公开(公告)号：US11171992B2

公开(公告)日：2021-11-09

申请号：US16525362

申请日：2019-07-29

Applicant: Cisco Technology, Inc.

Inventor： Azeem M. Suleman ,  Rajagopalan Janakiraman ,  Pramila Deshraj Singh ,  Sree Balaji Varadharajan ,  Javed Asghar ,  Sachin Gupta

IPC: H04L29/06 ,  H04L12/46

Abstract: The present disclosure provides for system resource management in self-healing networks by grouping End Point Groups (EPGs) into a plurality of policy groups based on shared security policies; identifying a first policy group with a highest resource demand; assigning a first security policy corresponding to the first policy group to a first switch of a plurality of switches; identifying a second plurality of EPGs from the remaining EPGs that were not included in the first policy group; grouping the second plurality of EPGs into a second plurality of policy groups based on shared security policies; identifying a second policy group with a highest resource demand of the second plurality of policy groups; and assigning a second security policy corresponding to the second policy group to a second switch of the plurality of switches.

公开(公告)号：US20210320817A1

公开(公告)日：2021-10-14

申请号：US16848647

申请日：2020-04-14

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Shashank Chaturvedi ,  Suresh Pasupula ,  Prashanth Matety ,  Sachin Gupta

IPC: H04L12/46 ,  H04L29/08 ,  H04L29/12

Abstract: Techniques and architecture for routing data packets through networks that include TGWs. A data packet may be received from a TGW at an infra VPC. A TGW attachment on which the data packet was received is determined. Based at least in part on the TGW attachment, the data packet is routed to a CSR at the infra VPC. Load balancing may be achieved by defining VRF groups that include VPCs and the TGWs. Each VRF group may be assigned to an interface of one or more CSRs. Also, the VRF groups allow for supporting overlapping subnets.

公开(公告)号：US11082258B1

公开(公告)日：2021-08-03

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: G06F15/177 ,  H04L12/46 ,  H04L12/741 ,  H04L29/06

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.

公开(公告)号：US20210218598A1

公开(公告)日：2021-07-15

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/741

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.