公开(公告)号：US20220174004A1

公开(公告)日：2022-06-02

申请号：US17538513

申请日：2021-11-30

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Pablo Camarillo Garvia ,  Ahmed Mohamed Ahmed Abdelsalam ,  Francois Clad

IPC分类号： H04L45/00 ,  H04L45/74 ,  H04L45/30

摘要： Disclosed are systems, apparatuses, methods, and computer-readable media to encode network functions in a packet header. A method includes receiving a first packet from a source device that is to be delivered to a destination address through a network; determining a route to the destination address; identifying at least one network function for the first packet; encapsulating the first packet in a second packet, wherein a header of the second packet includes the route to the destination address in a destination address field and local processing metadata associated with the at least one network function in a source address field; and forwarding the second packet to a next network node of the network identified in the destination address.

公开(公告)号：US20220166860A1

公开(公告)日：2022-05-26

申请号：US17671188

申请日：2022-02-14

申请人： Cisco Technology, Inc.

发明人： Patrice Brissette ,  Clarence Filsfils ,  Darren Dukes ,  Gaurav Dawra ,  Francois Clad ,  Pablo Camarillo Garvia

IPC分类号： H04L69/22 ,  H04L69/324 ,  H04L45/00 ,  H04L67/10 ,  H04L45/50 ,  H04L12/46 ,  H04L45/74 ,  H04L61/5007 ,  H04L49/35 ,  H04L67/63 ,  H04L45/741

摘要： In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.

公开(公告)号：US11019075B2

公开(公告)日：2021-05-25

申请号：US16019125

申请日：2018-06-26

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Pablo Camarillo Garvia ,  Francois Clad

IPC分类号： H04L29/06 ,  H04L9/06 ,  H04L12/743 ,  H04L12/801

摘要： In one embodiment, a Segment Routing network node provides processing and network efficiencies in protecting Internet Protocol version 6 (IPv6) Segment Routing (SRv6) packets and functions using Security Segment Identifiers, which are included in Segment Lists of a Segment Routing Header of a SRv6 packet. The Security Segment Identifier provides, inter alia, origin authentication, integrity of information in one or more headers of the packet, and/or anti-replay protection. In one embodiment, a Security Segment Identifier includes a value determined based on a secured portion of the packet. A typically secured portion includes the Source and Destination Addresses, one or more Segment Identifiers in a Segment List and the Segments Left value. In one embodiment, the Destination Address and/or a Segment Identifier in the Segment List includes and an anti-replay value (e.g., sequence number or portion thereof) which is also in the secured portion of the packet.

公开(公告)号：US20210092053A1

公开(公告)日：2021-03-25

申请号：US16580944

申请日：2019-09-24

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Francois Clad ,  Zafar Ali ,  Peter Psenak

IPC分类号： H04L12/721 ,  H04L12/715 ,  H04L29/06

摘要： Techniques and mechanisms for compressing the size of SIDs to be smaller than a complete IPv6 address (or “micro SIDs”), and scaling micro SIDs across a multi-domain environment using micro SID-domain-blocks. Segment routing over IPv6 (SRv6) uses 128-bit IPv6 addresses as SIDs for segment routing. According to this disclosure, multiple SRv6 SIDs may be expressed in a compact format such that a 128-bit IPv6 address, such as the destination address field of the IPv6 header, may store multiple micro SIDs. Further, SID-domain-blocks may be assigned to each domain in a multi-domain network such that micro SIDs may be expressed in the context of a given domain, rather than being shared in the global multi-domain network. In this way, lists of domain-specific SIDs may be fully expressed in the IPv6 destination address of the packet to scale micro SID into large, multi-domain networks.

公开(公告)号：US10757231B2

公开(公告)日：2020-08-25

申请号：US15981232

申请日：2018-05-16

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Francois Clad ,  Pablo Camarillo Garvia

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L12/721 ,  H04L12/46 ,  H04L12/741 ,  H04L29/12 ,  H04L12/931 ,  H04L12/749 ,  H04L12/26

摘要： In one embodiment, a third-party client network access device sends Internet Protocol (IP) encapsulating packets with a predetermined destination address of a node of the network client service provider (NCSP), with these IP encapsulating packets encapsulating original data packets. These IP encapsulating packets are communicated through the ISP network being used by the NCSP in providing its network services. The predetermined destination address, which is typically also a segment identifier, causes network service processing (e.g., according to a corresponding segment routing function) of the received packet by the node of the NCSP. This processing typically includes creating a segment routing packet encapsulating the original packet (extracted from the received IP encapsulating packet) with its segment list(s) being populated with segment identifier(s) according to a current NCSP segment routing policy reflective of a sequence of forwarding and service chaining operations of the NCSP service offering.

公开(公告)号：US20190394211A1

公开(公告)日：2019-12-26

申请号：US16019125

申请日：2018-06-26

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Pablo Camarillo Garvia ,  Francois Clad

IPC分类号： H04L29/06 ,  H04L9/06 ,  H04L12/743 ,  H04L12/801

摘要： In one embodiment, a Segment Routing network node provides processing and network efficiencies in protecting Internet Protocol version 6 (IPv6) Segment Routing (SRv6) packets and functions using Security Segment Identifiers, which are included in Segment Lists of a Segment Routing Header of a SRv6 packet. The Security SegmentIdentifier provides, inter alia, origin authentication, integrity of information in one or more headers of the packet, and/or anti-replay protection. In one embodiment, a Security Segment Identifier includes a value determined based on a secured portion of the packet. A typically secured portion includes the Source and Destination Addresses, one or more Segment Identifiers in a Segment List and the Segments Left value. In one embodiment, the Destination Address and/or a Segment Identifier in the Segment List includes and an anti-replay value (e.g., sequence number or portion thereof) which is also in the secured portion of the packet.

公开(公告)号：US20190288941A1

公开(公告)日：2019-09-19

申请号：US15922894

申请日：2018-03-15

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Francois Clad ,  Pablo Camarillo Garvia

IPC分类号： H04L12/741 ,  H04L29/06

摘要： In one embodiment, segment routing network processing of packets is performed, including using segment routing packet policies and functions providing segment routing processing signaling and packet forwarding efficiencies in a network. A segment routing node signals to another segment routing node using a signaled segment identifier in a segment list of a segment routing packet with the segments left identifying a segment list element above the signaled segment identifier. A downstream segment routing node receives the segment routing packet, obtains this signaled segment identifier, and performs processing of one or more packets based thereon. In one embodiment, a provider edge node replaces its own segment identifier in a received customer packet, with a downstream customer node using the replaced (signaling) segment identifier (of a provider edge node/segment routing function) for accessing a return path through the provider network.

公开(公告)号：US20180375764A1

公开(公告)日：2018-12-27

申请号：US15981232

申请日：2018-05-16

申请人： Cisco Technology, Inc.

发明人： Clarence Filsfils ,  Francois Clad ,  Pablo Camarillo Garvia

IPC分类号： H04L12/741 ,  H04L12/46 ,  H04L29/12

摘要： In one embodiment, a third-party client network access device sends Internet Protocol (IP) encapsulating packets with a predetermined destination address of a node of the network client service provider (NCSP), with these IP encapsulating packets encapsulating original data packets. These IP encapsulating packets are communicated through the ISP network being used by the NCSP in providing its network services. The predetermined destination address, which is typically also a segment identifier, causes network service processing (e.g., according to a corresponding segment routing function) of the received packet by the node of the NCSP. This processing typically includes creating a segment routing packet encapsulating the original packet (extracted from the received IP encapsulating packet) with its segment list(s) being populated with segment identifier(s) according to a current NCSP segment routing policy reflective of a sequence of forwarding and service chaining operations of the NCSP service offering.