公开(公告)号：US11665095B2

公开(公告)日：2023-05-30

申请号：US16983346

申请日：2020-08-03

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/00 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

CPC classification number: H04L47/20 ,  H04L12/28 ,  H04L41/20 ,  H04L45/50 ,  H04L67/02 ,  H04L67/10 ,  H04L67/14 ,  H04L69/16

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US10284438B2

公开(公告)日：2019-05-07

申请号：US14612691

申请日：2015-02-03

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Preethi Natarajan ,  Alberto Rodriguez Natal ,  Fabio Rodolfo Maino ,  Alberto Cabellos Aparicio ,  Vasileios Lakafosis ,  Lorand Jakab

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/707 ,  H04L12/801 ,  H04L12/803

Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.

公开(公告)号：US20200059457A1

公开(公告)日：2020-02-20

申请号：US16104456

申请日：2018-08-17

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Mosaddaq Hussain Turabi ,  Fabio Rodolfo Maino ,  Vina Ermagan ,  Atri Indiresan

IPC: H04L29/06 ,  H04L12/28 ,  H04L12/46

Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.

公开(公告)号：US20230261999A1

公开(公告)日：2023-08-17

申请号：US18139449

申请日：2023-04-26

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/00 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

CPC classification number: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/20 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US20210266262A1

公开(公告)日：2021-08-26

申请号：US16983346

申请日：2020-08-03

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L12/813 ,  H04L29/08 ,  H04L12/28 ,  H04L12/723 ,  H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US10992654B2

公开(公告)日：2021-04-27

申请号：US16104456

申请日：2018-08-17

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Mosaddaq Hussain Turabi ,  Fabio Rodolfo Maino ,  Vina Ermagan ,  Atri Indiresan

IPC: H04L29/06 ,  H04L12/28 ,  H04L12/46

Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.

公开(公告)号：US20160119196A1

公开(公告)日：2016-04-28

申请号：US14612691

申请日：2015-02-03

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Preethi Natarajan ,  Alberto Rodriguez Natal ,  Fabio Rodolfo Maino ,  Alberto Cabellos Aparicio ,  Vasileios Lakafosis ,  Lorand Jakab

IPC: H04L12/24 ,  H04L12/707

CPC classification number: H04L41/5054 ,  H04L45/24 ,  H04L47/125 ,  H04L47/193 ,  H04L69/14 ,  H04L69/16 ,  H04L69/161

Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.

Abstract translation: 为网络中的网络映射服务器设备提供技术，以接收包括信息的连接升级消息，以便根据多路径协议从不支持第一数据流的多个子流的第一端点建立第一数据流，其中多个子流 第一个数据流跨越两个或多个网络路径细分。 分析连接升级消息中的信息以便解析网络连接以确定到第二端点的至少两个子流的第一数据流的潜在网络连接。 发送响应消息，包括被配置为为第一端点和第二端点之间的第一数据流建立至少两个子流的信息。