公开(公告)号：US11870755B2

公开(公告)日：2024-01-09

申请号：US17511412

申请日：2021-10-26

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Saravanan Radhakrishnan ,  Anand Oswal ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: H04L12/46 ,  H04L9/40 ,  H04L45/02 ,  H04L45/745

CPC classification number: H04L63/0263 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/745 ,  H04L63/0218 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/20

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

公开(公告)号：US11201854B2

公开(公告)日：2021-12-14

申请号：US16434115

申请日：2019-06-06

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Saravanan Radhakrishnan ,  Anand Oswal ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/751 ,  H04L12/741

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

公开(公告)号：US20200177606A1

公开(公告)日：2020-06-04

申请号：US16567435

申请日：2019-09-11

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: H04L29/06 ,  H04L29/12

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

公开(公告)号：US20190036780A1

公开(公告)日：2019-01-31

申请号：US16019482

申请日：2018-06-26

Applicant: Cisco Technology, Inc.

Inventor： Sarah Adelaide Evans ,  Vinay Prabhu ,  Sandeep Bajaj

IPC: H04L12/24 ,  H04L12/26

Abstract: A method may include generating a set of instructions for a set of devices in a software-defined network (SDN) to monitor a set of characteristics. The method may further include sending the set of instructions to the set of devices in the SDN via a control plane. The method may also include receiving monitor data via the control plane from at least one device of the set of devices in the SDN. The method may include receiving an input signal to generate a data model in view of a set of input parameters. The method may further include generating the data model based on the set of input parameters and the monitor data. The method may include causing an action pertaining to the SDN in view of the data model.

公开(公告)号：US12166772B2

公开(公告)日：2024-12-10

申请号：US17817724

申请日：2022-08-05

Applicant: Cisco Technology, Inc.

Inventor： Vamsidhar Valluri ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: H04L9/40 ,  H04L45/00 ,  H04L61/4511

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

公开(公告)号：US11321207B2

公开(公告)日：2022-05-03

申请号：US16806750

申请日：2020-03-02

Applicant: Cisco Technology, Inc.

Inventor： Mohit Aggarwal ,  Mohil Khare ,  Vinay Prabhu ,  Kapil Dev ,  Gino John ,  Pradeep Budanuru Kenche Gowda ,  Farqad Moshili

IPC: G06F11/00 ,  G06F11/30 ,  G06F9/50 ,  H04L43/16 ,  H04L43/0817 ,  H04L41/0654 ,  H04L12/46 ,  H04L41/0668 ,  G06F9/48

Abstract: The present disclosure is directed to management of migration of SD-WAN solutions in a multi-cloud structure upon detection of a failover event. In one aspect, a method includes monitoring, using virtual bonds of a network orchestration component, clusters of virtual management components of multiple cloud networks, corresponding virtual management components of one of the multiple cloud networks implementing one or more services of a Software-Defined Wide Access Network (SD-WAN) solution; detecting, using the virtual bonds, a failover event at the one of the multiple cloud networks; and identifying, by the virtual bonds, a new destination cloud network to migrate the one or more services of the SD-WAN solution to, from a source cloud network at which the failover event is detected.

公开(公告)号：US11252030B2

公开(公告)日：2022-02-15

申请号：US16590948

申请日：2019-10-02

Applicant: Cisco Technology, Inc.

Inventor： Jigar Dinesh Parekh ,  Vinay Prabhu ,  Sarah Adelaide Evans ,  Suraj Rangaswamy

IPC: H04L12/24 ,  H04L12/743 ,  H04L12/705

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

公开(公告)号：US11228500B2

公开(公告)日：2022-01-18

申请号：US16424776

申请日：2019-05-29

Applicant: Cisco Technology, Inc.

Inventor： Vinay Prabhu ,  Sarah Adelaide Evans ,  Jigar Dinesh Parekh ,  Suraj Rangaswamy ,  Parth Sanjiv Doshi ,  Pranav Narasimmaraj ,  Ashish Shendure

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for designing network performance and configuration include determining one or more use cases for a network to be provisioned, based on at least one or more business verticals related to a customer of the network. A data plane scale is determined from the use cases and an initial data plane scale generated using a linear regression on one or more data plane parameters. The data plane parameters include a platform type, feature set, packet size, or software version of the network. A control plane scale is determined from the use cases and an initial control plane scale generated using a linear regression on one or more control plane parameters of the network. The control plane parameters include a platform type, feature set, or software version of the network. The network is provisioned for the data plane scale and the control plane scale.

公开(公告)号：US10461993B2

公开(公告)日：2019-10-29

申请号：US16040236

申请日：2018-07-19

Applicant: Cisco Technology, Inc.

Inventor： Mosaddaq Hussain Turabi ,  Vinay Prabhu

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/12

Abstract: A method may include receiving a hub ID configuration preference message from a control device, wherein the hub ID configuration preference message includes an order in which to connect to network hubs that are associated with the hub IDs; selecting the first hub ID from the hub ID configuration preference message based on the first connection priority having a higher priority as compared to the second connection priority; identifying a first set of network hubs that are associated with the first hub ID; establishing a connection with at least one network hub associated with the first hub ID; in response to identifying a triggering event, selecting the second hub ID from the hub ID configuration preference message; identifying a second set of network hubs that are associated with the second hub ID; and establishing a connection with at least one network hub associated with the second hub ID.

公开(公告)号：US10454769B2

公开(公告)日：2019-10-22

申请号：US15287373

申请日：2016-10-06

Applicant: Cisco Technology, Inc.

Inventor： Vinay Prabhu

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/715 ,  H04L12/813 ,  H04L29/08

Abstract: A method and system for synchronizing policy in a control plane are provided. The method includes associating, by a network management system (NMS), a first identifier (ID) with a first policy of a network, wherein the first ID uniquely identifies the first policy. The method also includes pushing, by the NMS, the first policy to the control plane including a plurality of controllers. Further, the method includes exchanging, by the NMS, the first ID with the plurality of controllers. Moreover, the method includes determining, by the NMS, at least one controller from which confirmation of the first ID is not received as a stale controller.