公开(公告)号：US11165636B2

公开(公告)日：2021-11-02

申请号：US16203949

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Atri Indiresan ,  Jerish Sam David ,  Anand Pulicat Gopalakrishnan

IPC: H04L12/24 ,  H04L12/933 ,  H04L12/751

Abstract: In one embodiment, a method is performed at a controller of a fabric that is connected to a first seed device in the fabric. The method includes obtaining a connectivity graph of the fabric including the first seed device. The method further includes causing the first seed device to send a first request to a first neighboring device in the connectivity graph via a first interface of the first seed device connectable to the first neighboring device. The method also includes assigning fabric component properties to devices in the fabric based at least in part on a first message from the first seed device, where the first seed device generates the first message based at least in part on a first response from the first neighboring device received via the first interface. The method additionally includes converting the first neighboring device to a second seed device in the fabric.

公开(公告)号：US11128694B2

公开(公告)日：2021-09-21

申请号：US16737964

申请日：2020-01-09

Applicant: Cisco Technology, Inc.

Inventor： Prakash Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam

IPC: H04L29/08 ,  H04L12/721

Abstract: Presented herein are techniques to provide an endpoint in a multi-site Software-defined network (SDN) fabric with an Internet access route that is optimal for the specific site in which the endpoint is located. In particular, a control plane node in a first site of a multi-site SDN fabric registers a border node in the first site as a Default Egress Tunnel Router (ETR) for Internet access or unknown endpoint identifier (EID) of the first site. The first site includes at least one endpoint. The control plane node receives a request for Internet access for the at least one endpoint and provides a dynamically-selected Internet access route via a same or different virtual instance (e.g., Virtual Routing and Forwarding (VRF) function(s), Virtual Private Network(s) (VPNs), Virtual Networks (VNs), etc.) for Internet traffic sent by the at least one endpoint.

公开(公告)号：US20210288877A1

公开(公告)日：2021-09-16

申请号：US17336424

申请日：2021-06-02

Applicant: Cisco Technology, Inc.

Inventor： Oliver James Bull ,  Rex Emmanuel Fernando ,  Anand Oswal ,  Kausik Majumdar ,  Darren Russell Dukes ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/851 ,  H04L12/815 ,  H04L12/813

Abstract: An enterprise controller of an enterprise network sends to a service gateway of a service provider network a request for network slice information about network slices provisioned on a data plane of the service provider network. Responsive to the sending, the enterprise controller receives from the service gateway the network slice information including identifiers of and properties associated with the network slices. Responsive to receiving a request for the network slice information from a network device at a border of a forwarding plane of the enterprise network, the enterprise controller sends the network slice information to the network device to cause the network device to perform configuring network traffic in the forwarding plane with identifiers of ones of the network slices that match the network traffic, and to perform forwarding the network traffic configured with the identifiers to the data plane of the service provider network.

公开(公告)号：US20210136607A1

公开(公告)日：2021-05-06

申请号：US16672048

申请日：2019-11-01

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Sanjay Kumar Hooda ,  Venkatesh Ramachandra Gota ,  Chandramouli Balasubramanian ,  Anand Oswal

IPC: H04W24/08 ,  H04W28/02 ,  H04W36/22 ,  H04W48/06 ,  H04W28/24

Abstract: Systems and methods for managing traffic in a hybrid environment include monitoring traffic load of a local network to determine whether the traffic load exceeds or is likely to exceed a maximum traffic load, where the maximum traffic load is a traffic load for which a service can be provided by the local network, based on a license. An excess traffic load is determined if the traffic load exceeds or is likely to exceed the maximum traffic load. One or more external networks which have a capacity to provide the service to the excess traffic load are determined, to which the excess traffic load is migrated. The local network includes one or more service instances for providing the service for up to the maximum traffic load, and the service to the excess traffic load is provided by one or more additional service instances in the one or more external networks.

公开(公告)号：US20210135984A1

公开(公告)日：2021-05-06

申请号：US17098633

申请日：2020-11-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand Jain ,  Sanjay Kumar Hooda ,  Victor M. Moreno ,  Satish Kumar Kondalam

IPC: H04L12/725 ,  H04L12/713 ,  H04L12/927 ,  H04L12/715

Abstract: In one embodiment, a method is performed at a node in a multi-site enterprise fabric. The method includes obtaining map entries from a fabric control plane of the multi-site enterprise fabric, where the map entries are associated with identifiers of endpoints in external networks, site and virtual network identifiers of sites in the multi-site enterprise fabric, location identifiers of border nodes, and characteristics of the border nodes. The method further includes receiving a request from a source to connect to an external endpoint. After deriving an external endpoint identifier and source parameters, the method additionally includes establishing at least one connection between the source and the external endpoint via border node(s) that are selected from the map entries based at least in part on the source parameters, the external endpoint identifier, and characteristics of the border node(s) with their site and virtual network identifier(s) along the at least one connection.

公开(公告)号：US10958622B2

公开(公告)日：2021-03-23

申请号：US15867124

申请日：2018-01-10

Applicant: Cisco Technology, Inc.

Inventor： Syam Sundar V Appala ,  Kiran Kumar Yedavalli ,  Shyamsundar Nandkishor Maniyar ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L12/46

Abstract: In one example, a network element in a first network receives a network packet including a first security group identifier. The network element identifies the first security group identifier, determines that the first security group identifier is hierarchically correlated with a second security group identifier, and inserts the second security group identifier into the network packet. The network element forwards the network packet including the second security group identifier.

公开(公告)号：US10826775B1

公开(公告)日：2020-11-03

申请号：US16446338

申请日：2019-06-19

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Anand Oswal ,  Rex Emmanuel Fernando ,  Syam Sundar Appala ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/715 ,  H04L29/06 ,  G06F9/455 ,  H04L12/721

Abstract: Systems, methods, and computer-readable media for providing cross-domain policy enforcement. In some examples, transit VRFs for a destination network domain and a source network domain are created. Route advertisements for nodes coupled to source VRFs in the source network domain are created that include identifications of the source VRFs. The route advertisements can be transmitted from a source transit VRF in the source network domain to a destination transit VRF in the destination network domain. The route advertisements can then be filtered at the destination transit VRF based on a cross-domain policy using the identifications of the source VRFs to export routes to destination VRFs in the destination network domain according to the cross-domain policy.

公开(公告)号：US20200267147A1

公开(公告)日：2020-08-20

申请号：US16867739

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

公开(公告)号：US20200177629A1

公开(公告)日：2020-06-04

申请号：US16535550

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L29/06 ,  H04L12/803

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US20200177447A1

公开(公告)日：2020-06-04

申请号：US16203949

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Atri Indiresan ,  Jerish Sam David ,  Anand Pulicat Gopalakrishnan

IPC: H04L12/24 ,  H04L12/751 ,  H04L12/933

Abstract: In one embodiment, a method is performed at a controller of a fabric that is connected to a first seed device in the fabric. The method includes obtaining a connectivity graph of the fabric including the first seed device. The method further includes causing the first seed device to send a first request to a first neighboring device in the connectivity graph via a first interface of the first seed device connectable to the first neighboring device. The method also includes assigning fabric component properties to devices in the fabric based at least in part on a first message from the first seed device, where the first seed device generates the first message based at least in part on a first response from the first neighboring device received via the first interface. The method additionally includes converting the first neighboring device to a second seed device in the fabric.