公开(公告)号：WO2023287624A1

公开(公告)日：2023-01-19

申请号：PCT/US2022/036255

申请日：2022-07-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent ,  MESTERY, Kyle Andrew Donald

IPC: H04L47/10 ,  H04L9/40 ,  H04L67/1004

Abstract: Techniques for using computer networking protocol extensions to route control‑plane traffic and data-plane traffic associated with a common application are described herein. For instance, a traffic flow associated with an application may be established such that control-plane traffic is sent to a control-plane node associated with the application and data‑plane traffic is sent to a data-plane node associated with the application. When a client device sends an authentication request to connect to the application, the control‑plane node may send an indication of a hostname to be used by the client device to send data-plane traffic to the data-node. As such, when a packet including the hostname corresponding with the data‑plane node is received, the packet may be forwarded to the data-plane node.

公开(公告)号：WO2022125814A1

公开(公告)日：2022-06-16

申请号：PCT/US2021/062673

申请日：2021-12-09

Applicant: CISCO TECHNOLOGY, INC. [US]/[US]

Inventor： DURAJ, Grzegorz Boguslaw ,  RANGEL AUGUSTO, Leonardo ,  MESTERY, Kyle Andrew Donald

IPC: H04L67/1023 ,  H04L45/302 ,  H04L47/125 ,  H04L47/2441 ,  H04L9/32

Abstract: Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein.

公开(公告)号：WO2023059416A1

公开(公告)日：2023-04-13

申请号：PCT/US2022/042632

申请日：2022-09-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent ,  MESTERY, Kyle Andrew Donald

IPC: G06F9/50 ,  G06F9/5088 ,  H04L47/125 ,  H04L47/2416 ,  H04L47/29 ,  H04L47/528 ,  H04L47/726

Abstract: Techniques for orchestrating workloads based on policy to operate in optimal host and/or network proximity in cloud-native environments are described herein. The techniques may include receiving flow data associated with network paths between workloads hosted by a cloud-based network. Based at least in part on the flow data, the techniques may include determining that a utilization of a network path between a first workload and a second workload is greater than a relative utilization of other network paths between the first workload and other workloads. The techniques may also include determining that reducing the network path would optimize communications between the first workload and the second workload without adversely affecting communications between the first workload and the other workloads. The techniques may also include causing at least one of a redeployment or a network path re-routing to reduce the networking proximity between the first workload and the second workload.

公开(公告)号：WO2022066496A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/050619

申请日：2021-09-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MESTERY, Kyle Andrew Donald ,  WELLS, Ian James ,  DURAJ, Grzegorz Boguslaw

IPC: H04L12/24

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：WO2021206895A1

公开(公告)日：2021-10-14

申请号：PCT/US2021/023499

申请日：2021-03-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WELLS, Ian James ,  MESTERY, Kyle Andrew Donald

IPC: G06F9/50

Abstract: Methods and architecture for load-correcting requests for serverless functions to reduce latency of serverless computing are provided. An example technique exploits knowledge that a given server node does not have a serverless function ready to run or is overloaded. Without further processing overhead or communication, the server node shifts the request to a predetermined alternate node without assessing a current state of the alternate node, an efficient decision based on probability that a higher chance of fulfillment exists at the alternate node than at the current server, even with no knowledge of the alternate node. In an implementation, the server node refers the request but also warms up the requested serverless function, due to likelihood of repeated requests or in case the request is directed back. An example device has a front-end redirecting server and a backend serverless system in a single component.

公开(公告)号：WO2023034058A1

公开(公告)日：2023-03-09

申请号：PCT/US2022/041054

申请日：2022-08-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： CHITRIGI GANESH, Pankaj ,  MESTERY, Kyle Andrew Donald ,  LI, Danxiang ,  LALANI, Rahim ,  KIELBASINSKI, Andrzej Konrad

IPC: H04L12/46

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：WO2022251307A1

公开(公告)日：2022-12-01

申请号：PCT/US2022/030845

申请日：2022-05-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MURRAY, Christopher, Blair ,  LANGEMAK, Jon ,  WONG, Alvin ,  PEREIRA, Alvaro, Cesar ,  MESTERY, Kyle Andrew Donald

IPC: H04L45/50 ,  H04L45/64 ,  H04L45/76

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：WO2021146055A1

公开(公告)日：2021-07-22

申请号：PCT/US2020/067559

申请日：2020-12-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MESTERY, Kyle Andrew Donald ,  WELLS, Ian

IPC: H04L12/24 ,  G06N20/00 ,  G06N7/005 ,  H04L41/5019 ,  H04L41/5051 ,  H04L41/508 ,  H04L47/127

Abstract: Systems, methods, computer-readable media are disclosed for influencing serverless function placement across hosts within a network. A method includes receiving a notification from a network component, the notification indicating a performance bottleneck in association with one or more instances of a serverless function being executed at one or more hosts of a network; initiating at least one additional instance of the serverless function in response to the performance bottleneck; and sending a message to the network component identifying the at least one additional instance of the serverless function, the network component directing network traffic based on the message.

公开(公告)号：WO2023076371A1

公开(公告)日：2023-05-04

申请号：PCT/US2022/047867

申请日：2022-10-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MESTERY, Kyle Andrew Donald ,  PARLA, Vincent

IPC: H04L9/40

Abstract: Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud‑based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.

公开(公告)号：WO2022251295A1

公开(公告)日：2022-12-01

申请号：PCT/US2022/030828

申请日：2022-05-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MESTERY, Kyle Andrew Donald ,  MURRAY, Christopher Blair ,  LANGEMAK, Jon ,  LALANI, Rahim ,  WONG, Alvin

IPC: H04L45/50 ,  H04L45/76 ,  H04L45/02 ,  H04L45/64

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.