公开(公告)号：US11363073B2

公开(公告)日：2022-06-14

申请号：US17034100

申请日：2020-09-28

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Alberto Rodriguez Natal

IPC: H04L29/06 ,  H04L12/46 ,  H04L9/40

Abstract: An ingress network element obtains data from a source endpoint associated with the ingress network element. The data identifies a destination endpoint remote from the ingress network element. The ingress network element provides a map request identifying the destination endpoint to a mapping server. The ingress network element obtains a map reply including a network address of an egress network element associated with the destination endpoint and a security association. The ingress network element encrypts the data for the destination endpoint with the security association according to a cryptographic policy based on the source endpoint, the destination endpoint, and the availability of cryptographic resources on the network. The ingress network element provides the encrypted data to the egress network element.

公开(公告)号：US20220116337A1

公开(公告)日：2022-04-14

申请号：US17147724

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Lorand Jakab ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  John G. Apostolopoulos

IPC: H04L12/911 ,  G06F9/54

Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.

公开(公告)号：US20220086083A1

公开(公告)日：2022-03-17

申请号：US17534101

申请日：2021-11-23

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Syed Khalid Raza ,  Alberto Rodriguez Natal ,  Marc Portoles Comeras

IPC: H04L12/725 ,  H04L29/08 ,  H04L12/46 ,  H04L12/851 ,  H04L29/06 ,  H04L12/715 ,  H04L12/813

Abstract: Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.

公开(公告)号：US20220086061A1

公开(公告)日：2022-03-17

申请号：US17538983

申请日：2021-11-30

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20210219261A1

公开(公告)日：2021-07-15

申请号：US16743258

申请日：2020-01-15

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Louis Gwyn Samuel ,  Timothy Peter Stammers ,  Alberto Rodriguez Natal ,  Fabio R. Maino

IPC: H04W68/00 ,  H04W52/02

Abstract: In one example, a control plane entity obtains an indication that a User Equipment (UE) has entered an idle mode. The control plane entity sets a routing locator corresponding to the UE to cause the control plane entity to trigger a paging request toward the UE to prompt the UE to transition from the idle mode when a first network node obtains a downlink packet destined for the UE. The control plane entity obtains a notification that the first network node has obtained the downlink packet and initiates the paging request toward the UE. The control plane entity updates the routing locator corresponding to the UE to cause the first network node to transmit further downlink packets destined for the UE toward a second network node configured to handle traffic on behalf of the UE.

公开(公告)号：US20210014285A1

公开(公告)日：2021-01-14

申请号：US17034100

申请日：2020-09-28

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Alberto Rodriguez Natal

IPC: H04L29/06 ,  H04L12/46

Abstract: An ingress network element obtains data from a source endpoint associated with the ingress network element. The data identifies a destination endpoint remote from the ingress network element. The ingress network element provides a map request identifying the destination endpoint to a mapping server. The ingress network element obtains a map reply including a network address of an egress network element associated with the destination endpoint and a security association. The ingress network element encrypts the data for the destination endpoint with the security association according to a cryptographic policy based on the source endpoint, the destination endpoint, and the availability of cryptographic resources on the network. The ingress network element provides the encrypted data to the egress network element.

公开(公告)号：US10826827B1

公开(公告)日：2020-11-03

申请号：US16514223

申请日：2019-07-17

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Marc Portoles Comeras ,  Vina Ermagan ,  Victor Moreno ,  Fabio Maino ,  Sanjay Hooda

IPC: H04L12/715 ,  H04L12/741 ,  H04L12/733

Abstract: In one embodiment, a router includes processors and computer-readable non-transitory storage media coupled to the processors including instructions executable by the processors. The router may store at least one virtual prefix and an associated aggregation threshold. The router may register, with a mapping database of an overlay network, ownership of individual prefixes served by the router. The router may determine an amount of prefixes served by the router that are within an address space of the virtual prefix. The router may register, based on a determination that the amount of prefixes satisfies the aggregation threshold, ownership of the virtual prefix with the mapping database of the overlay network. The registration of the virtual prefix may cause ownership of one or more of the registered individual prefixes served by the router that are within the address space of the virtual prefix to be deregistered.

公开(公告)号：US20200344662A1

公开(公告)日：2020-10-29

申请号：US16395817

申请日：2019-04-26

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Marc Portoles Comeras ,  John Martin Graybeal ,  Alberto Rodriguez Natal

IPC: H04W40/02 ,  H04W76/12 ,  H04L12/26

Abstract: In one illustrative example, network fabric policy data associated with an application, subscriber, and/or device may be received. Mobile network policy data that corresponds to the received network fabric policy data may be selected, based on stored policy mappings between a set of network fabric policy profiles of a fabric network and a set of mobile network policy profiles of a mobile network. A bearer or Quality of Service (QoS) flow of the mobile network may be established in satisfaction of the selected mobile network policy data. In addition, a packet filter of a traffic flow template (TFT) or a packet detection rule (PDR) may be generated and applied in order to direct IP traffic flows associated with the application to the established bearer or QoS flow for communication in the mobile network.

公开(公告)号：US20200322262A1

公开(公告)日：2020-10-08

申请号：US16783843

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Syed Khalid Raza ,  Alberto Rodriguez Natal ,  Marc Portoles Comeras

IPC: H04L12/725 ,  H04L29/06 ,  H04L29/08 ,  H04L12/46 ,  H04L12/851 ,  H04L12/813 ,  H04L12/715

Abstract: Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.