公开(公告)号：US20190028376A1

公开(公告)日：2019-01-24

申请号：US15658215

申请日：2017-07-24

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/743 ,  H04L12/46

CPC classification number: H04L43/12 ,  H04L12/4679 ,  H04L43/026 ,  H04L43/04 ,  H04L45/7453 ,  H04L61/2069

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

公开(公告)号：US20220385498A1

公开(公告)日：2022-12-01

申请号：US17335887

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Arun Saha ,  Sivakumar Ganapathy ,  Jose Carlos Recuero Arias ,  Sapan Shah ,  Shashank Chaturvedi

IPC: H04L12/46 ,  H04L12/24 ,  H04L29/08

Abstract: Techniques are described for dynamically establishing and scaling IPSec tunnels to connect hundreds of sites of a network by making use of the user intent of connecting certain applications for applying security policies and translating it dynamically based on the location and needs of the workloads to set up the network on demand. The techniques involve a tight loop between the network controller of a site (e.g., a cloud Application Policy Infrastructure Controller) and the inter-site or multi-cloud inter-connect controller, stitched through services that enable security and network automation at scale. In particular, to control the number of IPSec tunnels, IPSec tunnels are established only when required. Additionally, IPSec tunnels may be eliminated when no longer required. Thus, resources of a network may be used in a measured way that is necessary and sufficient to meet network traffic demand.

公开(公告)号：US11159412B2

公开(公告)日：2021-10-26

申请号：US16808830

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/46 ,  H04L12/743

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

公开(公告)号：US11233721B2

公开(公告)日：2022-01-25

申请号：US16808768

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/46 ,  H04L12/743

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

公开(公告)号：US10601693B2

公开(公告)日：2020-03-24

申请号：US15658215

申请日：2017-07-24

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/46 ,  H04L12/743

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.