公开(公告)号：US12081443B2

公开(公告)日：2024-09-03

申请号：US17381552

申请日：2021-07-21

Applicant: Cisco Technology, Inc.

Inventor： Roshan Lal ,  Rishi Chhibber ,  Anand Kumar Singh

IPC: H04W72/23 ,  H04L1/00 ,  H04L1/1867 ,  H04L5/00 ,  H04L47/2441 ,  H04L47/25 ,  H04L47/32

CPC classification number: H04L47/2441 ,  H04L47/25 ,  H04L47/32

Abstract: Techniques are described for an adaptive CoPP that can adapt and change based on actual network control traffic rather than static CoPP rates. An aggressive CoPP can protect the CPU (route processor) of a network device, e.g., routers and switches, but may also penalize convergence and performance. An adaptive CoPP may protect CPU as well as boost convergence and performance parameters. In particular, traffic between two sites may be managed by proactively changing the thresholds of lower CoS traffic based on the CoPP utilization of various protocol/BPDU class traffic, thereby improving data plane convergence and application performance in scaled environments.

公开(公告)号：US10110469B2

公开(公告)日：2018-10-23

申请号：US15216666

申请日：2016-07-21

Applicant: Cisco Technology, Inc.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey

IPC: G01R31/08 ,  H04L5/14 ,  H04B7/00 ,  H04J3/00 ,  H04L12/705 ,  H04L12/26 ,  H04L12/931 ,  H04L29/08 ,  H04L5/00 ,  H04L12/437 ,  H04L12/46 ,  H04L12/721 ,  H04L12/753 ,  H04L29/12 ,  H04L12/703

Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.

公开(公告)号：US10951531B2

公开(公告)日：2021-03-16

申请号：US16215352

申请日：2018-12-10

Applicant: Cisco Technology, Inc.

Inventor： Anand Kumar Singh ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Anulekha Chodey ,  Ambrish Niranjan Mehta ,  Natarajan Manthiramoorthy

IPC: H04L12/813 ,  H04L12/823 ,  H04L12/855

Abstract: Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.

公开(公告)号：US10833808B1

公开(公告)日：2020-11-10

申请号：US16428203

申请日：2019-05-31

Applicant: Cisco Technology, Inc.

Inventor： Roshan Lal ,  Rishi Chhibber ,  Mankamana Prasad Mishra ,  Peter Psenak ,  Padmanab Pathikonda ,  Francesco Meo ,  Anand Kumar Singh

IPC: H04L1/12 ,  H04L12/18 ,  H04L1/18

Abstract: Multicast error detection and recovery may be provided. A join request for a multicast stream may be sent from a first network node to a second network node. The join request may be sent over a first link of a plurality of links between the first network node and the second network node. A redirect message indicating that the second network node cannot accommodate the join request may be received by the first network node from the second network node. In response to receiving the redirect message, the join request for the multicast stream may not be sent on a second link of the plurality of links by the first network node to the second network node. And in response to receiving the redirect message, an alternate upstream network node may be determined by the first network node to send the join request for the multicast stream to.

公开(公告)号：US10320838B2

公开(公告)日：2019-06-11

申请号：US15215290

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Venkatesh Srinivasan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey ,  Natarajan Manthiramoorthy ,  Swaminathan Narayanan

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/931 ,  H04L12/46

Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

公开(公告)号：US20180027012A1

公开(公告)日：2018-01-25

申请号：US15215290

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Venkatesh Srinivasan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey ,  Natarajan Manthiramoorthy ,  Swaminathan Narayanan

IPC: H04L29/06 ,  H04L12/931 ,  H04L12/46 ,  H04L29/12

CPC classification number: H04L63/1466 ,  H04L12/4641 ,  H04L49/70 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6022 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1483 ,  H04L2463/145

Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

公开(公告)号：US20230030452A1

公开(公告)日：2023-02-02

申请号：US17381552

申请日：2021-07-21

Applicant: Cisco Technology, Inc.

Inventor： Roshan Lal ,  Rishi Chhibber ,  Anand Kumar Singh

IPC: H04L12/851 ,  H04L12/823 ,  H04L12/825

Abstract: Techniques are described for an adaptive CoPP that can adapt and change based on actual network control traffic rather than static CoPP rates. An aggressive CoPP can protect the CPU (route processor) of a network device, e.g., routers and switches, but may also penalize convergence and performance. An adaptive CoPP may protect CPU as well as boost convergence and performance parameters. In particular, traffic between two sites may be managed by proactively changing the thresholds of lower CoS traffic based on the CoPP utilization of various protocol/BPDU class traffic, thereby improving data plane convergence and application performance in scaled environments.

公开(公告)号：US10608924B2

公开(公告)日：2020-03-31

申请号：US16042870

申请日：2018-07-23

Applicant: Cisco Technology, Inc.

Inventor： Padmanab Pathikonda ,  Rishi Chhibber ,  Roshan Lal ,  Ann Roshini Paul ,  Anand Kumar Singh ,  Nataraj Batchu

IPC: H04L12/761 ,  H04L12/753

Abstract: In one illustrative example, an IP network media data router includes a spine and leaf switch architecture operative to provide IP multicast delivery of media data from source devices to receiver devices without the overhead communication with a controller. The architecture can include K spine switches, K sets of L leaf switches, M data links between each leaf switch, and a plurality of bidirectional data ports connected to each leaf switch for a guaranteed non-blocking IP multicast delivery of data. A deterministic hash function a used on both the first hop router and the last hop router to ensure the same spine node is selected for flow stitching. Accordingly, without the extra communication with a centralized controller, the right spine for establishing a multicast flow can be chosen using the deterministic hash function and the distributed resource information stored on each node.

公开(公告)号：US10516598B2

公开(公告)日：2019-12-24

申请号：US15232591

申请日：2016-08-09

Applicant: Cisco Technology, Inc.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey

IPC: H04L12/751 ,  H04L29/06 ,  H04L12/24 ,  H04L12/705 ,  H04L12/26 ,  H04L12/931 ,  H04L29/08 ,  H04L5/00 ,  H04L12/437 ,  H04L12/46 ,  H04L12/721 ,  H04L12/753 ,  H04L29/12 ,  H04L12/703

Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a network path having multiple hops associated with respective nodes which are configured in a forwarding mode. The system can traverse the network path to identify, for each node from the respective nodes, a respective next hop. Based on the respective next hop for each node, the system can determine whether two or more nodes from the respective nodes have a same respective next hop. When the two or more nodes have the same respective next hop, the system can determine that the network path has a network loop.

公开(公告)号：US20190036809A1

公开(公告)日：2019-01-31

申请号：US16135926

申请日：2018-09-19

Applicant: Cisco Technology, Inc.

Inventor： Natarajan Manthiramoorthy ,  Venkatesh Srinivasan ,  Swaminathan Narayanan ,  Ambrish Niranjan Mehta ,  Anand Kumar Singh ,  Anulekha Chodey

IPC: H04L12/705 ,  H04L12/703 ,  H04L12/931 ,  H04L29/08 ,  H04L5/00 ,  H04L12/26 ,  H04L12/46 ,  H04L12/721 ,  H04L12/753 ,  H04L29/12 ,  H04L12/437

Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.