公开(公告)号：US20220116311A1

公开(公告)日：2022-04-14

申请号：US17066223

申请日：2020-10-08

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L12/707 ,  H04L12/717 ,  H04L12/755 ,  H04L12/721 ,  H04L12/803

Abstract: A method may include, with a controller of an AS, routing a data flow from a source device, through at least one front-end node to a plurality of back-end nodes, and balancing, by the controller, the data flow to the back-end nodes equally based at least in part on ECMP routing. A number of routes from the back-end nodes to endpoint devices may be determined based at least in part on a preference for a primary route from the back-end nodes to a corresponding one of the endpoint devices, and backup routes from the back-end nodes to the corresponding one of the endpoint devices. An indication of a failure of a first endpoint device is received, and the back-end nodes utilize a first backup route that is associated with a second endpoint device to rebalance the data flow from the first endpoint device to the second endpoint device.

公开(公告)号：US11126415B1

公开(公告)日：2021-09-21

申请号：US17028566

申请日：2020-09-22

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: G06F9/44 ,  G06F8/41 ,  G06F8/30 ,  G06F8/76

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：US20210103507A1

公开(公告)日：2021-04-08

申请号：US16592613

申请日：2019-10-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L29/12

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US12301729B2

公开(公告)日：2025-05-13

申请号：US17183825

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40 ,  H04L61/4511

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US12003424B2

公开(公告)日：2024-06-04

申请号：US18111075

申请日：2023-02-17

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Andree Toonk ,  Rahim Lalani ,  Ian James Wells

IPC: H04L47/726 ,  H04L9/40 ,  H04L45/12 ,  H04L45/125 ,  H04L45/42 ,  H04L45/7453 ,  H04L47/78 ,  H04L47/80 ,  H04L67/10 ,  H04L67/1027 ,  H04L67/1097 ,  H04L67/146

CPC classification number: H04L47/726 ,  H04L45/42 ,  H04L47/781 ,  H04L47/801 ,  H04L63/166 ,  H04L67/1097

Abstract: Techniques for load balancing communication sessions in a networked computing environment are described herein. The techniques may include establishing a first communication session between a client device and a first computing resource of a networked computing environment. Additionally, the techniques may include storing, in a data store, data indicating that the first communication session is associated with the first computing resource. The techniques may further include receiving, at a second computing resource of the networked computing environment, traffic associated with a second communication session that was sent by the client device, and based at least in part on accessing the data stored in the data store, establishing a traffic redirect such that the traffic and additional traffic associated with the second communication session is sent from the second computing resource to the first computing resource.

公开(公告)号：US11843610B2

公开(公告)日：2023-12-12

申请号：US16985720

申请日：2020-08-05

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells

IPC: H04L29/06 ,  H04L29/08 ,  H04L15/16 ,  G06F15/16 ,  G06F9/455 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  H04L9/40 ,  H04L69/16 ,  H04L67/1097 ,  H04L69/32

CPC classification number: H04L63/105 ,  G06F9/45558 ,  H04L63/083 ,  H04L63/20 ,  H04L67/1097 ,  H04L69/162 ,  H04L69/32 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: This disclosure describes techniques for providing multiple namespace support to application(s) in containers under Kubernetes without breaking containment boundaries or escalating privileges of the application(s). A namespace service executing on a physical server may communicate with contained processes executing on the physical server by utilizing a Unix Domain Socket (UDS) endpoint in the filesystem of each of the containers. the namespace service may execute on the physical server with escalated privileges, allowing the namespace service to create a socket in a namespace and provide access and rights to utilize the socket to process(es) in a separate namespace.

公开(公告)号：US20230275845A1

公开(公告)日：2023-08-31

申请号：US18111075

申请日：2023-02-17

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Andree Toonk ,  Rahim Lalani ,  Ian James Wells

IPC: H04L47/726 ,  H04L45/42 ,  H04L47/78 ,  H04L47/80 ,  H04L9/40 ,  H04L67/1097

CPC classification number: H04L47/726 ,  H04L45/42 ,  H04L47/781 ,  H04L47/801 ,  H04L63/166 ,  H04L67/1097

Abstract: Techniques for load balancing communication sessions in a networked computing environment are described herein. The techniques may include establishing a first communication session between a client device and a first computing resource of a networked computing environment. Additionally, the techniques may include storing, in a data store, data indicating that the first communication session is associated with the first computing resource. The techniques may further include receiving, at a second computing resource of the networked computing environment, traffic associated with a second communication session that was sent by the client device, and based at least in part on accessing the data stored in the data store, establishing a traffic redirect such that the traffic and additional traffic associated with the second communication session is sent from the second computing resource to the first computing resource.

公开(公告)号：US20230221946A1

公开(公告)日：2023-07-13

申请号：US18114708

申请日：2023-02-27

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: G06F8/65 ,  H04L67/52

CPC classification number: G06F8/65 ,  H04L67/52

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：US11588749B2

公开(公告)日：2023-02-21

申请号：US16875524

申请日：2020-05-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Andree Toonk ,  Rahim Lalani ,  Ian James Wells

IPC: H04L47/726 ,  H04L45/42 ,  H04L47/78 ,  H04L47/80 ,  H04L9/40 ,  H04L67/1097 ,  H04L45/7453 ,  H04L45/12 ,  H04L47/125 ,  H04L67/10 ,  H04L67/1027 ,  H04L67/146

Abstract: Techniques for load balancing communication sessions in a networked computing environment are described herein. The techniques may include establishing a first communication session between a client device and a first computing resource of a networked computing environment. Additionally, the techniques may include storing, in a data store, data indicating that the first communication session is associated with the first computing resource. The techniques may further include receiving, at a second computing resource of the networked computing environment, traffic associated with a second communication session that was sent by the client device, and based at least in part on accessing the data stored in the data store, establishing a traffic redirect such that the traffic and additional traffic associated with the second communication session is sent from the second computing resource to the first computing resource.

公开(公告)号：US20220413975A1

公开(公告)日：2022-12-29

申请号：US17902677

申请日：2022-09-02

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58 ,  H04L101/00

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.