公开(公告)号：US20200177629A1

公开(公告)日：2020-06-04

申请号：US16535550

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L29/06 ,  H04L12/803

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US10044562B2

公开(公告)日：2018-08-07

申请号：US14932719

申请日：2015-11-04

Applicant: Cisco Technology, Inc.

Inventor： Vrishab Sikand ,  Victor Moreno ,  Liqin Dong ,  Lifen Tian ,  Shyam Kapadia

IPC: G06F15/177 ,  H04L12/24 ,  H04L29/12

Abstract: Techniques are disclosed for configuring a LISP mobility network. A management tool receives a configuration for a network fabric. The configuration specifies values for one or more attributes associated with a Locator ID Separation Protocol (LISP)-enabled network. The management tool generates one or more commands based on the specified values for the one or more attributes associated with the LISP-enabled network. The generated commands are distributed to a plurality of network devices in the network fabric. Each network device executes the one or more commands to configure the network fabric.

公开(公告)号：US20170373936A1

公开(公告)日：2017-12-28

申请号：US15193482

申请日：2016-06-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Victor Moreno ,  Mark Montanez ,  Sridhar Subramanian

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L41/0816 ,  H04L41/12 ,  H04L45/64 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/104 ,  H04L67/306

Abstract: Changes are made to a virtual network for an endpoint based on the authenticated user identity of the endpoint. The system includes a server and a controller associated with a network fabric to which the endpoint is connected. The network fabric includes network elements to carry network traffic for the endpoint. The server authenticates the endpoint associated with a network address and determines a user identity of the endpoint based on the authentication. The server determines a first virtual network associated with the user identity. The controller receives a notification from the server that the network traffic for the endpoint associated with the network address is to be routed over the first virtual network. The controller updates routing information to associate the network address with the first virtual network and sends the updated routing information to the network elements of the network fabric.

公开(公告)号：US20170295093A1

公开(公告)日：2017-10-12

申请号：US15161636

申请日：2016-05-23

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Shyam Kapadia ,  Murali Venkateshaiah ,  John Lo ,  Liqin Dong

IPC: H04L12/715 ,  H04L12/753 ,  H04L12/46 ,  H04H20/26 ,  H04L12/741

CPC classification number: H04L45/64 ,  H04H20/26 ,  H04L12/1836 ,  H04L12/4641 ,  H04L45/16 ,  H04L45/48 ,  H04L45/745

Abstract: Presented herein are hybrid approaches to multi-destination traffic forwarding in overlay networks that can be used to facilitate interoperability between head-end-replication-support network devices (i.e., those that only use head-end-replication) and multicast-support network devices (i.e., those that only use native multicast). By generally using existing tunnel end-points (TEPs) supported functionality for sending multi-destination traffic and enhancing the TEPs to receive multi-destination traffic with the encapsulation scheme they do not natively support, the presented methods and systems minimize the required enhancements to achieve interoperability and circumvents any hard limitations that the end-point hardware may have. The present methods and systems may be used with legacy hardware that are commissioned or deployed as well as new hardware that are configured with legacy protocols.

公开(公告)号：US20150063351A1

公开(公告)日：2015-03-05

申请号：US14010707

申请日：2013-08-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Fabio Maino ,  Vina Ermagan

IPC: H04L12/741 ,  H04L12/56

CPC classification number: H04L45/745 ,  H04L45/04 ,  H04L45/741

Abstract: In one embodiment, a method includes receiving a packet at a tunnel end point in a multi-tenant network, the packet comprising a destination, performing a lookup for the destination in a database comprising a mapping of global identifiers to local tenant identifiers for different hosting locations, each of the global identifiers uniquely identifying a tenant across all of the hosting locations, identifying a destination tunnel end point and a local tenant identifier for the destination, and inserting the destination tunnel end point and the local tenant identifier into the packet and forwarding the packet. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在多租户网络中的隧道终点处接收分组，所述分组包括目的地，在数据库中执行目的地的查找，包括全局标识符到不同主机的本地租户标识符的映射 位置，每个全局标识符唯一地标识所有托管位置的租户，标识目的地的目的地隧道终点和本地租户标识符，并将目的地隧道终点和本地租户标识符插入到分组中并转发 包。 本文还公开了一种装置和逻辑。

公开(公告)号：US11528270B2

公开(公告)日：2022-12-13

申请号：US16867739

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L9/40 ,  H04L61/2503 ,  H04L67/52 ,  G06F21/41 ,  H04L101/622

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

公开(公告)号：US11296985B2

公开(公告)日：2022-04-05

申请号：US16939300

申请日：2020-07-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Rex Emmanuel Fernando ,  Syam Sundar Appala

IPC: H04L12/741 ,  H04L45/74 ,  H04L12/46

Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.

公开(公告)号：US20220029915A1

公开(公告)日：2022-01-27

申请号：US16939300

申请日：2020-07-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Rex Emmanuel Fernando ,  Syam Sundar Appala

IPC: H04L12/741 ,  H04L12/46

Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.

公开(公告)号：US11233822B2

公开(公告)日：2022-01-25

申请号：US16535550

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L29/06 ,  H04L12/803 ,  H04L12/715 ,  H04L12/723

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US20210044565A1

公开(公告)日：2021-02-11

申请号：US16534783

申请日：2019-08-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L29/06 ,  H04L12/713 ,  H04L12/741

Abstract: Systems, methods, and computer-readable media for implementing an extranet policy include receiving a request from a source to perform a lookup for a destination address. A lookup for the destination address is performed in a consolidated routing table, the consolidated routing table including a consolidated mapping of address prefixes associated with two or more virtual networks. If the lookup results in a match for the destination address with a matching address prefix, a matching virtual network associated with the matching address prefix is determined. An access policy for the request corresponding to the matching virtual network is obtained, and based on the access policy the request is allowed to access the destination address in the matching virtual network or disallowed. The consolidated routing table can be implemented in a mapping server using a Locator/ID Separation Protocol (LISP).