公开(公告)号：US10211987B2

公开(公告)日：2019-02-19

申请号：US14992114

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L9/32 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06 ,  H04L29/12 ,  H04L12/721

Abstract: A system and methods are provided herein for verifying proof of transit of traffic through a plurality of network nodes in a network. In one embodiment, a method is provided in which information is obtained about a packet at a network node in a network. The information includes in-band metadata. Verification information is read from the in-band metadata. The verification information for use in verifying a path of the packet in the network. Updated verification information is generated from the verification information read from the packet. The updated verification information is written to the in-band metadata of the packet, and the packet is forwarded from the network node in the network.

公开(公告)号：US20180294983A1

公开(公告)日：2018-10-11

申请号：US15479738

申请日：2017-04-05

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Swapna Yelamanchi ,  Amarender Musku ,  Rakesh Reddy Kandula ,  Deep Preet Singh ,  Shwetha Subray Bhandari ,  Shrirang Arvind Bage

IPC: H04L12/12 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L12/12 ,  H04L61/103 ,  H04L61/1511 ,  H04L61/6022 ,  H04L63/00 ,  H04L67/145 ,  H04L67/16 ,  H04L67/2814 ,  H04L67/2861 ,  H04W52/0219

Abstract: In one embodiment, a sleep proxy device identifies one or more services offered by a first node in the network. The sleep proxy device announces the one or more identified services to a second node in the network on behalf of the first node. The sleep proxy device intercepts an attempt by the second node to use the one or more services offered by the first node. The sleep proxy device causes the first node to switch from a low power state to an awake state, based on the intercepted attempt.

公开(公告)号：US20180063018A1

公开(公告)日：2018-03-01

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911

CPC classification number: H04L47/76 ,  H04L45/306 ,  H04L47/28 ,  H04L47/822

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.

公开(公告)号：US20140286173A1

公开(公告)日：2014-09-25

申请号：US13847904

申请日：2013-03-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Shwetha Subray Bhandari ,  Samer Salam ,  Kannan Jayaraman ,  Arvind Saproo

IPC: H04W28/02 ,  H04W24/02

CPC classification number: H04W28/0236 ,  H04L45/02 ,  H04W24/02 ,  H04W40/12

Abstract: A method is provided in one example and includes receiving a current bandwidth characteristic for a link, where the current bandwidth characteristic is determined under fading conditions associated with signal propagation on the link. The method can also include calculating a new cost for the link that is different from a nominal cost associated with a nominal bandwidth of the link without the fading conditions. The method could also include routing at least a portion of a plurality of flows that are to traverse the link away from the link based, at least in part, on the new cost. Another example method includes receiving the current bandwidth characteristic for the link, comparing the current bandwidth characteristic with a preconfigured low watermark corresponding to a class-specific MTR topology associated with a class of traffic traversing the link, and removing the link from the MTR topology based on the current bandwidth characteristic.

Abstract translation: 在一个示例中提供了一种方法，并且包括接收用于链路的当前带宽特性，其中在与链路上的信号传播相关联的衰落条件下确定当前带宽特性。 该方法还可以包括计算不同于没有衰落条件的与链路的标称带宽相关联的名义成本的链路的新成本。 该方法还可以包括至少部分地基于新成本路由将要从链路横越链路的多个流的至少一部分路由。 另一示例性方法包括：接收当前带宽特性，将当前带宽特性与对应于与通过链路的一类流量相关联的类特定MTR拓扑相对应的预配置低水印，以及从基于MTR拓扑的链路中移除链路 关于当前的带宽特性。

公开(公告)号：US20250112861A1

公开(公告)日：2025-04-03

申请号：US18981218

申请日：2024-12-13

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L45/7453 ,  H04L41/0695 ,  H04L47/2483 ,  H04L61/5007

Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first signature. The method further includes generating a second signature by inputting the first signature and one or more node details into a hash function. The method includes replacing the first signature with the second signature in the packet. The packet including the second value is forwarded by the node.

公开(公告)号：US11882176B2

公开(公告)日：2024-01-23

申请号：US18158961

申请日：2023-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F15/173 ,  H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

CPC classification number: H04L67/104 ,  H04L9/3247 ,  H04L61/4511 ,  H04L63/0823 ,  H04L67/1001 ,  H04W24/10

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US11784808B2

公开(公告)日：2023-10-10

申请号：US17659530

申请日：2022-04-18

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/0866 ,  H04L9/0869 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0869 ,  H04L63/10 ,  H04L63/108 ,  H04L2209/12

Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.

公开(公告)号：US20230164214A1

公开(公告)日：2023-05-25

申请号：US18158961

申请日：2023-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

CPC classification number: H04L67/104 ,  H04L63/0823 ,  H04W24/10 ,  H04L9/3247 ,  H04L61/4511 ,  H04L67/1001

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US11616701B2

公开(公告)日：2023-03-28

申请号：US17181243

申请日：2021-02-22

Applicant: Cisco Technology, Inc.

Inventor： Frank Brockners ,  Shwetha Subray Bhandari ,  Pallavi Kalapatapu ,  Enzo Fenoglio ,  Wenqin Shao

IPC: H04L41/22 ,  G06F9/451 ,  H04L41/08

Abstract: Techniques for utilizing a communication system that provides access to a representation of a virtual environment to participants. The communication system may establish connections between personal communication bridge(s) associated with participant(s) interacting within a virtual proximity radius of one another's virtual indicator in the virtual environment. The communication system may cause conversation data to be sent each personal communication bridge associated with a participant that is within the virtual proximity radius of the sender, and cause conversation data to be received via the personal communication bridge of a participant that is within the virtual proximity radius of the sender. The communication system may also analyze data associated with the participant profile(s) and transcribed conversation data from the communication bridges(s) to recommend potential conversations of interest to participant(s).

公开(公告)号：US20220353322A1

公开(公告)日：2022-11-03

申请号：US17857729

申请日：2022-07-05

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.