-
公开(公告)号:US12267238B2
公开(公告)日:2025-04-01
申请号:US18198104
申请日:2023-05-16
Applicant: Cisco Technology, Inc.
Inventor: Prakash C. Jain , Sanjay Kumar Hooda , Darrin Joseph Miller , Ashwin Kumar
Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.
-
公开(公告)号:US20220360528A1
公开(公告)日:2022-11-10
申请号:US17308224
申请日:2021-05-05
Applicant: Cisco Technology, Inc.
Inventor: Prakash C. Jain , Sanjay Kumar Hooda , Darrin Joseph Miller , Ashwin Kumar
IPC: H04L12/741 , H04L29/06
Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.
-
公开(公告)号:US11388175B2
公开(公告)日:2022-07-12
申请号:US16562017
申请日:2019-09-05
Applicant: Cisco Technology, Inc.
Inventor: Gangadharan Byju Pularikkal , Santosh Ramrao Patil , Paul Wayne Bigbee , Darrin Joseph Miller , Madhusudan Nanjanagud
Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.
-
公开(公告)号:US20170373936A1
公开(公告)日:2017-12-28
申请号:US15193482
申请日:2016-06-27
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Darrin Joseph Miller , Victor Moreno , Mark Montanez , Sridhar Subramanian
CPC classification number: H04L41/0816 , H04L41/12 , H04L45/64 , H04L63/08 , H04L63/0876 , H04L63/104 , H04L67/306
Abstract: Changes are made to a virtual network for an endpoint based on the authenticated user identity of the endpoint. The system includes a server and a controller associated with a network fabric to which the endpoint is connected. The network fabric includes network elements to carry network traffic for the endpoint. The server authenticates the endpoint associated with a network address and determines a user identity of the endpoint based on the authentication. The server determines a first virtual network associated with the user identity. The controller receives a notification from the server that the network traffic for the endpoint associated with the network address is to be routed over the first virtual network. The controller updates routing information to associate the network address with the first virtual network and sends the updated routing information to the network elements of the network fabric.
-
公开(公告)号:US11985110B2
公开(公告)日:2024-05-14
申请号:US17932092
申请日:2022-09-14
Applicant: Cisco Technology, Inc.
Inventor: Saravanan Radhakrishnan , Anand Oswal , Ashwin Kumar , Paul Wayne Bigbee , Darrin Joseph Miller
CPC classification number: H04L63/0263 , H04L63/101 , H04L63/20
Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.
-
Patent Agency Ranking
公开(公告)号:US11909771B2
公开(公告)日:2024-02-20
申请号:US16889102
申请日:2020-06-01
Applicant: Cisco Technology, Inc.
Inventor: Darrin Joseph Miller , Kevin Patrick Regan , Einar Nilsen-Nygaard
IPC: H04L29/06 , H04L9/40 , H04L61/4511 , H04L61/5007
CPC classification number: H04L63/205 , H04L61/4511 , H04L61/5007 , H04L63/102
Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.
-
公开(公告)号:US20210377314A1
公开(公告)日:2021-12-02
申请号:US16889102
申请日:2020-06-01
Applicant: Cisco Technology, Inc.
Inventor: Darrin Joseph Miller , Kevin Patrick Regan , Einar Nilsen-Nygaard
Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.
-
公开(公告)号:US20210360465A1
公开(公告)日:2021-11-18
申请号:US17236659
申请日:2021-04-21
Applicant: Cisco Technology, Inc.
Inventor: Jerome Henry , Nancy Cam-Winget , Simone Arena , Darrin Joseph Miller , Sudhir Kumar Jain , Einar Nilsen-Nygaard
Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.
-
公开(公告)号:US20190104144A1
公开(公告)日:2019-04-04
申请号:US15720553
申请日:2017-09-29
Applicant: Cisco Technology, Inc.
Inventor: Matthew Scott Robertson , Darrin Joseph Miller , Sunil Navinchandra Amin , Paul Wayne Bigbee
Abstract: In one example embodiment, a threat detection server receives metadata of a network flow in a network; a zone definition that correlates the metadata of the network flow with a first zone of network devices in the network and a second zone of network devices in the network, where the network flow was transmitted from the first zone to the second zone; and a security policy for the network flow, where the security policy is enforced on the basis of the first zone and the second zone. Based on the zone definition, the threat detection server annotates a flow record that includes the metadata with an indication of the first zone and the second zone. Based on the annotated flow record and the security policy, the threat detection server determines whether to generate a notification associated with a detection of a security threat associated with the network flow.
-
公开(公告)号:US20230291687A1
公开(公告)日:2023-09-14
申请号:US18198104
申请日:2023-05-16
Applicant: Cisco Technology, Inc.
Inventor: Prakash C. Jain , Sanjay Kumar Hooda , Darrin Joseph Miller , Ashwin Kumar
CPC classification number: H04L45/74 , H04L63/205
Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.
-
-
-
-
-
-
-
-
-
Search Results
28
records
(took 0.017 seconds)
