公开(公告)号：US20250126059A1

公开(公告)日：2025-04-17

申请号：US18984673

申请日：2024-12-17

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/00 ,  H04L45/12

Abstract: Techniques for a Software-Defined Networking (SDN) controller associated with a multisite network to implement jurisdictional data sovereignty polices in a multisite network, route network traffic flows between user sites and destination services over one or more provider sites, and/or perform a routing operation on the network traffic flow(s) based on the jurisdictional data sovereignty policies. The jurisdictional data sovereignty polices may be implemented using destination group tags (DGTs) and/or source group tags (SGTs). A secure access service edge (SASE) associated with the network controller may generate, store, and distribute the DGTs to provider sites and/or the SGTs to user sites. Based on the SGT and/or DGT associated with a network traffic flow, one or more services may be applied to the network traffic flow, and the network traffic flow may be routed through a particular region of a software-defined access (SDA) transit.

公开(公告)号：US12052313B2

公开(公告)日：2024-07-30

申请号：US18106304

申请日：2023-02-06

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L67/51 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/1001

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US20240205156A1

公开(公告)日：2024-06-20

申请号：US18589411

申请日：2024-02-27

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Sanjay Kumar Hooda ,  Anoop Vetteth ,  Prakash C. Jain

IPC: H04L47/125 ,  H04L12/16 ,  H04L45/00

CPC classification number: H04L47/125 ,  H04L12/16 ,  H04L45/56

Abstract: Techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

公开(公告)号：US12003420B2

公开(公告)日：2024-06-04

申请号：US18103147

申请日：2023-01-30

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Sanjay Kumar Hooda ,  Anoop Vetteth ,  Prakash C. Jain

IPC: H04W4/00 ,  H04L12/16 ,  H04L45/00 ,  H04L47/125

CPC classification number: H04L47/125 ,  H04L12/16 ,  H04L45/56

Abstract: This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

公开(公告)号：US20240137311A1

公开(公告)日：2024-04-25

申请号：US17972119

申请日：2022-10-23

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/30 ,  H04L45/302

CPC classification number: H04L45/30 ,  H04L45/302

Abstract: This disclosure describes techniques for employing an adaptive mechanism in communications among network devices. Adaptive mechanism techniques may include adapting network operations relative to characteristics of devices and/or network access technologies or mechanisms used in the network. Adaptation may help to accommodate a wider variety of types of devices. For instance, adaptive mechanism techniques may include determining, based on characteristics of a device in the network, a forwarding mechanism to be used at an access device to forward data traffic from the device to another device via the network. As such, adaptive mechanism techniques may provide more efficient integration of devices within a complex network, thereby improving network operations.

公开(公告)号：US11902166B2

公开(公告)日：2024-02-13

申请号：US16984924

申请日：2020-08-04

Applicant: Cisco Technology, Inc.

Inventor： Raja Janardanan ,  Rajeev Kumar ,  Sanjay Kumar Hooda ,  Prakash C. Jain

IPC: H04L47/20 ,  H04L12/46 ,  H04L45/745 ,  H04L45/02

CPC classification number: H04L47/20 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/745

Abstract: Routing of a traffic in a fabric network may be provided. A first traffic may be received at a first node. It may be determined that the first traffic is coming from a provider virtual network. In response to determining that the first traffic is coming from the provider virtual network, it may be determined that a first subnet associated with the first traffic is associated with a subscriber virtual network. In response to determining that the first subnet associated with the first traffic is associated with the subscriber virtual network, a first virtual network associated with the first traffic may be changed to the subscriber virtual network. A lookup for the first traffic may be changed to a first virtual routing and forwarding of the subscriber virtual network.

公开(公告)号：US20240007353A1

公开(公告)日：2024-01-04

申请号：US18360451

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  H04L12/4641 ,  G06F9/45558 ,  H04L12/4633 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US11785493B2

公开(公告)日：2023-10-10

申请号：US17443301

申请日：2021-07-23

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay K. Hooda ,  Vinay Saini

IPC: H04W28/02 ,  H04L12/46 ,  H04W88/08 ,  H04W84/12

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04W84/12 ,  H04W88/08

Abstract: An enterprise network may receive a WiFi packet associated with a 5G service (or other type of service) at an access point (AP) in the enterprise network. The enterprise network determines whether the WiFi packet satisfies a first-packet policy associated with the 5G service, where the first-packet policy controls access to a tunnel for traversing the enterprise network to reach the 5G service. If the packet satisfies the policy, the enterprise network queries a map server to identify a location of a 5G border in the enterprise network that is connected to the 5G service. The enterprise network can transmit the WiFi packet on the tunnel with priority to meet SLA using the location of the 5G border.

公开(公告)号：US20230291687A1

公开(公告)日：2023-09-14

申请号：US18198104

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L45/74 ,  H04L9/40

CPC classification number: H04L45/74 ,  H04L63/205

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US20230155981A1

公开(公告)日：2023-05-18

申请号：US17526164

申请日：2021-11-15

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Prakash C. Jain

IPC: H04L29/06 ,  H04L12/741

CPC classification number: H04L63/0263 ,  H04L45/745 ,  H04L63/0236 ,  H04L63/0272

Abstract: Techniques and architecture are described for providing a service, e.g., a security service such as a firewall, across different virtual networks/VRFs/VPN IDs. The techniques and architecture provide modifications in enterprise computing fabrics by modifying pull-based overlay protocols such as, for example, locator/identifier separation protocol (LISP), border gateway protocol ethernet virtual private network (BGP EVPN), etc. A map request carries additional information to instruct a map-server that even though mapping (destination prefix and firewall service RLOC for the destination) is known within the map-server's own virtual network/VRF for firewall service insertion, the map-server still should do a lookup across virtual networks/VRFs and discover the final destination's DGT (destination group tag) and include that in the map reply.