公开(公告)号：US20230385120A1

公开(公告)日：2023-11-30

申请号：US17826411

申请日：2022-05-27

Applicant: Cisco Technology, Inc.

Inventor： Eric A. Voit ,  Edward A. Warnicke ,  Jeffrey G. Schutt

IPC: G06F9/50 ,  G06F9/445

CPC classification number: G06F9/505 ,  G06F9/44505 ,  G06F9/5044 ,  G06F9/5055

Abstract: A method, computer system, and computer program product are provided for performing admission control tasks. A universal reference for an executing application is obtained, wherein the universal reference identifies one or more components of the executing application by additional universal references assigned to the one or more components. A description of the executing application is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the description exhaustively identifies components and sub-components of the executing application. The identified one or more components and sub-components are assessed to perform an admission control operation between the executing application and a second application.

公开(公告)号：US20200099610A1

公开(公告)日：2020-03-26

申请号：US16138595

申请日：2018-09-21

Applicant: Cisco Technology, Inc.

Inventor： Giles Douglas Yorke Heron ,  Edward A. Warnicke ,  William Mark Townsley ,  Yoann Desmouceaux

IPC: H04L12/707 ,  H04L12/715 ,  H04L12/721 ,  H04L12/725 ,  H04L29/12

Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.

公开(公告)号：US20230319044A1

公开(公告)日：2023-10-05

申请号：US17860582

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Edward A. Warnicke ,  Jeffrey G. Schutt ,  Eric A. Voit

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/101 ,  G06F9/547

Abstract: A method, computer system, and computer program product are provided for performing logging, securing communications, and performing digital forensics tasks based on universal references for hardware and/or software configurations. A universal reference, obtained by a first entity, is included in a request of a second entity, wherein the universal reference identifies one or more components of the second entity using additional universal references assigned to each of the one or more components. It is determined whether the first entity is authorized to receive data from the second entity based on the universal reference. Based on the determining, data is received from the second entity.

公开(公告)号：US11665095B2

公开(公告)日：2023-05-30

申请号：US16983346

申请日：2020-08-03

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/00 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

CPC classification number: H04L47/20 ,  H04L12/28 ,  H04L41/20 ,  H04L45/50 ,  H04L67/02 ,  H04L67/10 ,  H04L67/14 ,  H04L69/16

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US11997141B2

公开(公告)日：2024-05-28

申请号：US17506838

申请日：2021-10-21

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey G. Schutt ,  Edward A. Warnicke

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/20 ,  H04L63/04 ,  H04L63/0876

Abstract: A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components. The one or more components and sub-components identified by the analyzing are assessed to perform one or more of: an inventory task, a policy enforcement task, an attestation task, and a forensics task.

公开(公告)号：US20230126959A1

公开(公告)日：2023-04-27

申请号：US17506838

申请日：2021-10-21

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey G. Schutt ,  Edward A. Warnicke

IPC: H04L29/06

Abstract: A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components. The one or more components and sub-components identified by the analyzing are assessed to perform one or more of: an inventory task, a policy enforcement task, an attestation task, and a forensics task.

公开(公告)号：US20210036951A1

公开(公告)日：2021-02-04

申请号：US17071919

申请日：2020-10-15

Applicant: Cisco Technology, Inc.

Inventor： Giles Douglas Yorke Heron ,  Edward A. Warnicke ,  William Mark Townsley ,  Yoann Desmouceaux

IPC: H04L12/707 ,  H04L12/715 ,  H04L12/703 ,  H04L12/721 ,  H04L29/12

Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.

公开(公告)号：US11824765B2

公开(公告)日：2023-11-21

申请号：US16226163

申请日：2018-12-19

Applicant: Cisco Technology, Inc.

Inventor： Giles Douglas Yorke Heron ,  Edward A. Warnicke

IPC: H04L45/28 ,  H04L45/745 ,  H04L41/0668 ,  G06F9/48 ,  H04L45/00 ,  H04L45/02 ,  H04L49/00 ,  H04L41/0663

CPC classification number: H04L45/28 ,  G06F9/4856 ,  H04L41/0663 ,  H04L41/0668 ,  H04L45/02 ,  H04L45/22 ,  H04L45/745 ,  H04L49/70

Abstract: Systems, methods, and devices are disclosed for re-routing network traffic directed to a pod device. Traffic is routed from an ingress device towards a first node in communication with multiple pods. In response to the detection of a failure event associated with the first pod, a network device address of the first pod is removed from a routing table. If a packet is received from the ingress device that is destined for a service, the routing table is used to look up a pod for handling a service request associated with the service. A network device address of a second pod is determined based on not finding the network device address of the first pod in the routing table. The packet is then forwarded to the second pod using the second device address before the ingress device knows that the first pod has failed.

公开(公告)号：US20230261999A1

公开(公告)日：2023-08-17

申请号：US18139449

申请日：2023-04-26

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/00 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

CPC classification number: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/20 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US11283707B2

公开(公告)日：2022-03-22

申请号：US17071919

申请日：2020-10-15

Applicant: Cisco Technology, Inc.

Inventor： Giles Douglas Yorke Heron ,  Edward A. Warnicke ,  William Mark Townsley ,  Yoann Desmouceaux

IPC: H04L12/707 ,  H04L12/715 ,  H04L12/703 ,  H04L12/721 ,  H04L29/12 ,  H04L45/00 ,  H04L45/28 ,  H04L61/256 ,  H04L12/725 ,  H04L45/30

Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.