公开(公告)号：US12052313B2

公开(公告)日：2024-07-30

申请号：US18106304

申请日：2023-02-06

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L67/51 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/1001

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US12028253B2

公开(公告)日：2024-07-02

申请号：US17558247

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： Balaji Pitta Venkatachalapathy ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L45/748

CPC classification number: H04L45/748

Abstract: Techniques for dynamically adapting a router capacity to system needs in a network. The border router may receive a list of summarized prefixes for endpoint devices associated with the router from control-plane nodes. The router may store the list of summarized prefixes in memory of the border router. Once the router receives traffic that is destined for endpoint devices associated with the border router, it may determine that the destination address is included in the summarized prefixes. In some examples, the router may download complete prefixes from the control-plane nodes, and forward the traffic to the destination address indicated by the complete prefixes.

公开(公告)号：US20240205156A1

公开(公告)日：2024-06-20

申请号：US18589411

申请日：2024-02-27

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Sanjay Kumar Hooda ,  Anoop Vetteth ,  Prakash C. Jain

IPC: H04L47/125 ,  H04L12/16 ,  H04L45/00

CPC classification number: H04L47/125 ,  H04L12/16 ,  H04L45/56

Abstract: Techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

公开(公告)号：US12003420B2

公开(公告)日：2024-06-04

申请号：US18103147

申请日：2023-01-30

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Sanjay Kumar Hooda ,  Anoop Vetteth ,  Prakash C. Jain

IPC: H04W4/00 ,  H04L12/16 ,  H04L45/00 ,  H04L47/125

CPC classification number: H04L47/125 ,  H04L12/16 ,  H04L45/56

Abstract: This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

公开(公告)号：US20240137311A1

公开(公告)日：2024-04-25

申请号：US17972119

申请日：2022-10-23

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/30 ,  H04L45/302

CPC classification number: H04L45/30 ,  H04L45/302

Abstract: This disclosure describes techniques for employing an adaptive mechanism in communications among network devices. Adaptive mechanism techniques may include adapting network operations relative to characteristics of devices and/or network access technologies or mechanisms used in the network. Adaptation may help to accommodate a wider variety of types of devices. For instance, adaptive mechanism techniques may include determining, based on characteristics of a device in the network, a forwarding mechanism to be used at an access device to forward data traffic from the device to another device via the network. As such, adaptive mechanism techniques may provide more efficient integration of devices within a complex network, thereby improving network operations.

公开(公告)号：US11902166B2

公开(公告)日：2024-02-13

申请号：US16984924

申请日：2020-08-04

Applicant: Cisco Technology, Inc.

Inventor： Raja Janardanan ,  Rajeev Kumar ,  Sanjay Kumar Hooda ,  Prakash C. Jain

IPC: H04L47/20 ,  H04L12/46 ,  H04L45/745 ,  H04L45/02

CPC classification number: H04L47/20 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/745

Abstract: Routing of a traffic in a fabric network may be provided. A first traffic may be received at a first node. It may be determined that the first traffic is coming from a provider virtual network. In response to determining that the first traffic is coming from the provider virtual network, it may be determined that a first subnet associated with the first traffic is associated with a subscriber virtual network. In response to determining that the first subnet associated with the first traffic is associated with the subscriber virtual network, a first virtual network associated with the first traffic may be changed to the subscriber virtual network. A lookup for the first traffic may be changed to a first virtual routing and forwarding of the subscriber virtual network.

公开(公告)号：US20240007353A1

公开(公告)日：2024-01-04

申请号：US18360451

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  H04L12/4641 ,  G06F9/45558 ,  H04L12/4633 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US20230308389A1

公开(公告)日：2023-09-28

申请号：US17703965

申请日：2022-03-24

Applicant: Cisco Technology, Inc.

Inventor： Victor Manuel Moreno ,  Sanjay Kumar Hooda ,  Roberto Mitsuo Kobo ,  Balaji Pitta Venkatachalapathy

IPC: H04L45/64 ,  H04L12/46

CPC classification number: H04L45/64 ,  H04L12/4641

Abstract: Methods and devices configure edge nodes of a virtual network overlay to continuously forward data plane traffic flows between client devices of a common subnet over the course of at least some of the edge nodes being EF-configured. TF-configured edge nodes and EF-configured edge nodes both play roles in unilaterally inducing address discovery by sending to client devices address discovery responses that were not prompted by address discovery requests. TF-configured edge nodes then handle ensuing address discovery requests by proxy, and subsequently handle certain traffic flows according to an EF-compatible forwarding mode, while EF-configured edge nodes continue to forward traffic flows by IP routing normally. This averts throughput of data plane traffic over the network overlay being reduced as a side effect of the heterogeneously configured edge nodes, and averts the possibility of client devices broadcasting address discovery protocol requests as a result of remote client devices being unreachable.

公开(公告)号：US20230300024A1

公开(公告)日：2023-09-21

申请号：US18322236

申请日：2023-05-23

Applicant: Cisco Technology, Inc.

Inventor： Shyamsundar N. Maniyar ,  Sanjay Kumar Hooda ,  Shree N. Murthy ,  Sonal Prem Kumar Chhabria ,  Akshay Dorwat

IPC: H04L41/0813 ,  H04L12/46 ,  H04L67/306

CPC classification number: H04L41/0813 ,  H04L12/4641 ,  H04L67/306 ,  H04L2212/00

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

公开(公告)号：US20230291687A1

公开(公告)日：2023-09-14

申请号：US18198104

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L45/74 ,  H04L9/40

CPC classification number: H04L45/74 ,  H04L63/205

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.