公开(公告)号：US11436111B2

公开(公告)日：2022-09-06

申请号：US16592613

申请日：2019-10-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US11283707B2

公开(公告)日：2022-03-22

申请号：US17071919

申请日：2020-10-15

Applicant: Cisco Technology, Inc.

Inventor： Giles Douglas Yorke Heron ,  Edward A. Warnicke ,  William Mark Townsley ,  Yoann Desmouceaux

IPC: H04L12/707 ,  H04L12/715 ,  H04L12/703 ,  H04L12/721 ,  H04L29/12 ,  H04L45/00 ,  H04L45/28 ,  H04L61/256 ,  H04L12/725 ,  H04L45/30

Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.

公开(公告)号：US11223567B2

公开(公告)日：2022-01-11

申请号：US16251625

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Edward A. Warnicke ,  William Mark Townsley

IPC: H04L12/801 ,  H04L29/06 ,  H04L12/931 ,  H04L12/807 ,  H04L29/08

Abstract: A first node in a service mesh is configured to perform one or more services on network traffic obtained from an upstream network element via a pre-existing Transmission Control Protocol (TCP) session and provide the network traffic obtained from the upstream network element via the pre-existing TCP session to a downstream network element. The first node determines that the first node should no longer obtain the network traffic from the upstream network element via the pre-existing TCP session. In response, the first node provides state information for the pre-existing TCP session to the downstream network element. The downstream network element is configured to establish a new TCP session having the state information for the pre-existing TCP session with the upstream network element and to obtain further network traffic from the upstream network element via the new TCP session. The first node terminates the pre-existing TCP session.

公开(公告)号：US11190445B2

公开(公告)日：2021-11-30

申请号：US16531549

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L12/761 ,  H04L29/08 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US10812374B2

公开(公告)日：2020-10-20

申请号：US16138595

申请日：2018-09-21

Applicant: Cisco Technology, Inc.

Inventor： Giles Douglas Yorke Heron ,  Edward A. Warnicke ,  William Mark Townsley ,  Yoann Desmouceaux

IPC: H04L12/707 ,  H04L12/715 ,  H04L12/721 ,  H04L29/12 ,  H04L12/703 ,  H04L12/725

Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.

公开(公告)号：US20200236055A1

公开(公告)日：2020-07-23

申请号：US16251625

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Edward A. Warnicke ,  William Mark Townsley

IPC: H04L12/801 ,  H04L29/06 ,  H04L12/931 ,  H04L29/08 ,  H04L12/807

Abstract: A first node in a service mesh is configured to perform one or more services on network traffic obtained from an upstream network element via a pre-existing Transmission Control Protocol (TCP) session and provide the network traffic obtained from the upstream network element via the pre-existing TCP session to a downstream network element. The first node determines that the first node should no longer obtain the network traffic from the upstream network element via the pre-existing TCP session. In response, the first node provides state information for the pre-existing TCP session to the downstream network element. The downstream network element is configured to establish a new TCP session having the state information for the pre-existing TCP session with the upstream network element and to obtain further network traffic from the upstream network element via the new TCP session. The first node terminates the pre-existing TCP session.

公开(公告)号：US20200225977A1

公开(公告)日：2020-07-16

申请号：US16829948

申请日：2020-03-25

Applicant: Cisco Technology, Inc.

Inventor： Yoann Desmouceaux ,  Pierre Pfister ,  William Mark Townsley

IPC: G06F9/455 ,  H04L12/931

Abstract: Techniques for zero-loss workload mobility with segment routing for virtual machines are presented. The techniques include receiving, by a virtual router, an electronic message destined for a first virtual machine running on a first physical machine and checking a first virtual machine state for the first virtual machine. In response to determining that it is associated with a running state indicating the first physical machine, inserting a segment routing header including an indication of the source virtual machine, the first physical machine, and the first virtual machine. In response to determining that it is associated with a migration state, inserting, by the virtual router, a segment routing header indicating the source virtual machine, an END.S for the first physical machine, the first virtual machine; and an END.SBUF for a second physical machine. The message is then routed based at least in part on the inserted segment routing header.

公开(公告)号：US10511534B2

公开(公告)日：2019-12-17

申请号：US15947425

申请日：2018-04-06

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Yoann Desmouceaux ,  William Mark Townsley

IPC: H04L12/28 ,  H04L12/803 ,  H04L12/801 ,  H04L12/911 ,  H04J1/16

Abstract: Aspects of the subject technology provide state-less load-balancing using sequence numbers to identify traffic flows. In some implementations, a process of the technology can include steps for receiving, by a load-balancer, a first packet from a source device including a request to access the service provided by a server coupled to the load-balancer, determining a load for each of the servers, wherein each server is associated with a unique set of sequence numbers, and forwarding the request to a target server selected based on its corresponding load, and wherein the request is configured to cause the target server to issue a reply to the source device. Systems and machine-readable media are also provided.

公开(公告)号：US20190357081A1

公开(公告)日：2019-11-21

申请号：US16030956

申请日：2018-07-10

Applicant: Cisco Technology, Inc.

Inventor： Guillaume Gottardi ,  William Mark Townsley ,  Eric Philippe Hamel ,  Yoann Desmouceaux ,  Pierre Pfister

IPC: H04W28/08 ,  H04L29/12 ,  H04L29/08

Abstract: A user plane selection mechanism is provided that leverages an in-band load balancing scheme, e.g., Segment Routing Load Balancing (SRLB). Information in the form of segment identifiers (complemented by metadata) is passed to the components. As a result, the effective user plane function selection can be done in-band at the transport level.

公开(公告)号：US20190310871A1

公开(公告)日：2019-10-10

申请号：US15945726

申请日：2018-04-04

Applicant: Cisco Technology, Inc.

Inventor： Yoann Desmouceaux ,  Pierre Pfister ,  William Mark Townsley

IPC: G06F9/455 ,  H04L12/931

Abstract: Techniques for zero-loss workload mobility with segment routing for virtual machines are presented. The techniques include receiving, by a virtual router, an electronic message destined for a first virtual machine running on a first physical machine and checking a first virtual machine state for the first virtual machine. In response to determining that it is associated with a running state indicating the first physical machine, inserting a segment routing header including an indication of the source virtual machine, the first physical machine, and the first virtual machine. In response to determining that it is associated with a migration state, inserting, by the virtual router, a segment routing header indicating the source virtual machine, an END.S for the first physical machine, the first virtual machine; and an END.SBUF for a second physical machine. The message is then routed based at least in part on the inserted segment routing header.