公开(公告)号：US11811557B2

公开(公告)日：2023-11-07

申请号：US17949422

申请日：2022-09-21

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Timothy Peter Stammers

IPC: H04L12/46 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L101/622

CPC classification number: H04L12/4633 ,  H04L12/4641 ,  H04L45/74 ,  H04L47/24 ,  H04L49/25 ,  H04L61/2592 ,  H04L69/22 ,  H04L2101/622

Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

公开(公告)号：US11558402B2

公开(公告)日：2023-01-17

申请号：US16666143

申请日：2019-10-28

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Alberto Rodriguez Natal ,  Yegappan Lakshmanan ,  Fabio R. Maino ,  Anand Oswal

IPC: H04L9/40 ,  G06F21/56 ,  G06F21/53 ,  G06F21/55

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US11233743B2

公开(公告)日：2022-01-25

申请号：US16839485

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Fabio Maino ,  Bradford Pielech ,  Richard James Smith ,  Mikhail Davidov ,  Lorand Jakab

IPC: H04L12/46 ,  H04L12/851 ,  H04L29/12 ,  H04L29/06

Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.

公开(公告)号：US20200322273A1

公开(公告)日：2020-10-08

申请号：US16839485

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Fabio Maino ,  Bradford Pielech ,  Richard James Smith ,  Mikhail Davidov ,  Lorand Jakab

IPC: H04L12/851 ,  H04L29/12 ,  H04L29/06 ,  H04L12/46

Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.

公开(公告)号：US20200322230A1

公开(公告)日：2020-10-08

申请号：US16782769

申请日：2020-02-05

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20190268383A1

公开(公告)日：2019-08-29

申请号：US15903820

申请日：2018-02-23

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Alberto Rodriguez Natal

IPC: H04L29/06 ,  H04L12/46

Abstract: A mapping server provisions network elements to optimize the cryptographic resources of a computer network. The mapping server obtains from a source network element, a request for a source endpoint to communicate with a destination endpoint across the computer network. The mapping server determines a cryptographic policy based on the source endpoint, the destination endpoint, and an availability of cryptographic resources on the network elements. The mapping server identifies a destination network element based on the cryptographic policy. The destination network element is associated with the destination endpoint. The mapping server selects a security association based on the cryptographic policy to secure a communication from the source endpoint to the destination endpoint. The security association secures the communication between the source network element and the destination network element. The mapping server provides the security association to the source network element along with a network address of the destination network element.

公开(公告)号：US10284438B2

公开(公告)日：2019-05-07

申请号：US14612691

申请日：2015-02-03

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Preethi Natarajan ,  Alberto Rodriguez Natal ,  Fabio Rodolfo Maino ,  Alberto Cabellos Aparicio ,  Vasileios Lakafosis ,  Lorand Jakab

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/707 ,  H04L12/801 ,  H04L12/803

Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.

公开(公告)号：US20240291734A1

公开(公告)日：2024-08-29

申请号：US18648889

申请日：2024-04-29

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US11943150B2

公开(公告)日：2024-03-26

申请号：US17147724

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Lorand Jakab ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  John G. Apostolopoulos

IPC: H04L47/783 ,  G06F9/54

CPC classification number: H04L47/783 ,  G06F9/547

Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.

公开(公告)号：US20230300059A1

公开(公告)日：2023-09-21

申请号：US17890756

申请日：2022-08-18

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Saswat Praharaj ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L45/121 ,  H04L45/745 ,  H04L45/00

CPC classification number: H04L45/121 ,  H04L45/745 ,  H04L45/566

Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.