公开(公告)号：WO2022169614A1

公开(公告)日：2022-08-11

申请号：PCT/US2022/013343

申请日：2022-01-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus, Gp ,  NAPPER, Jeffrey, Michael ,  DUMINUCO, Alessandro ,  MULLENDER, Sape, Jurrien ,  BARBOT, Julien ,  PARLA, Vincent, E.

IPC: H04L9/40 ,  H04L61/4511 ,  H04L61/59

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configmed to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

公开(公告)号：WO2023044174A1

公开(公告)日：2023-03-23

申请号：PCT/US2022/047826

申请日：2022-10-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent, E. ,  MESTERY, Kyle, Andrew Donald ,  DESHMUKH, Rajvardhan, Somraj ,  CAM-WINGET, Nancy, Patrica

IPC: H04W12/08 ,  H04L9/40 ,  H04L67/56 ,  H04L12/46 ,  H04W28/02

Abstract: Techniques for encoding metadata representing a policy into a QUIC connection ID are described herein. A metadata-aware network including one or more enforcement nodes, a policy engine, and/or a connection datastore may be utilized to enforce a policy and route communications on a QUIC connection. The policy engine may be configured to encode metadata representing one or more network policies into a QUIC source connection ID (SCID) and/or may store a mapping between the SCID and a corresponding destination connection ID (DCID) in the connection datastore. The policy engine may communicate with a QUIC application server and/or one or more QUIC proxy nodes to encode the SCID into a QUIC packet. The enforcement nodes may access the metadata and enforce the policies via a connection ID included in a QUIC header of a QUIC packet or by performing a lookup in the connection datastore using the connection ID.

公开(公告)号：WO2023043727A1

公开(公告)日：2023-03-23

申请号：PCT/US2022/043336

申请日：2022-09-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent, E. ,  MESTERY, Kyle, Andrew, Donald

IPC: H04W12/08 ,  H04L9/40 ,  H04L67/56

Abstract: Techniques for leveraging the MASQUE protocol to provide remote clients with full application access to private enterprise resources are described herein. One or more network nodes may be configured to execute a MASQUE proxy service to provide a remote client device with full access to an enterprise/private application resource executing on an application node and hosted in an enterprise/ application network, behind the MASQUE proxy service. In some examples, the MASQUE proxy service may execute on a single proxy node hosted at an edge of a cloud network or at an edge of an enterprise network. Additionally, or alternatively, a first instance of the MASQUE proxy service may execute on a first proxy node hosted at an edge of a cloud network (e.g., an ingress proxy node) and a second instance of the MASQUE proxy service may execute on a second proxy node hosted at an edge of the enterprise network.

公开(公告)号：WO2023076301A1

公开(公告)日：2023-05-04

申请号：PCT/US2022/047765

申请日：2022-10-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent, E. ,  MESTERY, Kyle, Andrew Donald

IPC: H04W12/08 ,  H04L9/40 ,  H04L67/56 ,  H04L61/103 ,  H04L12/46 ,  H04L61/59

Abstract: Techniques for tunneling Layer 2 ethernet frames over a connection tunnel using the MASQUE protocol are described herein. The MASQUE protocol may be extended to include a new entity, configured to proxy ethernet frames using a MASQUE proxy connection, and an associated CONNECT method, CONNECT-ETH. Using the extended MASQUE protocol, an Ethernet over MASQUE (EoMASQUE) tunnel may then be established between various networks that are remote from one another and connected to the internet. An EoMASQUE tunnel, established between separate remote client premises, and/or between a remote client premise and an enterprise premise, may tunnel ethernet packets between the endpoints. Additionally, a first EoMASQUE tunnel, established between a first client router provisioned in a first remote client premise and an EoMASQUE proxy node, and a second EoMASQUE tunnel, established between a second client premise and the EoMASQUE proxy node, may tunnel ethernet packets between the first and second client premise.

公开(公告)号：WO2022272118A1

公开(公告)日：2022-12-29

申请号：PCT/US2022/034976

申请日：2022-06-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent, E. ,  ZAWADOWSKIY, Andrew ,  BESSONOV, Oleg ,  BOSCH, Hendrikus, G., P.

IPC: H04L45/30 ,  H04L45/302 ,  H04L47/20 ,  H04L47/24 ,  H04L47/2425 ,  H04L45/3065

Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.