公开(公告)号：US20210044565A1

公开(公告)日：2021-02-11

申请号：US16534783

申请日：2019-08-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L29/06 ,  H04L12/713 ,  H04L12/741

Abstract: Systems, methods, and computer-readable media for implementing an extranet policy include receiving a request from a source to perform a lookup for a destination address. A lookup for the destination address is performed in a consolidated routing table, the consolidated routing table including a consolidated mapping of address prefixes associated with two or more virtual networks. If the lookup results in a match for the destination address with a matching address prefix, a matching virtual network associated with the matching address prefix is determined. An access policy for the request corresponding to the matching virtual network is obtained, and based on the access policy the request is allowed to access the destination address in the matching virtual network or disallowed. The consolidated routing table can be implemented in a mapping server using a Locator/ID Separation Protocol (LISP).

公开(公告)号：US20200320197A1

公开(公告)日：2020-10-08

申请号：US16375574

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda

IPC: G06F21/56 ,  G06F13/38 ,  H04L29/06

Abstract: The disclosed technology relates to a process for zero touch provisioning to provide cloud enablement of legacy computing devices. Specifically, the disclosed technology provides the ability to automate the process of connecting computing devices that may not originally have the capabilities to connect to the Internet so that the computing devices can be managed by a cloud network or be provided updates by the cloud network. The cloud enablement for computing devices is performed by modifying the computing device with hardware and software that would direct the computing device to establish secure communications with the cloud network without user involvement.

公开(公告)号：US10778430B2

公开(公告)日：2020-09-15

申请号：US15968189

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Satish Kondalam ,  Victor M. Moreno ,  Sanjay Kumar Hooda ,  Muhammad Ahmad Imam

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/08

Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.

公开(公告)号：US10771390B2

公开(公告)日：2020-09-08

申请号：US15626150

申请日：2017-06-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ravishankar Chandrasekaran ,  Rex Emmanuel Fernando ,  Sanjay Kumar Hooda ,  Jesus Arango

IPC: H04L12/813 ,  H04L12/46 ,  H04L12/751

Abstract: One embodiment of a method includes receiving at a first network node traffic from a second network node; and sending by the first network node to a third network node information identifying the second network node via a Local Area Network (“LAN”) connection between the first and third network nodes. Subsequent to receipt of the information identifying the second network node, the third network node updates a locator table maintained by the third network node to include an entry including the information identifying the second network node received by the third network node from the first network node. Upon receipt by the third network node of a notification that the first network node has failed, the third network node sends an update only to network nodes that have an entry in the locator table indicating that the first network node has failed.

公开(公告)号：US10749799B2

公开(公告)日：2020-08-18

申请号：US15968205

申请日：2018-05-01

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand Jain ,  Sanjay Kumar Hooda ,  Victor M. Moreno

IPC: H04L12/28 ,  H04L12/747 ,  H04L29/12

Abstract: In accordance with various embodiments, a method is performed including receiving, at a first node associated with a first instance identifier, a packet from a first host addressed to a second host. The method includes sending, from the first node to the second node, the packet. The method includes receiving, from the second node, a solicit map-request for the second host including the first instance identifier of the first node and the second instance identifier of the second node for the second host. The method includes sending, in response to receiving the solicit map-request for the second host, a map-request for the second host. The method includes receiving, in response to sending the map-request for the second host, a map-reply indicating a third node associated with the second instance identifier. The method includes sending, from the first node to the third node, the packet.

公开(公告)号：US20200228404A1

公开(公告)日：2020-07-16

申请号：US16368624

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US10547467B2

公开(公告)日：2020-01-28

申请号：US15792180

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Prakash C. Jain ,  Rishabh Parekh ,  Atri Indiresan ,  Satish Kondalam ,  Victor Moreno

IPC: H04L12/18 ,  H04L29/12 ,  H04L29/06 ,  H04L12/853

Abstract: A method including determining that network traffic being transmitted is unicast or multicast; mapping to which virtual network and locator address each host belongs; generating leaking data for unicast and multicast traffic, wherein the leaking data indicates that a first virtual network leaks traffic to a second virtual network; receiving a request from the second virtual network to receive traffic from a host in the first virtual network; determining, based on the leaking data and the type of traffic being transmitted, if the first virtual network leaks traffic to the second virtual network; if the first virtual network leaks traffic to the second virtual network, determining a locator address for the host in the first virtual network using the mapping data; and transmitting the locator address for the host to the second virtual network to enable traffic leaking from the host to the second virtual network is disclosed.

公开(公告)号：US10516544B2

公开(公告)日：2019-12-24

申请号：US15649479

申请日：2017-07-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Manuel Moreno ,  Shyam Kapadia ,  Sanjay Kumar Hooda

IPC: G06F17/30 ,  H04L29/12 ,  H04L12/18 ,  H04L29/06 ,  H04L12/46 ,  H04L12/24 ,  H04L12/733 ,  H04L12/761

Abstract: A Location/Identifier Separation Protocol (LISP) mapping server, including: a network interface for communicating with a LISP-enabled network; a mapping database; an extranet policy table; and a shared subnetwork mapping engine (SSME), including at least a hardware platform, configured to: receive a map request from a first endpoint serviced by a first xTR, the first endpoint on a first subnetwork, the map request for a second endpoint; determine that the second endpoint is not a member of the first subnetwork; query the extranet policy table to identify a second subnetwork that the first subnetwork subscribes to, and to determine that the second endpoint is a member of the second subnetwork; and provide to the first subnetwork a routing locator (RLOC) of an xTR servicing the second endpoint.

公开(公告)号：US10476784B2

公开(公告)日：2019-11-12

申请号：US15263405

申请日：2016-09-13

Applicant: Cisco Technology, Inc.

Inventor： Anand Oswal ,  Muninder Sambi ,  Sanjay Kumar Hooda

IPC: H04L12/721 ,  H04L12/743 ,  H04L12/715 ,  H04L12/46 ,  H04L12/933

Abstract: A network device may receive a flow having source information corresponding to a first client device and destination information corresponding to a second client device. A tag may then be created by the network device for the flow based upon the source information and the destination information. Next, the network device may encapsulate a packet corresponding to the flow. The packet may be encapsulated with encapsulation information including the created tag. The encapsulated packet may then be routed through a plurality of intermediate network devices in the network. The created tag encapsulated with the packet may identify the packet as being a part of the flow as the packet is routed through the plurality of intermediate network devices.

公开(公告)号：US10200311B2

公开(公告)日：2019-02-05

申请号：US15260048

申请日：2016-09-08

Applicant: Cisco Technology, Inc.

Inventor： Anand Oswal ,  Muninder Singh Sambi ,  Sanjay Kumar Hooda

IPC: H04L12/931 ,  H04L12/46 ,  H04L29/12

Abstract: An application switch instantiates two application-side network service instances for the same application. Each network service instance is characterized by a common Internet Protocol (IP) address, a common Open Systems Interconnection (OSI) reference model layer 2 (L2) media access control (MAC) address, and a unique (for the application) supplemental L2 identifier. The application switch maintains a mapping between a {client IP address, client port} tuple and a particular instantiated network service instance based at least in part on the supplemental L2 identifier of a particular one of the instantiated first and second network service instances. When the application switch receives a client communication via an application switch client-side network, the application switch determines the particular instantiated network service instance corresponding to the { , } tuple based on the mapping, and switches the received client communication to the determined application-side network service instance.