公开(公告)号：US20240146643A1

公开(公告)日：2024-05-02

申请号：US17979640

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Nagendra Kumar Nainar ,  Madhan Sankaranarayanan ,  Jaganbabu Rajamanickam ,  Craig Thomas Hill ,  Cesar Obediente

IPC: H04L45/00 ,  H04L43/50 ,  H04L45/28

CPC classification number: H04L45/22 ,  H04L43/50 ,  H04L45/28

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

公开(公告)号：US20240048436A1

公开(公告)日：2024-02-08

申请号：US18380594

申请日：2023-10-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  David John Zacks ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan ,  Cesar Obediente ,  Craig Thomas Hill

IPC: H04L41/0604 ,  H04L67/133 ,  H04L41/0631 ,  H04L41/0654 ,  H04L61/103 ,  H04L9/40

CPC classification number: H04L41/0627 ,  H04L67/133 ,  H04L41/0631 ,  H04L41/0654 ,  H04L61/103 ,  H04L63/101

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

公开(公告)号：US11863450B1

公开(公告)日：2024-01-02

申请号：US18063291

申请日：2022-12-08

Applicant: Cisco Technology, Inc.

Inventor： Cesar Obediente ,  Craig Thomas Hill ,  Nagendra Kumar Nainar ,  David John Zacks ,  Jaganbabu Rajamanickam ,  Madhan Sankaranarayanan

IPC: H04L45/76

CPC classification number: H04L45/76

Abstract: A method comprises: at a network device configured to be connected to a network and having control and data planes, and interfaces configured for network operations in the network: upon receiving, from a controller, instructions to form a local twin of the network device that is a virtual replica of the network device to be used for test purposes, creating the local twin and configuring the local twin to include virtual control and data planes, and virtual interfaces, which are virtual replicas of, and operate independently from, the control and data planes, and the interfaces, of the network device, respectively; and hosting the local twin on physical resources of the network device such that the local twin is configured for virtual network operations on the network device that replicate, but are independent from, the network operations.

公开(公告)号：US20230261928A1

公开(公告)日：2023-08-17

申请号：US17674686

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  David John Zacks ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan ,  Cesar Obediente ,  Craig Thomas Hill

IPC: H04L41/0604 ,  H04L41/0654 ,  H04L41/0631 ,  H04L67/133 ,  H04L61/103 ,  H04L9/40

CPC classification number: H04L41/0627 ,  H04L41/0654 ,  H04L41/0631 ,  H04L67/40 ,  H04L61/103 ,  H04L63/101

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

公开(公告)号：US20230188534A1

公开(公告)日：2023-06-15

申请号：US17546492

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Sujal Sheth ,  Frank Brockners ,  Cesar Obediente

IPC: H04L9/40 ,  H04L9/08

CPC classification number: H04L63/123 ,  H04L63/0464 ,  H04L63/205 ,  H04L9/0838

Abstract: According to an embodiment, a node comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the node to perform operations. The operations comprise determining security validation information that the node associates with a packet, inserting into the packet an identifier associated with the node and the security validation information that the node associates with the packet, and transmitting the packet comprising the identifier associated with the node and the security validation information that the node associates with the packet. The security validation information comprises one or more proof of security attributes and/or one or more proof of security level attributes.

公开(公告)号：US10158565B2

公开(公告)日：2018-12-18

申请号：US15249260

申请日：2016-08-26

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  James Guichard ,  Darrin Joseph Miller ,  Carlos M. Pignataro

IPC: H04L12/723 ,  H04L12/911 ,  H04L29/08 ,  H04L12/725 ,  H04L12/721 ,  H04L12/715 ,  H04L29/06

Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.

公开(公告)号：US11818141B2

公开(公告)日：2023-11-14

申请号：US17546492

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Sujal Sheth ,  Frank Brockners ,  Cesar Obediente

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08

CPC classification number: H04L63/123 ,  H04L9/0838 ,  H04L63/0464 ,  H04L63/20 ,  H04L63/205

Abstract: According to an embodiment, a node comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the node to perform operations. The operations comprise determining security validation information that the node associates with a packet, inserting into the packet an identifier associated with the node and the security validation information that the node associates with the packet, and transmitting the packet comprising the identifier associated with the node and the security validation information that the node associates with the packet. The security validation information comprises one or more proof of security attributes and/or one or more proof of security level attributes.

公开(公告)号：US20210218717A1

公开(公告)日：2021-07-15

申请号：US16738722

申请日：2020-01-09

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Chennakesava Reddy Gaddam ,  Annu Singh ,  Gaurav Kumar

IPC: H04L29/06 ,  H04L9/08

Abstract: A non-transitory computer readable medium including instructions stored thereon, when executed, the instructions being effective to cause at least one processor of a first network device to: derive a private key encryption key based on a public key, a first private key of the first network device, a second private key of a live peer device, and a Connectivity Association Key (CAK); transmit a secret key encrypted by the private key encryption key to the live peer device; and receive a communication from the live peer device, the communication being encrypted by the secret key.

公开(公告)号：US10728142B2

公开(公告)日：2020-07-28

申请号：US16204464

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  James Guichard ,  Darrin Joseph Miller ,  Carlos M. Pignataro

IPC: H04L12/723 ,  H04L12/725 ,  H04L12/721 ,  H04L12/715 ,  H04L29/08 ,  H04L12/911 ,  H04L29/06

Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.

公开(公告)号：US20200220843A1

公开(公告)日：2020-07-09

申请号：US16243733

申请日：2019-01-09

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Stephen Michael Orr

IPC: H04L29/06 ,  H04L12/755 ,  H04L9/08

Abstract: A network device configured to communicate with a network executes a security protocol. The security protocol establishes a secure session with a security peer network device, exchanges security protected traffic with the security peer network device over a secure link, detects whether there is a security failure in the secure session, and upon detecting a security failure, signals there is a security failure. The network device also executes a routing protocol. The routing protocol maintains a routing table that includes a route to the security peer over the secure link, routes the security protected traffic along the route, and, upon receiving from the security protocol the signal that there is a security failure, removes the route from the routing table to stop the routing.