公开(公告)号：US10237379B2

公开(公告)日：2019-03-19

申请号：US15711768

申请日：2017-09-21

Applicant: Cisco Technology, Inc.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/725 ,  H04L12/713

Abstract: An example method for distributed service chaining is provided and includes receiving a packet belonging to a service chain in a distributed virtual switch (DVS) network environment, the packet includes a network service header (NSH) indicating a service path identifier identifying the service chain. The packet is provided to a virtual Ethernet module (VEM) connected to an agentless service node (SN) providing an edge service such as a server load balancer (SLB). The VEM associates a service path identifier corresponding to the service chain with a local identifier such as a virtual local area network (VLAN). The agentless SN returns the packet to the VEM for forwarding on the VLAN. Because the VLAN corresponds exactly to the service path and service chain, the packet is forwarded directly to the next node in the service chain. This can enable agentless SNs to efficiently provide a service chain for network traffic.

公开(公告)号：US09906496B2

公开(公告)日：2018-02-27

申请号：US15270476

申请日：2016-09-20

Applicant: Cisco Technology, Inc.

Inventor： David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Rajesh Kumar Sethuraghavan

IPC: H04L29/04 ,  H04L29/06 ,  H04L12/931 ,  H04L29/08 ,  G06F9/455 ,  G06F21/62

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L29/08927 ,  H04L29/08972 ,  H04L49/356 ,  H04L49/70 ,  H04L63/0218 ,  H04L63/0227

Abstract: Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

公开(公告)号：US09794379B2

公开(公告)日：2017-10-17

申请号：US14305810

申请日：2014-06-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/725 ,  H04L12/713

CPC classification number: H04L69/22 ,  H04L12/4641 ,  H04L45/302 ,  H04L45/586

Abstract: An example method for distributed service chaining is provided and includes receiving a packet belonging to a service chain in a distributed virtual switch (DVS) network environment, the packet includes a network service header (NSH) indicating a service path identifier identifying the service chain. The packet is provided to a virtual Ethernet module (VEM) connected to an agentless service node (SN) providing an edge service such as a server load balancer (SLB). The VEM associates a service path identifier corresponding to the service chain with a local identifier such as a virtual local area network (VLAN). The agentless SN returns the packet to the VEM for forwarding on the VLAN. Because the VLAN corresponds exactly to the service path and service chain, the packet is forwarded directly to the next node in the service chain. This can enable agentless SNs to efficiently provide a service chain for network traffic.

公开(公告)号：US09658876B2

公开(公告)日：2017-05-23

申请号：US15060758

申请日：2016-03-04

Applicant: Cisco Technology, Inc.

Inventor： David Chang ,  Abhijit Patra ,  Nagaraj Bagepalli ,  Murali Anantha

IPC: G06F15/16 ,  G06F9/455 ,  H04L12/64 ,  H04L12/24 ,  H04L12/931 ,  H04L29/08

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  H04L12/6418 ,  H04L41/12 ,  H04L49/70 ,  H04L67/10

Abstract: A sense of location is provided for distributed virtual switch components into the service provisioning scheme to reduce latency observed in conducting policy evaluations across a network in a hybrid cloud environment. A management application in a first virtual network subscribes to virtual network services provided by a second virtual network. A first message is sent to the second virtual network, the first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network. A second message is sent to the second virtual network, the second message comprising information configured to start a virtual service node in the second virtual network that provides network traffic services for the one or more virtual machines.

公开(公告)号：US09608896B2

公开(公告)日：2017-03-28

申请号：US15092117

申请日：2016-04-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G. P. Bosch

IPC: H04L12/28 ,  H04L12/751 ,  H04L12/24 ,  H04L12/725 ,  H04L12/721

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

公开(公告)号：US09407540B2

公开(公告)日：2016-08-02

申请号：US14020649

申请日：2013-09-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Dileep K. Devireddy ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC: G06F15/173 ,  H04L12/725 ,  H04L12/741

CPC classification number: H04L45/306 ,  H04L45/54

Abstract: An example method for distributed service chaining in a network environment is provided and includes receiving a packet belonging to a service chain in a distributed virtual switch (DVS) network environment, wherein the packet includes a network service header (NSH) indicating a service path identifier identifying the service chain and a location of the packet on the service chain, evaluating a service forwarding table to determine a next service node based on the service path identifier and the location, with a plurality of different forwarding tables distributed across the DVS at a corresponding plurality of virtual Ethernet Modules (VEMs) associated with respective service nodes in the service chain, and forwarding the packet to the next service node, with substantially all services in the service chain provided sequentially to the packet in a single service loop on a service overlay.

Abstract translation: 提供了一种在网络环境中分布式服务链接的示例方法，包括：在分布式虚拟交换机（DVS）网络环境中接收属于服务链的分组，其中分组包括指示服务路径标识符的网络服务报头（NSH） 在所述服务链上识别所述服务链和所述分组的位置，评估服务转发表以基于所述服务路径标识符和所述位置来确定下一个服务节点，具有分布在所述DVS上的相应的多个不同的转发表 多个虚拟以太网模块（VEM），其与服务链中的相应服务节点相关联，并且将分组转发到下一个服务节点，服务链中的基本上所有服务在服务覆盖中的单个服务循环中顺序地提供给分组 。

公开(公告)号：US20160182385A1

公开(公告)日：2016-06-23

申请号：US15055691

申请日：2016-02-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Dileep K. Devireddy ,  Abhijit Patra

IPC: H04L12/859 ,  H04L12/801

CPC classification number: H04L47/2475 ,  H04L12/56 ,  H04L43/026 ,  H04L45/12 ,  H04L45/38 ,  H04L45/48 ,  H04L45/64 ,  H04L47/12 ,  H04L47/17

Abstract: A method is provided in one example embodiment and includes receiving at a network element a flow offload decision for a first service node that includes a portion of a service chain for processing a flow; recording the flow offload decision against the first service node at the network element; and propagating the flow offload decision backward on a service path to which the flow belongs if the first service node is hosted at the network element. Embodiments may also include propagating the flow offload decision backward on a service path to which the flow belongs if the flow offload decision is a propagated flow offload decision and the network element hosts a second service node that immediately precedes the service node on behalf of which the propagated flow offload decision was received and a flow offload decision has already been received by the network element from the second service node.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括在网络元件处接收包括用于处理流的服务链的一部分的第一服务节点的流卸载决定; 记录网元上的第一服务节点的流量卸载决定; 并且如果第一服务节点驻留在网络元件处，则在流所属的服务路径上向后传播流卸载决策。 实施例还可以包括：如果流卸载决定是传播的流卸载决定，并且网络主机驻留在服务节点之前的第二服务节点，则在流所属的服务路径上向后传播流卸载决策， 接收到传播流卸载决定，网元从第二服务节点已经接收到流卸载决定。

公开(公告)号：US09344337B2

公开(公告)日：2016-05-17

申请号：US14208453

申请日：2014-03-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G. P. Bosch

IPC: H04L12/28 ,  H04L12/24 ,  H04L12/725 ,  H04L12/751

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract translation: 提供了一种网络环境中服务节点发起的服务链的示例方法，包括在包括多个服务节点和中心分类器的网络环境中的服务节点处接收分组，分析服务链修改的分组或 服务链启动，基于分析将服务节点处的分组分类到新的服务链，如果分析指示服务链启动，则在服务节点处启动新的服务链，并将分组的现有服务链修改为新的 服务链如果分析表明服务链修改。 在具体实施例中，分析包括应用对服务节点特定的分类逻辑。 可以从中央控制器接收一些实施例，服务节点属性和在网络中配置的基本上所有服务链中的服务节点的顺序。

公开(公告)号：US20150365324A1

公开(公告)日：2015-12-17

申请号：US14305810

申请日：2014-06-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC: H04L12/741 ,  H04L29/06 ,  H04L12/46

CPC classification number: H04L69/22 ,  H04L12/4641 ,  H04L45/302 ,  H04L45/586

Abstract: An example method for distributed service chaining is provided and includes receiving a packet belonging to a service chain in a distributed virtual switch (DVS) network environment, the packet includes a network service header (NSH) indicating a service path identifier identifying the service chain. The packet is provided to a virtual Ethernet module (VEM) connected to an agentless service node (SN) providing an edge service such as a server load balancer (SLB). The VEM associates a service path identifier corresponding to the service chain with a local identifier such as a virtual local area network (VLAN). The agentless SN returns the packet to the VEM for forwarding on the VLAN. Because the VLAN corresponds exactly to the service path and service chain, the packet is forwarded directly to the next node in the service chain. This can enable agentless SNs to efficiently provide a service chain for network traffic.

Abstract translation: 提供了一种用于分布式业务链接的示例方法，包括在分布式虚拟交换机（DVS）网络环境中接收属于服务链的分组，该分组包括指示标识服务链的服务路径标识符的网络服务报头（NSH）。 该分组被提供给连接到提供边缘服务（例如服务器负载平衡器（SLB））的无代理服务节点（SN）的虚拟以太网模块（VEM）。 VEM将与服务链相对应的服务路径标识符与诸如虚拟局域网（VLAN）的本地标识符相关联。 无代理SN将数据包返回给VEM以在VLAN上转发。 由于VLAN与服务路径和服务链完全对应，因此将数据包直接转发到服务链中的下一个节点。 这可以使无代理SN有效地为网络流量提供服务链。

公开(公告)号：US09130872B2

公开(公告)日：2015-09-08

申请号：US13843233

申请日：2013-03-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  Ethan M. Spiegel

IPC: G06F15/173 ,  G06F15/16 ,  H04L12/24 ,  H04L12/931 ,  H04L12/933

CPC classification number: H04L41/5041 ,  H04L49/15 ,  H04L49/70

Abstract: An example method for workload based service chain insertion in a network environment is provided and includes partitioning a service-path into fragments at a service controller, where the service-path comprises an ordered sequence of services to be provided to a packet associated with a workload in a network. The method also includes determining a location of service nodes providing the services; and provisioning the fragments at interfaces at a distributed virtual switch. The method could further include generating a plurality of service insertion points corresponding to the fragments at a service dispatcher. The service dispatcher can include a plurality of data plane components, and the service insertion points are generated at the data plane components.

Abstract translation: 提供了一种在网络环境中基于工作负载的服务链插入的示例方法，并且包括将服务路径划分为服务控制器处的分段，其中服务路径包括要提供给与工作负载关联的分组的有序序列的服务 在网络中。 该方法还包括确定提供服务的服务节点的位置; 并在分布式虚拟交换机的接口处配置片段。 该方法还可以包括在服务分派器处生成与片段相对应的多个服务插入点。 服务调度器可以包括多个数据平面组件，并且在数据平面组件处生成服务插入点。