公开(公告)号：US20230300134A1

公开(公告)日：2023-09-21

申请号：US18323183

申请日：2023-05-24

Applicant: Cisco Technology, Inc.

Inventor： Stefan Olofsson ,  Ijsbrand Wijnands ,  Hendrikus G.P. Bosch

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0892 ,  H04L63/083 ,  H04L63/0823 ,  H04L63/168 ,  H04L12/4641 ,  H04L63/0272 ,  H04L61/2571

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

公开(公告)号：US20230208855A1

公开(公告)日：2023-06-29

申请号：US17559164

申请日：2021-12-22

Applicant: Cisco Technology, Inc.

Inventor： Akram Ismail Sheriff ,  Rajiv Asati ,  Nagendra Kumar Nainar ,  Ariel Shuper ,  Hendrikus G.P. Bosch

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/1416 ,  H04L41/22 ,  H04L63/1425 ,  H04L63/1466

Abstract: In one embodiment, a method comprises: receiving, by a process, an executed function flow of a daisy chained serverless function-as-a-service (FaaS) function, the executed function flow having been injected with a particular trace identifier in response to an initial event trigger and span identifiers having been injected by each service that was executed; generating, by the process, a serverless flow graph associated with the particular trace identifier based on linking a path of serverless functions according to correlation of the span identifiers between the serverless functions; performing, by the process, a trace-based analysis of the serverless flow graph through comparison to a baseline of expectation; detecting, by the process, one or more anomalies in the serverless flow graph according to the trace-based analysis; and mitigating, by the process, the one or more anomalies in the serverless flow graph.

公开(公告)号：US20150172170A1

公开(公告)日：2015-06-18

申请号：US14108994

申请日：2013-12-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G.P. Bosch ,  James N. Guichard ,  David D. Ward ,  Alessandro Duminuco ,  Rex E. Fernando ,  Paul Quinn

IPC: H04L12/733

CPC classification number: H04L45/20 ,  H04L45/04 ,  H04L45/24 ,  H04L45/28 ,  H04L45/586

Abstract: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.

Abstract translation: 在一个示例实施例中提供了示例性方法，并且包括从服务链的服务区的前一跳路由器接收会话的分组; 记录会话的上一跳路由器; 确定使用负载平衡来服务所述服务区中的分组的设备; 记录在服务区域中为会话服务的设备身份; 使用负载平衡确定所述分组的服务链中的下一跳路由器; 并为会话记录下一跳路由器。

公开(公告)号：US20240291734A1

公开(公告)日：2024-08-29

申请号：US18648889

申请日：2024-04-29

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20230229811A1

公开(公告)日：2023-07-20

申请号：US17843355

申请日：2022-06-17

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Julien Barbot ,  Ariel Shuper

IPC: G06F21/62 ,  G06F9/54

CPC classification number: G06F21/629 ,  G06F9/547

Abstract: In one embodiment, an illustrative method may comprise: monitoring, by a process, a behavior of an application between one or more client devices and an application programming interface service; establishing, by the process, an application model of objects and functions within the application based on the behavior; and determining, by the process, an authorization logic of the application for the objects and functions based on the application model. In one embodiment, the illustrative method further comprises: testing one or more authorization approaches against the application to determine one or more discrepancies within the authorization logic indicative of faulty authorizations; and mitigating the one or more discrepancies.

公开(公告)号：US20230007620A1

公开(公告)日：2023-01-05

申请号：US17931333

申请日：2022-09-12

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Hendrikus G.P. Bosch ,  Vamsidhar Valluri ,  Stefan Olofsson

IPC: H04W64/00 ,  H04L61/2585 ,  H04W24/08 ,  H04W48/16

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.

公开(公告)号：US20220086061A1

公开(公告)日：2022-03-17

申请号：US17538983

申请日：2021-11-30

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20140351452A1

公开(公告)日：2014-11-27

申请号：US13898932

申请日：2013-05-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract translation: 这里提出的是在包括一个或多个服务区域的网络环境中使用的技术，每个服务区域包括要应用于网络业务的在线应用服务的至少一个实例以及一个或多个路由器以将网络流量引导到 至少一个服务，以及被分配给唯一服务区的路由目标，以用作通过控制协议在其他服务区域，目的地网络或源网络的路由器之间路由导入和导出的社区值。 每个服务区域或目标网络中的边缘路由器通过其路由目标标记的目标网络前缀来通告路由。 通过在服务区域或源网络的边缘路由器上的路由目标导入和导出目标网络前缀来创建服务链。

公开(公告)号：US20230362067A1

公开(公告)日：2023-11-09

申请号：US18353702

申请日：2023-07-17

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriquez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20230026874A1

公开(公告)日：2023-01-26

申请号：US17937961

申请日：2022-10-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pablo Camarillo Garvia ,  Hendrikus G.P. Bosch ,  Clarence Filsfils

IPC: H04L12/46 ,  H04L45/74

Abstract: In one embodiment, a segment routing and tunnel exchange provides packet forwarding efficiencies in a network, including providing an exchange between a segment routing domain and a packet tunnel domain. One application includes the segment routing and tunnel exchange interfacing segment routing packet forwarding (e.g., in a Evolved Packet Core (EPC) and/or 5-G user plane) and packet tunnel forwarding in access networks (e.g., replacing a portion of a tunnel between an access node and a user plane function for accessing a corresponding data network). In one embodiment, a network provides mobility services using a segment routing data plane that spans segment routing and tunnel exchange(s) and segment routing-enabled user plane functions. One embodiment uses the segment routing data plane without any modification to a (radio) access network (R)AN (e.g., Evolved NodeB, Next Generation NodeB) nor to user equipment (e.g., any end user device).