公开(公告)号：US11296985B2

公开(公告)日：2022-04-05

申请号：US16939300

申请日：2020-07-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Rex Emmanuel Fernando ,  Syam Sundar Appala

IPC: H04L12/741 ,  H04L45/74 ,  H04L12/46

Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.

公开(公告)号：US11265289B2

公开(公告)日：2022-03-01

申请号：US16685969

申请日：2019-11-15

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Sanjay Kumar Hooda

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/58 ,  H04L61/2557 ,  H04L61/2575 ,  H04L61/5038 ,  H04L61/2592 ,  H04L51/04

Abstract: This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.

公开(公告)号：US20220029915A1

公开(公告)日：2022-01-27

申请号：US16939300

申请日：2020-07-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Rex Emmanuel Fernando ,  Syam Sundar Appala

IPC: H04L12/741 ,  H04L12/46

Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.

公开(公告)号：US11233822B2

公开(公告)日：2022-01-25

申请号：US16535550

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L29/06 ,  H04L12/803 ,  H04L12/715 ,  H04L12/723

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US11218376B2

公开(公告)日：2022-01-04

申请号：US16373421

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems and methods provide for algorithmic problem identification and resolution in fabric networks by software defined operation, administration, and maintenance.

公开(公告)号：US11200319B2

公开(公告)日：2021-12-14

申请号：US16375574

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda

IPC: G06F21/56 ,  G06F13/38 ,  H04L29/06

Abstract: The disclosed technology relates to a process for zero touch provisioning to provide cloud enablement of legacy computing devices. Specifically, the disclosed technology provides the ability to automate the process of connecting computing devices that may not originally have the capabilities to connect to the Internet so that the computing devices can be managed by a cloud network or be provided updates by the cloud network. The cloud enablement for computing devices is performed by modifying the computing device with hardware and software that would direct the computing device to establish secure communications with the cloud network without user involvement.

公开(公告)号：US20210344595A1

公开(公告)日：2021-11-04

申请号：US16864442

申请日：2020-05-01

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/747 ,  H04L12/741 ,  H04L12/813 ,  H04L12/801 ,  H04L12/715

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US11038889B2

公开(公告)日：2021-06-15

申请号：US16368695

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Parag M. Panse ,  Brian Russell Kean ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L12/46

Abstract: Present technology is directed to a system and method for implementing an offline scheme to automatically and efficiently transform a set of conventional IP-based Access Control Entries in a supplied configuration into compressed form that can then be represented as Object-Group based Access Control Entries. The compression is performed on contiguous blocks of the supplied Access Control List having a common prescribed filtering access. The compression is performed by iteratively selecting a data field with mismatching data values across the ACEs and merging the data values into a corresponding data field of the output ACE. The common values of other data fields are then imported to the corresponding data fields of the output ACE. The process is repeated in an iterative manner by assigning a different data field as the selected data field for each iteration round.

公开(公告)号：US20210160175A1

公开(公告)日：2021-05-27

申请号：US16697016

申请日：2019-11-26

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Rex Fernando ,  Sanjay Kumar Hooda ,  Syam Sundar Appala ,  Samir Thoria

IPC: H04L12/725 ,  H04L12/741 ,  H04L12/813 ,  H04L12/28

Abstract: In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identifier of a second group to which the second host belongs is not available at the first network apparatus, sending a request for an identifier of the second group to a second network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

公开(公告)号：US10999197B2

公开(公告)日：2021-05-04

申请号：US16535519

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Anil Edathara ,  Munish Mehta

IPC: H04L12/715 ,  H04L12/46

Abstract: Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.