公开(公告)号：US11303511B2

公开(公告)日：2022-04-12

申请号：US17004639

申请日：2020-08-27

Applicant: Cisco Technology, Inc.

Inventor： Parthiv Shah ,  Prakash C. Jain

IPC: H04L12/24 ,  H04L29/12 ,  H04L29/08 ,  H04L12/66 ,  H04L41/0806 ,  H04L67/00 ,  H04L67/51 ,  H04L67/2876 ,  H04L67/563 ,  H04L61/5014 ,  H04L41/0816

Abstract: Boot server support in an enterprise fabric network may be provided. A border device may forward, to a configuration server, a discovery message associated with a client device and the border device may forward, to a pre-boot server, the discovery message associated with a client device. The border device may then encapsulate, in response to receiving a reply to the discovery message from the configuration server and in response to receiving a reply to the discovery message from the pre-boot server, the reply to the discovery message from the pre-boot server using a Routing Locator (RLOC) from the reply to the discovery message from the configuration server. The encapsulated reply to the discovery message from the pre-boot server may include boot information. The border device may then forward the encapsulated reply to the discovery message from the pre-boot server to an edge device associated with the client device.

公开(公告)号：US20220006738A1

公开(公告)日：2022-01-06

申请号：US17476462

申请日：2021-09-15

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam ,  Raja Janardanan ,  Aaditya Vadnere ,  Shivangi Sharma

IPC: H04L12/747 ,  H04L12/813 ,  H04L12/741 ,  H04L12/715 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：US20210344565A1

公开(公告)日：2021-11-04

申请号：US17377378

申请日：2021-07-16

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US20200162337A1

公开(公告)日：2020-05-21

申请号：US16373421

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems and methods provide for algorithmic problem identification and resolution in fabric networks by software defined operation, administration, and maintenance.

公开(公告)号：US20250039144A1

公开(公告)日：2025-01-30

申请号：US18919222

申请日：2024-10-17

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Prakash C. Jain

IPC: H04L9/40 ,  H04L45/745

Abstract: Techniques and architecture are described for providing a service, e.g., a security service such as a firewall, across different virtual networks/VRFs/VPN IDs. The techniques and architecture provide modifications in enterprise computing fabrics by modifying pull-based overlay protocols such as, for example, locator/identifier separation protocol (LISP), border gateway protocol ethernet virtual private network (BGP EVPN), etc. A map request carries additional information to instruct a map-server that even though mapping (destination prefix and firewall service RLOC for the destination) is known within the map-server's own virtual network/VRF for firewall service insertion, the map-server still should do a lookup across virtual networks/VRFs and discover the final destination's DGT (destination group tag) and include that in the map reply.

公开(公告)号：US12170614B2

公开(公告)日：2024-12-17

申请号：US18545931

申请日：2023-12-19

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L45/586 ,  H04L12/46 ,  H04L45/00 ,  H04L45/02 ,  H04L45/302

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US20240396945A1

公开(公告)日：2024-11-28

申请号：US18791151

申请日：2024-07-31

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Mitsuo Kobo ,  Rajagopal Venkatraman

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5007 ,  H04L61/5014

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US20240314036A1

公开(公告)日：2024-09-19

申请号：US18677720

申请日：2024-05-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L41/0893 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US20240073127A1

公开(公告)日：2024-02-29

申请号：US17897634

申请日：2022-08-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/00 ,  H04L45/12

CPC classification number: H04L45/38 ,  H04L45/126 ,  H04L45/22

Abstract: Techniques for a Software-Defined Networking (SDN) controller associated with a multisite network to implement jurisdictional data sovereignty polices in a multisite network, route network traffic flows between user sites and destination services over one or more provider sites, and/or perform a routing operation on the network traffic flow(s) based on the jurisdictional data sovereignty policies. The jurisdictional data sovereignty polices may be implemented using destination group tags (DGTs) and/or source group tags (SGTs). A secure access service edge (SASE) associated with the network controller may generate, store, and distribute the DGTs to provider sites and/or the SGTs to user sites. Based on the SGT and/or DGT associated with a network traffic flow, one or more services may be applied to the network traffic flow, and the network traffic flow may be routed through a particular region of a software-defined access (SDA) transit.

公开(公告)号：US20240056412A1

公开(公告)日：2024-02-15

申请号：US17886942

申请日：2022-08-12

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Denis Neogi

IPC: H04L61/103 ,  H04L61/5084 ,  H04L12/46

CPC classification number: H04L61/103 ,  H04L61/5084 ,  H04L12/4633

Abstract: Techniques and architecture are described for service and/or application specific underlay path selection in fabric access networks. An egress tunnel router (ETR) registers service requirements of a connected application server, e.g., an end point known by host/device detection, config, or CDC type protocols, to a fabric control plane, e.g., a map server/map resolver (MSMR). The fabric control plane, while replying to a map request from an ingress tunnel router (ITR), sends service parameters in the map reply. While installing a tunnel forwarding path in hardware, i.e., map cache, the ITR may utilize a probing mechanism to ensure that the ITR chooses the right underlay adjacency, e.g., routing locator(s) (RLOC(s)), that can satisfy the service requirements provided by the fabric control plane. Only RLOC(s) that comply with the service requirements are installed in the map cache along with the required service parameters.