公开(公告)号：US10609081B1

公开(公告)日：2020-03-31

申请号：US15796948

申请日：2017-10-30

Applicant: Cisco Technology, Inc.

Inventor： Syam Sundar V Appala ,  Shyamsundar Nandkishor Maniyar ,  Sanjay Kumar Hooda ,  Kiran Kumar Yedavalli

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/12

Abstract: In one example embodiment, a network appliance is configured to process packets in a network. The network appliance obtains a mapping of a domain name to a security group tag having associated therewith one or more security policies. The network appliance receives a network packet having an Internet Protocol address. The network appliance determines a particular domain name associated with the Internet Protocol address of the packet. Based on the mapping of the domain name to the security group tag and the particular domain name, the network appliance determines whether the network packet is associated with the security group tag. The network appliance applies the one or more security policies to the network packet based on the security group tag when the particular domain name of the network packet matches the domain name.

公开(公告)号：US10454882B2

公开(公告)日：2019-10-22

申请号：US15638413

申请日：2017-06-30

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Aniket Ghule ,  Vimarsh Puneet ,  Atri Indiresan

IPC: H04L12/46 ,  H04L29/06 ,  H04L29/12

Abstract: Address support and network address transparency may be provided. First, a border device may receive a processed network configuration parameter request having an address of a subnet to which a client device is associated and information data in an information field of the network configuration parameter request. The information data may comprise an address of a network device and an identifier of the subnet to which the client device is associated. Next, the border device may encapsulate the processed network configuration parameter request with the information data extracted from the processed network configuration parameter request. The border device may then forward the encapsulated network configuration parameter response to the network device.

公开(公告)号：US20180159957A1

公开(公告)日：2018-06-07

申请号：US15368633

申请日：2016-12-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sanjay Kumar Hooda ,  Sarath Gorthi Subrahmanya

IPC: H04L29/08 ,  H04L12/715 ,  H04L12/46

CPC classification number: H04L67/327 ,  H04L12/4633 ,  H04L45/64

Abstract: Aspects of the embodiments are directed to a network element that is configured for receiving, from an access point, a data packet originating from a client, the data packet comprising a packet header that comprises a packet header augmented with context information; decapsulating the packet header to identify the context information; applying a client-specific policy on the packet based, at least in part, on the context information; and forwarding the packet to a next hop in the network. The network element can be part of a network, such as a datacenter fabric architecture.

公开(公告)号：US20180077055A1

公开(公告)日：2018-03-15

申请号：US15263405

申请日：2016-09-13

Applicant: Cisco Technology, Inc.

Inventor： Anand Oswal ,  Muninder Sambi ,  Sanjay Kumar Hooda

IPC: H04L12/721 ,  H04L12/743 ,  H04L12/715 ,  H04L12/46

Abstract: A network device may receive a flow having source information corresponding to a first client device and destination information corresponding to a second client device. A tag may then be created by the network device for the flow based upon the source information and the destination information. Next, the network device may encapsulate a packet corresponding to the flow. The packet may be encapsulated with encapsulation information including the created tag. The encapsulated packet may then be routed through a plurality of intermediate network devices in the network. The created tag encapsulated with the packet may identify the packet as being a part of the flow as the packet is routed through the plurality of intermediate network devices.

公开(公告)号：US20180034732A1

公开(公告)日：2018-02-01

申请号：US15220441

申请日：2016-07-27

Applicant: Cisco Technology, Inc.

Inventor： Victor M. Moreno ,  Sanjay Kumar Hooda

IPC: H04L12/741 ,  G06F17/30 ,  H04L12/751 ,  H04L12/813 ,  H04L29/12 ,  H04L12/715

CPC classification number: H04L45/745 ,  H04L45/741 ,  H04L47/20

Abstract: A first network device may receive a frame from a first client device that may be destined for a second client device. Then a request may be sent to a network control plane of a network by the first network device in response to receiving the frame. The request may be for information on reachability for the second client device and may comprise an identifier of the second client device and first metadata corresponding to the first client device. The first network device may receive, from the network control plane, in response to sending the request, a policy rule-set for a flow corresponding to the frame and for a location of the second client device. The network control plane may use the identifier of the second client device and the first metadata as keys to lookup the location of the second client device and the policy rule-set.

公开(公告)号：US09729422B2

公开(公告)日：2017-08-08

申请号：US14656840

申请日：2015-03-13

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Venkatabalakrishnan Krishnamurthy ,  Tushar J. Patel ,  Ganesh Srinivasa Bhat

IPC: G01R31/08 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L43/16 ,  H04L41/0853 ,  H04L43/04 ,  H04L43/10

Abstract: A feature trace capability may be provided for features including, but not limited to, automatic quality of service (auto QoS), power over Ethernet (PoE), and fabric compatibility. A network command may be implemented with the capability to validate features across a network path or the network as a whole. The output of this network command may result in the display of details about supported features. Such a command may also result in a listing of what devices require upgrades to support any number of features of interest. Embodiments of the feature trace capability may be configured such that the query gets terminated once a final subnet (or endpoint) is reached. Alternatively, the feature trace capability may be configured such that the query gets terminated after a maximum hop count, or trace total (trace_ttl) is reached. Such a limit may prevent the continuous flooding of the network.

公开(公告)号：US20250150348A1

公开(公告)日：2025-05-08

申请号：US18501771

申请日：2023-11-03

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  MASSIMILIANO ARDICA ,  DARRIN JOSEPH MILLER ,  ELANGO GANESAN ,  IAN MCDOWELL CAMPBELL ,  SARAVANAN RADHAKRISHNAN

IPC: H04L41/0894 ,  H04L12/46 ,  H04L41/0893

Abstract: A method of cross-domain policy orchestration may include executing, with a cross-domain automation (CDA) controller, a macro-segmentation of a plurality of domains based at least in part on metadata defining a mapping to a corresponding plurality of domain controllers, and executing, with the CDA controller, a micro-segmentation of policies within a group based at least in part on a merged policy matrix obtained from policies of the domain controllers.

公开(公告)号：US12107721B2

公开(公告)日：2024-10-01

申请号：US18426498

申请日：2024-01-30

Applicant: Cisco Technology, Inc.

Inventor： Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Shree N. Murthy ,  Sonal Prem Kumar Chhabria ,  Akshay Dorwat

IPC: H04L41/0813 ,  H04L12/46 ,  H04L67/306

CPC classification number: H04L41/0813 ,  H04L12/4641 ,  H04L67/306 ,  H04L2212/00

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

公开(公告)号：US12052135B2

公开(公告)日：2024-07-30

申请号：US17336424

申请日：2021-06-02

Applicant: Cisco Technology, Inc.

Inventor： Oliver James Bull ,  Rex Emmanuel Fernando ,  Anand Oswal ,  Kausik Majumdar ,  Darren Russell Dukes ,  Sanjay Kumar Hooda

IPC: H04L47/20 ,  H04L41/0806 ,  H04L41/0893 ,  H04L43/08 ,  H04L47/22 ,  H04L47/24 ,  H04W84/04 ,  H04W88/16

CPC classification number: H04L41/0806 ,  H04L41/0893 ,  H04L43/08 ,  H04L47/20 ,  H04L47/22 ,  H04L47/24 ,  H04W84/042 ,  H04W88/16

Abstract: An enterprise controller of an enterprise network sends to a service gateway of a service provider network a request for network slice information about network slices provisioned on a data plane of the service provider network. Responsive to the sending, the enterprise controller receives from the service gateway the network slice information including identifiers of and properties associated with the network slices. Responsive to receiving a request for the network slice information from a network device at a border of a forwarding plane of the enterprise network, the enterprise controller sends the network slice information to the network device to cause the network device to perform configuring network traffic in the forwarding plane with identifiers of ones of the network slices that match the network traffic, and to perform forwarding the network traffic configured with the identifiers to the data plane of the service provider network.

公开(公告)号：US12028250B2

公开(公告)日：2024-07-02

申请号：US18323263

申请日：2023-05-24

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/28 ,  H04L45/00 ,  H04L45/02 ,  H04L45/74 ,  H04L47/20 ,  H04L47/33 ,  H04L9/40

CPC classification number: H04L45/742 ,  H04L45/04 ,  H04L45/54 ,  H04L47/20 ,  H04L47/33 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.