公开(公告)号：US09699082B2

公开(公告)日：2017-07-04

申请号：US14010707

申请日：2013-08-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Fabio Maino ,  Vina Ermagan

IPC: H04L12/741 ,  H04L12/715 ,  H04L12/749

CPC classification number: H04L45/745 ,  H04L45/04 ,  H04L45/741

Abstract: In one embodiment, a method includes receiving a packet at a tunnel end point in a multi-tenant network, the packet comprising a destination, performing a lookup for the destination in a database comprising a mapping of global identifiers to local tenant identifiers for different hosting locations, each of the global identifiers uniquely identifying a tenant across all of the hosting locations, identifying a destination tunnel end point and a local tenant identifier for the destination, and inserting the destination tunnel end point and the local tenant identifier into the packet and forwarding the packet. An apparatus and logic are also disclosed herein.

公开(公告)号：US09407544B1

公开(公告)日：2016-08-02

申请号：US14259483

申请日：2014-04-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Fabio Maino ,  Darrel Lewis ,  John Mullooly ,  Gregg Schudel

IPC: H04L12/713 ,  H04L12/723 ,  H04L12/755 ,  H04L12/715

CPC classification number: H04L45/586 ,  H04L45/021 ,  H04L45/04 ,  H04L45/50 ,  H04L45/64

Abstract: In one embodiment, a method includes receiving a packet at a first provider edge device in communication with a mapping system comprising mappings of customer routes to provider edge devices, and mappings of customer virtual routing and forwarding (VRF) instances to a service provider VRF instance, mapping a customer route to one of the provider edge devices and mapping a customer VRF instance to the service provider VRF instance, encapsulating the packet at the first provider edge device based on the mappings, and transmitting the packet to the provider edge device. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在与包括向客户端边缘设备的客户路由映射的映射系统通信的第一供应商边缘设备处接收分组，以及将客户虚拟路由和转发（VRF）实例映射到服务提供商VRF实例 将客户路由映射到提供商边缘设备之一，并将客户VRF实例映射到服务提供商VRF实例，基于映射将数据包封装在第一提供商边缘设备，并将该分组发送到提供商边缘设备。 本文还公开了一种装置和逻辑。

公开(公告)号：US20140112349A1

公开(公告)日：2014-04-24

申请号：US13751717

申请日：2013-01-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Dino Farinacci ,  Fabio Maino

IPC: H04L12/56

CPC classification number: H04L45/64 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/6418 ,  H04L61/103

Abstract: In one embodiment, a method includes receiving a packet from a first host at a first edge device, the packet comprising a layer 3 address of a second host in communication with a second edge device, using the layer 3 address of the second host to receive a layer 2 address and a location identifier for the second host from a database accessible from a core network, the database comprising a mapping of layer 3 host addresses to layer 2 host addresses and location identifiers, and storing a mapping of the layer 2 address to the location identifier at the first edge device for use in forwarding packets to the second host. The first edge device is in communication with the second edge device in an overlay network defined by the edge devices interconnected by the core network. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在第一边缘设备处从第一主机接收分组，该分组包括与第二边缘设备通信的第二主机的第3层地址，使用第二主机的第3层地址来接收 来自可从核心网访问的数据库的第二主机的第二层地址和位置标识符，所述数据库包括层3主机地址到层2主机地址和位置标识符的映射，以及将层2地址的映射存储到 在第一边缘设备处的位置标识符用于将分组转发到第二主机。 第一边缘设备在由由核心网互连的边缘设备定义的覆盖网络中与第二边缘设备通信。 本文还公开了一种装置和逻辑。

公开(公告)号：US20240291734A1

公开(公告)日：2024-08-29

申请号：US18648889

申请日：2024-04-29

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20220086083A1

公开(公告)日：2022-03-17

申请号：US17534101

申请日：2021-11-23

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Syed Khalid Raza ,  Alberto Rodriguez Natal ,  Marc Portoles Comeras

IPC: H04L12/725 ,  H04L29/08 ,  H04L12/46 ,  H04L12/851 ,  H04L29/06 ,  H04L12/715 ,  H04L12/813

Abstract: Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.

公开(公告)号：US20220086061A1

公开(公告)日：2022-03-17

申请号：US17538983

申请日：2021-11-30

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US10826827B1

公开(公告)日：2020-11-03

申请号：US16514223

申请日：2019-07-17

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Marc Portoles Comeras ,  Vina Ermagan ,  Victor Moreno ,  Fabio Maino ,  Sanjay Hooda

IPC: H04L12/715 ,  H04L12/741 ,  H04L12/733

Abstract: In one embodiment, a router includes processors and computer-readable non-transitory storage media coupled to the processors including instructions executable by the processors. The router may store at least one virtual prefix and an associated aggregation threshold. The router may register, with a mapping database of an overlay network, ownership of individual prefixes served by the router. The router may determine an amount of prefixes served by the router that are within an address space of the virtual prefix. The router may register, based on a determination that the amount of prefixes satisfies the aggregation threshold, ownership of the virtual prefix with the mapping database of the overlay network. The registration of the virtual prefix may cause ownership of one or more of the registered individual prefixes served by the router that are within the address space of the virtual prefix to be deregistered.

公开(公告)号：US20200322262A1

公开(公告)日：2020-10-08

申请号：US16783843

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Syed Khalid Raza ,  Alberto Rodriguez Natal ,  Marc Portoles Comeras

IPC: H04L12/725 ,  H04L29/06 ,  H04L29/08 ,  H04L12/46 ,  H04L12/851 ,  H04L12/813 ,  H04L12/715

Abstract: Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.

公开(公告)号：US20170005831A1

公开(公告)日：2017-01-05

申请号：US15267007

申请日：2016-09-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Darrel Lewis ,  Gregg Schudel ,  John Mullooly ,  Isidoros Kouvelas ,  Jesper Skriver ,  Christian Cassar ,  Dino Farinacci ,  Fabio Maino

IPC: H04L12/46 ,  H04L12/911 ,  H04L12/723 ,  H04L12/66

CPC classification number: H04L12/4633 ,  H04L12/46 ,  H04L12/4641 ,  H04L12/66 ,  H04L45/50 ,  H04L47/825

Abstract: In one embodiment, a method includes receiving at a first network device in a first virtual private network, a packet destined for a second network device in communication with a second virtual private network, and transmitting the packet over the second network, wherein the packet is encapsulated for transmittal on a tunnel extending from the first network device to the second network device. The first network device is in communication with a system operable to map and encapsulate the packet and provide an overlay that traverses over the second virtual private network. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在第一虚拟专用网络中的第一网络设备处接收目的地是与第二虚拟专用网络通信的第二网络设备的分组，以及通过所述第二网络发送所述分组，其中所述分组是 封装在从第一网络设备延伸到第二网络设备的隧道上传输。 第一网络设备与可操作以映射和封装分组的系统通信，并提供穿过第二虚拟专用网络的覆盖。 本文还公开了一种装置和逻辑。

公开(公告)号：US09294393B1

公开(公告)日：2016-03-22

申请号：US14259373

申请日：2014-04-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： John Mullooly ,  Fabio Maino ,  Darrel Lewis ,  Gregg Schudel

IPC: H04L12/715 ,  H04L12/24 ,  H04L12/911

CPC classification number: H04L45/64 ,  H04L41/12 ,  H04L47/825

Abstract: In one embodiment, a method includes receiving from a plurality of customer edge devices, endpoint addresses at a central mapping system operating as a control plane for a provider network in communication with a plurality of customer networks, and mapping the endpoint addresses to provider edge devices in the provider network. Wherein the customer edge devices store customer endpoint routes for active flows and the provider edge devices store customer edge device site locator addresses for use in a mapping and encapsulation overlay in the provider network. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括从多个客户边缘设备接收作为用于与多个客户网络通信的提供商网络的控制平面操作的中央映射系统的端点地址，以及将端点地址映射到提供商边缘设备 在提供商网络中。 其中客户边缘设备存储活动流的客户端点路由，并且提供商边缘设备存储客户边缘设备站点定位器地址以用于提供商网络中的映射和封装覆盖。 本文还公开了一种装置和逻辑。