公开(公告)号：US20240314036A1

公开(公告)日：2024-09-19

申请号：US18677720

申请日：2024-05-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L41/0893 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US20230269139A1

公开(公告)日：2023-08-24

申请号：US18304890

申请日：2023-04-21

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  H04L12/4641 ,  G06F9/45558 ,  H04L12/4633 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US20220131898A1

公开(公告)日：2022-04-28

申请号：US17569285

申请日：2022-01-05

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: G06F21/41 ,  H04L47/125

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US10462007B2

公开(公告)日：2019-10-29

申请号：US15193482

申请日：2016-06-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Victor Moreno ,  Mark Montanez ,  Sridhar Subramanian

IPC: H04L29/06 ,  G06F17/30 ,  G06F15/16 ,  G06F7/04 ,  H04L12/24 ,  H04L29/08 ,  H04L12/715

Abstract: Changes are made to a virtual network for an endpoint based on the authenticated user identity of the endpoint. The system includes a server and a controller associated with a network fabric to which the endpoint is connected. The network fabric includes network elements to carry network traffic for the endpoint. The server authenticates the endpoint associated with a network address and determines a user identity of the endpoint based on the authentication. The server determines a first virtual network associated with the user identity. The controller receives a notification from the server that the network traffic for the endpoint associated with the network address is to be routed over the first virtual network. The controller updates routing information to associate the network address with the first virtual network and sends the updated routing information to the network elements of the network fabric.

公开(公告)号：US20190132209A1

公开(公告)日：2019-05-02

申请号：US15912839

申请日：2018-03-06

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Johnson Leong ,  Satish Kondalam ,  Victor Moreno ,  Rohan Grover

IPC: H04L12/24 ,  H04L12/947 ,  H04L29/12

Abstract: A method for establishing a partitioned fabric network is described. The method includes establishing a fabric network including a plurality of border nodes to couple the fabric network to one or more external data networks and a plurality of edge nodes to couple to the fabric network to one or more hosts. The method further includes defining a plurality of partitions of the fabric network. The method further includes registering each of the plurality of partitions with a corresponding one of the plurality of border nodes and with each of the plurality of edge nodes.

公开(公告)号：US09338084B2

公开(公告)日：2016-05-10

申请号：US13964327

申请日：2013-08-12

Applicant: Cisco Technology, Inc.

Inventor： Gaurav Badoni ,  Dhananjaya Rao ,  Hasmit Grover ,  Senthil Kenchiah ,  Victor Moreno

IPC: H04L12/703 ,  H04L12/721

CPC classification number: H04L45/28 ,  H04L45/12

Abstract: Techniques are presented herein for optimizing traffic routing in overlay networks. At a first edge device located at a first site in a network, a message is received that indicates address information of a network device. The address information of the network device is stored in an address table. The address information is associated with a site identifier that identifies a second site at which the network device is located. The site identifier is mapped to an identifier associated with a second edge device that is responsible for routing traffic to network devices at the second site.

Abstract translation: 本文介绍了优化覆盖网络中的流量路由的技术。 在位于网络中的第一站点的第一边缘设备处，接收到指示网络设备的地址信息的消息。 网络设备的地址信息存储在地址表中。 地址信息与标识网络设备所在的第二站点的站点标识符相关联。 站点标识符被映射到与负责将通信路由到第二站点处的网络设备的第二边缘设备相关联的标识符。

公开(公告)号：US09300582B2

公开(公告)日：2016-03-29

申请号：US13719510

申请日：2012-12-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hasmit Grover ,  Dhananjaya Rao ,  Victor Moreno

IPC: H04L12/56 ,  H04L12/741 ,  H04L12/715

CPC classification number: H04L45/745 ,  H04L45/64

Abstract: In one embodiment, a method includes receiving a packet at an edge device in a first network site in communication with a second network site through a transport network, the packet comprising a destination address for a host at the second network site, verifying at the edge device a connection with the host, and inserting the destination address in a forwarding information base at the edge device upon verifying the connection with the host. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在通过传输网络与第二网络站点通信的第一网络站点中的边缘设备处接收分组，该分组包括在第二网络站点处的主机的目的地地址，在边缘验证 设备与主机的连接，以及在验证与主机的连接时将目标地址插入到边缘设备的转发信息库中。 本文还公开了一种装置和逻辑。

公开(公告)号：US20240007353A1

公开(公告)日：2024-01-04

申请号：US18360451

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  H04L12/4641 ,  G06F9/45558 ,  H04L12/4633 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US11671450B2

公开(公告)日：2023-06-06

申请号：US17569285

申请日：2022-01-05

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L9/40 ,  H04L47/125 ,  H04L45/02 ,  H04L45/50

CPC classification number: H04L63/1491 ,  H04L47/125 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L45/04 ,  H04L45/50

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US11102074B2

公开(公告)日：2021-08-24

申请号：US16368624

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.