公开(公告)号：US09621520B2

公开(公告)日：2017-04-11

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L12/953

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to he generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US09444675B2

公开(公告)日：2016-09-13

申请号：US13912224

申请日：2013-06-07

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Carlos M. Pignataro ,  David Ward ,  Paul Quinn ,  Surendra Kumar

IPC: H04L1/00 ,  H04L12/24 ,  H04L12/26 ,  H04L12/703 ,  H04L12/725 ,  H04L12/723

CPC classification number: H04L41/5009 ,  H04L41/0654 ,  H04L41/0668 ,  H04L41/5038 ,  H04L41/5077 ,  H04L43/0823 ,  H04L43/50 ,  H04L45/28 ,  H04L45/302 ,  H04L45/50 ,  H04L67/10

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

Abstract translation: 这里呈现的是在包括多个网络节点的网络中执行的技术，每个网络节点被配置为将一个或多个服务功能应用于通过服务路径中的相应网络节点的业务。 在网络节点处，接收到应用于网络节点处的业务的一个或多个服务功能或应用的故障或劣化的指示。 产生描述故障或退化的数据。 确定应用服务功能或应用程序到服务路径中的业务的先前服务跳网络节点。 将描述故障或劣化的数据传送到先前的服务跳网络节点。

公开(公告)号：US09356871B2

公开(公告)日：2016-05-31

申请号：US13842774

申请日：2013-03-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jan Medved ,  Andrew McLachlan ,  David Ward ,  David Meyer

IPC: H04L12/70 ,  H04L12/803 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L47/122 ,  H04L41/0609 ,  H04L41/0686 ,  H04L43/08 ,  H04L43/16

Abstract: A network node may contain a virtual software-defined networking (SDN) switch and a local a management engine (e.g., a software application) for generating performance metrics based on received management plane traffic. Specifically, the virtual SDN switch may identify and forward received management plane traffic to the local management engine. In turn, the management engine evaluates the management plane traffic to generate performance metrics without forwarding the management plane packets to the remote SDN controller. The management engine may compare the metrics to one or more thresholds to determine the current state or health of the data paths in a network. If a threshold is exceeded, the management engine may transmit an alert to the virtual SDN switch to perform a corrective action—e.g., using a backup data path after the primary data path fails.

Abstract translation: 网络节点可以包含虚拟软件定义网络（SDN）交换机和本地管理引擎（例如，软件应用程序），用于基于接收到的管理平面业务来生成性能度量。 具体地说，虚拟SDN交换机可以识别并转发接收到的管理平面流量到本地管理引擎。 反过来，管理引擎评估管理平面流量以生成性能度量，而不将管理平面数据包转发到远程SDN控制器。 管理引擎可以将度量与一个或多个阈值进行比较，以确定网络中数据路径的当前状态或运行状况。 如果超过阈值，则管理引擎可以向虚拟SDN交换机发送警报以执行纠正措施，例如在主数据路径发生故障之后使用备份数据路径。

公开(公告)号：US20160099867A1

公开(公告)日：2016-04-07

申请号：US14966737

申请日：2015-12-11

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Yavindra Yadav ,  Michael R. Smith ,  Nagaraj A. Bagepalli

IPC: H04L12/725 ,  H04L12/851 ,  H04L29/06

CPC classification number: H04L45/306 ,  H04L41/0893 ,  H04L47/2441 ,  H04L69/22

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

Abstract translation: 提供了技术来将服务链结构与底层网络转发状态分离，并允许服务链转发要求的数据平面学习和服务功能状态要求与服务链的前向和后向转发路径之间的任何关联。 在包括多个网络节点的网络中，每个网络节点被配置为对通过相应网络节点的业务应用服务功能，在网络节点处接收分组。 当网络节点确定其应用的服务功能是有状态时，它更新分组的网络服务报头中的上下文信息，以指示在网络节点处应用的服务功能是有状态的，并且用于与分类标准匹配的反向路径的业务 将被返回到网络节点。

公开(公告)号：US09258243B2

公开(公告)日：2016-02-09

申请号：US13891247

申请日：2013-05-10

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  Rex Fernando ,  Govind P. Sharma ,  David Ward ,  Hendrikus G. P. Bosch ,  Luyuan Fang

IPC: H04L12/721 ,  H04L12/859 ,  H04L12/851

CPC classification number: H04L47/2475 ,  H04L47/2441

Abstract: A plurality of network nodes are deployed in a network, each network node configured to apply a service function to traffic that passes through the respective network nodes. A controller generates information for a service chain that involves application to traffic of one or more service functions at corresponding ones of the plurality of network nodes along a forward path through the one or more network nodes. The controller identifies one or more of the service functions within the service chain that is stateful. When one or more of the service functions of the service chain is stateful, the controller generates information for a reverse path through the one or more service nodes for the one or more stateful service functions. The controller binds a forward chain identifier for the forward path with a reverse chain identifier for the reverse path for the service chain.

Abstract translation: 多个网络节点部署在网络中，每个网络节点被配置为向通过各个网络节点的业务应用服务功能。 控制器生成用于服务链的信息，其涉及通过所述一个或多个网络节点沿着前向路径应用于所述多个网络节点中的对应的一个或多个服务功能的业务。 控制器识别服务链中的一个或多个服务功能是有状态的。 当服务链的一个或多个服务功能是有状态时，控制器通过用于一个或多个有状态服务功能的一个或多个服务节点生成用于反向路径的信息。 控制器将正向路径的前向链标识符与用于服务链的反向路径的反向链标识符绑定。

公开(公告)号：US09178812B2

公开(公告)日：2015-11-03

申请号：US13910179

申请日：2013-06-05

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Nagaraj A. Bagepalli ,  Michael R. Smith ,  Navindra Yadav

IPC: H04L12/721 ,  H04L12/725

CPC classification number: H04L45/566 ,  H04L45/306 ,  H04L69/22

Abstract: Presented herein are techniques useful in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes through the respective network nodes. A network node receives packets encapsulated in a service header that includes information defining a variable set of context headers stacked into an association of metadata that is relevant to one or more service functions within a service path comprised of one or more network nodes. The network node interprets a forwarding state and a next-hop network node for the service path from the service header, and determines a service action or associated metadata from the set of context headers.

Abstract translation: 这里呈现的是在网络中有用的技术，其包括多个网络节点，每个网络节点被配置为将一个或多个服务功能应用于通过各个网络节点的业务。 网络节点接收封装在服务头部中的分组，该分组包括定义一组上下文标题的信息，这些信息堆叠成与由一个或多个网络节点组成的服务路径内的一个或多个服务功能相关的元数据关联。 网络节点从服务头解释用于服务路径的转发状态和下一跳网络节点，并且从上下文头集合中确定服务动作或相关联的元数据。

公开(公告)号：US20140365634A1

公开(公告)日：2014-12-11

申请号：US13910177

申请日：2013-06-05

Applicant: Cisco Technology, Inc.

Inventor： Christopher Metz ,  David Ward ,  Jan Medved ,  Reinaldo Penno ,  Luyuan Fang ,  Jisu Bhattacharya

IPC: H04L12/24

CPC classification number: H04L41/14 ,  H04L41/0803

Abstract: Techniques are provided to programming network analytics processing in virtual and physical network devices, useful for software-defined networking (SDN). A controller, e.g., a so-called SDN controller, is configured to identify a control-plane or data-plane flow originating, terminating or transiting a physical or virtual network element. The controller generates one or more network analytics processing actions to be performed by the physical or virtual network element based on inspection of traffic by the physical or virtual network element. The controller forms or generates an inspect/apply-action message containing information identifying the control-plane or data-plane flow for inspection and the one or more network analytics processing actions to be performed. The inspect/apply-action message is sent to the physical or virtual network element.

Abstract translation: 提供技术来编程虚拟和物理网络设备中的网络分析处理，对于软件定义网络（SDN）是有用的。 控制器（例如所谓的SDN控制器）被配置为识别发起，终止或转移物理或虚拟网络元件的控制平面或数据平面流。 控制器基于物理或虚拟网络元件对业务的检查，生成由物理或虚拟网元执行的一个或多个网络分析处理动作。 控制器形成或生成包含识别用于检查的控制平面或数据平面流的信息和要执行的一个或多个网络分析处理动作的检查/应用动作消息。 检查/应用动作消息被发送到物理或虚拟网元。

公开(公告)号：US20140334295A1

公开(公告)日：2014-11-13

申请号：US13891247

申请日：2013-05-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： James Guichard ,  Paul Quinn ,  Rex Fernando ,  Govind P. Sharma ,  David Ward ,  Hendrikus G.P. Bosch ,  Luyuan Fang

IPC: H04L12/859 ,  H04L12/851

CPC classification number: H04L47/2475 ,  H04L47/2441

Abstract: A plurality of network nodes are deployed in a network, each network node configured to apply a service function to traffic that passes through the respective network nodes. A controller generates information for a service chain that involves application to traffic of one or more service functions at corresponding ones of the plurality of network nodes along a forward path through the one or more network nodes. The controller identifies one or more of the service functions within the service chain that is stateful. When one or more of the service functions of the service chain is stateful, the controller generates information for a reverse path through the one or more service nodes for the one or more stateful service functions. The controller binds a forward chain identifier for the forward path with a reverse chain identifier for the reverse path for the service chain.

Abstract translation: 多个网络节点部署在网络中，每个网络节点被配置为向通过各个网络节点的业务应用服务功能。 控制器生成用于服务链的信息，其涉及通过所述一个或多个网络节点沿着前向路径应用于所述多个网络节点中的对应的一个或多个服务功能的业务。 控制器识别服务链中的一个或多个服务功能是有状态的。 当服务链的一个或多个服务功能是有状态时，控制器通过用于一个或多个有状态服务功能的一个或多个服务节点生成用于反向路径的信息。 控制器将正向路径的前向链标识符与用于服务链的反向路径的反向链标识符绑定。