公开(公告)号：US20240305640A1

公开(公告)日：2024-09-12

申请号：US18127990

申请日：2023-03-29

Applicant: Cisco Technology, Inc.

Inventor： Jay Kemper Johnston ,  Michael Chomicz ,  David Alexander Pryor ,  Radoslaw Konrad Ruchala ,  Jan Stanislaw Krupa

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/101 ,  H04L41/22 ,  H04L63/20

Abstract: Techniques and architecture are described for abstracting a real physical twin network wherein security policies are mapped as an overlay on a graphical representation of the network topology. The techniques include receiving, at a computing device, a first security policy) for a first network device. The computing device processes the first security policy to generate a plurality of first access control entries. The computing device creates first graph nodes corresponding to the first access control entries. Based at least in part on a processing order of the first security policy on the first network device, the computing device links the first graph nodes into a graph. The computing device displays the graph on a display, wherein the graph is displayed as an overlay on a network topology graph that includes the first network device.

公开(公告)号：US20240305603A1

公开(公告)日：2024-09-12

申请号：US18647322

申请日：2024-04-26

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Akram Ismail Sheriff ,  Guy Keinan ,  Walter T. Hulick, JR.

IPC: H04L61/4511

CPC classification number: H04L61/4511

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.

公开(公告)号：US20240305542A1

公开(公告)日：2024-09-12

申请号：US18117616

申请日：2023-03-06

Applicant: Cisco Technology, Inc.

Inventor： Grégory MERMOUD ,  Jean-Philippe VASSEUR

IPC: H04L41/5009 ,  H04L41/16

CPC classification number: H04L41/5009 ,  H04L41/16

Abstract: In one embodiment, a device causes, in accordance with a probing strategy, performance of a probing test by one or more agents in a network and with respect to an online application. The device obtains quality of experience measurements for the online application. The device adjusts, using reinforcement learning, the probing strategy based on how well a predictive model was able to predict the quality of experience measurements given results of the probing test. The device repeats the causing, obtaining, and adjusting steps using the probing strategy adjusted by the device, to find a minimally disruptive probing strategy that provides acceptable performance by the predictive model.

公开(公告)号：US20240303374A1

公开(公告)日：2024-09-12

申请号：US18667031

申请日：2024-05-17

Applicant: Cisco Technology, Inc.

Inventor： Keith Griffin ,  Jonathan Rosenberg

IPC: G06F21/62 ,  G06F9/451 ,  G06F16/9535 ,  G06N20/00 ,  H04L67/1097

CPC classification number: G06F21/6245 ,  G06F9/453 ,  G06F16/9535 ,  G06N20/00 ,  H04L67/1097

Abstract: Systems, methods, and devices are disclosed for cognitive collaboration systems on a hybrid node. A query is received by a virtual assistant running on a public cloud, and it is determined whether the query pertains to data available on a public cloud resource, or the query pertains to data available on a private cloud resource. When it is determined that the query pertains to the data available on the public cloud resource, the query is interpreted by using a first model trained on at least one machine learning technique on data from the public cloud. When it is determined that the query pertains to the data available on the private cloud resource, the query is interpreted by using a second model trained on at least one machine learning technique on the data from the private cloud.

公开(公告)号：US12088628B2

公开(公告)日：2024-09-10

申请号：US17497079

申请日：2021-10-08

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rahul Rammanohar ,  Kondaveeti Lakshmi Ganesh ,  David John Zacks

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/1408

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

公开(公告)号：US12088561B2

公开(公告)日：2024-09-10

申请号：US17821896

申请日：2022-08-24

Applicant: Cisco Technology, Inc.

Inventor： Sourabh Patwardhan

IPC: H04L9/40 ,  G06F16/245 ,  H04L9/08 ,  H04L49/15 ,  H04L67/56

CPC classification number: H04L63/0281 ,  G06F16/245 ,  H04L9/083 ,  H04L49/15 ,  H04L67/56

Abstract: A system for providing services for microservices applications is described herein. In an embodiment, a system comprises a plurality of container environments, each of which comprising a host node. A virtual fabric edge instance executes on each host node. The host nodes are interconnected through a plurality of switches. A fabric controller manages the plurality of switches and implements policies through the virtual fabric edge instances executing on each host node. The fabric controller additionally provides services for the application instances through the virtual fabric edge instances by routing traffic, data, queries from an application or proxy instance to another application or proxy instance in the container environment through the virtual fabric edge instances.

公开(公告)号：US20240298234A1

公开(公告)日：2024-09-05

申请号：US18471575

申请日：2023-09-21

Applicant: Cisco Technology, Inc.

Inventor： Vimal Srivastava ,  Ravi Kiran Guntupalli ,  Piyush Srivastava ,  Amit Shivhare

IPC: H04W36/22 ,  H04W12/06 ,  H04W36/32

CPC classification number: H04W36/22 ,  H04W12/06 ,  H04W36/322

Abstract: Provided herein are techniques to facilitate location-specific wireless local area network (WLAN) offload restrictions for user equipment based on wireless wide area network (WWAN) radio band(s). In at least one example, a method performed by an authentication server of a WLAN may include, for a user equipment (UE) that is connected to an NR radio band of a WWAN and is seeking to connect to the WLAN, querying a subscription element of the WWAN to obtain a location indicator and an NR radio band indicator for the UE; determining, based on the location indicator and the NR radio band indicator, whether the UE is allowed or required to offload to the WLAN; and based on determining that the UE is allowed to offload from the WWAN to the WLAN, facilitating a WLAN association response message to be sent to the UE for offloading the UE to the WLAN.

公开(公告)号：US20240298180A1

公开(公告)日：2024-09-05

申请号：US18661055

申请日：2024-05-10

Applicant: Cisco Technology, Inc.

Inventor： Stefan Olofsson ,  Ijsbrand Wijnands ,  Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04W12/086 ,  H04L9/40 ,  H04L45/64 ,  H04W12/37

CPC classification number: H04W12/086 ,  H04L63/0272 ,  H04L63/20 ,  H04W12/37 ,  H04L45/64

Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.

公开(公告)号：US20240297838A1

公开(公告)日：2024-09-05

申请号：US18227602

申请日：2023-07-28

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Pablo Camarillo Garvia ,  Ahmed Mohamed Ahmed Abdelsalam ,  Sonia Ben Ayed ,  Jisu Bhattacharya

IPC: H04L43/0852 ,  H04L43/12

CPC classification number: H04L43/0852 ,  H04L43/12

Abstract: Techniques for processing path tracing probe packets using hardware (e.g., hardware memory of a node) and without the involvement of a path tracing collector component of a network controller. A source node may be configured to generate and assign random flow labels to a large number of probe packets and send them through the network to a sink node. The sink node may determine whether a flow indicated by the probe packet has previously been traversed. Additionally, the sink node may determine latency values associated with the flows, and store probe packets in corresponding latency bins. The latency bins may be stored in hardware memory of the sink node. Telemetry data representing the probe packets stored in the latency bins may be sent to a network controller for further network analysis.

公开(公告)号：US12081530B2

公开(公告)日：2024-09-03

申请号：US18234247

申请日：2023-08-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L9/40 ,  H04L9/32 ,  H04L12/46

CPC classification number: H04L63/0478 ,  H04L9/321 ,  H04L12/4633 ,  H04L63/08

Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.