公开(公告)号：US20190296988A1

公开(公告)日：2019-09-26

申请号：US15926264

申请日：2018-03-20

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Frank Brockners ,  Reshad Rahman

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/803 ,  H04L12/707

Abstract: A reactive mechanism for in-situ operation, administration, and maintenance (IOAM) traffic is provided. In one embodiment, a method is provided that includes assigning a plurality of discriminator identifiers associated with a plurality of discriminators. Each discriminator is mapped to a specified action. The method includes receiving a data packet that includes an IOAM header comprising telemetry data associated with the data packet and a bidirectional forwarding detection (BFD) field that includes a specified discriminator identifier. The method further includes determining whether the specified discriminator identifier matches one of the plurality of discriminator identifiers, and, upon determining that the specified discriminator identifier matches a first discriminator identifier of the plurality of discriminator identifiers, the method includes initiating a seamless bidirectional forwarding detection (S-BFD) reflector session to transmit a response packet according to a first action mapped to a first discriminator associated with the first discriminator identifier.

公开(公告)号：US20160315850A1

公开(公告)日：2016-10-27

申请号：US14992109

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L12/721 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L9/32 ,  H04L12/4633 ,  H04L41/0246 ,  H04L41/0853 ,  H04L41/0866 ,  H04L41/28 ,  H04L45/26 ,  H04L61/6059 ,  H04L63/06 ,  H04L63/12 ,  H04L63/1408 ,  H04L69/166 ,  H04L69/22

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. Information is obtained about a packet at a network node in a network. The information may include in-band metadata of the packet. Verification information is read from in-band metadata of the packet. Updated verification information is generated from the verification information read from the packet and based on configuration information associated with the network node. The updated verification information is written back to the in-band metadata in the packet. The packet is forwarded from the network node in the network.

Abstract translation: 提供了一种用于验证通过网络中的多个网络节点的网络流量的过境证明的系统和方法。 获取关于网络中的网络节点上的分组的信息。 信息可以包括分组的带内元数据。 从分组的带内元数据中读取验证信息。 根据从分组读取的验证信息，并根据与网络节点相关联的配置信息生成更新的验证信息。 更新的验证信息被写回到分组中的带内元数据。 该分组从网络中的网络节点转发。

公开(公告)号：US12301430B2

公开(公告)日：2025-05-13

申请号：US18477476

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Frank Brockners ,  Jerome Henry ,  Matthias Falkner ,  Indermeet Singh Gandhi ,  Thomas Michel-Ange Feltin

IPC: H04L41/16 ,  H04L45/74 ,  H04L67/1008

Abstract: Novel techniques and mechanisms enable processing of heavy deep learning workloads on standard edge network devices to optimize the overall inference throughput of the network while meeting Service Level Agreement(s) (SLAs). The techniques can include receiving a deep learning model, determining a graph structure of the deep learning model including neurons organized in layers (the layers including an input layer, a plurality of hidden layers, and an output layer), assigning to a first IP subnet, at least a part of a first hidden layer of the plurality of hidden layers, assigning to a second IP subnet, at least a part of a second hidden layer of the plurality of hidden layers, and deploying the parts of the first and second hidden layers to edge devices as containerized applications with assigned IP addresses, which may be hidden from the user and/or third party application.

公开(公告)号：US12282575B2

公开(公告)日：2025-04-22

申请号：US17859720

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Hervé Muyal ,  Jean Andrei Diaconu ,  Frank Brockners ,  Carlos Goncalves Pereira

IPC: G06F21/62 ,  G06F9/54 ,  G06F21/60 ,  G06F16/2457

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

公开(公告)号：US20240195868A1

公开(公告)日：2024-06-13

申请号：US18418156

申请日：2024-01-19

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L67/104 ,  H04L9/32 ,  H04L9/40 ,  H04L61/4511 ,  H04L67/1001 ,  H04W24/10

CPC classification number: H04L67/104 ,  H04L9/3247 ,  H04L61/4511 ,  H04L63/0823 ,  H04L67/1001 ,  H04W24/10

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20240195678A1

公开(公告)日：2024-06-13

申请号：US18065221

申请日：2022-12-13

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Nitin Kumar ,  Frank Brockners ,  Carlos M. Pignataro ,  Rakesh Gandhi

IPC: H04L41/0631 ,  H04L43/12 ,  H04L45/16

CPC classification number: H04L41/0645 ,  H04L43/12 ,  H04L45/16

Abstract: A method is performed by a network controller that is configured to control routers configured to forward a multicast flow downstream from a first hop router that is a root of a multicast tree formed by the routers to last hop routers that terminate branches of the multicast tree, respectively. The method includes collecting operational configuration information from the routers and constructing a topological view of the multicast tree based on the operational configuration information; causing the routers to forward multicast probes downstream from the first hop router along all of the branches toward the last hop routers to trace the multicast tree; receiving, from particular ones of the last hop routers that received the multicast probes, indications that the multicast probes were received; and detecting failures in the multicast tree based on the indications and the topological view.

公开(公告)号：US11979412B2

公开(公告)日：2024-05-07

申请号：US18195081

申请日：2023-05-09

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32 ,  H04L45/00

CPC classification number: H04L63/123 ,  H04L9/0869 ,  H04L9/321 ,  H04L45/72 ,  H04L63/0428 ,  H04L63/0435

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

公开(公告)号：US20230185918A1

公开(公告)日：2023-06-15

申请号：US17547084

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.

公开(公告)号：US20230053575A1

公开(公告)日：2023-02-23

申请号：US17578872

申请日：2022-01-19

Applicant: Cisco Technology, Inc.

Inventor： Leo Marche ,  Thomas Michel-Ange Feltin ,  Andre Surcouf ,  Frank Brockners

IPC: G06F9/50 ,  G06N3/08

Abstract: This disclosure describes techniques and mechanisms for enabling a user to run heavy deep learning workloads on standard edge networks without off-loading computation to a cloud, leveraging the available edge computing resources, and efficiently partitioning and distributing a Deep Neural Network (DNN) over a network. The techniques enable the user to split a workload into multiple parts and process the workload on a set of smaller, less capable compute nodes in a distributed manner, without compromising on performance, and while meeting a Service Level Objective (SLO).

公开(公告)号：US11411994B2

公开(公告)日：2022-08-09

申请号：US16839576

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.