公开(公告)号：US20240364602A1

公开(公告)日：2024-10-31

申请号：US18768213

申请日：2024-07-10

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Saswat Praharaj ,  Alberto Rodriguez-Natal ,  Pradeep K. Kathail

IPC: H04L41/5019 ,  H04L41/046

CPC classification number: H04L41/5019 ,  H04L41/046

Abstract: Provided is an infrastructure for enforcing target service level parameters in a network. In one example, a network service level agreement (SLA) registry obtains one or more input service level parameters for at least one service offered by an application. Based on the one or more input service level parameters, the network SLA registry provides one or more target service level parameters to a plurality of network controllers. Each network controller of the plurality of network controllers is configured to enforce the one or more target service level parameters in a respective network domain configured to carry network traffic associated with the application.

公开(公告)号：US12052273B2

公开(公告)日：2024-07-30

申请号：US18066446

申请日：2022-12-15

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Alberto Rodriguez Natal ,  Yegappan Lakshmanan ,  Fabio R. Maino ,  Anand Oswal

IPC: H04L9/40 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US12021654B2

公开(公告)日：2024-06-25

申请号：US18497666

申请日：2023-10-30

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Timothy Peter Stammers

IPC: H04L12/46 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L101/622

CPC classification number: H04L12/4633 ,  H04L12/4641 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L2101/622

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

公开(公告)号：US12009998B1

公开(公告)日：2024-06-11

申请号：US18202080

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Saswat Praharaj ,  Fabio R. Maino ,  Alberto Rodriguez Natal ,  Pradeep Kumar Kathail ,  Bruce McDougall

IPC: H04L41/5019 ,  H04L12/46

CPC classification number: H04L41/5019 ,  H04L12/4633

Abstract: Techniques for informing a network of an application's service-level agreement (SLA) objective(s) so the network can ensure the SLA is met end-to-end, thereby allowing core network support of deterministic SLA and application-based routing without using network-based application recognition (NBAR) and/or compromising user privacy. The techniques may include receiving a first connection request to establish a network-domain connection between different network domains that meets or exceeds a service level objective. Based on the first connection request, the network-domain connection may be established between the different network domains to meet or exceed the service-level objective. In some examples, a second connection request may be received to establish a tunnel between a source application and a destination application, which are disposed in the different network domains. Based on the second connection request, the techniques may include establishing the tunnel between the source application and the destination application utilizing the network-domain connection.

公开(公告)号：US20240171512A1

公开(公告)日：2024-05-23

申请号：US17992140

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Bruce Mcdougall ,  Jeff Byzek ,  Alberto Rodriguez-Natal ,  Saswat Praharaj ,  Fabio R. Maino ,  Steven William Wood

IPC: H04L45/74 ,  H04L45/00 ,  H04L45/24

CPC classification number: H04L45/74 ,  H04L45/24 ,  H04L45/566

Abstract: Techniques for steering overlay network traffic along specific paths through an underlay network. The techniques may include determining a path through an underlay network that is optimized for sending a packet from a first node of an overlay network to a second node of the overlay network. The techniques may also include determining a destination address for sending the packet along the path from the first node to the second node, the destination address including a micro segment identifier (uSID) corresponding with an underlay node that is disposed along the path through the underlay network and trailing bits representing a portion of an address that corresponds with the second node. The techniques may also include causing the packet to be modified to include the destination address such that the packet is sent from the first node to the second node along the path.

公开(公告)号：US11924036B1

公开(公告)日：2024-03-05

申请号：US18132830

申请日：2023-04-10

Applicant: Cisco Technology, Inc.

Inventor： Darren Russell Dukes ,  Jeevan Sharma ,  Fabio R. Maino ,  Alberto Rodriguez-Natal

IPC: H04L41/0823 ,  H04L67/10

CPC classification number: H04L41/0823 ,  H04L67/10

Abstract: Techniques for enabling a network access provider to make automatic Software as a Service (SaaS) optimization decisions. Among other things, the techniques may include determining a SaaS application that is being accessed by client endpoints via flows through a network access provider. The techniques may also include determining, based at least in part on a policy associated with the network access provider, whether to enable network optimizations for traffic through the network access provider to the SaaS application. Based at least in part on a determination that the network optimizations are to be enabled for the traffic to the SaaS application, the techniques may include installing a service definition associated with the SaaS application in a service policy database of the network access provider.

公开(公告)号：US11888752B2

公开(公告)日：2024-01-30

申请号：US17465699

申请日：2021-09-02

Applicant: Cisco Technology, Inc.

Inventor： Loránd Jakab ,  Alberto Rodriguez-Natal ,  Fabio R. Maino ,  Timothy James Swanson ,  John Joyce

IPC: H04L47/2475 ,  H04L45/302 ,  H04L41/5051

CPC classification number: H04L47/2475 ,  H04L41/5051 ,  H04L45/308

Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection. If the second networking technology is capable of hosting the connection, the connection may be established such that application traffic is sent or received using the second networking technology.

公开(公告)号：US11811557B2

公开(公告)日：2023-11-07

申请号：US17949422

申请日：2022-09-21

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Timothy Peter Stammers

IPC: H04L12/46 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L101/622

CPC classification number: H04L12/4633 ,  H04L12/4641 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L2101/622

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

公开(公告)号：US20230069689A1

公开(公告)日：2023-03-02

申请号：US17465699

申请日：2021-09-02

Applicant: Cisco Technology, Inc.

Inventor： Loránd Jakab ,  Alberto Rodriguez-Natal ,  Fabio R. Maino ,  Timothy James Swanson ,  John Joyce

IPC: H04L12/859 ,  H04L12/24 ,  H04L12/725

Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection. If the second networking technology is capable of hosting the connection, the connection may be established such that application traffic is sent or received using the second networking technology.

公开(公告)号：US11558402B2

公开(公告)日：2023-01-17

申请号：US16666143

申请日：2019-10-28

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Alberto Rodriguez Natal ,  Yegappan Lakshmanan ,  Fabio R. Maino ,  Anand Oswal

IPC: H04L9/40 ,  G06F21/56 ,  G06F21/53 ,  G06F21/55

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.