公开(公告)号：US10110469B2

公开(公告)日：2018-10-23

申请号：US15216666

申请日：2016-07-21

Applicant: Cisco Technology, Inc.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey

IPC: G01R31/08 ,  H04L5/14 ,  H04B7/00 ,  H04J3/00 ,  H04L12/705 ,  H04L12/26 ,  H04L12/931 ,  H04L29/08 ,  H04L5/00 ,  H04L12/437 ,  H04L12/46 ,  H04L12/721 ,  H04L12/753 ,  H04L29/12 ,  H04L12/703

Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.

公开(公告)号：US10951531B2

公开(公告)日：2021-03-16

申请号：US16215352

申请日：2018-12-10

Applicant: Cisco Technology, Inc.

Inventor： Anand Kumar Singh ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Anulekha Chodey ,  Ambrish Niranjan Mehta ,  Natarajan Manthiramoorthy

IPC: H04L12/813 ,  H04L12/823 ,  H04L12/855

Abstract: Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.

公开(公告)号：US10333836B2

公开(公告)日：2019-06-25

申请号：US15486933

申请日：2017-04-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Rajesh Sharma

IPC: H04L12/753 ,  H04L12/46

Abstract: Methods for assisting data forwarding during convergence in a multi-homed network are disclosed. In one aspect, a first leaf node is configured to detect when a second leaf node advertises a set of Ethernet segments which are local to the first leaf and advertise reachability information for the second leaf, indicating itself as a backup for the second leaf during convergence. A spine node that receives advertisement messages from such first and second leaf nodes programs its routing table to indicate the direct route to the second leaf as the primary path and the route to the second leaf via the first leaf as a backup path to forward encapsulated packets destined to the second leaf. Upon failure of the second leaf, when the spine node receives data packets destined to the second leaf, the spine node sends the packets to the first leaf instead of the second leaf.

公开(公告)号：US10320838B2

公开(公告)日：2019-06-11

申请号：US15215290

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Venkatesh Srinivasan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey ,  Natarajan Manthiramoorthy ,  Swaminathan Narayanan

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/931 ,  H04L12/46

Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

公开(公告)号：US20180302321A1

公开(公告)日：2018-10-18

申请号：US15486933

申请日：2017-04-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Rajesh Sharma

IPC: H04L12/753 ,  H04L29/06

CPC classification number: H04L45/48 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/50 ,  H04L45/74 ,  H04L45/7453 ,  H04L49/1569

Abstract: Methods for assisting data forwarding during convergence in a multi-homed network are disclosed. In one aspect, a first leaf node is configured to detect when a second leaf node advertises a set of Ethernet segments which are local to the first leaf and advertise reachability information for the second leaf, indicating itself as a backup for the second leaf during convergence. A spine node that receives advertisement messages from such first and second leaf nodes programs its routing table to indicate the direct route to the second leaf as the primary path and the route to the second leaf via the first leaf as a backup path to forward encapsulated packets destined to the second leaf. Upon failure of the second leaf, when the spine node receives data packets destined to the second leaf, the spine node sends the packets to the first leaf instead of the second leaf.

公开(公告)号：US20180027012A1

公开(公告)日：2018-01-25

申请号：US15215290

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Venkatesh Srinivasan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey ,  Natarajan Manthiramoorthy ,  Swaminathan Narayanan

IPC: H04L29/06 ,  H04L12/931 ,  H04L12/46 ,  H04L29/12

CPC classification number: H04L63/1466 ,  H04L12/4641 ,  H04L49/70 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6022 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1483 ,  H04L2463/145

Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

公开(公告)号：US20200235959A1

公开(公告)日：2020-07-23

申请号：US16842422

申请日：2020-04-07

Applicant: Cisco Technology, Inc.

Inventor： Swami Narayanan ,  Ambrish Mehta ,  Venkatesh Srinivasan ,  Raghava Sivaramu ,  Ayan Banerjee

IPC: H04L12/46 ,  H04L12/04 ,  H04L29/06

Abstract: Aspects of the disclosed technology address limitations relating to packet replication for multi-destination traffic, by providing methods for performing hardware-based replication in network infrastructure devices, such as switches. In some aspects, application specific integrated circuits (ASICs) resident in physical devices can be used to perform packet replication. Depending on implementation, a hardware-based replication process can include steps for receiving a first packet that includes a first outer header containing first address information, receiving a second packet including a second outer header containing a hardware replication flag, forwarding the first packet to all virtual tunnel endpoints (VTEPs) connected with the TOR switch, and performing hardware replication for the second packet based on the hardware replication flag to generate one or more unicast packets. Systems and machine readable media are also provided.

公开(公告)号：US10516600B2

公开(公告)日：2019-12-24

申请号：US16135926

申请日：2018-09-19

Applicant: Cisco Technology, Inc.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey

IPC: H04L12/801 ,  H04L12/26 ,  H04L12/24 ,  H04L12/751 ,  H04L12/705 ,  H04L12/931 ,  H04L29/08 ,  H04L5/00 ,  H04L12/437 ,  H04L12/46 ,  H04L12/721 ,  H04L12/753 ,  H04L29/12 ,  H04L12/703

Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.

公开(公告)号：US20190116125A1

公开(公告)日：2019-04-18

申请号：US16215352

申请日：2018-12-10

Applicant: Cisco Technology, Inc.

Inventor： Anand Kumar Singh ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Anulekha Chodey ,  Ambrish Niranjan Mehta ,  Natarajan Manthiramoorthy

IPC: H04L12/813 ,  H04L12/823 ,  H04L12/855

Abstract: Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.

公开(公告)号：US20180026871A1

公开(公告)日：2018-01-25

申请号：US15216666

申请日：2016-07-21

Applicant: Cisco Technology, Inc.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey

IPC: H04L12/705 ,  H04L12/26 ,  H04L29/08 ,  H04L12/931

CPC classification number: H04L45/18 ,  H04L5/0012 ,  H04L12/437 ,  H04L12/4641 ,  H04L43/08 ,  H04L45/28 ,  H04L45/32 ,  H04L45/48 ,  H04L49/354 ,  H04L61/6022 ,  H04L69/324

Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.