/0876 ,  H04L45/12 ,  H04L51/02 ,  H04L61/2592 ,  H04L63/08 ,  H04L63/107 ,  H04L67/12 ,  H04L67/32 ,  H04L69/18 ,  H04Q9/00 ,  H04W4/00 ,  H04W4/10 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W28/0215 ,  H04W28/06 ,  H04W36/08 ,  H04W40/02 ,  H04W40/20 ,  H04W48/02 ,  H04W48/06 ,  H04W48/16 ,  H04W48/18 ,  H04W52/12 ,  H04W52/143 ,  H04W52/225 ,  H04W52/241 ,  H04W52/346 ,  H04W72/0406 ,  H04W72/042 ,  H04W72/0493 ,  H04W76/45 ,  H04W80/02 ,  H04W84/005 ,  H04W84/12 ,  H04W92/18 ,  Y02A30/60

Abstract: A method includes selecting a path for routing a data packet from a source node to a destination node in a vehicular ad hoc network, storing the data packet if the selected path is identified as a dead end, and establishing a communication link with a first node. The method also includes forwarding the data packet to the first node if a first distance between the first node and the destination node is less than a second distance between the source node and the destination node. More specific embodiments include sending a query for location information of the destination node, receiving the location information including two or more available paths from the source node to the destination node, and determining the path for routing the data packet is an optimal path of the two or more available paths.

Abstract translation: 一种方法包括：选择用于将数据分组从源节点路由到车辆ad hoc网络中的目的地节点的路径，如果所选路径被识别为死端，则存储数据分组，以及建立与第一节点的通信链路 。 如果第一节点和目的地节点之间的第一距离小于源节点和目的地节点之间的第二距离，则该方法还包括将数据分组转发到第一节点。 更具体的实施例包括发送对目的地节点的位置信息的查询，接收包括从源节点到目的地节点的两个或多个可用路径的位置信息，以及确定路由数据包的路径是两者的最佳路径 或更多可用路径。

公开(公告)号：US10979875B2

公开(公告)日：2021-04-13

申请号：US16128027

申请日：2018-09-11

Applicant: Cisco Technology, Inc.

Inventor： Lillian Lei Dai ,  Sateesh K. Addepalli ,  Xiaoqing Zhu ,  Preethi Natarajan ,  Rong Pan ,  Fabio R. Maino ,  Flavio Bonomi ,  Alexander Loukissas ,  Vina Ermagan ,  Pere Monclus

IPC: H04W4/40 ,  H04W76/45 ,  H04W52/12 ,  H04W28/06 ,  H04L12/26 ,  H04W12/00 ,  H04W72/04 ,  G06F9/54 ,  H04W48/06 ,  H04W48/18 ,  B60W50/10 ,  G06F3/01 ,  G06F3/16 ,  G06F21/45 ,  H04W28/02 ,  H04W40/20 ,  H04W48/02 ,  H04L29/06 ,  H04L29/08 ,  B60R16/023 ,  H04L12/721 ,  H04L29/12 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W40/02 ,  H04L1/00 ,  H04W4/00 ,  H04W4/10 ,  H04W80/02 ,  H04Q9/00 ,  H04L12/58 ,  H04W48/16 ,  H04W36/08 ,  H04W52/14 ,  H04W52/22 ,  H04W52/24 ,  H04W52/34 ,  H04W84/00 ,  H04W36/00 ,  H04W84/12 ,  H04W92/18

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

公开(公告)号：US20190268383A1

公开(公告)日：2019-08-29

申请号：US15903820

申请日：2018-02-23

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Alberto Rodriguez Natal

IPC: H04L29/06 ,  H04L12/46

Abstract: A mapping server provisions network elements to optimize the cryptographic resources of a computer network. The mapping server obtains from a source network element, a request for a source endpoint to communicate with a destination endpoint across the computer network. The mapping server determines a cryptographic policy based on the source endpoint, the destination endpoint, and an availability of cryptographic resources on the network elements. The mapping server identifies a destination network element based on the cryptographic policy. The destination network element is associated with the destination endpoint. The mapping server selects a security association based on the cryptographic policy to secure a communication from the source endpoint to the destination endpoint. The security association secures the communication between the source network element and the destination network element. The mapping server provides the security association to the source network element along with a network address of the destination network element.

公开(公告)号：US10187321B2

公开(公告)日：2019-01-22

申请号：US15058447

申请日：2016-03-02

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Horia Miclea ,  John Evans ,  Brian Eliot Weis ,  Vina Ermagan

IPC: H04L29/06 ,  H04L12/911 ,  H04L12/24 ,  H04L12/715 ,  H04L12/26

Abstract: High-level network policies that represent a virtual private network (VPN) as a high-level policy model are received. The VPN is to provide secure connectivity between connection sites of the VPN based on the high-level network policies. The high-level network policies are translated into low-level device configuration information represented in a network overlay and used for configuring a network underlay that provides the connections sites to the VPN. The network underlay is configured with the device configuration information so that the network underlay implements the VPN in accordance with the high-level policies. It is determined whether the network underlay is operating to direct traffic flows between the connection sites in compliance with the high-level network policies. If it is determined that the network underlay is not operating in compliance, the network underlay is reconfigured with new low-level device configuration information so that the network underlay operates in compliance.

公开(公告)号：US20180343227A1

公开(公告)日：2018-11-29

申请号：US15607248

申请日：2017-05-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jesus Arango ,  Vina Ermagan ,  Johnson Leong ,  Sanjay Kumar Hooda

IPC: H04L29/12 ,  H04L12/24

CPC classification number: H04L61/103 ,  H04L43/08 ,  H04L45/586 ,  H04L61/2084

Abstract: A Location/Identifier Separation Protocol (LISP) mapping server, including: a network interface for communicating with a LISP-enabled network; a mapping database; a subscription database; and an overlapping subscription publication engine (OSPE) to: receive a first mapping of a first subnetwork to a first routing locator (RLOC); add the first mapping to the mapping database; receive from a first ingress tunnel router (ITR) a subscription request for an endpoint identifier (EID) within the first subnetwork; add to a first subscription entry for the first subnetwork in the subscription database a subscription for the first ITR; receive a second mapping of a second subnetwork to a second RLOC, wherein the second subnetwork overlaps the first subnetwork; add the second mapping to the mapping database; and copy at least part of the first subscription entry to a second subscription entry for the second subnetwork.

公开(公告)号：US09654937B2

公开(公告)日：2017-05-16

申请号：US14664101

申请日：2015-03-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sateesh K. Addepalli ,  Raghuram S. Sudhaakar ,  Lillian Lei Dai ,  Vina Ermagan ,  Preethi Natarajan ,  Kevin C. Lee ,  Pere Monclus

IPC: H04L12/16 ,  H04W4/04 ,  H04W72/04 ,  H04W28/06 ,  H04W52/12 ,  G06F9/54 ,  H04W48/06 ,  H04W48/18 ,  B60W50/10 ,  G06F3/01 ,  G06F3/16 ,  H04L12/26 ,  H04L29/06 ,  H04W12/08 ,  G06F21/45 ,  H04W12/06 ,  H04W28/02 ,  H04W40/20 ,  H04W48/02 ,  H04L29/08 ,  B60R16/023 ,  H04L12/721 ,  H04L29/12 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W40/02 ,  H04L1/00 ,  H04W4/00 ,  H04W4/10 ,  H04W12/02 ,  H04W12/04 ,  H04W76/00 ,  H04W80/02 ,  H04W84/00 ,  H04W36/08 ,  H04W52/14 ,  H04W52/22 ,  H04W52/24 ,  H04W52/34 ,  H04W84/12 ,  H04W92/18

CPC classification number: H04W4/046 ,  B60R16/023 ,  B60W50/10 ,  G06F3/017 ,  G06F3/167 ,  G06F9/542 ,  G06F21/45 ,  H04L1/008 ,  H04L29/06578 ,  H04L43/0811 ,  H04L43/0858 ,  H04L43/0876 ,  H04L45/12 ,  H04L51/02 ,  H04L61/2592 ,  H04L63/08 ,  H04L63/107 ,  H04L67/12 ,  H04L67/32 ,  H04L69/18 ,  H04Q9/00 ,  H04W4/00 ,  H04W4/10 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W28/0215 ,  H04W28/06 ,  H04W36/08 ,  H04W40/02 ,  H04W40/20 ,  H04W48/02 ,  H04W48/06 ,  H04W48/16 ,  H04W48/18 ,  H04W52/12 ,  H04W52/143 ,  H04W52/225 ,  H04W52/241 ,  H04W52/346 ,  H04W72/0406 ,  H04W72/042 ,  H04W72/0493 ,  H04W76/45 ,  H04W80/02 ,  H04W84/005 ,  H04W84/12 ,  H04W92/18 ,  Y02A30/60

Abstract: A method includes selecting a path for routing a data packet from a source node to a destination node in a vehicular ad hoc network, storing the data packet if the selected path is identified as a dead end, and establishing a communication link with a first node. The method also includes forwarding the data packet to the first node if a first distance between the first node and the destination node is less than a second distance between the source node and the destination node. More specific embodiments include sending a query for location information of the destination node, receiving the location information including two or more available paths from the source node to the destination node, and determining the path for routing the data packet is an optimal path of the two or more available paths.

公开(公告)号：US20170041246A1

公开(公告)日：2017-02-09

申请号：US14816406

申请日：2015-08-03

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Vina Ermagan ,  Christopher Spain

IPC: H04L12/911 ,  H04L12/851 ,  H04L12/741

CPC classification number: H04L47/825 ,  H04L45/74 ,  H04L47/24

Abstract: In one embodiment, a first device in a network receives application traffic sent from a source device towards a destination address. The first device sends the application traffic to a traffic identification service. The first device receives an instruction to establish a network tunnel to send the application traffic from the source device towards the destination address. The instruction is based on a classification of the application traffic by the traffic identification service. The first device establishes the network tunnel to send the application traffic from the source device towards the destination address.

Abstract translation: 在一个实施例中，网络中的第一设备接收从源设备发送到目的地地址的应用流量。 第一个设备将应用流量发​​送到流量识别服务。 第一设备接收建立网络隧道的指令，以将来自源设备的应用流量发​​送到目的地址。 该指令基于流量识别服务对应用流量的分类。 第一个设备建立网络隧道，将应用流量从源设备发送到目的地址。