公开(公告)号：US20240086205A1

公开(公告)日：2024-03-14

申请号：US17943440

申请日：2022-09-13

Applicant: Cisco Technology, Inc.

Inventor： Reda Haddad ,  Martin Edward Ramsdale ,  Srihari Raghavan ,  Jabir Hamediya Mohammed ,  Sandesh K. Rao

IPC: G06F9/4401 ,  G06F9/448 ,  H04L9/32

CPC classification number: G06F9/4401 ,  G06F9/4482 ,  H04L9/3268

Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.

公开(公告)号：US20240080309A1

公开(公告)日：2024-03-07

申请号：US18508743

申请日：2023-11-14

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US20240080308A1

公开(公告)日：2024-03-07

申请号：US18389417

申请日：2023-11-14

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0485 ,  H04L12/4633 ,  H04L63/0236 ,  H04L63/166

Abstract: Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.

公开(公告)号：US11924857B2

公开(公告)日：2024-03-05

申请号：US17983502

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Matthew Aaron Silverman ,  Ardalan Alizadeh ,  Pooya Monajemi ,  Jerome Henry

IPC: H04W72/51 ,  H04W84/12

CPC classification number: H04W72/51 ,  H04W84/12

Abstract: In one embodiment, a method comprises first causing, by a controller device, wireless access points (APs) to allocate first non-interfering wireless channels for a prescribed reliable data service for wireless client devices in a WLAN; second causing the wireless APs to allocate a second shared channel having a bandwidth that is greater than the corresponding bandwidth of any of the first non-interfering wireless channels; allocating for each wireless client device a corresponding location service interval on the second shared channel for transmission of at least a corresponding identifiable wireless data unit for locating the corresponding wireless client device between two or more of the wireless APs; and determining a location of at least one of the wireless client devices based on reception of at least the corresponding wireless data unit between the one wireless client device and the two or more wireless APs during the corresponding location service interval.

公开(公告)号：US11924119B2

公开(公告)日：2024-03-05

申请号：US17749930

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Victor Manuel Moreno ,  Prakash C. Jain

IPC: H04L49/253 ,  H04L47/31 ,  H04L49/25 ,  H04L49/35 ,  H04L67/2885

CPC classification number: H04L49/252 ,  H04L47/31 ,  H04L67/2885

Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.

公开(公告)号：US11921323B2

公开(公告)日：2024-03-05

申请号：US17387187

申请日：2021-07-28

Applicant: Cisco Technology, Inc.

Inventor： Jean-Luc Joseph Tambasco

IPC: G02B6/125 ,  G02B6/12

CPC classification number: G02B6/125 ,  G02B2006/1215

Abstract: A photonic Y-splitter includes a substrate, first optical waveguides disposed in the substrate on a first layer, the first optical waveguides may be flared at a first end and inverse tapered toward a second end and may be substantially mirror images of one another, and a second optical waveguide disposed in the substrate on a second layer, above the first layer, the second optical waveguide being centered over the first optical waveguides and longitudinally arranged between the first end and the second end.

公开(公告)号：US20240074093A1

公开(公告)日：2024-02-29

申请号：US17900147

申请日：2022-08-31

Applicant: Cisco Technology, Inc.

Inventor： Chejung Liu ,  Ravinandana Mysore Ramachandra Rao ,  Vic Hong Chia

IPC: H05K7/20 ,  G05D7/01

CPC classification number: H05K7/20145 ,  G05D7/0173

Abstract: A dynamic air baffle comprises: spaced-apart first and second plates configured to be positioned adjacent to at least one heat source to be cooled by an airflow; a heat insulator sandwiched between the first and second plates; and an air flap coupled to the first and second plates and extending into the airflow; wherein the first and second plates are configured such that a differential temperature between the first and second plates causes a differential expansion in lengths of the first and second plates, which rotates the air flap from a rest position, corresponding to when the differential temperature is zero, to a rotated position that is closer to a cooler plate and farther from a hotter plate of the first and second plates, such that the air flap directs more of the airflow to the hotter plate and less of the airflow to the cooler plate.

公开(公告)号：US20240073759A1

公开(公告)日：2024-02-29

申请号：US17896701

申请日：2022-08-26

Applicant: Cisco Technology, Inc.

Inventor： Jun Liu ,  Yaojun WEI ,  Jianhui WU ,  Xia KE

IPC: H04W36/08 ,  H04W8/02 ,  H04W36/00

CPC classification number: H04W36/08 ,  H04W8/02 ,  H04W36/0061 ,  H04W36/00837

Abstract: In one embodiment, a wireless access point receives, from a mobile system, a broadcast beacon that includes a roaming notification indicating that the mobile system intends to roam to the wireless access point. The wireless access point allocates, after receiving the broadcast beacon from the mobile system, an orthogonal frequency-division multiple access resource unit for use by the mobile system. The wireless access point sends a trigger message to the mobile system that includes an indication of the orthogonal frequency-division multiple access resource unit. The wireless access point performs, after sending the trigger message, a handoff exchange with the mobile system using the orthogonal frequency-division multiple access resource unit to attach the mobile system to the wireless access point.

公开(公告)号：US20240073186A1

公开(公告)日：2024-02-29

申请号：US17900516

申请日：2022-08-31

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Walter T. Hulick, JR. ,  Rachana Anubhav Soni ,  Hemamalini Subash

IPC: H04L9/40 ,  H04L69/22

CPC classification number: H04L63/0245 ,  H04L69/22

Abstract: A method is provided that is performed using an application performance management agent running on an application and/or application microservices. The method comprises detecting a request to the application and/or application microservices for data, and inserting data compliance metadata into packet headers of packets that are to be sent in response to the request by the application and/or application microservices. The data compliance metadata comprises data-compliance markings associated with the data based on user/operator-defined data compliance requirements. The method further includes causing the packets to be sent into a network so that one or more network devices or services in the network can read the data compliance metadata and apply packet handling policies.

公开(公告)号：US20240073122A1

公开(公告)日：2024-02-29

申请号：US17900340

申请日：2022-08-31

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Mishra ,  Nitin Kumar ,  Sridhar Santhanam

IPC: H04L45/16 ,  H04L43/026 ,  H04L43/04

CPC classification number: H04L45/16 ,  H04L43/026 ,  H04L43/04

Abstract: A method is performed at a router on a multicast configured to forward a multicast flow. The method comprises: in response to receiving, from a controller connected to the multicast path or the multicast path, an enable command to enable statistics tracing for the multicast flow, determining whether the router has sufficient resources to perform statistics tracing; and when the router has the sufficient resources: responsive to the enable command, enabling statistics tracing to collect statistics for the multicast flow; generating a first request to include the enable command and the statistics; and forwarding the first request towards the controller.