公开(公告)号：US11277282B2

公开(公告)日：2022-03-15

申请号：US16746903

申请日：2020-01-19

Applicant: Cisco Technology, Inc.

Inventor： Anand Oswal ,  Muninder S. Sambi ,  Sanjay K. Hooda ,  Gangadharan Byju Pularikkal ,  Kedar Karmarkar

IPC: H04L12/46 ,  H04L12/18 ,  H04L61/5014 ,  H04L61/58 ,  H04L101/668

Abstract: Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to a Virtual Network Identifier (VNI) and Scalable Group Tag (SGT).

公开(公告)号：US20210352675A1

公开(公告)日：2021-11-11

申请号：US17379035

申请日：2021-07-19

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  Mark Grayson

IPC: H04W72/08 ,  H04W76/10 ,  H04W8/08 ,  H04W24/10

Abstract: Systems, methods, and computer-readable media for radio resource management in a Citizens Broadband Radio Service (CBRS) network include one or more CBRS devices (CBSDs) which can obtain a group type associated with the CBSDs and their associated Radio Environment Map (REM) reports of one or more frequency channels of the CBRS network. The group type and the REM reports may be provided to a Self-Organizing Network (SON) manager of the CBRS network, where the SON manager may determine and provide to the CBSDs, one or more of a channel utilization information, transmission power, or mobility load management information for the CBSD, based on the group type and the REM reports.

公开(公告)号：US20210076378A1

公开(公告)日：2021-03-11

申请号：US16562822

申请日：2019-09-06

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Raghavaiah Avula ,  Akramsheriff Ismailsheriff

IPC: H04W72/04 ,  H04W16/14 ,  H04W72/08 ,  H04W28/02 ,  H04W72/12 ,  H04W72/14

Abstract: Systems, methods, and computer-readable media for dynamically assigning devices to specific channels in the CBRS band. One or more dedicated channels within the CBRS band can be selected and a boost channel device group can be formed by exclusively allocating the one or more dedicated channel to the boost channel device group. Further, a normal channel device group can be formed by allocating, to the normal channel device group, one or more channels in the CBRS band that are separate from the one or more dedicated channels allocated to the boost channel device group. One or more devices communicating in the CBRS band can be selectively assigned to either the boost channel device group or the normal channel device group to selectively control communications in the CBRS band over the one or more dedicated channels utilized by the boost channel device group.

公开(公告)号：US10785195B2

公开(公告)日：2020-09-22

申请号：US15854181

申请日：2017-12-26

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Mark Grayson ,  Madhusudan Nanjanagud

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/08 ,  H04W12/00 ,  H04W12/02 ,  H04W84/12

Abstract: In various implementations, a method includes receiving a request to establish an end-to-end encrypted session between a device in an enterprise network and an external entity that is outside the enterprise network. In some implementations, the end-to-end encrypted session allows encrypted packets to be transmitted between the device and the external entity. In various implementations, the method includes determining whether the request satisfies an enterprise security criterion for establishing the end-to-end encryption session. In various implementations, the method includes in response to determining that the request satisfies the enterprise security criterion, triggering the establishment of the end-to-end encrypted session between the device in the enterprise network and the external entity that is outside the enterprise entity.

公开(公告)号：US20200067844A1

公开(公告)日：2020-02-27

申请号：US16111074

申请日：2018-08-23

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Mark Grayson ,  Swaminathan Anantha ,  Sourav Chakraborty

IPC: H04L12/857 ,  H04L12/927 ,  H04L29/06 ,  H04L12/725

Abstract: Systems, methods, and devices are disclosed for providing a quality of service between nodes. A service provider can receive, from a first node of a customer network to an ingress node of a service provider network, packets bound for a second node on the customer network that is remote from the first node. The packets are mapped to a network segment according to a traffic type based on an identifier associated with the packets that identifies the traffic type of the packets. The packets are sent via their mapped network segment to an egress node with connectivity to the second node of the customer network according to a quality of service associated with the traffic type identified by the identifier.

公开(公告)号：US10567293B1

公开(公告)日：2020-02-18

申请号：US16111074

申请日：2018-08-23

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Mark Grayson ,  Swaminathan Anantha ,  Sourav Chakraborty

IPC: H04L12/927 ,  H04L29/06 ,  H04L12/725 ,  H04L12/857 ,  H04L12/26

Abstract: Systems, methods, and devices are disclosed for providing a quality of service between nodes. A service provider can receive, from a first node of a customer network to an ingress node of a service provider network, packets bound for a second node on the customer network that is remote from the first node. The packets are mapped to a network segment according to a traffic type based on an identifier associated with the packets that identifies the traffic type of the packets. The packets are sent via their mapped network segment to an egress node with connectivity to the second node of the customer network according to a quality of service associated with the traffic type identified by the identifier.

公开(公告)号：US20190289028A1

公开(公告)日：2019-09-19

申请号：US16434564

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal

IPC: H04L29/06 ,  H04W24/00 ,  H04W12/12 ,  H04W24/04

Abstract: Various implementations disclosed herein enable identifying anomalies in a network. For example, in various implementations, a method of identifying anomalies in a network is performed by a network node. In various implementations, the network node includes one or more processors, and a non-transitory memory. In various implementations, the method includes generating a characteristic indicator that characterizes a device type based on communications associated with a first device of the device type. In various implementations, the method includes determining, based on communications associated with the first device, a performance indicator that indicates a performance of the first device. In various implementations, the method includes synthesizing an anomaly indicator as a function of the performance indicator in relation to the characteristic indicator.

公开(公告)号：US20190245868A1

公开(公告)日：2019-08-08

申请号：US15891708

申请日：2018-02-08

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  David McGrew ,  Blake Harrell Anderson ,  Madhusudan Nanjanagud

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L69/16

Abstract: Methods and systems to estimate encrypted multi-path TCP (MPTCP) network traffic include restricting traffic in a first direction (e.g., uplink) to a single path, and estimating traffic of multiple subflows of a second direction (e.g., downlink) based on traffic over the single path of the first direction. The estimating may be based on, without limitation, acknowledgment information of the single path, a sequence of acknowledgment numbers of the single path, an unencrypted initial packet sent over the single path as part of a secure tunnel setup procedure, TCP header information of the unencrypted initial packet (e.g., sequence number, acknowledgment packet, and/or acknowledgment packet length), and/or metadata of packets of the single path (e.g., regarding cryptographic algorithms, Diffie-Helman groups, and/or certificate related data).

公开(公告)号：US20180368047A1

公开(公告)日：2018-12-20

申请号：US15623247

申请日：2017-06-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Santosh Ramrao Patil ,  Mark Grayson ,  Gangadharan Byju Pularikkal

IPC: H04W40/12 ,  H04L12/721 ,  H04L12/709

Abstract: An example method is provided in one example embodiment and may include receiving, at a packet data network gateway (PGW), a packet associated with an Internet Protocol (IP) flow of a user equipment (UE); identifying a routing rule associated with the IP flow, wherein the routing rule comprises routing access information that identifies whether the IP flow can be routed across a plurality of access networks using weighted link aggregation; and selecting a particular access network to facilitate communications for the IP flow of the UE based on the routing rule. In some cases, the selecting can include assigning the IP flow of the UE to a bearer established for the UE for the particular access network.

公开(公告)号：US10034237B2

公开(公告)日：2018-07-24

申请号：US15249072

申请日：2016-08-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Gangadharan Byju Pularikkal ,  Mark Grayson ,  Jerome Henry ,  Raghavaiah Avula

IPC: H04W48/20 ,  H04W12/06 ,  H04W48/14 ,  H04W8/18 ,  H04W84/12

Abstract: An example method is provided in one example embodiment and may include requesting, by a user equipment (UE), a profile associated with a subscriber that provides information to facilitate automatic association of the UE with one or more access points of a wireless network, wherein the requesting includes requesting the profile using a Generic Advertisement Service (GAS) Initial Request frame; and sending the profile to the UE using a GAS Initial Response frame. The method can include configuring a Vendor Specific Information Element (VSIE) within an Advertisement Protocol Identifier for the GAS Initial Request frame and configuring the VSIE to indicate an Access Network Query Protocol (ANQP) query for the profile. The method can also include configuring another VSIE within an Advertisement Protocol Identifier for the GAS Initial Response frame and configuring the VSIE to indicate an ANQP query response including the profile.