公开(公告)号：US09722910B2

公开(公告)日：2017-08-01

申请号：US14666786

申请日：2015-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yi Yang ,  Alvaro E. Retana ,  Keyur Patel ,  Fabien Degouet

IPC: H04L12/56 ,  H04L12/715 ,  H04L12/66 ,  H04L29/06

CPC classification number: H04L45/04 ,  H04L12/66 ,  H04L63/101 ,  H04L65/1036 ,  H04L65/607

Abstract: A method for controlling transit of routing messages in a network comprising multiple autonomous systems (AS) is disclosed. The method includes receiving, at a first AS, a routing message of an inter-AS routing protocol and identifying that the routing message comprises transit domain control (TDC) information specifying one or more autonomous systems to which the routing message may be propagated and/or one or more autonomous systems to which the routing message may not be propagated. The method further includes propagating the routing message from the first AS to a second AS in accordance with the TDC information.

公开(公告)号：US20160261485A1

公开(公告)日：2016-09-08

申请号：US15156215

申请日：2016-05-16

Applicant: Cisco Technology, Inc.

Inventor： Yi Yang ,  Alvaro E. Retana ,  James L. Ng ,  Abhay Roy ,  Alfred C. Lindem ,  Sina Mirtorabi ,  Timothy M. Gage ,  Syed Khalid Raza

IPC: H04L12/755 ,  H04L12/801 ,  H04L12/751 ,  H04L12/773

CPC classification number: H04L45/021 ,  H04L45/02 ,  H04L45/025 ,  H04L45/54 ,  H04L45/60 ,  H04L47/10 ,  H04L63/0407

Abstract: In one embodiment, a first router determines whether an interface coupling the first router to one or more second routers is transit-only. When the interface is transit-only, the first router generates an Open Shortest Path First (OSPF) Link State Advertisement (LSA) that includes an address for the interface and a designated network mask. The designated network mask operates as a transit-only identification that indicates the address should not be installed in a Routing Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers. When the network is not transit-only, the first router generates an OSPF LSA that includes the address for the interface but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the OSPF LSA at the one or more second routers.

Abstract translation: 在一个实施例中，第一路由器确定将第一路由器耦合到一个或多个第二路由器的接口是否只是转接。 当接口只有传输时，第一个路由器生成包含接口地址和指定网络掩码的开放最短路径优先（OSPF）链路状态通告（LSA）。 指定的网络掩码作为仅传输标识操作，其指示在一个或多个第二路由器上接收到OSPF LSA时，该地址不应安装在路由信息库（RIB）中。 当网络不传输时，第一个路由器生成包含接口地址但不包括指定网络掩码的OSPF LSA，以便在接收到OSPF LSA时在一个RIB中安装该地址 或更多的第二路由器。

公开(公告)号：US20150207729A1

公开(公告)日：2015-07-23

申请号：US14160804

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Burjiz F. Pithawala ,  Ed Kern ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L29/08 ,  H04L12/24 ,  H04L12/741 ,  H04L12/805

CPC classification number: H04L45/44 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/745 ,  H04L47/36 ,  H04L67/2819 ,  H04L69/22

Abstract: In one embodiment, a router located at an exit edge of an autonomous system (AS) receives a data packet in a data plane, and determines a destination of the data packet and an associated AS-path information to the destination. The router may then insert the AS-path information into the data packet, and forwards the data packet with the AS-path information toward the destination, such that a receiving device in a destination AS can validate whether the data packet was routed through a path that was secure from a control plane perspective based on a collection of one or more insertions of AS-path information.

Abstract translation: 在一个实施例中，位于自治系统（AS）的出口边缘处的路由器接收数据平面中的数据分组，并且确定数据分组的目的地和相关联的AS路径信息到目的地。 路由器然后可以将AS路径信息插入到数据包中，并将数据包与AS路径信息转发到目的地，使得目的地AS中的接收设备可以验证数据包是否通过路径路由 基于AS路径信息的一个或多个插入的集合，从控制平面的角度来看是安全的。

公开(公告)号：US09722919B2

公开(公告)日：2017-08-01

申请号：US14160804

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Burjiz F. Pithawala ,  Ed Kern ,  Carlos M. Pignataro

IPC: H04L29/08 ,  H04L12/721 ,  H04L12/741 ,  H04L12/805 ,  H04L12/715 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L45/44 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/745 ,  H04L47/36 ,  H04L67/2819 ,  H04L69/22

Abstract: In one embodiment, a router located at an exit edge of an autonomous system (AS) receives a data packet in a data plane, and determines a destination of the data packet and an associated AS-path information to the destination. The router may then insert the AS-path information into the data packet, and forwards the data packet with the AS-path information toward the destination, such that a receiving device in a destination AS can validate whether the data packet was routed through a path that was secure from a control plane perspective based on a collection of one or more insertions of AS-path information.

公开(公告)号：US09654482B2

公开(公告)日：2017-05-16

申请号：US14160968

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel

IPC: H04L29/06

CPC classification number: H04L63/108 ,  H04L63/029

Abstract: In one embodiment, a validation server in a computer network determines that an edge router of the computer network has blocked access to a desired server address based on the edge router not having authentication information for the desired server address. In response, the server creates a white-listing policy to temporarily allow access to the desired server address at the edge router, and sends the white-listing policy to the edge router. The validation server may then proceed with performing server fetching operations to the desired server address from the validation server while the white-listing policy is in effect, and instructs the edge device to remove the white-listing policy once the server fetching operations are completed.

公开(公告)号：US20170026275A1

公开(公告)日：2017-01-26

申请号：US14804069

申请日：2015-07-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yi Yang ,  Alvaro E. Retana ,  Steven Edward Moore ,  James L. Ng ,  Timothy M. Gage

IPC: H04L12/715 ,  H04L29/06 ,  H04L29/12 ,  H04L12/66

CPC classification number: H04L45/04 ,  H04L12/66 ,  H04L61/25 ,  H04L61/6068 ,  H04L65/102

Abstract: Present disclosure relates to methods for preparing BGP update messages for transmission and processing received update messages. The methods are based on grouping path attributes common to a plurality of IP address prefixes into respective sets identified with respective set identifiers and, instead of duplicating path attributes in each BGP update message, including a respective identifier referring to a certain set of path attributes provided in an earlier BGP update message when sending subsequent update messages. Grouping of path attributes into individual sets associated with respective identifiers provides significant advantages by enabling re-use of the results of previous processing on both the sending and receiving sides associated with transmission of BGP update messages. In addition, such an approach limits the amount of information transmitted in the control plane because duplicate sets of path attributes may only be transmitted once and merely be referred to in subsequent update messages.

公开(公告)号：US20160285740A1

公开(公告)日：2016-09-29

申请号：US14666786

申请日：2015-03-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yi Yang ,  Alvaro E. Retana ,  Keyur Patel ,  Fabien Degouet

IPC: H04L12/715 ,  H04L29/06 ,  H04L29/12 ,  H04L12/24 ,  H04L12/66

CPC classification number: H04L45/04 ,  H04L12/66 ,  H04L63/101 ,  H04L65/1036 ,  H04L65/607

Abstract: A method for controlling transit of routing messages in a network comprising multiple autonomous systems (AS) is disclosed. The method includes receiving, at a first AS, a routing message of an inter-AS routing protocol and identifying that the routing message comprises transit domain control (TDC) information specifying one or more autonomous systems to which the routing message may be propagated and/or one or more autonomous systems to which the routing message may not be propagated. The method further includes propagating the routing message from the first AS to a second AS in accordance with the TDC information.

Abstract translation: 公开了一种用于控制包括多个自治系统（AS）的网络中的路由消息的传送的方法。 该方法包括在第一AS处接收跨AS路由协议的路由消息，并且识别该路由消息包括指定可以传播路由消息的一个或多个自治系统的传输域控制（TDC）信息和/ 或路由消息可能不被传播到的一个或多个自治系统。 该方法还包括根据TDC信息将路由消息从第一AS传播到第二AS。

公开(公告)号：US20140003289A1

公开(公告)日：2014-01-02

申请号：US14013990

申请日：2013-08-29

Applicant: Cisco Technology, Inc.

Inventor： Yi Yang ,  Alvaro E. Retana ,  James Ng ,  Abhay Roy ,  Alfred C. Lindem, III ,  Sina Mirtorabi ,  Timothy M. Gage ,  Syed Khalid Raza

IPC: H04L12/751

CPC classification number: H04L45/021 ,  H04L45/02 ,  H04L45/025 ,  H04L45/54 ,  H04L45/60 ,  H04L47/10 ,  H04L63/0407

Abstract: In one embodiment, a first router determines whether a network coupling the first router to one or more second routers is transit-only, wherein transit-only indicates connecting only routers to provide for transmission of data from router to router. When the network is transit-only, the first router generates an Open Shortest Path First (OSPF) Link State Advertisement (LSA) that includes an address for the network and a designated network mask. The designated network mast operates as a transit-only identification that indicates the address should not be installed in a Routing Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers. When the network is not transit-only, the first router generates an OSPF LSA that includes the address for the network but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the OSPF LSA at the one or more second routers.

Abstract translation: 在一个实施例中，第一路由器确定将第一路由器耦合到一个或多个第二路由器的网络是否是仅运输，其中，传输仅指示仅连接路由器以提供从路由器到路由器的数据传输。 当网络仅传输时，第一路由器生成包括网络地址和指定网络掩码的开放最短路径优先（OSPF）链路状态通告（LSA）。 指定的网络桅杆作为仅传输标识操作，其指示在一个或多个第二路由器上接收到OSPF LSA时，该地址不应安装在路由信息库（RIB）中。 当网络不通过时，第一个路由器生成包含网络地址但不包括指定网络掩码的OSPF LSA，以便在接收到OSPF LSA时在一个RIB中安装该地址 或更多的第二路由器。

公开(公告)号：US10225174B2

公开(公告)日：2019-03-05

申请号：US15156215

申请日：2016-05-16

Applicant: Cisco Technology, Inc.

Inventor： Yi Yang ,  Alvaro E. Retana ,  James L. Ng ,  Abhay Roy ,  Alfred C. Lindem ,  Sina Mirtorabi ,  Timothy M. Gage ,  Syed Khalid Raza

IPC: H04L12/751 ,  H04L12/755 ,  H04L12/741 ,  H04L12/773 ,  H04L12/801 ,  H04L29/06

Abstract: In one embodiment, a first router determines whether an interface coupling the first router to one or more second routers is transit-only. When the interface is transit-only, the first router generates an Open Shortest Path First (OSPF) Link State Advertisement (LSA) that includes an address for the interface and a designated network mask. The designated network mask operates as a transit-only identification that indicates the address should not be installed in a Routing Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers. When the network is not transit-only, the first router generates an OSPF LSA that includes the address for the interface but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the OSPF LSA at the one or more second routers.

公开(公告)号：US09843498B2

公开(公告)日：2017-12-12

申请号：US14804069

申请日：2015-07-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yi Yang ,  Alvaro E. Retana ,  Steven Edward Moore ,  James L. Ng ,  Timothy M. Gage

IPC: H04L12/715 ,  H04L12/66 ,  H04L29/06 ,  H04L29/12

CPC classification number: H04L45/04 ,  H04L12/66 ,  H04L61/25 ,  H04L61/6068 ,  H04L65/102

Abstract: Present disclosure relates to methods for preparing BGP update messages for transmission and processing received update messages. The methods are based on grouping path attributes common to a plurality of IP address prefixes into respective sets identified with respective set identifiers and, instead of duplicating path attributes in each BGP update message, including a respective identifier referring to a certain set of path attributes provided in an earlier BGP update message when sending subsequent update messages. Grouping of path attributes into individual sets associated with respective identifiers provides significant advantages by enabling re-use of the results of previous processing on both the sending and receiving sides associated with transmission of BGP update messages. In addition, such an approach limits the amount of information transmitted in the control plane because duplicate sets of path attributes may only be transmitted once and merely be referred to in subsequent update messages.