公开(公告)号：US12199963B2

公开(公告)日：2025-01-14

申请号：US18508743

申请日：2023-11-14

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US11895100B2

公开(公告)日：2024-02-06

申请号：US16940114

申请日：2020-07-27

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US11159451B2

公开(公告)日：2021-10-26

申请号：US16162199

申请日：2018-10-16

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Sridhar Vallepalli ,  Umamaheswararao Karyampudi ,  Srinivas Kotamraju

IPC: H04L12/00 ,  H04L12/933 ,  H04L12/46 ,  H04L12/24 ,  H04L12/715 ,  H04L12/761 ,  H04L12/707 ,  H04L12/741 ,  H04L12/931 ,  H04L29/12 ,  H04L29/06

Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.

公开(公告)号：US20210266256A1

公开(公告)日：2021-08-26

申请号：US16801500

申请日：2020-02-26

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Javed Asghar ,  Azeem Muhammad Suleman

IPC: H04L12/741 ,  H04L29/08 ,  H04L12/26 ,  H04L29/12

Abstract: Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.

公开(公告)号：US20170331737A1

公开(公告)日：2017-11-16

申请号：US15152213

申请日：2016-05-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yixing Ruan ,  James N. Guichard ,  Javed Asghar ,  Carlos M. Pignataro ,  Kenneth Eugene Gray

IPC: H04L12/741 ,  H04L12/813 ,  H04L29/12 ,  H04L29/06

CPC classification number: H04L69/22 ,  H04L12/4633 ,  H04L45/306 ,  H04L45/566 ,  H04L45/586 ,  H04L45/64

Abstract: Aspects of the embodiments are directed to augmenting a control packet with an interface identifier, the interface identifier identifying an interface at a physical network forwarding element; and transmitting the control packet with the interface identifier to the physical network forwarding element. The interface identifier can be included in metadata of a network service header (NSH). The NSH is encapsulated with the control packet, which is transmitted with the control packet. The NSH can be extracted and the interface identifier used to identify a user interface (or a presenting interface) based on a metadata lookup.

公开(公告)号：US11949602B2

公开(公告)日：2024-04-02

申请号：US17448320

申请日：2021-09-21

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Sridhar Vallepalli ,  Umamaheswararao Karyampudi ,  Srinivas Kotamraju

IPC: H04L45/00 ,  H04L9/40 ,  H04L12/46 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/16 ,  H04L45/24 ,  H04L45/74 ,  H04L49/104 ,  H04L49/15 ,  H04L49/201 ,  H04L61/106 ,  H04L69/22

CPC classification number: H04L49/104 ,  H04L12/462 ,  H04L12/4633 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/16 ,  H04L45/24 ,  H04L45/74 ,  H04L49/1553 ,  H04L49/203 ,  H04L61/106 ,  H04L63/20 ,  H04L69/22

Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.

公开(公告)号：US20230185683A1

公开(公告)日：2023-06-15

申请号：US17547778

申请日：2021-12-10

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Rajagopalan Janakiraman ,  Raghu Rajendra Arur

IPC: G06F11/20 ,  H04L67/00 ,  G06F11/30

CPC classification number: G06F11/203 ,  H04L67/34 ,  G06F11/3051

Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.

公开(公告)号：US10778662B2

公开(公告)日：2020-09-15

申请号：US16166973

申请日：2018-10-22

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H01L29/06 ,  H04L29/06 ,  H04L9/08 ,  H04L12/46

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US10243841B2

公开(公告)日：2019-03-26

申请号：US15173951

申请日：2016-06-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Shishir Gupta ,  Dharmarajan Subramanian ,  Javed Asghar

IPC: H04L12/26 ,  H04L12/703 ,  H04L12/761 ,  H04L12/18 ,  H04L12/707 ,  H04L12/801

Abstract: In one embodiment, a method includes computing at a controller, a primary path and a backup path for transmittal of multicast data from service nodes in communication with the controller and a multicast source to access nodes in communication with multicast receivers, and transmitting from the controller, information for the primary path and the backup path to the access nodes for use by the access nodes in receiving the multicast data on the primary path and the backup path, and switching transmittal of the multicast data to the multicast receivers from the primary path to the backup path upon identifying a failure in the primary path to provide fast reroute at the access nodes. A multicast control plane runs in the controller without operating in the access nodes. An apparatus is also disclosed herein.

公开(公告)号：US10225104B2

公开(公告)日：2019-03-05

申请号：US15084332

申请日：2016-03-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： James N. Guichard ,  Carlos M. Pignataro ,  Yixing Ruan ,  Javed Asghar

IPC: H04L12/46 ,  H04L12/725

Abstract: Embodiments of the present disclosure are directed to augmenting a Network Service Header (NSH) metadata of a data packet with a virtual routing and forwarding identifier (VRF-ID) and forgoing augmenting a virtual private network (VPN) label into a multiprotocol label switched (MPLS) metadata of the data packet. A provider edge router can use the VRF-ID to identify a next hop for the data packet as a service to be applied prior to forwarding the data packet to a VPN site.