公开(公告)号：US12058038B2

公开(公告)日：2024-08-06

申请号：US17830560

申请日：2022-06-02

Applicant: Cisco Technology, Inc.

Inventor： Francois Clad ,  David Delano Ward ,  Clarence Filsfils

IPC: H04L12/707 ,  G06F1/00 ,  H04L9/40 ,  H04L29/06 ,  H04L45/00 ,  H04L45/302

CPC classification number: H04L45/34 ,  H04L45/22 ,  H04L45/3065 ,  H04L45/38 ,  H04L63/20

Abstract: In one embodiment, a method includes a method includes receiving, by a headend node, network traffic. The method also includes determining, by the headend node, that the network traffic matches a service route. The method further includes steering, by the headend node, the network traffic into an SR-TE policy. The SR-TE policy is associated with the service route and includes a security level constraint.

公开(公告)号：US20240106679A1

公开(公告)日：2024-03-28

申请号：US18536082

申请日：2023-12-11

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  William Mark Townsley ,  Yoann Desmouceaux ,  David Delano Ward

IPC: H04L12/46 ,  G06F16/95

CPC classification number: H04L12/46 ,  G06F16/95

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

公开(公告)号：US20230246967A1

公开(公告)日：2023-08-03

申请号：US18297599

申请日：2023-04-07

Applicant: Cisco Technology, Inc.

Inventor： Ijsbrand Wijnands ,  Neale David Raymond Ranns ,  David Delano Ward ,  David Richard Barach

IPC: H04L47/125 ,  H04L47/70 ,  H04L47/17 ,  H04L45/50

CPC classification number: H04L47/125 ,  H04L47/825 ,  H04L47/17 ,  H04L45/507

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

公开(公告)号：US20230208782A1

公开(公告)日：2023-06-29

申请号：US18115957

申请日：2023-03-01

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev ,  David Delano Ward ,  Mohit Agrawal ,  Alon Bernstein

IPC: H04L47/70 ,  G06F9/50 ,  H04L43/022 ,  H04L43/062

CPC classification number: H04L47/822 ,  G06F9/5072 ,  H04L43/022 ,  H04L43/062

Abstract: Resource provider specifications, characterizing computing resources of computing resource providers, are received. The reachability of each IP address included in the received specification is determined. An agent is deployed that is operable to determine the value of each of a set of metrics in the environment of the host at which the agent is deployed. The agent determines the value of each metric of the set of metrics in the environment of the relevant host, and communicates the determined values to one or more computing devices that validate whether the resources characterized by the communicated values are sufficient to provide the performance characterized by the received specification and that each ISP router complies with a predetermined policy. For each computing resource provider validated and determined to comprise an ISP router compliant with policy, the specified computing resources are added to a pool of resources for cloud computing.

公开(公告)号：US20220166646A1

公开(公告)日：2022-05-26

申请号：US17671265

申请日：2022-02-14

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  William Mark Townsley ,  Yoann Desmouceaux ,  David Delano Ward

IPC: H04L12/46 ,  G06F16/95

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

公开(公告)号：US11277371B2

公开(公告)日：2022-03-15

申请号：US16094967

申请日：2017-04-17

Applicant: Cisco Technology, Inc.

Inventor： Andre Jean-Marie Surcouf ,  David Delano Ward ,  William Mark Townsley

IPC: H04L29/12 ,  H04L12/749 ,  H04L12/28 ,  H04L29/06 ,  H04N21/643 ,  H04L12/723 ,  H04L12/721 ,  H04L12/741 ,  H04L12/745 ,  H04L12/747 ,  H04L29/08 ,  H04N21/2343 ,  H04N21/658 ,  H04N21/845 ,  G06F16/955 ,  H04L12/725 ,  H04N21/262 ,  G06F16/245 ,  H04L12/743 ,  H04L12/26 ,  H04L61/4511 ,  H04L45/741 ,  H04L45/748 ,  H04L45/74 ,  H04L67/568 ,  H04L101/659 ,  H04L65/60 ,  H04L67/61 ,  H04L67/1001 ,  H04L67/63 ,  H04L61/103 ,  H04L101/33 ,  H04L45/50 ,  H04L45/00 ,  H04L45/30 ,  H04L61/45 ,  H04L65/612 ,  H04L61/2503 ,  H04L65/65 ,  H04L69/326 ,  H04L101/663 ,  H04L69/18 ,  H04L45/7453 ,  H04L45/745 ,  H04L61/251 ,  H04L43/0876 ,  H04L61/256 ,  H04L69/22 ,  H04L67/565 ,  H04L61/5007 ,  H04L67/02 ,  H04L67/1008 ,  H04L61/00 ,  H04L65/401 ,  H04N21/2662 ,  H04L61/58 ,  H04L69/329

Abstract: A method of routing a packet in a network is described. The network includes a plurality of nodes implementing Information Centric Networking (ICN) routing or content centric networking and routing. The method includes receiving the packet at a node implementing ICN routing, the packet comprising an Internet Protocol (IP) header and a packet payload, wherein the packet comprises a request packet for requesting content from the network. The method further includes extracting from the packet payload a content identifier for the requested content and forwarding the packet to a next hop node in the network based on the content identifier extracted from the packet payload.

公开(公告)号：US20210281553A1

公开(公告)日：2021-09-09

申请号：US16808966

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Robert Stephen Rodgers ,  Andrew Phillips Thurber ,  Eric Voit ,  Thomas John Giuli

IPC: H04L29/06

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

公开(公告)号：US11115387B2

公开(公告)日：2021-09-07

申请号：US16373055

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  Sape Jurrien Mullender ,  David Delano Ward

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/46

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

公开(公告)号：US10904240B2

公开(公告)日：2021-01-26

申请号：US16705652

申请日：2019-12-06

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  David Delano Ward ,  Syed Khalid Raza ,  Sape Jurrien Mullender

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/721

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

公开(公告)号：US10887197B2

公开(公告)日：2021-01-05

申请号：US16365096

申请日：2019-03-26

Applicant: Cisco Technology, Inc.

Inventor： Enzo Fenoglio ,  Hugo M. Latapie ,  Kenneth Gray ,  Sawsen Rezig ,  David Delano Ward

IPC: H04L12/24 ,  H04W28/02 ,  H04L12/26

Abstract: In one embodiment, a network quality assessment service that monitors a network obtains multimodal data indicative of a plurality of measurements from the network and subjective perceptions of the network by users of the network. The network quality assessment service uses the obtained multimodal data as input to one or more neural network-based models. The network quality assessment service maps, using a conceptual space, outputs of the one or more neural network-based models to symbols. The network quality assessment service applies a symbolic reasoning engine to the symbols, to generate a conclusion regarding the monitored network. The network quality assessment service provides an indication of the conclusion to a user interface.