公开(公告)号：US20210168114A1

公开(公告)日：2021-06-03

申请号：US17174215

申请日：2021-02-11

Applicant: Cisco Technology, Inc.

Inventor： Vijay Chander ,  Yibin Yang ,  Praveen Jain ,  Munish Mehta

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/751

Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.

公开(公告)号：US10171357B2

公开(公告)日：2019-01-01

申请号：US15208018

申请日：2016-07-12

Applicant: Cisco Technology, Inc.

Inventor： Vijay Chander ,  Yibin Yang ,  Praveen Jain ,  Munish Mehta

IPC: H04L12/28 ,  H04L12/741 ,  H04L12/46

Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.

公开(公告)号：US09825814B2

公开(公告)日：2017-11-21

申请号：US14809971

申请日：2015-07-27

Applicant: Cisco Technology, Inc.

Inventor： Joji Thomas Mekkattuparamban ,  Vijay Chander ,  Saurabh Jain ,  Van Lieu ,  Badhri Madabusi Vijayaraghavan ,  Praveen Jain ,  Munish Mehta ,  Michael R. Smith ,  Narender Enduri

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/12

CPC classification number: H04L41/0893 ,  H04L41/0886 ,  H04L61/15 ,  H04L61/6022 ,  H04L63/101 ,  H04L63/104

Abstract: Systems, methods, and computer-readable storage media are provided for dynamically setting an end point group for an end point. An endpoint can be assigned a default end point group when added to a network. For example, the default end point group can be a baseline port/security group which is considered an untrusted group. The end point can then be dynamically assigned an end point group based on a set of group selection rules. For example, the group selection rules can identify an end point group based on the MAC address or other attributes. When the end point is added to the network, the MAC address and/or other attributes of the end point can be determined and used to assign an end point group. As another example, an end point group can be assigned based on the amount of traffic or guest operation system.

公开(公告)号：US12021826B2

公开(公告)日：2024-06-25

申请号：US18069836

申请日：2022-12-21

Applicant: Cisco Technology, Inc.

Inventor： Vijay Chander ,  Yibin Yang ,  Praveen Jain ,  Munish Mehta

IPC: H04L61/2592 ,  H04L12/46 ,  H04L45/02 ,  H04L61/2514 ,  H04L61/2521

CPC classification number: H04L61/2592 ,  H04L12/4641 ,  H04L45/02 ,  H04L61/2514 ,  H04L61/2521

Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.

公开(公告)号：US10530712B2

公开(公告)日：2020-01-07

申请号：US15373616

申请日：2016-12-09

Applicant: Cisco Technology, Inc.

Inventor： Sameer Dilip Merchant ,  Sarang Dharmapurikar ,  Praveen Jain

IPC: H04L29/06 ,  H04L12/931 ,  H04L12/725 ,  H04L12/721 ,  H04L12/743

Abstract: Techniques for providing a reflexive access control list (ACL) on a virtual switch are provided. Embodiments receive a first packet corresponding to a first network flow and a second packet corresponding to a second network flow. Upon determining that a SYN flag is set within the first packet, a first entry is created in the reflexive ACL for the first network flow. Upon determining that the first packet was received over a client port of the first physical switch, the first packet is forwarded to a second physical switch within virtual switch. Upon determining that the second packet has a SYN flag enabled, a second entry is created in the reflexive ACL. Finally, upon determining that the second packet was received from the second physical switch, the second packet is forwarded over an uplink port to a destination defined by the second packet.

公开(公告)号：US10891147B1

公开(公告)日：2021-01-12

申请号：US15376365

申请日：2016-12-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Vijayan Ramakrishnan ,  Saurabh Jain ,  Vijay Chander ,  Ronak K. Desai ,  Praveen Jain ,  Munish Mehta ,  Yibin Yang

IPC: G06F9/455

Abstract: Aspects of the embodiments are directed to forming a virtual machine management (VMM) domain in a heterogeneous datacenter. Aspects can include mapping an endpoint group to multiple VMM domains, each VMM domain associated with one or more virtual machine management systems of a single type that each share one or more management system characteristics; instantiating a virtual switch instance, the virtual switch instance associated with a the VMM domain; and instantiating the endpoint group mapped to the VMM domain as a network component associated with the virtual switch instance.

公开(公告)号：US10469402B2

公开(公告)日：2019-11-05

申请号：US15353093

申请日：2016-11-16

Applicant: Cisco Technology, Inc.

Inventor： Saurabh Jain ,  Vijay K. Chander ,  Vijayan Ramakrishnan ,  Ronak K. Desai ,  Praveen Jain ,  Munish Mehta ,  Yibin Yang

IPC: G06F15/167 ,  H04L12/919 ,  H04L12/24

Abstract: The techniques presented herein use dynamic endpoint group (EPG) binding changes to facilitate cross-tenant resource sharing. A first node of a multi-tenant software defined network determines that an application on a first endpoint has initiated operation and needs temporary access to resources located at a second endpoint. The first and second endpoints are associated with first and second tenants, respectively, that are logically segregated from one another by the software defined network. The first node dynamically changes an initial EPG binding associated with the first endpoint to a second EPG binding that enables the first endpoint to temporarily directly access the resources at the second endpoint. The first node subsequently determines that the application on the first endpoint no longer needs access to the resources located at a second endpoint and, as such, changes the second EPG binding associated with the first endpoint back to the initial EPG binding.

公开(公告)号：US20170339188A1

公开(公告)日：2017-11-23

申请号：US15159379

申请日：2016-05-19

Applicant: Cisco Technology, Inc.

Inventor： Praveen Jain ,  Munish Mehta ,  Saurabh Jain ,  Yibin Yang

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F9/455 ,  H04L45/586 ,  H04L49/70 ,  H04L63/0428

Abstract: Microsegmentation in a heterogeneous software-defined network can be performed by classifying endpoints associated with a first virtualized environment into respective endpoint groups based on respective attributes, and classifying endpoints associated with a second virtualized environment into respective security groups based on respective attributes. Each respective endpoint group can correspond to a respective security group having the same attribute. Each respective endpoint group and corresponding security group can be associated with a respective policy model defining rules for processing associated traffic. Each of the respective security groups can be used to generate a respective network attribute endpoint group, which can include the network addresses of those endpoints in the respective security group. Each respective network attribute endpoint group can inherit the policy model of the respective endpoint group corresponding to the respective security group. Traffic between the endpoints can then be processed based on the various classifications and associated rules.

公开(公告)号：US20230300105A1

公开(公告)日：2023-09-21

申请号：US18069836

申请日：2022-12-21

Applicant: Cisco Technology, Inc.

Inventor： Vijay Chander ,  Yibin Yang ,  Praveen Jain ,  Munish Mehta

IPC: H04L61/2592 ,  H04L12/46 ,  H04L45/02

CPC classification number: H04L61/2592 ,  H04L12/4641 ,  H04L45/02 ,  H04L61/2514

Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.

公开(公告)号：US11546288B2

公开(公告)日：2023-01-03

申请号：US17174215

申请日：2021-02-11

Applicant: Cisco Technology, Inc.

Inventor： Vijay Chander ,  Yibin Yang ,  Praveen Jain ,  Munish Mehta

IPC: H04L29/12 ,  H04L61/2592 ,  H04L12/46 ,  H04L45/02 ,  H04L61/2514 ,  H04L61/2521

Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.