公开(公告)号：US20150263901A1

公开(公告)日：2015-09-17

申请号：US14208453

申请日：2014-03-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G. P. Bosch

IPC: H04L12/24

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract translation: 提供了一种网络环境中服务节点发起的服务链的示例方法，包括在包括多个服务节点和中心分类器的网络环境中的服务节点处接收分组，分析服务链修改的分组或 服务链启动，基于分析将服务节点处的分组分类到新的服务链，如果分析指示服务链启动，则在服务节点处启动新的服务链，并将分组的现有服务链修改为新的 服务链如果分析表明服务链修改。 在具体实施例中，分析包括应用对服务节点特定的分类逻辑。 可以从中央控制器接收一些实施例，服务节点属性和在网络中配置的基本上所有业务链中的服务节点的顺序。

公开(公告)号：US20140362682A1

公开(公告)日：2014-12-11

申请号：US13912224

申请日：2013-06-07

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Carlos M. Pignataro ,  David Ward ,  Paul Quinn ,  Surendra Kumar

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/5009 ,  H04L41/0654 ,  H04L41/0668 ,  H04L41/5038 ,  H04L41/5077 ,  H04L43/0823 ,  H04L43/50 ,  H04L45/28 ,  H04L45/302 ,  H04L45/50 ,  H04L67/10

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

Abstract translation: 这里呈现的是在包括多个网络节点的网络中执行的技术，每个网络节点被配置为将一个或多个服务功能应用于通过服务路径中的相应网络节点的业务。 在网络节点处，接收到应用于网络节点处的业务的一个或多个服务功能或应用的故障或劣化的指示。 产生描述故障或退化的数据。 确定应用服务功能或应用程序到服务路径中的业务的先前服务跳网络节点。 将描述故障或劣化的数据传送到先前的服务跳网络节点。

公开(公告)号：US20140351452A1

公开(公告)日：2014-11-27

申请号：US13898932

申请日：2013-05-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract translation: 这里提出的是在包括一个或多个服务区域的网络环境中使用的技术，每个服务区域包括要应用于网络业务的在线应用服务的至少一个实例以及一个或多个路由器以将网络流量引导到 至少一个服务，以及被分配给唯一服务区的路由目标，以用作通过控制协议在其他服务区域，目的地网络或源网络的路由器之间路由导入和导出的社区值。 每个服务区域或目标网络中的边缘路由器通过其路由目标标记的目标网络前缀来通告路由。 通过在服务区域或源网络的边缘路由器上的路由目标导入和导出目标网络前缀来创建服务链。

公开(公告)号：US20140321459A1

公开(公告)日：2014-10-30

申请号：US13872008

申请日：2013-04-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Dileep K. Devireddy ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Vina Ermagan ,  Fabio R. Maino ,  Victor Manuel Moreno ,  Paul Quinn

IPC: H04L12/851

CPC classification number: H04L47/2425 ,  G06F9/45533 ,  G06F2009/45562

Abstract: An example method for service insertion in a network environment is provided in one example and includes configuring a service node by tagging one or more interface ports of a virtual switch function to which the service node is connected with one or more policy identifiers. When data traffic associated with a policy identifier is received on a virtual overlay path the virtual switch function may then terminate the virtual overlay path and direct raw data traffic to the interface port of the service node that is tagged to the policy identifier associated with the data traffic.

Abstract translation: 在一个示例中提供了在网络环境中的服务插入的示例方法，并且包括通过标记服务节点与其连接的虚拟交换机功能的一个或多个接口端口与一个或多个策略标识符来配置服务节点。 当在虚拟覆盖路径上接收到与策略标识符相关联的数据流量时，虚拟交换机功能可以终止虚拟覆盖路径，并将原始数据流直接引导到标记为与数据相关联的策略标识符的服务节点的接口端口 交通。

公开(公告)号：US20140313928A1

公开(公告)日：2014-10-23

申请号：US13865926

申请日：2013-04-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rex Fernando ,  Dhananjaya Rao ,  Jim Guichard ,  Paul Quinn

IPC: H04L12/751 ,  H04L12/931

CPC classification number: H04L45/02 ,  H04L49/70

Abstract: In one embodiment, a method includes storing a service topology route at a network device interconnecting at least two zones comprising a plurality of hosts, and propagating the service topology route to create a service chain comprising a service node in communication with the network device. The service topology route creates a forwarding state at network devices in the service chain for use in inter-zone routing in a virtual private network. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在互连包括多个主机的至少两个区域的网络设备处存储服务拓扑路由，并且传播服务拓扑路由以创建包括与网络设备通信的服务节点的服务链。 服务拓扑路由在服务链中的网络设备上创建转发状态，以用于虚拟专用网络中的区域间路由。 本文还公开了一种装置和逻辑。

公开(公告)号：US20140280836A1

公开(公告)日：2014-09-18

申请号：US13843233

申请日：2013-03-15

Applicant: CISCO TECHNOLOGY , INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  Ethan M. Spiegel

IPC: H04L12/24

CPC classification number: H04L41/5041 ,  H04L49/15 ,  H04L49/70

Abstract: An example method for workload based service chain insertion in a network environment is provided and includes partitioning a service-path into fragments at a service controller, where the service-path comprises an ordered sequence of services to be provided to a packet associated with a workload in a network. The method also includes determining a location of service nodes providing the services; and provisioning the fragments at interfaces at a distributed virtual switch. The method could further include generating a plurality of service insertion points corresponding to the fragments at a service dispatcher. The service dispatcher can include a plurality of data plane components, and the service insertion points are generated at the data plane components.

Abstract translation: 提供了一种在网络环境中基于工作负载的服务链插入的示例方法，并且包括将服务路径划分为服务控制器处的分段，其中服务路径包括要提供给与工作负载相关联的分组的有序序列的服务 在网络中。 该方法还包括确定提供服务的服务节点的位置; 并在分布式虚拟交换机的接口处配置片段。 该方法还可以包括在服务分派器处生成与片段相对应的多个服务插入点。 服务调度器可以包括多个数据平面组件，并且在数据平面组件处生成服务插入点。

公开(公告)号：US12034813B2

公开(公告)日：2024-07-09

申请号：US18124435

申请日：2023-03-21

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L61/4511 ,  H04L41/0894 ,  H04L41/50 ,  H04L67/141 ,  H04L101/668

CPC classification number: H04L67/141 ,  H04L41/0894 ,  H04L41/5058 ,  H04L61/4511 ,  H04L2101/668

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US11349932B2

公开(公告)日：2022-05-31

申请号：US16917152

申请日：2020-06-30

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L29/08 ,  H04L29/12 ,  H04L67/141 ,  H04L61/4511

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US20210409496A1

公开(公告)日：2021-12-30

申请号：US16917152

申请日：2020-06-30

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L29/08 ,  H04L29/12

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US10609042B2

公开(公告)日：2020-03-31

申请号：US15387123

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Michael E. Lipman ,  Mike Milano ,  David D. Ward ,  James Guichard ,  Leonid Sandler ,  Moshe Kravchik ,  Alena Lifar ,  Darrin Miller

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/08 ,  G06F21/62 ,  H04W12/00

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.