公开(公告)号：US10187306B2

公开(公告)日：2019-01-22

申请号：US15080493

申请日：2016-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  James N. Guichard ,  Paul Quinn

IPC: H04L12/801 ,  H04L12/715 ,  H04L12/46 ,  H04L29/06 ,  H04L29/08

Abstract: There is disclosed an apparatus having logic elements to: receive an incoming packet associated with a first service function chain; identify a next hop service function for the incoming packet as a non-reactive service function; create a duplicate packet; forward the duplicate packet to the non-reactive service function; and forward the incoming packet to a next reactive service function. There is also disclosed an apparatus having logic to: receive an incoming packet associated with a first service function chain (SFC), having a first service path identifier (SPI); determine that the incoming packet has a first service index (SI), and that a next-hop SI identifies a non-reactive service function (NRSF); receive a duplicate packet of the incoming packet; rewrite a service header of the duplicate packet to identify a second SFC having a second SPI, wherein the second SPI is different from the first SPI; and alter the first SI of the incoming packet to identify a next reactive service function in the first SFC.

公开(公告)号：US10153951B2

公开(公告)日：2018-12-11

申请号：US15711625

申请日：2017-09-21

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Carlos M. Pignataro ,  David Ward ,  Paul Quinn ,  Surendra Kumar

IPC: H04L1/00 ,  H04L12/24 ,  H04L12/703 ,  H04L12/723 ,  H04L12/26 ,  H04L29/08

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

公开(公告)号：US09912480B2

公开(公告)日：2018-03-06

申请号：US15442722

申请日：2017-02-27

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L12/24 ,  H04L9/32 ,  H04L29/06 ,  H04L9/08 ,  G06F9/445

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US20170279712A1

公开(公告)日：2017-09-28

申请号：US15080493

申请日：2016-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  James N. Guichard ,  Paul Quinn

IPC: H04L12/715 ,  H04L29/06 ,  H04L29/08 ,  H04L12/46

CPC classification number: H04L45/64 ,  H04L12/4633 ,  H04L12/4641 ,  H04L67/32 ,  H04L69/22

Abstract: There is disclosed an apparatus having logic elements to: receive an incoming packet associated with a first service function chain; identify a next hop service function for the incoming packet as a non-reactive service function; create a duplicate packet; forward the duplicate packet to the non-reactive service function; and forward the incoming packet to a next reactive service function. There is also disclosed an apparatus having logic to: receive an incoming packet associated with a first service function chain (SFC), having a first service path identifier (SPI); determine that the incoming packet has a first service index (SI), and that a next-hop SI identifies a non-reactive service function (NRSF); receive a duplicate packet of the incoming packet; rewrite a service header of the duplicate packet to identify a second SFC having a second SPI, wherein the second SPI is different from the first SPI; and alter the first SI of the incoming packet to identify a next reactive service function in the first SFC.

公开(公告)号：US20170237747A1

公开(公告)日：2017-08-17

申请号：US15387123

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Michael E. Lipman ,  Mike Milano ,  David D. Ward ,  James Guichard ,  Leonid Sandler ,  Moshe Kravchik ,  Alena Lifar ,  Darrin Miller

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/107 ,  G06F21/602 ,  G06F21/6218 ,  H04L63/0428 ,  H04L63/108 ,  H04L63/20 ,  H04W12/00503 ,  H04W12/08

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

公开(公告)号：US09621520B2

公开(公告)日：2017-04-11

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L12/953

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to he generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US09614739B2

公开(公告)日：2017-04-04

申请号：US14168447

申请日：2014-01-30

Applicant: Cisco Technology, Inc.

Inventor： Surendra Kumar ,  Nagaraj Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James Guichard ,  Jayaraman Iyer

IPC: G06F15/16 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L43/026 ,  H04L41/5041

Abstract: Presented herein are service-function chaining techniques. In one example, a service controller in a network comprising a plurality of service nodes receives one is configured to identify one or more service-functions hosted by each of the service nodes. The service controller defines a service-function chain in terms of service-functions to be applied to traffic in the network and provides information descriptive of the service-function chain to a classifier node.

公开(公告)号：US09479443B2

公开(公告)日：2016-10-25

申请号：US14285843

申请日：2014-05-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Ian McDowell Campbell ,  Humberto J. La Roche ,  James N. Guichard ,  Surendra M. Kumar ,  Paul Quinn ,  Alessandro Duminuco ,  Jeffrey Napper ,  Ravi Shekhar

IPC: H04L12/851 ,  H04L12/801 ,  H04W72/04 ,  H04L12/721 ,  H04W88/16

CPC classification number: H04L47/2408 ,  H04L45/38 ,  H04L47/12 ,  H04L47/14 ,  H04W72/0493 ,  H04W88/16

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

Abstract translation: 在一个示例性实施例中提供了示例性方法，并且可以包括在网关处接收订户的分组，其中所述网关包括用于与一个或多个策略服务器进行接口的本地策略锚点以及用于与一个或多个服务 每个服务链包括由网关可访问的一个或多个服务; 确定服务链以接收订户的分组; 用标题附加订户的分组，其中该报头至少部分地包括用户的标识信息和用于本地策略锚的因特网协议（IP）地址; 以及将包括所述头部的分组注入到为所述用户确定的服务链中。

公开(公告)号：US09444675B2

公开(公告)日：2016-09-13

申请号：US13912224

申请日：2013-06-07

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Carlos M. Pignataro ,  David Ward ,  Paul Quinn ,  Surendra Kumar

IPC: H04L1/00 ,  H04L12/24 ,  H04L12/26 ,  H04L12/703 ,  H04L12/725 ,  H04L12/723

CPC classification number: H04L41/5009 ,  H04L41/0654 ,  H04L41/0668 ,  H04L41/5038 ,  H04L41/5077 ,  H04L43/0823 ,  H04L43/50 ,  H04L45/28 ,  H04L45/302 ,  H04L45/50 ,  H04L67/10

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

Abstract translation: 这里呈现的是在包括多个网络节点的网络中执行的技术，每个网络节点被配置为将一个或多个服务功能应用于通过服务路径中的相应网络节点的业务。 在网络节点处，接收到应用于网络节点处的业务的一个或多个服务功能或应用的故障或劣化的指示。 产生描述故障或退化的数据。 确定应用服务功能或应用程序到服务路径中的业务的先前服务跳网络节点。 将描述故障或劣化的数据传送到先前的服务跳网络节点。

公开(公告)号：US20160218956A1

公开(公告)日：2016-07-28

申请号：US15092117

申请日：2016-04-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G.P. Bosch

IPC: H04L12/751 ,  H04L12/721

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.