公开(公告)号：US20240039839A1

公开(公告)日：2024-02-01

申请号：US18487021

申请日：2023-10-13

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vikram Vikas Pendharkar

IPC: H04L45/00 ,  H04L12/18 ,  H04L45/02

CPC classification number: H04L45/32 ,  H04L12/18 ,  H04L45/02

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：US20230379270A1

公开(公告)日：2023-11-23

申请号：US17749930

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Victor Manuel Moreno ,  Prakash C. Jain

IPC: H04L49/25 ,  H04L67/2885 ,  H04L47/31

CPC classification number: H04L49/252 ,  H04L67/2885 ,  H04L47/31

Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.

公开(公告)号：US20230308391A1

公开(公告)日：2023-09-28

申请号：US18323263

申请日：2023-05-24

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L45/74 ,  H04L45/02 ,  H04L45/00 ,  H04L47/20 ,  H04L47/33

CPC classification number: H04L45/742 ,  H04L45/04 ,  H04L45/54 ,  H04L47/20 ,  H04L47/33 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US11706139B2

公开(公告)日：2023-07-18

申请号：US17476462

申请日：2021-09-15

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/28 ,  H04L45/74 ,  H04L45/02 ,  H04L45/00 ,  H04L47/20 ,  H04L47/33 ,  H04L9/40

CPC classification number: H04L45/742 ,  H04L45/04 ,  H04L45/54 ,  H04L47/20 ,  H04L47/33 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US11695824B2

公开(公告)日：2023-07-04

申请号：US17397269

申请日：2021-08-09

Applicant: Cisco Technology, Inc.

Inventor： Prakash Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam

IPC: H04L67/10 ,  H04L45/44

CPC classification number: H04L67/10 ,  H04L45/44

Abstract: Presented herein are techniques to provide an endpoint in a multi-site Software-defined network (SDN) fabric with an Internet access route that is optimal for the specific site in which the endpoint is located. In particular, a control plane node in a first site of a multi-site SDN fabric registers a border node in the first site as a Default Egress Tunnel Router (ETR) for Internet access or unknown endpoint identifier (EID) of the first site. The first site includes at least one endpoint. The control plane node receives a request for Internet access for the at least one endpoint and provides a dynamically-selected Internet access route via a same or different virtual instance (e.g., Virtual Routing and Forwarding (VRF) function(s), Virtual Private Network(s) (VPNs), Virtual Networks (VNs), etc.) for Internet traffic sent by the at least one endpoint.

公开(公告)号：US20230188413A1

公开(公告)日：2023-06-15

申请号：US18164010

申请日：2023-02-03

Applicant: Cisco Technology, Inc.

Inventor： Oliver James Bull ,  Rex Emmanuel Fernando ,  Anand Oswal ,  Kausik Majumdar ,  Darren Russell Dukes ,  Sanjay Kumar Hooda

IPC: H04L41/0806 ,  H04L43/08 ,  H04L41/0893 ,  H04L47/24 ,  H04L47/22 ,  H04L47/20

CPC classification number: H04L41/0806 ,  H04L43/08 ,  H04L41/0893 ,  H04L47/24 ,  H04L47/22 ,  H04L47/20 ,  H04W84/042

Abstract: An enterprise controller of an enterprise network sends to a service gateway of a service provider network a request for network slice information about network slices provisioned on a data plane of the service provider network. Responsive to the sending, the enterprise controller receives from the service gateway the network slice information including identifiers of and properties associated with the network slices. Responsive to receiving a request for the network slice information from a network device at a border of a forwarding plane of the enterprise network, the enterprise controller sends the network slice information to the network device to cause the network device to perform configuring network traffic in the forwarding plane with identifiers of ones of the network slices that match the network traffic, and to perform forwarding the network traffic configured with the identifiers to the data plane of the service provider network.

公开(公告)号：US11601496B1

公开(公告)日：2023-03-07

申请号：US17728657

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: G06F15/16 ,  H04L67/1001 ,  H04L41/122 ,  H04L67/51 ,  H04L45/76 ,  H04L41/0893

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US11546254B2

公开(公告)日：2023-01-03

申请号：US17098633

申请日：2020-11-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand Jain ,  Sanjay Kumar Hooda ,  Victor M. Moreno ,  Satish Kumar Kondalam

IPC: H04L45/302 ,  H04L45/586 ,  H04L45/64 ,  H04L47/80 ,  H04L49/25

Abstract: In one embodiment, a method is performed at a node in a multi-site enterprise fabric. The method includes obtaining map entries from a fabric control plane of the multi-site enterprise fabric, where the map entries are associated with identifiers of endpoints in external networks, site and virtual network identifiers of sites in the multi-site enterprise fabric, location identifiers of border nodes, and characteristics of the border nodes. The method further includes receiving a request from a source to connect to an external endpoint. After deriving an external endpoint identifier and source parameters, the method additionally includes establishing at least one connection between the source and the external endpoint via border node(s) that are selected from the map entries based at least in part on the source parameters, the external endpoint identifier, and characteristics of the border node(s) with their site and virtual network identifier(s) along the at least one connection.

公开(公告)号：US11528270B2

公开(公告)日：2022-12-13

申请号：US16867739

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L9/40 ,  H04L61/2503 ,  H04L67/52 ,  G06F21/41 ,  H04L101/622

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

公开(公告)号：US20220158943A1

公开(公告)日：2022-05-19

申请号：US16950315

申请日：2020-11-17

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Karthik Kumar Thatikonda ,  Denis Neogi ,  Rajeev Kumar

IPC: H04L12/813 ,  H04L12/26 ,  H04L29/12 ,  H04L29/08 ,  H04L12/823 ,  H04L12/747 ,  H04L12/741

Abstract: A traffic flow based map cache refresh may be provided. A computing device may receive a dropped packet message when a packet associated with a flow having a destination and a source was dropped before it reached the destination. Next, in response to receiving the dropped packet message, a map request message may be sent to a Map Server (MS). In response to sending the map request message, a map response message may be received indicating an updated destination for the flow. A map cache may then be refreshed for the source of the flow based on the updated destination from the received map response message.