公开(公告)号：US11178071B2

公开(公告)日：2021-11-16

申请号：US16164607

申请日：2018-10-18

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Vallepalli ,  Javed Asghar ,  Umamaheswararao Karyampudi ,  Saad Malik ,  Amitkumar V. Patel

IPC: H04L12/933 ,  H04L12/715 ,  H04L12/707 ,  H04L12/721 ,  H04L12/741 ,  H04L12/813 ,  H04L29/08 ,  H04L12/66

Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

公开(公告)号：US11171992B2

公开(公告)日：2021-11-09

申请号：US16525362

申请日：2019-07-29

Applicant: Cisco Technology, Inc.

Inventor： Azeem M. Suleman ,  Rajagopalan Janakiraman ,  Pramila Deshraj Singh ,  Sree Balaji Varadharajan ,  Javed Asghar ,  Sachin Gupta

IPC: H04L29/06 ,  H04L12/46

Abstract: The present disclosure provides for system resource management in self-healing networks by grouping End Point Groups (EPGs) into a plurality of policy groups based on shared security policies; identifying a first policy group with a highest resource demand; assigning a first security policy corresponding to the first policy group to a first switch of a plurality of switches; identifying a second plurality of EPGs from the remaining EPGs that were not included in the first policy group; grouping the second plurality of EPGs into a second plurality of policy groups based on shared security policies; identifying a second policy group with a highest resource demand of the second plurality of policy groups; and assigning a second security policy corresponding to the second policy group to a second switch of the plurality of switches.

公开(公告)号：US12238079B2

公开(公告)日：2025-02-25

申请号：US18673183

申请日：2024-05-23

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US12216556B2

公开(公告)日：2025-02-04

申请号：US18480821

申请日：2023-10-04

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Rajagopalan Janakiraman ,  Raghu Rajendra Arur

IPC: G06F11/00 ,  G06F11/20 ,  G06F11/30 ,  H04L67/00

Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.

公开(公告)号：US12063169B2

公开(公告)日：2024-08-13

申请号：US18464783

申请日：2023-09-11

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Vallepalli ,  Javed Asghar ,  Umamaheswararao Karyampudi ,  Saad Malik ,  Amitkumar V. Patel

IPC: H04L49/15 ,  H04L45/00 ,  H04L45/02 ,  H04L45/745 ,  H04L47/20 ,  H04L67/563 ,  H04L12/66

CPC classification number: H04L49/1507 ,  H04L45/04 ,  H04L45/22 ,  H04L45/72 ,  H04L45/745 ,  H04L47/20 ,  H04L67/563 ,  H04L12/66

Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

公开(公告)号：US11929917B2

公开(公告)日：2024-03-12

申请号：US17390511

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Vijay Kumar Devendran ,  Kiran Kumar Meda ,  Rajagopalan Janakiraman ,  Shyam N. Kapadia ,  Javed Asghar

IPC: H04L45/00 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/10 ,  H04L41/0677 ,  H04L43/091 ,  H04L43/12

CPC classification number: H04L45/22 ,  H04L43/0829 ,  H04L43/0858 ,  H04L43/087 ,  H04L43/10

Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.

公开(公告)号：US20200127987A1

公开(公告)日：2020-04-23

申请号：US16166973

申请日：2018-10-22

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/46

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US10165092B2

公开(公告)日：2018-12-25

申请号：US15152213

申请日：2016-05-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yixing Ruan ,  James N. Guichard ,  Javed Asghar ,  Carlos M. Pignataro ,  Kenneth Eugene Gray

IPC: H04L12/701 ,  H04L12/801 ,  H04L29/06 ,  H04L12/46 ,  H04L12/725 ,  H04L12/721 ,  H04L12/713

Abstract: Aspects of the embodiments are directed to augmenting a control packet with an interface identifier, the interface identifier identifying an interface at a physical network forwarding element; and transmitting the control packet with the interface identifier to the physical network forwarding element. The interface identifier can be included in metadata of a network service header (NSH). The NSH is encapsulated with the control packet, which is transmitted with the control packet. The NSH can be extracted and the interface identifier used to identify a user interface (or a presenting interface) based on a metadata lookup.

公开(公告)号：US10142128B2

公开(公告)日：2018-11-27

申请号：US15784218

申请日：2017-10-16

Applicant: Cisco Technology, Inc.

Inventor： James N. Guichard ,  Paul Quinn ,  Javed Asghar ,  Reinaldo Penno ,  Yixing Ruan ,  Carlos M. Pignataro

IPC: H04L12/801 ,  H04L12/28 ,  H04L12/751 ,  H04L1/04 ,  H04Q11/04 ,  H04L12/46 ,  H04L29/06

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

公开(公告)号：US20170353382A1

公开(公告)日：2017-12-07

申请号：US15173951

申请日：2016-06-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Shishir Gupta ,  Dharmarajan Subramanian ,  Javed Asghar

IPC: H04L12/703 ,  H04L12/707 ,  H04L12/761 ,  H04L12/801 ,  H04L12/18

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/1863 ,  H04L12/1886 ,  H04L45/128 ,  H04L45/16 ,  H04L45/22

Abstract: In one embodiment, a method includes computing at a controller, a primary path and a backup path for transmittal of multicast data from service nodes in communication with the controller and a multicast source to access nodes in communication with multicast receivers, and transmitting from the controller, information for the primary path and the backup path to the access nodes for use by the access nodes in receiving the multicast data on the primary path and the backup path, and switching transmittal of the multicast data to the multicast receivers from the primary path to the backup path upon identifying a failure in the primary path to provide fast reroute at the access nodes. A multicast control plane runs in the controller without operating in the access nodes. An apparatus is also disclosed herein.