公开(公告)号：US11533669B2

公开(公告)日：2022-12-20

申请号：US16395817

申请日：2019-04-26

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Marc Portoles Comeras ,  John Martin Graybeal ,  Alberto Rodriguez Natal

IPC: H04W76/12 ,  H04W28/02 ,  H04W40/02 ,  H04L43/028

Abstract: In one illustrative example, network fabric policy data associated with an application, subscriber, and/or device may be received. Mobile network policy data that corresponds to the received network fabric policy data may be selected, based on stored policy mappings between a set of network fabric policy profiles of a fabric network and a set of mobile network policy profiles of a mobile network. A bearer or Quality of Service (QoS) flow of the mobile network may be established in satisfaction of the selected mobile network policy data. In addition, a packet filter of a traffic flow template (TFT) or a packet detection rule (PDR) may be generated and applied in order to direct IP traffic flows associated with the application to the established bearer or QoS flow for communication in the mobile network.

公开(公告)号：US11411948B2

公开(公告)日：2022-08-09

申请号：US16574771

申请日：2019-09-18

Applicant: Cisco Technology Inc.

Inventor： Clarence Filsfils ,  Marc Portoles Comeras ,  David Delano Ward ,  Alberto Rodriguez Natal

IPC: H04L9/40

Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.

公开(公告)号：US11201800B2

公开(公告)日：2021-12-14

申请号：US16782769

申请日：2020-02-05

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G. P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20210266262A1

公开(公告)日：2021-08-26

申请号：US16983346

申请日：2020-08-03

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L12/813 ,  H04L29/08 ,  H04L12/28 ,  H04L12/723 ,  H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US20200322325A1

公开(公告)日：2020-10-08

申请号：US16574771

申请日：2019-09-18

Applicant: Cisco Technology Inc.

Inventor： Clarence Filsfils ,  Marc Portoles Comeras ,  David Delano Ward ,  Alberto Rodriguez Natal

IPC: H04L29/06

Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.

公开(公告)号：US20190005045A1

公开(公告)日：2019-01-03

申请号：US15661109

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Vina Ermagan ,  Fabio Maino

IPC: G06F17/30 ,  H04L12/745

CPC classification number: G06F16/24578 ,  G06F16/2282 ,  G06F16/90344 ,  H04L45/748

Abstract: Systems and methods for automatically executing an efficient longest internet protocol prefix match on non-relational and/or No-SQL databases, such as Cassandra. Clustering prefixes around common and/or standard prefix lengths ensures efficient use of Cassandra's underlying mechanisms and minimizes costly scan operations.

公开(公告)号：US12063149B2

公开(公告)日：2024-08-13

申请号：US18353702

申请日：2023-07-17

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G. P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US12052273B2

公开(公告)日：2024-07-30

申请号：US18066446

申请日：2022-12-15

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Alberto Rodriguez Natal ,  Yegappan Lakshmanan ,  Fabio R. Maino ,  Anand Oswal

IPC: H04L9/40 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US12021654B2

公开(公告)日：2024-06-25

申请号：US18497666

申请日：2023-10-30

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Timothy Peter Stammers

IPC: H04L12/46 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L101/622

CPC classification number: H04L12/4633 ,  H04L12/4641 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L2101/622

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

公开(公告)号：US12009998B1

公开(公告)日：2024-06-11

申请号：US18202080

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Saswat Praharaj ,  Fabio R. Maino ,  Alberto Rodriguez Natal ,  Pradeep Kumar Kathail ,  Bruce McDougall

IPC: H04L41/5019 ,  H04L12/46

CPC classification number: H04L41/5019 ,  H04L12/4633

Abstract: Techniques for informing a network of an application's service-level agreement (SLA) objective(s) so the network can ensure the SLA is met end-to-end, thereby allowing core network support of deterministic SLA and application-based routing without using network-based application recognition (NBAR) and/or compromising user privacy. The techniques may include receiving a first connection request to establish a network-domain connection between different network domains that meets or exceeds a service level objective. Based on the first connection request, the network-domain connection may be established between the different network domains to meet or exceed the service-level objective. In some examples, a second connection request may be received to establish a tunnel between a source application and a destination application, which are disposed in the different network domains. Based on the second connection request, the techniques may include establishing the tunnel between the source application and the destination application utilizing the network-domain connection.