公开(公告)号：WO2016065097A1

公开(公告)日：2016-04-28

申请号：PCT/US2015/056816

申请日：2015-10-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUICHARD, James ,  QUINN, Paul ,  PIGNATARO, Carlos, M.

IPC: H04L12/701 ,  H04L12/725 ,  H04L12/721 ,  H04L12/859

CPC classification number: H04L45/306 ,  H04L29/0653 ,  H04L45/00 ,  H04L45/38 ,  H04L47/2475

Abstract: A controller that is in communication with the plurality of network nodes establishes a service path for a service chain defined by an ordered sequence of service functions to be performed at respective ones of one or more of the plurality of network nodes. The controller assigns a predetermined service path identifier and a predetermined service index value for a segment of the service chain that includes only one or more network nodes not capable of decapsulating packets to extract a network service header so as to designate the one or more network nodes determined not capable of decapsulating packets to extract the network service header as a single service hop segment in the service chain.

Abstract translation: 与所述多个网络节点通信的控制器为由所述多个网络节点中的一个或多个网络节点中的一个或多个的相应的一个服务功能定义的服务链建立服务路径。 控制器为仅包括一个或多个不能解包分组的网络节点的服务链的段分配预定的服务路径标识符和预定的服务索引值，以提取网络服务头，以便指定一个或多个网络节点 确定不能解包分组，以将服务链中的单个服务跳段提取出网络服务头。

公开(公告)号：WO2006133301A2

公开(公告)日：2006-12-14

申请号：PCT/US2006/022130

申请日：2006-06-07

Applicant: CISCO TECHNOLOGY, INC. ,  BRADFORD, Richard ,  VASSEUR, Jean-Philippe ,  GUICHARD, James

Inventor： BRADFORD, Richard ,  VASSEUR, Jean-Philippe ,  GUICHARD, James

IPC: H04L12/26

CPC classification number: H04L45/28 ,  H04L41/0677 ,  H04L41/12 ,  H04L45/04 ,  H04L45/10 ,  H04L45/22 ,  H04L63/04

Abstract: In response to a failure within a sub-network of a heterogeneous network, an external device is signaled that the failure has occurred by inclusion of an encoded identifier of the failure location with the signaling. The encoded identifier enables identification of the failure location within the sub-network while masking the identity of the failure location to the external device, and may be realized by using an encrypted sub-object or a token that is associated with the failure location information, which remains stored within the sub-network. The external device responds by issuing a path-establishment message indicating that a new communications path should be established and should exclude the failure location as identified by the encoded identifier, which is included in the path-establishment message.

Abstract translation: 响应于异构网络的子网内的故障，外部设备被用信号通知包含失败位置的编码标识符与信令发生故障。 编码的标识符使得能够识别子网内的故障位置，同时屏蔽到外部设备的故障位置的身份，并且可以通过使用加密的子对象或与故障位置信息相关联的令牌来实现， 其保持在子网内。 外部设备通过发出指示应该建立新的通信路径的路径建立消息来进行响应，并且应该排除由包括在路径建立消息中的编码标识符识别的故障位置。

公开(公告)号：WO2014197193A3

公开(公告)日：2014-12-11

申请号：PCT/US2014/038687

申请日：2014-05-20

Applicant: CISCO TECHNOLOGY INC.

Inventor： GUICHARD, James ,  PIGNATARO, Carlos, M. ,  WARD, David ,  QUINN, Paul ,  KUMAR, Surendra

IPC: H04L12/703 ,  H04L12/725 ,  H04L12/24

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

公开(公告)号：WO2006031443A2

公开(公告)日：2006-03-23

申请号：PCT/US2005/031015

申请日：2005-08-31

Applicant: CISCO TECHNOLOGY, INC. ,  GUICHARD, James

Inventor： GUICHARD, James

IPC: H04L12/28

CPC classification number: H04L45/54 ,  H04L45/02

Abstract: A method, apparatus and computer program product for providing dynamic routing support for Half-Duplex Virtual Routing and Forwarding (HDVRF) environments. The method, apparatus and computer program function to configure a forwarding Virtual Routing and Forwarding (VRF) table for a router with information to forward incoming packets to a central location within a hub and spoke environment. The method, apparatus and computer program also function to populate a routing Virtual Routing and Forwarding (VRF) table for the router with routing information received from ingress interfaces of the router. The method, apparatus and computer program function further forwards packets received on egress interfaces of the router according to the forwarding VRF table.

Abstract translation: 用于为半双工虚拟路由和转发（HDVRF）环境提供动态路由支持的方法，装置和计算机程序产品。 所述方法，装置和计算机程序功能为路由器配置转发虚拟路由和转发（VRF）表，其具有将输入分组转发到集散辐射环境内的中央位置的信息。 该方法，设备和计算机程序还用于利用从路由器的入口接口接收到的路由信息​​填充路由器的路由虚拟路由和转发（VRF）表。 该方法，设备和计算机程序功能根据转发VRF表进一步转发在路由器的出口接口上接收到的分组。

公开(公告)号：WO2015057404A1

公开(公告)日：2015-04-23

申请号：PCT/US2014/059011

申请日：2014-10-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： QUINN, Paul ,  GUICHARD, James ,  KUMAR, Surendra

IPC: H04L12/931 ,  H04L29/08

CPC classification number: H04L45/74 ,  H04L45/306 ,  H04L49/354 ,  H04L49/70 ,  H04L67/327

Abstract: Presented herein are techniques in which a service proxy in a service node is configured to receive a packet encapsulated in a service header that includes a variable set of context headers. The service proxy is configured to use the context headers in the service header to map data in the packet to a local identifier that is associated with one of a plurality of service-functions hosted by the service node. The service proxy is further configured to forward the data in the packet to the service-function associated with the local identifier.

Abstract translation: 这里呈现的是其中服务节点中的服务代理被配置为接收封装在包括可变集上下文头部的服务头部中的分组的技术。 服务代理被配置为使用服务头部中的上下文头部将分组中的数据映射到与由服务节点托管的多个服务功能中的一个相关联的本地标识符。 服务代理还被配置为将分组中的数据转发到与本地标识符相关联的服务功能。

公开(公告)号：WO2014182615A1

公开(公告)日：2014-11-13

申请号：PCT/US2014/036789

申请日：2014-05-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUICHARD, James ,  QUINN, Paul ,  WARD, David ,  KUMAR, Surendra ,  YADAV, Navindra ,  SMITH, Michael, R. ,  BAGEPALLI, Nagaraj, A.

IPC: H04L12/24

CPC classification number: H04L45/306 ,  H04L41/0893 ,  H04L47/2441 ,  H04L69/22

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

Abstract translation: 提供了技术来将服务链结构与底层网络转发状态分离，并允许服务链转发要求的数据平面学习和服务功能状态要求与服务链的前向和后向转发路径之间的任何关联。 在包括多个网络节点的网络中，每个网络节点被配置为将服务功能应用于通过相应网络节点的业务，在网络节点处接收分组。 当网络节点确定其应用的服务功能是有状态时，它更新分组的网络服务报头中的上下文信息，以指示在网络节点处应用的服务功能是有状态的，并且用于与分类标准匹配的反向路径的业务 将被返回到网络节点。

公开(公告)号：WO2017142934A1

公开(公告)日：2017-08-24

申请号：PCT/US2017/017947

申请日：2017-02-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： QUINN, Paul ,  LIPMAN, Michael, E. ,  MILANO, Mike ,  WARD, David, D. ,  GUICHARD, James ,  SANDLER, Leonid ,  KRAVCHIK, Moshe ,  LIFAR, Alena ,  MILLER, Darrin

IPC: H04L29/06 ,  G06F21/62 ,  H04W12/08

CPC classification number: H04L63/107 ,  G06F21/602 ,  G06F21/6218 ,  H04L63/0428 ,  H04L63/108 ,  H04L63/20 ,  H04W12/08

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract translation: 本文公开了用于确定是否允许或继续允许访问受保护的数据资产的各种系统和方法。 例如，一种方法涉及接收访问受保护的数据资产的请求，其中该请求是从第一用户设备接收的; 确定是否准许访问所述受保护的数据资产，其中所述确定包括评估与所述第一用户设备相关联的一个或多个准则，并且所述准则包括与第一策略约束相关联的第一信息; 并且响应于确定访问受保护的数据资产将被授予，授予访问受保护的数据资产。

公开(公告)号：WO2014189670A1

公开(公告)日：2014-11-27

申请号：PCT/US2014/036907

申请日：2014-05-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus, G.P. ,  GUICHARD, James ,  BARACH, Dave ,  DUMINUCO, Alessandro ,  FANG, Luyuan ,  QUINN, Paul ,  FERNANDO, Rex ,  WARD, David

IPC: H04L12/715

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract translation: 这里提出的是在包括一个或多个服务区域的网络环境中使用的技术，每个服务区域包括要应用于网络业务的在线应用服务的至少一个实例以及一个或多个路由器以将网络流量引导到 至少一个服务，以及被分配给唯一服务区的路由目标，以用作通过控制协议在其他服务区域，目的地网络或源网络的路由器之间路由导入和导出的社区值。 每个服务区域或目标网络中的边缘路由器通过其路由目标标记的目标网络前缀来通告路由。 通过在服务区域或源网络的边缘路由器上的路由目标导入和导出目标网络前缀来创建服务链。