公开(公告)号：US11632431B2

公开(公告)日：2023-04-18

申请号：US17826003

申请日：2022-05-26

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L67/141 ,  H04L61/4511

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US20220286515A1

公开(公告)日：2022-09-08

申请号：US17826003

申请日：2022-05-26

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L67/141 ,  H04L61/4511

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US10142128B2

公开(公告)日：2018-11-27

申请号：US15784218

申请日：2017-10-16

Applicant: Cisco Technology, Inc.

Inventor： James N. Guichard ,  Paul Quinn ,  Javed Asghar ,  Reinaldo Penno ,  Yixing Ruan ,  Carlos M. Pignataro

IPC: H04L12/801 ,  H04L12/28 ,  H04L12/751 ,  H04L1/04 ,  H04Q11/04 ,  H04L12/46 ,  H04L29/06

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

公开(公告)号：US09825778B2

公开(公告)日：2017-11-21

申请号：US14870722

申请日：2015-09-30

Applicant: Cisco Technology, Inc.

Inventor： James N. Guichard ,  Paul Quinn ,  Javed Asghar ,  Reinaldo Penno ,  Yixing Ruan ,  Carlos M. Pignataro

IPC: G01R31/08 ,  H04L12/28 ,  H04J3/16 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L12/4633 ,  H04L63/0272

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

公开(公告)号：US20170244631A1

公开(公告)日：2017-08-24

申请号：US15049521

申请日：2016-02-22

Applicant: Cisco Technology, Inc.

Inventor： James N. Guichard ,  Paul Quinn ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati

IPC: H04L12/723 ,  H04L12/741

CPC classification number: H04L45/50 ,  H04L45/306 ,  H04L45/74

Abstract: In one embodiment, a device in a network receives a packet that includes one or more forwarding labels and a service function chaining (SFC) header. The device removes the one or more forwarding labels from the packet. The device inserts an indication of the one or more forwarding labels into metadata of the SFC header. The device forwards the packet with the inserted indication of the one or more forwarding labels to a service function.

公开(公告)号：US09608896B2

公开(公告)日：2017-03-28

申请号：US15092117

申请日：2016-04-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G. P. Bosch

IPC: H04L12/28 ,  H04L12/751 ,  H04L12/24 ,  H04L12/725 ,  H04L12/721

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

公开(公告)号：US09363183B2

公开(公告)日：2016-06-07

申请号：US14249636

申请日：2014-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Paul Quinn ,  James N. Guichard ,  Michael R. Smith

IPC: H04L12/803 ,  H04L29/12 ,  H04L12/851 ,  H04L12/54 ,  H04L12/28

CPC classification number: H04L47/125 ,  H04L12/28 ,  H04L12/56 ,  H04L47/2483 ,  H04L61/2514

Abstract: An example method for network address translation (NAT) offload to network infrastructure for service chains in a network environment is provided and includes receiving a packet at a network infrastructure in a network comprising a plurality of service nodes interconnected through the network infrastructure, each service node executing at least one service function, identifying the packet as belonging to a first flow based on a cookie in a network service header of the packet that indicates a service chain that includes a sequence of service functions to be executed on the packet at the service nodes, determining that a service function in the service chain is to be offloaded from one of the service nodes to the network infrastructure for subsequent packets of the first flow, and executing the offloaded service function at the network infrastructure for subsequent packets of the first flow.

Abstract translation: 提供了一种用于网络地址转换（NAT）卸载到网络环境中的服务链的网络基础设施的示例性方法，并且包括在网络中的网络基础设施处接收包括通过网络基础设施互连的多个服务节点的分组，每个服务节点 执行至少一个服务功能，基于所述分组的网络服务报头中的cookie来将分组标识为属于第一流的分组，其指示服务链，所述服务链包括将在所述服务节点处对所述分组执行的服务功能序列 确定所述服务链中的服务功能将从所述服务节点之一卸载到所述网络基础设施以用于所述第一流的后续分组，以及在所述网络基础设施处执行所述卸载的服务功能以用于所述第一流的后续分组。

公开(公告)号：US09344337B2

公开(公告)日：2016-05-17

申请号：US14208453

申请日：2014-03-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  James N. Guichard ,  Hendrikus G. P. Bosch

IPC: H04L12/28 ,  H04L12/24 ,  H04L12/725 ,  H04L12/751

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract translation: 提供了一种网络环境中服务节点发起的服务链的示例方法，包括在包括多个服务节点和中心分类器的网络环境中的服务节点处接收分组，分析服务链修改的分组或 服务链启动，基于分析将服务节点处的分组分类到新的服务链，如果分析指示服务链启动，则在服务节点处启动新的服务链，并将分组的现有服务链修改为新的 服务链如果分析表明服务链修改。 在具体实施例中，分析包括应用对服务节点特定的分类逻辑。 可以从中央控制器接收一些实施例，服务节点属性和在网络中配置的基本上所有服务链中的服务节点的顺序。

公开(公告)号：US09130872B2

公开(公告)日：2015-09-08

申请号：US13843233

申请日：2013-03-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj Bagepalli ,  Abhijit Patra ,  Paul Quinn ,  Ethan M. Spiegel

IPC: G06F15/173 ,  G06F15/16 ,  H04L12/24 ,  H04L12/931 ,  H04L12/933

CPC classification number: H04L41/5041 ,  H04L49/15 ,  H04L49/70

Abstract: An example method for workload based service chain insertion in a network environment is provided and includes partitioning a service-path into fragments at a service controller, where the service-path comprises an ordered sequence of services to be provided to a packet associated with a workload in a network. The method also includes determining a location of service nodes providing the services; and provisioning the fragments at interfaces at a distributed virtual switch. The method could further include generating a plurality of service insertion points corresponding to the fragments at a service dispatcher. The service dispatcher can include a plurality of data plane components, and the service insertion points are generated at the data plane components.

Abstract translation: 提供了一种在网络环境中基于工作负载的服务链插入的示例方法，并且包括将服务路径划分为服务控制器处的分段，其中服务路径包括要提供给与工作负载关联的分组的有序序列的服务 在网络中。 该方法还包括确定提供服务的服务节点的位置; 并在分布式虚拟交换机的接口处配置片段。 该方法还可以包括在服务分派器处生成与片段相对应的多个服务插入点。 服务调度器可以包括多个数据平面组件，并且在数据平面组件处生成服务插入点。

公开(公告)号：US20150172170A1

公开(公告)日：2015-06-18

申请号：US14108994

申请日：2013-12-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G.P. Bosch ,  James N. Guichard ,  David D. Ward ,  Alessandro Duminuco ,  Rex E. Fernando ,  Paul Quinn

IPC: H04L12/733

CPC classification number: H04L45/20 ,  H04L45/04 ,  H04L45/24 ,  H04L45/28 ,  H04L45/586

Abstract: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.

Abstract translation: 在一个示例实施例中提供了示例性方法，并且包括从服务链的服务区的前一跳路由器接收会话的分组; 记录会话的上一跳路由器; 确定使用负载平衡来服务所述服务区中的分组的设备; 记录在服务区域中为会话服务的设备身份; 使用负载平衡确定所述分组的服务链中的下一跳路由器; 并为会话记录下一跳路由器。