公开(公告)号：US20230026570A1

公开(公告)日：2023-01-26

申请号：US17937169

申请日：2022-09-30

Applicant: Cisco Technology, Inc.

Inventor： Saravanan SAMPATHKUMAR ,  Ajay K. MODI ,  Umamaheswararao KARYAMPUDI ,  Kamal BAKSHI ,  Yousuf H. KHAN

IPC: H04L9/40 ,  G06F8/65 ,  G06F16/28 ,  H04L67/55

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

公开(公告)号：US20240048509A1

公开(公告)日：2024-02-08

申请号：US18464783

申请日：2023-09-11

Applicant: Cisco Technology, Inc.

Inventor： Sridhar VALLEPALLI ,  Javed ASGHAR ,  Umamaheswararao KARYAMPUDI ,  Saad MALIK ,  Amitkumar V. PATEL

IPC: H04L49/15 ,  H04L45/02 ,  H04L45/00 ,  H04L45/745 ,  H04L47/20 ,  H04L67/563

CPC classification number: H04L49/1507 ,  H04L45/04 ,  H04L45/22 ,  H04L45/72 ,  H04L45/745 ,  H04L47/20 ,  H04L67/563 ,  H04L12/66

Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

公开(公告)号：US20210119925A1

公开(公告)日：2021-04-22

申请号：US16656353

申请日：2019-10-17

Applicant: Cisco Technology, Inc.

Inventor： Ajay K. MODI ,  Atul GARG ,  Murukanandam K. PANCHALINGAM ,  Umamaheswararao KARYAMPUDI ,  Munish MEHTA

IPC: H04L12/851 ,  H04L12/743 ,  H04L12/18 ,  H04L12/861 ,  H04L12/935 ,  H04L12/803

Abstract: A network device receives a fragmented packet of an internet protocol (IP) packet. The fragmented packet is subsequently received relative to an initial fragmented packet of the IP packet and includes a first set of tuple information. The network device determines an entry of a hash table associated with the IP packet, based on the first set of tuple information and a fragment identifier (ID) within the fragmented packet. The network device retrieves a second set of tuple information associated with the fragmented packet from the hash table entry, and transmits an indication of the first and second sets of tuple information.

公开(公告)号：US20220123997A1

公开(公告)日：2022-04-21

申请号：US17075084

申请日：2020-10-20

Applicant: Cisco Technology, Inc.

Inventor： Vedashree BAGADE ,  Ajay Kumar MODI ,  Umamaheswararao KARYAMPUDI ,  Abhishek GUPTA

IPC: H04L12/24 ,  H04L12/947

Abstract: Relay functionality may be provided. A network device may receive a response packet and may determine that one of Option-82 and Option-18 information is not present in the received response packet. Next, in response to determining that one of Option-82 and Option-18 information is not present in the received response packet, a database may be queried for information associated with the response packet. Then, based on the information associated with the response packet, the response packet may be sent to a client device associated with the response packet.

公开(公告)号：US20200014634A1

公开(公告)日：2020-01-09

申请号：US16162199

申请日：2018-10-16

Applicant: Cisco Technology, Inc.

Inventor： Javed ASGHAR ,  Sridhar VALLEPALLI ,  Umamaheswararao KARYAMPUDI ,  Srinivas KOTAMRAJU

IPC: H04L12/933 ,  H04L12/931 ,  H04L12/46 ,  H04L12/24 ,  H04L12/741 ,  H04L12/715 ,  H04L12/761 ,  H04L12/707 ,  H04L29/06 ,  H04L29/12

Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.

公开(公告)号：US20240244012A1

公开(公告)日：2024-07-18

申请号：US18623693

申请日：2024-04-01

Applicant: Cisco Technology, Inc.

Inventor： Javed ASGHAR ,  Sridhar VALLEPALLI ,  Umamaheswararao KARYAMPUDI ,  Srinivas KOTAMRAJU

IPC: H04L49/104 ,  H04L9/40 ,  H04L12/46 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/16 ,  H04L45/24 ,  H04L45/74 ,  H04L49/15 ,  H04L49/201 ,  H04L61/106 ,  H04L69/22

CPC classification number: H04L49/104 ,  H04L12/462 ,  H04L12/4633 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/16 ,  H04L45/24 ,  H04L45/74 ,  H04L49/1553 ,  H04L49/203 ,  H04L61/106 ,  H04L63/20 ,  H04L69/22

Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.

公开(公告)号：US20240155005A1

公开(公告)日：2024-05-09

申请号：US18412033

申请日：2024-01-12

Applicant: Cisco Technology, Inc.

Inventor： Saravanan SAMPATHKUMAR ,  Ajay K. MODI ,  Umamaheswararao KARYAMPUDI ,  Kamal BAKSHI ,  Yousuf H. KHAN

IPC: H04L9/40 ,  G06F8/65 ,  G06F16/28 ,  H04L67/55

CPC classification number: H04L63/20 ,  G06F8/65 ,  G06F16/285 ,  H04L67/55

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

公开(公告)号：US20220006758A1

公开(公告)日：2022-01-06

申请号：US17447773

申请日：2021-09-15

Applicant: Cisco Technology, Inc.

Inventor： Sridhar VALLEPALLI ,  Javed ASGHAR ,  Umamaheswararao KARYAMPUDI ,  Saad MALIK ,  Amitkumar V. PATEL

IPC: H04L12/933 ,  H04L12/715 ,  H04L12/707 ,  H04L12/721 ,  H04L12/741 ,  H04L12/813 ,  H04L29/08

Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

公开(公告)号：US20220006757A1

公开(公告)日：2022-01-06

申请号：US17448320

申请日：2021-09-21

Applicant: Cisco Technology, Inc.

Inventor： Javed ASGHAR ,  Sridhar VALLEPALLI ,  Umamaheswararao KARYAMPUDI ,  Srinivas KOTAMRAJU

IPC: H04L12/933 ,  H04L12/46 ,  H04L12/24 ,  H04L12/715 ,  H04L12/761 ,  H04L12/707 ,  H04L12/741 ,  H04L12/931 ,  H04L29/12 ,  H04L29/06

Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.

公开(公告)号：US20200136985A1

公开(公告)日：2020-04-30

申请号：US16172659

申请日：2018-10-26

Applicant: Cisco Technology, Inc.

Inventor： Saravanan SAMPATHKUMAR ,  Ajay K. MODI ,  Umamaheswararao KARYAMPUDI ,  Vikas V. PATEL ,  Gautam VENKATARAMANAN

IPC: H04L12/863 ,  H04L12/851 ,  H04L12/865 ,  H04L12/861 ,  H04L12/935

Abstract: Embodiments provide for mitigating priority flow control deadlock in stretch topologies by initializing a plurality of queues in a buffer of a leaf switch at a local cluster of a site having a plurality of clusters, wherein each queue of the plurality of queues corresponds to a respective one cluster of the plurality of clusters; receiving a pause command for no-drop traffic on the leaf switch, the pause command including an internal Class-of-Service (iCoS) identifier associated with a particular cluster of the plurality of cluster and a corresponding queue in the plurality of queues; and in response to determining, based on the iCoS identifier, that the pause command was received from a remote spine switch associated with a different cluster than the local cluster: forwarding the pause command to a local spine switch in the local cluster; and implementing the pause command on the corresponding queue in the buffer.