公开(公告)号：US11082258B1

公开(公告)日：2021-08-03

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: G06F15/177 ,  H04L12/46 ,  H04L12/741 ,  H04L29/06

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.

公开(公告)号：US20210218598A1

公开(公告)日：2021-07-15

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/741

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.

公开(公告)号：US11057350B2

公开(公告)日：2021-07-06

申请号：US16426336

申请日：2019-05-30

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Azeem Suleman ,  Mohammed Javed Asghar ,  Patel Amitkumar Valjibhai ,  Ronak K. Desai

IPC: H04L29/06 ,  H04L12/721 ,  H04L12/46 ,  H04L29/08 ,  H04L29/12

Abstract: Technologies for extending a subnet across on-premises and cloud-based deployments are provided. An example method may include creating a VPC in a cloud for hosting an endpoint being moved from an on-premises site. For the endpoint to retain its IP address, a subnet range assigned to the VPC, based on the smallest subnet mask allowed by the cloud, is selected to include the IP address of the endpoint. The IP addresses from the assigned subnet range corresponding to on-premises endpoints are configured as secondary IP addresses on a Layer 2 (L2) proxy router instantiated in the VPC. The L2 proxy router establishes a tunnel to a cloud overlay router and directs traffic destined to on-premises endpoints, with IP addresses in the VPC subnet range thereto for outbound transmission. The cloud overly router updates the secondary IP addresses on the L2 proxy router based on reachability information for the on-premises site.

公开(公告)号：US20200280587A1

公开(公告)日：2020-09-03

申请号：US16289647

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Ronak K. Desai ,  Sivakumar Ganapathy ,  Mohammed Javed Asghar ,  Azeem Suleman ,  Patel Amitkumar Valjibhai

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.

公开(公告)号：US10601693B2

公开(公告)日：2020-03-24

申请号：US15658215

申请日：2017-07-24

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/46 ,  H04L12/743

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

公开(公告)号：US10003518B2

公开(公告)日：2018-06-19

申请号：US14967669

申请日：2015-12-14

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Yibin Yang ,  Pags Krishnamoorthy ,  Padmanabhan Krishnan

IPC: H04L12/26

CPC classification number: H04L43/18 ,  H04L41/12 ,  H04L43/00 ,  H04L43/08 ,  H04L43/12

Abstract: A monitoring session associated with a virtual nickname may be established in a TRILL network. A monitoring station may be connected to an edge switch of the TRILL network specifying the virtual nickname for the monitoring session. The monitoring station is set as a destination for the monitoring session and the virtual nickname is flooded throughout the TRILL network. A source may then be configured to the monitoring session by specifying the virtual nickname of the monitoring session without knowing the destination tied to the monitoring session. Network traffic through the source may then be forwarded to the destination tied to the monitoring session.

公开(公告)号：US09590906B2

公开(公告)日：2017-03-07

申请号：US14495186

申请日：2014-09-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rajagopalan Janakiraman ,  Pagalavan Krishnamoorthy ,  Peter Geoffrey Jones ,  Sridhar Subramanian

IPC: H04L12/741 ,  H04L29/12

CPC classification number: H04L61/2015 ,  H04L12/462 ,  H04L12/4633 ,  H04L45/745 ,  H04L61/103

Abstract: A system, computer-readable media, and methods for network resource sharing of routing and forwarding information are disclosed. The method may include receiving a first address for a device connected to a network and receiving one or more second addresses for the device. The method may also include identifying a first switch through which the device connects to the network and identifying a second switch for storing the first address and the one or more second addresses. Further, the method may include storing the first address in the first switch and storing the first address and the one or more second addresses in the second switch.

Abstract translation: 公开了一种用于路由和转发信息的网络资源共享的系统，计算机可读介质和方法。 该方法可以包括接收连接到网络的设备的第一地址并且为设备接收一个或多个第二地址。 该方法还可以包括识别设备连接到网络的第一交换机，并且识别用于存储第一地址和一个或多个第二地址的第二交换机。 此外，该方法可以包括将第一地址存储在第一交换机中并将第一地址和一个或多个第二地址存储在第二交换机中。

公开(公告)号：US09491105B2

公开(公告)日：2016-11-08

申请号：US14582085

申请日：2014-12-23

Applicant: Cisco Technology, Inc.

Inventor： Yuchen Zhou ,  Chia Alex Tsai ,  Yibin Yang ,  Rajagopalan Janakiraman

IPC: H04L12/841 ,  H04L12/709 ,  H04L12/823 ,  H04L12/801 ,  H04L12/26 ,  H04L12/835

CPC classification number: H04L47/28 ,  H04L43/0852 ,  H04L45/245 ,  H04L47/12 ,  H04L47/30 ,  H04L47/323 ,  Y02D50/30

Abstract: In one embodiment, a period between periodic transmissions of protocol data units (PDUs) used to form or maintain a link aggregation group is initially set to a fixed value. When a stress condition is detected, the period between periodic transmissions of PDUs is increased from the initial value. When the stress condition is determined to have eased, the period between periodic transmissions of PDUs is reduced back toward the fixed value.

公开(公告)号：US20150326478A1

公开(公告)日：2015-11-12

申请号：US14709125

申请日：2015-05-11

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Pags Krishnamoorthy ,  Sridhar Subramanian ,  Venkataraman Natham

IPC: H04L12/801 ,  H04L29/08 ,  H04L12/803

CPC classification number: H04L47/10 ,  H04L45/38 ,  H04L45/66 ,  H04L47/125 ,  H04L67/1023

Abstract: The methods and devices discussed herein provide service clustering within a TRILL network without relying on an additional service insertion framework. A TRILL network can include one or more flow distribution RBridges for distributing flows to service nodes. Each flow distribution RBridge can have a virtual base identifier and one or more virtual cluster identifiers. An example method can include maintaining service cluster load balancing structures and receiving a packet that is encapsulated with an inner header and an outer header. The method can include determining whether the egress RBridge identifier is a virtual cluster identifier, and if so, selecting a service node from one of the service cluster load balancing structures. The method can include forwarding the packet to the selected service node.

Abstract translation: 本文讨论的方法和设备提供TRILL网络内的服务集群，而不依赖于附加的服务插入框架。 TRILL网络可以包括用于将流分发到服务节点的一个或多个流分配RBridge。 每个流分布RBridge可以具有虚拟基本标识符和一个或多个虚拟集群标识符。 示例性方法可以包括维护服务集群负载平衡结构并且接收用内部报头和外部报头封装的分组。 该方法可以包括确定出口RBridge标识符是否是虚拟集群标识符，如果是，则从服务集群负载平衡结构之一中选择服务节点。 该方法可以包括将分组转发到所选择的服务节点。

公开(公告)号：US20140254374A1

公开(公告)日：2014-09-11

申请号：US13793148

申请日：2013-03-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rajagopalan Janakiraman ,  Pags Krishnamoorthy ,  Sridhar Subramanian ,  Venkataraman Natham

IPC: H04J1/16

CPC classification number: H04L47/10 ,  H04L45/38 ,  H04L45/66 ,  H04L47/125 ,  H04L67/1023

Abstract: The methods and devices discussed herein provide service clustering within a TRILL network without relying on an additional service insertion framework. A TRILL network can include one or more flow distribution RBridges for distributing flows to service nodes. Each flow distribution RBridge can have a virtual base identifier and one or more virtual cluster identifiers. An example method can include maintaining N service cluster load balancing structures and receiving a packet that is encapsulated with an inner header (source/destination addresses) and an outer header (ingress/egress RBridge identifiers). The method can include determining whether the egress RBridge identifier is a virtual cluster identifier, and if so, applying a hash function to a predetermined flow tuple and selecting a service node associated with the hash value from one of the N service cluster load balancing structures. The method can include forwarding the packet to the selected service node.

Abstract translation: 本文讨论的方法和设备提供TRILL网络内的服务集群，而不依赖于附加的服务插入框架。 TRILL网络可以包括用于将流分发到服务节点的一个或多个流分配RBridge。 每个流分布RBridge可以具有虚拟基本标识符和一个或多个虚拟集群标识符。 示例性方法可以包括维护N个服务集群负载平衡结构并且接收用内部报头（源/目标地址）和外部报头（入口/出口RBridge标识符）封装的分组。 该方法可以包括确定出口RBridge标识符是否是虚拟集群标识符，如果是，则将散列函数应用于预定流元组，并从N个业务集群负载平衡结构之一中选择与该散列值相关联的业务节点。 该方法可以包括将分组转发到所选择的服务节点。