公开(公告)号：US20150263901A1

公开(公告)日：2015-09-17

申请号：US14208453

申请日：2014-03-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G. P. Bosch

IPC: H04L12/24

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract translation: 提供了一种网络环境中服务节点发起的服务链的示例方法，包括在包括多个服务节点和中心分类器的网络环境中的服务节点处接收分组，分析服务链修改的分组或 服务链启动，基于分析将服务节点处的分组分类到新的服务链，如果分析指示服务链启动，则在服务节点处启动新的服务链，并将分组的现有服务链修改为新的 服务链如果分析表明服务链修改。 在具体实施例中，分析包括应用对服务节点特定的分类逻辑。 可以从中央控制器接收一些实施例，服务节点属性和在网络中配置的基本上所有业务链中的服务节点的顺序。

公开(公告)号：US20150139041A1

公开(公告)日：2015-05-21

申请号：US14086701

申请日：2013-11-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Humberto J. La Roche

IPC: H04L29/06 ,  H04W40/34

CPC classification number: H04L63/306 ,  H04W40/34

Abstract: A method is provided in one example embodiment and includes receiving, by a first proxy within an access network, a first request for content associated with a remote server. The first request includes a subscriber identifier associated with a subscriber. The method further includes sending the first request to a second proxy within a core network. The first request is intercepted by an intercept function within the core network in a first intercept operation. The intercept function is configured to forward the first request to the second proxy. The method further includes receiving a redirect from the second proxy. The redirect is configured to redirect the first request to the first proxy. The redirect is intercepted by the intercept function in a second intercept operation, and the intercept function is configured to forward the redirect to the first proxy.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括由接入网络内的第一代理接收与远程服务器相关联的内容的第一请求。 第一请求包括与订户相关联的订户标识符。 该方法还包括将第一请求发送到核心网络内的第二代理。 在第一次拦截操作中，第一个请求被核心网络内的拦截功能拦截。 拦截功能被配置为将第一请求转发到第二代理。 该方法还包括从第二代理接收重定向。 重定向被配置为将第一个请求重定向到第一个代理。 在第二截取操作中，拦截功能被截取的重定向拦截，并且拦截功能被配置为将重定向转发到第一代理。

公开(公告)号：US20140379938A1

公开(公告)日：2014-12-25

申请号：US13923257

申请日：2013-06-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  David Richard Barach ,  Michael E. Lipman ,  Alessandro Duminuco ,  James N. Guichard ,  Humberto J. La Roche

IPC: H04L12/803

CPC classification number: H04L47/125

Abstract: An example method for load balancing in a network environment is provided and includes receiving a packet from a first stage load-balancer in a network environment, where the packet is forwarded from the first stage load-balancer to one of a plurality of second stage load-balancers in the network according to a hash based forwarding scheme, and routing the packet from the second stage load-balancer to one of a plurality of servers in the network according to a per-session routing scheme. The per-session routing scheme includes retrieving a session routing state from a distributed hash table in the network. In a specific embodiment, the hash based forwarding scheme includes equal cost multi path routing. The session routing state can include an association between a next hop for the packet and the packet's 5-tuple representing a session to which the packet belongs.

Abstract translation: 提供了一种用于在网络环境中进行负载平衡的示例性方法，并且包括在网络环境中从第一级负载平衡器接收分组，其中分组从第一级负载平衡器转发到多个第二级负载 根据基于散列的转发方案在网络中平衡器，并且根据每会话路由方案将分组从第二阶段负载平衡器路由到网络中的多个服务器之一。 每会话路由方案包括从网络中的分布式哈希表检索会话路由状态。 在具体实施例中，基于散列的转发方案包括相同成本的多路径路由。 会话路由状态可以包括分组的下一跳与分组所属的会话的分组的5元组之间的关联。

公开(公告)号：US20240273203A1

公开(公告)日：2024-08-15

申请号：US18326402

申请日：2023-05-31

Applicant: Cisco Technology, Inc.

Inventor： Mirko Raca ,  Marcelo Yannuzzi ,  Jeffrey M. Napper ,  Hendrikus G. P. Bosch

IPC: G06F21/56 ,  G06F21/55 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/033

Abstract: In one embodiment, a method for detecting an unknown attack vector, by a system, includes receiving a marked span that has been flagged for inspection. The method further includes conducting a root cause analysis to determine if the marked span should be classified as an attack. In response to a determination that the marked span should be classified as an attack, the method further includes determining whether the marked span engaged with data corresponding to one or more application services defining the marked span. The method further includes designating the data corresponding to the one or more application services as compromised in response to a determination that the marked span did engage with said data.

公开(公告)号：US12052569B2

公开(公告)日：2024-07-30

申请号：US17403676

申请日：2021-08-16

Applicant: Cisco Technology Inc.

Inventor： Stefan Olofsson ,  Ijsbrand Wijnands ,  Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04W12/086 ,  H04L9/40 ,  H04L45/64 ,  H04W12/37

CPC classification number: H04W12/086 ,  H04L63/0272 ,  H04L63/20 ,  H04W12/37 ,  H04L45/64

Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.

公开(公告)号：US20240232354A9

公开(公告)日：2024-07-11

申请号：US18317471

申请日：2023-05-15

Applicant: Cisco Technology, Inc.

Inventor： Alexei Kravtsov ,  Giovanni Conte ,  Hendrikus G. P. Bosch

IPC: G06F21/56 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/577 ,  G06F2221/033

Abstract: In one embodiment, a method includes generating an application programming interface (API) definition by observing traffic. The API definition is associated with an API definition name and an API specification. The method also includes mounting the API definition with an application and deploying the application by a Continuous Integration/Continuous Delivery (CI/CD) pipeline. The method further includes implementing a runtime API and mapping the runtime API to the API definition.

公开(公告)号：US20240231973A9

公开(公告)日：2024-07-11

申请号：US18309194

申请日：2023-04-28

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey M. Napper ,  Zsolt Varga ,  Nándor István Krácser ,  Krisztián Gacsal

IPC: G06F9/54

CPC classification number: G06F9/547

Abstract: In one embodiment, a method includes generating an application stack. The application stack includes an application logic module. The method also includes embedding a service mesh module into the application stack. The method further includes managing, by the service mesh module, security of a network packet while maintaining separation of memory regions between the application logic module and the service mesh module.

公开(公告)号：US20240004973A1

公开(公告)日：2024-01-04

申请号：US17854180

申请日：2022-06-30

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Zohar Kaufman

IPC: G06F21/31

CPC classification number: G06F21/31

Abstract: The present disclosure is directed to systems and methods for minimizing data exposure in API responses and includes the performance of operations and/or the steps of receiving, from a client, a request for a data object from an API, wherein the data object comprises one or more data elements; identifying a client type associated with the client; receiving, from the API, a response to the request from the client; and modifying the response based on the identified client type.

公开(公告)号：US11627016B2

公开(公告)日：2023-04-11

申请号：US16821965

申请日：2020-03-17

Applicant: Cisco Technology, Inc.

Inventor： Pablo Camarillo Garvia ,  Hendrikus G. P. Bosch ,  Clarence Filsfils

IPC: H04L12/46 ,  H04L45/74 ,  H04L45/50 ,  H04W84/04

Abstract: In one embodiment, a segment routing and tunnel exchange provides packet forwarding efficiencies in a network, including providing an exchange between a segment routing domain and a packet tunnel domain. One application includes the segment routing and tunnel exchange interfacing segment routing packet forwarding (e.g., in a Evolved Packet Core (EPC) and/or 5-G user plane) and packet tunnel forwarding in access networks (e.g., replacing a portion of a tunnel between an access node and a user plane function for accessing a corresponding data network). In one embodiment, a network provides mobility services using a segment routing data plane that spans segment routing and tunnel exchange(s) and segment routing-enabled user plane functions. One embodiment uses the segment routing data plane without any modification to a (radio) access network (R)AN (e.g., Evolved NodeB, Next Generation NodeB) nor to user equipment (e.g., any end user device).

公开(公告)号：US11201800B2

公开(公告)日：2021-12-14

申请号：US16782769

申请日：2020-02-05

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G. P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.