公开(公告)号：US09736118B2

公开(公告)日：2017-08-15

申请号：US13944156

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Xin Li ,  Yin Wang ,  Yibin Zhang

IPC: G06F9/00 ,  H04L29/06 ,  G06F17/00

CPC classification number: H04L63/0281 ,  H04L63/1458 ,  H04L65/1006 ,  H04L65/105 ,  H04L65/1079

Abstract: In one implementation, the number of half open session initiation protocol (SIP) sessions per-destination (e.g., SIP device) or globally is limited by SIP application layer gateway (ALG) as a SIP DoS/DDoS countermeasure. Compared with traditional SIP DoS/DDoS countermeasures, the proposed solution is simple to implement and, thus, less likely to degrade SIP ALG performance. Moreover, this solution automatically adapts to DoS/DDoS attack arrival rate, while at the same time not degrading legal SIP traffic even if throttling is enforced for the SIP device.

公开(公告)号：US20240137335A1

公开(公告)日：2024-04-25

申请号：US18396214

申请日：2023-12-26

Applicant: Cisco Technology, Inc.

Inventor： Changhong Shen ,  Sampath Kumar ,  Ruozhong Xuan ,  Yin Wang ,  Madhu Gindi ,  Garima Pal ,  Vincent Li

IPC: H04L61/2514 ,  H04L9/40 ,  H04L45/748

CPC classification number: H04L61/2514 ,  H04L45/748 ,  H04L63/0272 ,  H04L2101/35

Abstract: In one embodiment, a method includes determining, by a router, a common prefix pool from a transport interface associated with a transport virtual private network (VPN). The method also includes identifying, by the router, a prefix associated with a service VPN and generating, by the router, an IPv6-to-IPv6 Network Address Translation (NAT66) prefix translation using the common prefix pool and the prefix. The NAT66 prefix translation includes a predetermined prefix length. The method further includes automatically installing, by the router, the NAT66 prefix translation into a translation table.

公开(公告)号：US11863515B2

公开(公告)日：2024-01-02

申请号：US17689051

申请日：2022-03-08

Applicant: Cisco Technology, Inc.

Inventor： Changhong Shen ,  Sampath Kumar ,  Ruozhong Xuan ,  Yin Wang ,  Madhu Gindi ,  Garima Pal ,  Vincent Li

IPC: H04L45/748 ,  H04L9/40 ,  H04L61/2514 ,  H04L101/35 ,  H04L101/659

CPC classification number: H04L61/2514 ,  H04L45/748 ,  H04L63/0272 ,  H04L2101/35 ,  H04L2101/659

Abstract: In one embodiment, a method includes determining, by a router, a common prefix pool from a transport interface associated with a transport virtual private network (VPN). The method also includes identifying, by the router, a prefix associated with a service VPN and generating, by the router, an IPv6-to-IPv6 Network Address Translation (NAT66) prefix translation using the common prefix pool and the prefix. The NAT66 prefix translation includes a predetermined prefix length. The method further includes automatically installing, by the router, the NAT66 prefix translation into a translation table.

公开(公告)号：US20160261486A1

公开(公告)日：2016-09-08

申请号：US14635972

申请日：2015-03-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Zhiyong Fang ,  Yuping Wang ,  Linyu Lu ,  Yin Wang

IPC: H04L12/715

CPC classification number: H04L45/04 ,  H04L45/02 ,  H04L45/50

Abstract: A method enabling symmetric routing between a first host within a first AS and a second host within a second AS is disclosed. The method includes detecting that a first routing message was received at an edge router of the first AS from an edge router of the second AS. The first message identifies the second host as a source and the first host as a destination of a forward route. The method further includes determining that the first message further comprises an indication to implement symmetric routing between the first and second hosts and generating a second routing message for propagating to router(s) within the first AS. The second message identifies the first host as a source and the second host as a destination of a return route, and indicates that data is to be sent via the edge router of the first AS that received the first message.

Abstract translation: 公开了一种能够在第一AS内的第一主机与第二AS内的第二主机之间进行对等路由的方法。 该方法包括检测从第二AS的边缘路由器在第一AS的边缘路由器处接收到第一路由消息。 第一个消息将第二个主机标识为源，将第一个主机标识为转发路由的目的地。 该方法还包括确定第一消息还包括在第一和第二主机之间实现对称路由的指示，并且生成用于传播到第一AS内的路由器的第二路由消息。 第二消息将第一主机标识为源，将第二主机标识为返回路由的目的地，并指示将通过接收到第一消息的第一AS的边缘路由器发送数据。

公开(公告)号：US11563686B2

公开(公告)日：2023-01-24

申请号：US17122014

申请日：2020-12-15

Applicant: Cisco Technology Inc.

Inventor： Changhong Shen ,  Hongbo Xia ,  Xiao-Rong Wang ,  Yin Wang ,  Lulu Wang

IPC: H04L12/46 ,  H04L12/26 ,  H04L12/801 ,  H04L12/851 ,  H04L47/12 ,  H04L43/16 ,  H04L47/24

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise sending data from a hub to a spoke and receiving feedback from the spoke at the hub. The feedback is based on at least one of bandwidth utilization or occurrence of a congestion state detected by the spoke. The operations further comprise adjusting a shaper rate of an adaptive Quality of Service (QoS) shaper based at least in part on the feedback received from the spoke.

公开(公告)号：US09806985B2

公开(公告)日：2017-10-31

申请号：US14635972

申请日：2015-03-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Zhiyong Fang ,  Yuping Wang ,  Linyu Lu ,  Yin Wang

IPC: H04L12/715 ,  H04L12/751 ,  H04L12/723

CPC classification number: H04L45/04 ,  H04L45/02 ,  H04L45/50

Abstract: A method enabling symmetric routing between a first host within a first AS and a second host within a second AS is disclosed. The method includes detecting that a first routing message was received at an edge router of the first AS from an edge router of the second AS. The first message identifies the second host as a source and the first host as a destination of a forward route. The method further includes determining that the first message further comprises an indication to implement symmetric routing between the first and second hosts and generating a second routing message for propagating to router(s) within the first AS. The second message identifies the first host as a source and the second host as a destination of a return route, and indicates that data is to be sent via the edge router of the first AS that received the first message.

公开(公告)号：US20150026793A1

公开(公告)日：2015-01-22

申请号：US13944156

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Xin Li ,  Yin Wang ,  Yibin Zhang

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/1458 ,  H04L65/1006 ,  H04L65/105 ,  H04L65/1079

Abstract: In one implementation, the number of half open session initiation protocol (SIP) sessions per-destination (e.g., SIP device) or globally is limited by SIP application layer gateway (ALG) as a SIP DoS/DDoS countermeasure. Compared with traditional SIP DoS/DDoS countermeasures, the proposed solution is simple to implement and, thus, less likely to degrade SIP ALG performance. Moreover, this solution automatically adapts to DoS/DDoS attack arrival rate, while at the same time not degrading legal SIP traffic even if throttling is enforced for the SIP device.

Abstract translation: 在一个实现中，每个目的地（例如，SIP设备）或全局的半开放会话发起协议（SIP）会话的数量被SIP应用层网关（ALG）限制为SIP DoS / DDoS对策。 与传统的SIP DoS / DDoS对策相比，提出的解决方案实施简单，因此不太可能降低SIP ALG性能。 此外，该解决方案自动适应DoS / DDoS攻击到达速率，同时也不会降低合法的SIP流量，即使对SIP设备执行限制。

公开(公告)号：US20240340687A1

公开(公告)日：2024-10-10

申请号：US18358719

申请日：2023-07-25

Applicant: Cisco Technology, Inc.

Inventor： Tony Shen ,  Hongbo Xia ,  Alan Xiao-rong Wang ,  Yin Wang

IPC: H04W28/02 ,  H04W28/08

CPC classification number: H04W28/0268 ,  H04W28/0284 ,  H04W28/0967

Abstract: Aspects of the present disclosure are directed to dynamic adjustment of load-balancing weights across multiple network transport interfaces in a network, informed in part by Quality of Service (QoS) metrics. In one aspect, a method includes determining one or more metrics based on one or more Software-defined Wide Area Network (SDWAN) session level throughput and SDWAN session loss through one or more tunnels; generating a Quality of Service (QoS) SDWAN session level shape rate per tunnel based on the one or more metrics; and dynamically adjusting an SDWAN forwarding load-balance weight for each of the one or more tunnels based on the QoS SDWAN session level shape rate.

公开(公告)号：US20230188492A1

公开(公告)日：2023-06-15

申请号：US17689051

申请日：2022-03-08

Applicant: Cisco Technology, Inc.

Inventor： Changhong Shen ,  Sampath Kumar ,  Ruozhong Xuan ,  Yin Wang ,  Madhu Gindi ,  Garima Pal ,  Vincent Li

IPC: H04L61/2514 ,  H04L9/40 ,  H04L101/659 ,  H04L101/35 ,  H04L45/748

CPC classification number: H04L61/2514 ,  H04L45/748 ,  H04L61/305 ,  H04L61/6059 ,  H04L63/0272

Abstract: In one embodiment, a method includes determining, by a router, a common prefix pool from a transport interface associated with a transport virtual private network (VPN). The method also includes identifying, by the router, a prefix associated with a service VPN and generating, by the router, an IPv6-to-IPv6 Network Address Translation (NAT66) prefix translation using the common prefix pool and the prefix. The NAT66 prefix translation includes a predetermined prefix length. The method further includes automatically installing, by the router, the NAT66 prefix translation into a translation table.