公开(公告)号：US20240073099A1

公开(公告)日：2024-02-29

申请号：US18119172

申请日：2023-03-08

Applicant: Cisco Technology, Inc.

Inventor： Deepak Kumar ,  Shyam Nayan Kapadia ,  Neelesh Kumar ,  Sri Goli ,  Eshwar Rao Yedavalli

IPC: H04L41/12

CPC classification number: H04L41/12

Abstract: Techniques for automatically claiming switches of a tenant computer network by a remote, cloud-based network controller. A first seed switch is manually claimed by a user by implementing the remote, cloud-based network controller. After claiming the seed switch a set of switches immediately connected with the seed switch are identified by Device Connector logic in the seed switch and immediately connected switches. Switches directly connected to those switches are then identified using Device Connector logic of the switches. This process is performed iteratively by identifying immediately connected switches until all of the switches are identified. All or a subset of the identified switches can then be claimed by the remote, cloud-based controller based on a response from the tenant network user.

公开(公告)号：US11368484B1

公开(公告)日：2022-06-21

申请号：US16396096

申请日：2019-04-26

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Eshwar Rao Yedavalli ,  Mohammed Javed Asghar ,  Ashwath Kumar Chandrasekaran ,  Swapnil Mankar ,  Umamaheswararao Karyampudi

IPC: H04L101/622 ,  G06F9/455 ,  H04L61/103 ,  H04L9/40

Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.

公开(公告)号：US11757935B2

公开(公告)日：2023-09-12

申请号：US17736748

申请日：2022-05-04

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Eshwar Rao Yedavalli ,  Mohammed Javed Asghar ,  Ashwath Kumar Chandrasekaran ,  Swapnil Mankar ,  Umamaheswararao Karyampudi

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/103 ,  H04L101/622

CPC classification number: H04L63/1483 ,  G06F9/45558 ,  H04L61/103 ,  H04L63/10 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L2101/622

Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.

公开(公告)号：US11201859B2

公开(公告)日：2021-12-14

申请号：US16163453

申请日：2018-10-17

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Sridhar Vallepalli ,  Govind Prasad Sharma ,  Eshwar Rao Yedavalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14

Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet. Upon receipt, the destination port header is used by the receiving site to determine that the packet is encrypted.

公开(公告)号：US20220263865A1

公开(公告)日：2022-08-18

申请号：US17736748

申请日：2022-05-04

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Eshwar Rao Yedavalli ,  Mohammed Javed Asghar ,  Ashwath Kumar Chandrasekaran ,  Swapnil Mankar ,  Umamaheswararao Karyampudi

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/103 ,  H04L101/622

Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.