公开(公告)号：US20240031333A1

公开(公告)日：2024-01-25

申请号：US18478942

申请日：2023-09-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam ,  Vikram Vikas Pendharkar ,  Anoop Vetteth ,  Solomon T. Lucas

IPC: H04L9/40

CPC classification number: H04L63/0227 ,  H04L47/825

Abstract: This disclosure describes techniques to operate a control plane in a network fabric. The techniques include determining a stateless rule corresponding to communication between a first segment of the network fabric and a second segment of the network fabric. The techniques further include configuring the control plane to enforce the stateless rule.

公开(公告)号：US11818096B2

公开(公告)日：2023-11-14

申请号：US17084453

申请日：2020-10-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kumar Kondalam ,  Vikram Vikas Pendharkar ,  Anoop Vetteth ,  Solomon T Lucas

IPC: H04L41/0894 ,  H04L9/40 ,  H04L47/70

CPC classification number: H04L63/0227 ,  H04L47/825 ,  H04L2212/00

Abstract: This disclosure describes techniques to operate a control plane in a network fabric. The techniques include determining a stateless rule corresponding to communication between a first segment of the network fabric and a second segment of the network fabric. The techniques further include configuring the control plane to enforce the stateless rule.

公开(公告)号：US20230344898A1

公开(公告)日：2023-10-26

申请号：US18106304

申请日：2023-02-06

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L41/0893 ,  H04L45/76 ,  H04L67/1001 ,  H04L67/51 ,  H04L41/122

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US20230269139A1

公开(公告)日：2023-08-24

申请号：US18304890

申请日：2023-04-21

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  H04L12/4641 ,  G06F9/45558 ,  H04L12/4633 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US11729280B2

公开(公告)日：2023-08-15

申请号：US18045202

申请日：2022-10-10

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Ramesh Yeevani-Srinivas

IPC: G06F15/173 ,  H04L67/51 ,  H04L65/1073

CPC classification number: H04L67/51 ,  H04L65/1073

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：US20230254250A1

公开(公告)日：2023-08-10

申请号：US17665868

申请日：2022-02-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Vinay Saini

IPC: H04L45/745

CPC classification number: H04L45/745

Abstract: Techniques and architecture are described that utilize network address translation (NAT) based on a group tag such that legacy and third-party devices may utilize and apply “subnet” based policies, thereby allowing the subnet based policies to be as effective as “group” based policies. In particular, a subnet may be applied to a group tag where the group tag is not understandable outside an access network such as, for example, a fabric network. Thus, when a packet originates from a fabric network utilizing group tags representing source groups of endpoints and is destined for a legacy or a third-party device-based network that does not utilize and/or understand group tags, then the group is converted into a subnet. Since that subnet is different from the source host within the fabric network, network address translation (NAT) is utilized.

公开(公告)号：US20230199465A1

公开(公告)日：2023-06-22

申请号：US17554887

申请日：2021-12-17

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Parthiv Shah ,  Anton Smirnov

IPC: H04W8/00 ,  H04W76/15 ,  H04W60/04 ,  H04W76/12

CPC classification number: H04W8/005 ,  H04W76/15 ,  H04W60/04 ,  H04W76/12

Abstract: Techniques and architecture are described for providing connectivity and monitoring the connectivity of a fabric network controller/control plane with external and extended network controllers/control planes. The techniques and architecture provide a method that includes provisioning a control plane of a first network with a control plane of a second network. The method also includes establishing a session between the control planes of the first and second networks. The method further includes registering nodes of the first network with the control plane of the second network and providing, by the control plane of the first network to the control plane of the second network, information related to endpoints within the first network. The method also includes monitoring, reporting, and possibly taking corrective actions, by the control plane of the second network, with respect to connectivity/status between the control plane of the first network and the control plane of the second network.

公开(公告)号：US20230114157A1

公开(公告)日：2023-04-13

申请号：US18045202

申请日：2022-10-10

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Rajeev Kumar ,  Ramesh Yeevani-Srinivas

IPC: H04L67/51 ,  H04L65/1073

Abstract: Services with policy control may be provided. A computing device may receive registration information associated with a border device. The registration information may comprise information identifying a service provided by a server associated with the border device, information identifying the border device, and policies associated with the service. Then an address for the server may be determined. Next a request may be received comprising the information identifying the service provided by the server. In response to receiving the request comprising the information identifying the service provided by the server, the address for the server, the information identifying the border device, and the policies associated with the service may be provided.

公开(公告)号：US20230017053A1

公开(公告)日：2023-01-19

申请号：US17375748

申请日：2021-07-14

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L12/713 ,  H04L12/741 ,  H04L12/725 ,  H04L12/715

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US11516184B2

公开(公告)日：2022-11-29

申请号：US16561360

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Satish Kondalam

IPC: H04L9/40 ,  H04L61/25 ,  H04L45/02 ,  H04W76/22 ,  G06F21/50 ,  H04W36/00 ,  H04W36/14

Abstract: Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.