公开(公告)号：US10333822B1

公开(公告)日：2019-06-25

申请号：US15602638

申请日：2017-05-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro ,  James Guichard

IPC: H04L29/06 ,  H04L12/721 ,  H04L12/725

Abstract: A method is described and in one embodiment includes receiving at a forwarding node of a Service Function Chain (“SFC”)-enabled network a packet having a packet header including at least one context header comprising metadata information for the packet, wherein the metadata information comprises price information indicative of a value of a traffic flow of which the packet comprises a part; identifying based on the metadata information and at least one of network state and environmental information a Virtual Network Function (“vNF”) to which to forward the packet for processing; and forwarding the packet to the identified vNF for processing.

公开(公告)号：US20180026885A1

公开(公告)日：2018-01-25

申请号：US15216653

申请日：2016-07-21

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/715 ,  H04L12/721

Abstract: Disclosed is a system and method of providing a segment routing as a service application. The method includes receiving a configuration of an internet protocol environment. The configuration can be a layer 3 configuration of a single cloud environment or even across multiple cloud environments. The configuration defines routing, forwarding, and paths in the environment between different entities such as virtual machines. The method includes receiving a parameter associated with a workload of a tenant. The parameter can be a service level agreement (i.e., a best bandwidth available), a pathway requirement, a parameter associated with specific workload, and so forth. Based on the configuration and the parameter, the method includes generating tenant-defined layer 3 overlay segment routing rules that define how the workload of the tenant will route data in the internet protocol environment using segment routing.

公开(公告)号：US20170230467A1

公开(公告)日：2017-08-10

申请号：US15019205

申请日：2016-02-09

Applicant: Cisco Technology, Inc.

Inventor： Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L29/08 ,  H04L29/06

Abstract: A packet is received at a device configured to provide a service function within a network service chain. A cloud service identifier is extracted from a header of the packet. The service function is applied to the packet according to policies specific to a cloud service identified in the cloud service identifier.

公开(公告)号：US12301569B2

公开(公告)日：2025-05-13

申请号：US17976009

申请日：2022-10-28

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro ,  M. David Hanes

IPC: H04L9/40

Abstract: Techniques are described herein for implementing and using a secure access service edge (SASE) exchange system to allow SASE providers to share SASE services with other providers. A SASE exchange system may be used by any number of SASE providers to support SASE roaming by user endpoints between different SASE providers. A user endpoint may use SASE roaming to access additional sets of SASE services and capabilities that cannot be provided by a home SASE provider and/or other current SASE provider(s) of the user endpoint. In some examples, a SASE exchange system may be used to transition user endpoints from one SASE provider to another. Additionally or alternatively, the SASE exchange system may determine a combination of SASE providers that can be used to provide different subsets of shared SASE services/capabilities to a user endpoint.

公开(公告)号：US12242370B2

公开(公告)日：2025-03-04

申请号：US17871508

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Marisol Palmero Amador ,  Kanishka Priyadharshini Annamali ,  Sebastian Jeuk ,  Sayali Patil ,  Michael Francois Karl Wielpuetz

IPC: G06F9/44 ,  G06F11/3668

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

公开(公告)号：US20240323170A1

公开(公告)日：2024-09-26

申请号：US18672657

申请日：2024-05-23

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk

IPC: H04L9/40 ,  H04L69/324

CPC classification number: H04L63/0471 ,  H04L63/02 ,  H04L63/029 ,  H04L69/324

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

公开(公告)号：US12015702B2

公开(公告)日：2024-06-18

申请号：US17349816

申请日：2021-06-16

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/06

CPC classification number: H04L9/0861 ,  H04L9/0643 ,  H04L9/0825 ,  H04L9/50

Abstract: This disclosure describes techniques for exchanging keys associated with encrypted media sessions using blockchains. In an example method, one or more encrypted frames are generated by encrypting one or more media frames based on an encryption key. Data indicating a ledger in a blockchain is transmitted to one or more computing devices. The ledger includes a decryption key configured to decrypt the one or more encrypted frames. Data packets are generated by packetizing the one or more encrypted frames. The data packets are transmitted to the one or more computing devices.

公开(公告)号：US12003486B2

公开(公告)日：2024-06-04

申请号：US17397230

申请日：2021-08-09

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

公开(公告)号：US11909599B2

公开(公告)日：2024-02-20

申请号：US18105542

申请日：2023-02-03

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Sridar Kandaswamy

IPC: H04L41/12 ,  H04L67/1001

CPC classification number: H04L41/12 ,  H04L67/1001

Abstract: Techniques are described herein for generating network topologies based on models, and deploying the network topologies across hybrid clouds and other computing environments that include multiple workload resource domains. A topology deployment system may receive data representing a logical topology model, and may generate a network topology for deployment based on the logical model. The network topology may include various services and/or other resources provided by different tenants in the computing environment, and tenant may be associated with different set of resources and deployment constraints. The topology deployment system may determine and generate the network topology to use the various resources and comply with various deployment constraints of the different tenants providing the services, and the tenants consuming the network topology.

公开(公告)号：US11893849B2

公开(公告)日：2024-02-06

申请号：US17474002

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: G07C9/28 ,  G07C9/22 ,  H04L9/40 ,  G07C9/00

CPC classification number: G07C9/28 ,  G07C9/00309 ,  G07C9/22 ,  H04L63/0853 ,  G07C2009/00769 ,  H04L2463/082

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.