公开(公告)号：US20240214319A1

公开(公告)日：2024-06-27

申请号：US18201998

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  John A. Joyce ,  Saswat Praharaj ,  Timothy James Swanson ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L47/2475 ,  H04L67/564

CPC classification number: H04L47/2475 ,  H04L67/564

Abstract: Techniques for signaling, to a network controller, a connection state of a proxy for use by the network controller to correlate proxied-connections with application pairs for traffic optimization. In some examples, the techniques may include receiving, at a controller of a network, control plane information associated with a proxy that manages a proxied flow through the network. Based on the control plane information, the controller may determine that application traffic is flowing across the proxied flow between a first application and a second application. In this way, based at least in part on a policy associated with at least one of the first application or the second application, the controller may reconfigure a network element of the network for optimizing the application traffic flowing across the proxied flow.

公开(公告)号：US12155556B2

公开(公告)日：2024-11-26

申请号：US17890756

申请日：2022-08-18

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Saswat Praharaj ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L45/121 ,  H04L45/00 ,  H04L45/745

Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.

公开(公告)号：US20240163226A1

公开(公告)日：2024-05-16

申请号：US18421906

申请日：2024-01-24

Applicant: Cisco Technology, Inc.

Inventor： Lorand Jakab ,  Alberto Rodriguez-Natal ,  Fabio R. Maino ,  John G. Apostolopoulos

IPC: H04L47/783 ,  G06F9/54

CPC classification number: H04L47/783 ,  G06F9/547

Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.

公开(公告)号：US20230328038A1

公开(公告)日：2023-10-12

申请号：US17718634

申请日：2022-04-12

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez-Natal ,  Lorand Jakab ,  Fabio R. Maino

IPC: H04L9/40 ,  H04L43/0823 ,  H04L43/0864

CPC classification number: H04L63/0407 ,  H04L63/20 ,  H04L63/0281 ,  H04L43/0847 ,  H04L43/0864

Abstract: Techniques for using proxies with overprovisioned IP addresses to demultiplex data flows, which may otherwise look the same at L7, into multiple subflows for L3 policy enforcement without having to modify an underlying L3 network. The techniques may include establishing a subflow through a network between a first proxy and a second proxy, the subflow associated with a specific policy. In some examples, the first proxy node may receive an encrypted packet that is to be sent through the network and determine, based at least in part on accessing an encrypted application layer of the packet, a specific application to which the packet is to be sent. The first proxy node may then alter an IP address included in the packet to cause the packet to be sent through the network via the subflow such that the packet is handled according to the specific policy.

公开(公告)号：US11233743B2

公开(公告)日：2022-01-25

申请号：US16839485

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Fabio Maino ,  Bradford Pielech ,  Richard James Smith ,  Mikhail Davidov ,  Lorand Jakab

IPC: H04L12/46 ,  H04L12/851 ,  H04L29/12 ,  H04L29/06

Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.

公开(公告)号：US20200322273A1

公开(公告)日：2020-10-08

申请号：US16839485

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Fabio Maino ,  Bradford Pielech ,  Richard James Smith ,  Mikhail Davidov ,  Lorand Jakab

IPC: H04L12/851 ,  H04L29/12 ,  H04L29/06 ,  H04L12/46

Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.

公开(公告)号：US10284438B2

公开(公告)日：2019-05-07

申请号：US14612691

申请日：2015-02-03

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Preethi Natarajan ,  Alberto Rodriguez Natal ,  Fabio Rodolfo Maino ,  Alberto Cabellos Aparicio ,  Vasileios Lakafosis ,  Lorand Jakab

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/707 ,  H04L12/801 ,  H04L12/803

Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.

公开(公告)号：US11943150B2

公开(公告)日：2024-03-26

申请号：US17147724

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Lorand Jakab ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  John G. Apostolopoulos

IPC: H04L47/783 ,  G06F9/54

CPC classification number: H04L47/783 ,  G06F9/547

Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.

公开(公告)号：US20230300059A1

公开(公告)日：2023-09-21

申请号：US17890756

申请日：2022-08-18

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Saswat Praharaj ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L45/121 ,  H04L45/745 ,  H04L45/00

CPC classification number: H04L45/121 ,  H04L45/745 ,  H04L45/566

Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.

公开(公告)号：US20220116337A1

公开(公告)日：2022-04-14

申请号：US17147724

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Lorand Jakab ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  John G. Apostolopoulos

IPC: H04L12/911 ,  G06F9/54

Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.