公开(公告)号：US20210234898A1

公开(公告)日：2021-07-29

申请号：US16750841

申请日：2020-01-23

Applicant: Cisco Technology, Inc.

Inventor： Ronak K. Desai ,  Rajagopalan Janakiraman ,  Mohammed Javed Asghar ,  Azeem Suleman ,  Patel Amitkumar Valjibhai ,  Sanjay Kumar Hooda ,  Victor Manuel Moreno

IPC: H04L29/06 ,  H04L12/813 ,  H04L12/947 ,  H04L29/12

Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.

公开(公告)号：US11553006B2

公开(公告)日：2023-01-10

申请号：US17589199

申请日：2022-01-31

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Kamalam Panchalingam ,  Umamaheswararao Karyampudi ,  Junyun Li ,  Muralidhar Annabatula ,  Ronak K. Desai ,  Thomas J. Edsall

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/0893 ,  H04L47/125 ,  H04L47/20 ,  H04L67/56

Abstract: A distributed policy proxy system offloads network policy processing from an overloaded network element to policy proxy network elements. A network controller detects that policy resources are overloaded at a network element, and assigns a range of endpoints to each policy proxy network element. Each policy proxy network element is assigned to handle policy processing for traffic belonging to a corresponding assigned range of endpoints. The network controller provides instructions to the policy proxy network elements to enable each policy proxy network element to apply the network policy for its assigned range of endpoints. The network controller also provides instructions to the overloaded network element to redirect a packet from the first endpoint to a first policy proxy network element based on a destination of the packet.

公开(公告)号：US20220159042A1

公开(公告)日：2022-05-19

申请号：US17589199

申请日：2022-01-31

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Kamalam Panchalingam ,  Umamaheswararao Karyampudi ,  Junyun Li ,  Muralidhar Annabatula ,  Ronak K. Desai ,  Thomas J. Edsall

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/0893 ,  H04L67/56 ,  H04L47/125 ,  H04L47/20

Abstract: A distributed policy proxy system offloads network policy processing from an overloaded network element to policy proxy network elements. A network controller detects that policy resources are overloaded at a network element, and assigns a range of endpoints to each policy proxy network element. Each policy proxy network element is assigned to handle policy processing for traffic belonging to a corresponding assigned range of endpoints. The network controller provides instructions to the policy proxy network elements to enable each policy proxy network element to apply the network policy for its assigned range of endpoints. The network controller also provides instructions to the overloaded network element to redirect a packet from the first endpoint to a first policy proxy network element based on a destination of the packet.

公开(公告)号：US20220021707A1

公开(公告)日：2022-01-20

申请号：US16931610

申请日：2020-07-17

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Kamalam Panchalingam ,  Umamaheswararao Karyampudi ,  Junyun Li ,  Muralidhar Annabatula ,  Ronak K. Desai ,  Thomas J. Edsall

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/813 ,  H04L29/08 ,  H04L12/803

Abstract: A distributed policy proxy system offloads network policy processing from an overloaded network element to policy proxy network elements. A network controller detects that policy resources are overloaded at a network element, and selects a group of policy proxy network elements. The network controller assigns an exclusive range of endpoint groups to each policy proxy network element. Each policy proxy network element is assigned to handle policy processing for its assigned range of endpoint groups. The network controller provides instructions to the policy proxy network elements to enable each policy proxy network element to apply the network policy for its assigned range of endpoint groups. The network controller also provides instructions to the overloaded network element to redirect a packet from the first endpoint group to a first policy proxy network element based on a destination of the packet.

公开(公告)号：US11057350B2

公开(公告)日：2021-07-06

申请号：US16426336

申请日：2019-05-30

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Azeem Suleman ,  Mohammed Javed Asghar ,  Patel Amitkumar Valjibhai ,  Ronak K. Desai

IPC: H04L29/06 ,  H04L12/721 ,  H04L12/46 ,  H04L29/08 ,  H04L29/12

Abstract: Technologies for extending a subnet across on-premises and cloud-based deployments are provided. An example method may include creating a VPC in a cloud for hosting an endpoint being moved from an on-premises site. For the endpoint to retain its IP address, a subnet range assigned to the VPC, based on the smallest subnet mask allowed by the cloud, is selected to include the IP address of the endpoint. The IP addresses from the assigned subnet range corresponding to on-premises endpoints are configured as secondary IP addresses on a Layer 2 (L2) proxy router instantiated in the VPC. The L2 proxy router establishes a tunnel to a cloud overlay router and directs traffic destined to on-premises endpoints, with IP addresses in the VPC subnet range thereto for outbound transmission. The cloud overly router updates the secondary IP addresses on the L2 proxy router based on reachability information for the on-premises site.

公开(公告)号：US20200280587A1

公开(公告)日：2020-09-03

申请号：US16289647

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Ronak K. Desai ,  Sivakumar Ganapathy ,  Mohammed Javed Asghar ,  Azeem Suleman ,  Patel Amitkumar Valjibhai

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.

公开(公告)号：US11277447B2

公开(公告)日：2022-03-15

申请号：US16931610

申请日：2020-07-17

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Kamalam Panchalingam ,  Umamaheswararao Karyampudi ,  Junyun Li ,  Muralidhar Annabatula ,  Ronak K. Desai ,  Thomas J. Edsall

IPC: H04L29/06 ,  H04L41/0806 ,  H04L41/0893 ,  H04L67/56 ,  H04L47/125 ,  H04L47/20

Abstract: A distributed policy proxy system offloads network policy processing from an overloaded network element to policy proxy network elements. A network controller detects that policy resources are overloaded at a network element, and selects a group of policy proxy network elements. The network controller assigns an exclusive range of endpoint groups to each policy proxy network element. Each policy proxy network element is assigned to handle policy processing for its assigned range of endpoint groups. The network controller provides instructions to the policy proxy network elements to enable each policy proxy network element to apply the network policy for its assigned range of endpoint groups. The network controller also provides instructions to the overloaded network element to redirect a packet from the first endpoint group to a first policy proxy network element based on a destination of the packet.

公开(公告)号：US11165828B2

公开(公告)日：2021-11-02

申请号：US16289647

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Ronak K. Desai ,  Sivakumar Ganapathy ,  Mohammed Javed Asghar ,  Azeem Suleman ,  Patel Amitkumar Valjibhai

IPC: H04L12/24 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.

公开(公告)号：US10891147B1

公开(公告)日：2021-01-12

申请号：US15376365

申请日：2016-12-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Vijayan Ramakrishnan ,  Saurabh Jain ,  Vijay Chander ,  Ronak K. Desai ,  Praveen Jain ,  Munish Mehta ,  Yibin Yang

IPC: G06F9/455

Abstract: Aspects of the embodiments are directed to forming a virtual machine management (VMM) domain in a heterogeneous datacenter. Aspects can include mapping an endpoint group to multiple VMM domains, each VMM domain associated with one or more virtual machine management systems of a single type that each share one or more management system characteristics; instantiating a virtual switch instance, the virtual switch instance associated with a the VMM domain; and instantiating the endpoint group mapped to the VMM domain as a network component associated with the virtual switch instance.

公开(公告)号：US10469402B2

公开(公告)日：2019-11-05

申请号：US15353093

申请日：2016-11-16

Applicant: Cisco Technology, Inc.

Inventor： Saurabh Jain ,  Vijay K. Chander ,  Vijayan Ramakrishnan ,  Ronak K. Desai ,  Praveen Jain ,  Munish Mehta ,  Yibin Yang

IPC: G06F15/167 ,  H04L12/919 ,  H04L12/24

Abstract: The techniques presented herein use dynamic endpoint group (EPG) binding changes to facilitate cross-tenant resource sharing. A first node of a multi-tenant software defined network determines that an application on a first endpoint has initiated operation and needs temporary access to resources located at a second endpoint. The first and second endpoints are associated with first and second tenants, respectively, that are logically segregated from one another by the software defined network. The first node dynamically changes an initial EPG binding associated with the first endpoint to a second EPG binding that enables the first endpoint to temporarily directly access the resources at the second endpoint. The first node subsequently determines that the application on the first endpoint no longer needs access to the resources located at a second endpoint and, as such, changes the second EPG binding associated with the first endpoint back to the initial EPG binding.