公开(公告)号：US20240039839A1

公开(公告)日：2024-02-01

申请号：US18487021

申请日：2023-10-13

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vikram Vikas Pendharkar

IPC: H04L45/00 ,  H04L12/18 ,  H04L45/02

CPC classification number: H04L45/32 ,  H04L12/18 ,  H04L45/02

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：US20230308391A1

公开(公告)日：2023-09-28

申请号：US18323263

申请日：2023-05-24

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L45/74 ,  H04L45/02 ,  H04L45/00 ,  H04L47/20 ,  H04L47/33

CPC classification number: H04L45/742 ,  H04L45/04 ,  H04L45/54 ,  H04L47/20 ,  H04L47/33 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US11706139B2

公开(公告)日：2023-07-18

申请号：US17476462

申请日：2021-09-15

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/28 ,  H04L45/74 ,  H04L45/02 ,  H04L45/00 ,  H04L47/20 ,  H04L47/33 ,  H04L9/40

CPC classification number: H04L45/742 ,  H04L45/04 ,  H04L45/54 ,  H04L47/20 ,  H04L47/33 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US20210344595A1

公开(公告)日：2021-11-04

申请号：US16864442

申请日：2020-05-01

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/747 ,  H04L12/741 ,  H04L12/813 ,  H04L12/801 ,  H04L12/715

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US10778430B2

公开(公告)日：2020-09-15

申请号：US15968189

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Victor M. Moreno ,  Sanjay Kumar Hooda ,  Muhammad Ahmad Imam

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/08

Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.

公开(公告)号：US20200228404A1

公开(公告)日：2020-07-16

申请号：US16368624

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US10693733B2

公开(公告)日：2020-06-23

申请号：US15912839

申请日：2018-03-06

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Johnson Leong ,  Satish Kondalam ,  Victor Moreno ,  Rohan Grover

IPC: H04L12/24 ,  H04L29/12 ,  H04L12/947 ,  H04L12/931

Abstract: A method for establishing a partitioned fabric network is described. The method includes establishing a fabric network including a plurality of border nodes to couple the fabric network to one or more external data networks and a plurality of edge nodes to couple to the fabric network to one or more hosts. The method further includes defining a plurality of partitions of the fabric network. The method further includes registering each of the plurality of partitions with a corresponding one of the plurality of border nodes and with each of the plurality of edge nodes.

公开(公告)号：US10547467B2

公开(公告)日：2020-01-28

申请号：US15792180

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Prakash C. Jain ,  Rishabh Parekh ,  Atri Indiresan ,  Satish Kondalam ,  Victor Moreno

IPC: H04L12/18 ,  H04L29/12 ,  H04L29/06 ,  H04L12/853

Abstract: A method including determining that network traffic being transmitted is unicast or multicast; mapping to which virtual network and locator address each host belongs; generating leaking data for unicast and multicast traffic, wherein the leaking data indicates that a first virtual network leaks traffic to a second virtual network; receiving a request from the second virtual network to receive traffic from a host in the first virtual network; determining, based on the leaking data and the type of traffic being transmitted, if the first virtual network leaks traffic to the second virtual network; if the first virtual network leaks traffic to the second virtual network, determining a locator address for the host in the first virtual network using the mapping data; and transmitting the locator address for the host to the second virtual network to enable traffic leaking from the host to the second virtual network is disclosed.

公开(公告)号：US20190089611A1

公开(公告)日：2019-03-21

申请号：US15710314

申请日：2017-09-20

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Victor Moreno ,  Lukas Krattiger

IPC: H04L12/26 ,  H04L12/24

Abstract: Systems and methods are disclosed for determining a distributed health score for an aggregation of network devices. Device health data relevant to a set of key performance indicators is received, and a health score of a first device is determined based at least in part on the set of key performance indicators. The determined health score is then transmitted to at least a second device on the network. A determination of whether to take a corrective action associated with the first device is based on the determined health score.

公开(公告)号：US20180367302A1

公开(公告)日：2018-12-20

申请号：US15968189

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Victor M. Moreno ,  Sanjay Kumar Hooda ,  Muhammad Ahmad Imam

IPC: H04L9/30 ,  H04L9/08

CPC classification number: H04L9/30 ,  H04L9/0841 ,  H04L9/085 ,  H04L9/0866

Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.