公开(公告)号：WO2022005746A1

公开(公告)日：2022-01-06

申请号：PCT/US2021/037556

申请日：2021-06-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： QUINN, Paul ,  MESTERY, Kyle Andrew Donald

IPC: H04L29/12 ,  H04L29/08 ,  H04L61/1511 ,  H04L67/1002 ,  H04L67/141

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：WO2010027659A3

公开(公告)日：2010-03-11

申请号：PCT/US2009/054256

申请日：2009-08-19

Applicant: CISCO TECHNOLOGY, INC. ,  DURAZZO, Kenneth ,  QUINN, Paul

Inventor： DURAZZO, Kenneth ,  QUINN, Paul

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/445

Abstract: A generic service node that operates in a first state while waiting for instructions to adopt a specific service. Upon receiving the instructions, the generic service node operates in a second state where the node installs software received from a network to enable the generic service node to provide the specific service to the network. The generic service node is in communication with a control node or nodes such that the generic service node can be adapted to provide a particular service as requested by the control node(s).

公开(公告)号：WO2017189743A1

公开(公告)日：2017-11-02

申请号：PCT/US2017/029666

申请日：2017-04-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PENNO, Reinaldo ,  PIGNATARO, Carlos M. ,  QUINN, Paul ,  CHAU, Hung The ,  YEN, Chui-Tin ,  KANSAL, Vivek ,  WANG, Jianxin ,  LEUNG, Kent K.

IPC: H04L12/801 ,  H04L12/715 ,  H04L12/851

Abstract: Embodiments are directed to receiving an original packet at a service function; determining, for a reverse packet, a reverse service path identifier for a previous hop on a service function chain; determining, for the reverse packet, a service index for the reverse service path identifier; and transmitting the reverse packet to the previous hop on the service function chain.

Abstract translation: 实施例涉及在服务功能处接收原始分组; 针对反向分组确定服务功能链上的前一跳的反向服务路径标识符; 为反向分组确定反向业务路径标识符的服务索引; 并将反向分组发送到服务功能链上的前一跳。

公开(公告)号：WO2016065097A1

公开(公告)日：2016-04-28

申请号：PCT/US2015/056816

申请日：2015-10-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUICHARD, James ,  QUINN, Paul ,  PIGNATARO, Carlos, M.

IPC: H04L12/701 ,  H04L12/725 ,  H04L12/721 ,  H04L12/859

CPC classification number: H04L45/306 ,  H04L29/0653 ,  H04L45/00 ,  H04L45/38 ,  H04L47/2475

Abstract: A controller that is in communication with the plurality of network nodes establishes a service path for a service chain defined by an ordered sequence of service functions to be performed at respective ones of one or more of the plurality of network nodes. The controller assigns a predetermined service path identifier and a predetermined service index value for a segment of the service chain that includes only one or more network nodes not capable of decapsulating packets to extract a network service header so as to designate the one or more network nodes determined not capable of decapsulating packets to extract the network service header as a single service hop segment in the service chain.

Abstract translation: 与所述多个网络节点通信的控制器为由所述多个网络节点中的一个或多个网络节点中的一个或多个的相应的一个服务功能定义的服务链建立服务路径。 控制器为仅包括一个或多个不能解包分组的网络节点的服务链的段分配预定的服务路径标识符和预定的服务索引值，以提取网络服务头，以便指定一个或多个网络节点 确定不能解包分组，以将服务链中的单个服务跳段提取出网络服务头。

公开(公告)号：WO2015138767A1

公开(公告)日：2015-09-17

申请号：PCT/US2015/020242

申请日：2015-03-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KUMAR, Surendra M. ,  BAGEPALLI, Nagaraj A. ,  PATRA, Abhijit ,  QUINN, Paul ,  GUICHARD, James N. ,  BOSCH, Hendrikus G. P.

IPC: H04L12/725 ,  H04L12/24 ,  H04L12/801

CPC classification number: H04L45/02 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0893 ,  H04L41/0896 ,  H04L41/12 ,  H04L45/308 ,  H04L45/38

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract translation: 提供了一种网络环境中服务节点发起的服务链的示例方法，包括在包括多个服务节点和中心分类器的网络环境中的服务节点处接收分组，分析服务链修改的分组或 服务链启动，基于分析将服务节点处的分组分类到新的服务链，如果分析指示服务链启动，则在服务节点处启动新的服务链，并将分组的现有服务链修改为新的 服务链如果分析表明服务链修改。 在具体实施例中，分析包括应用对服务节点特定的分类逻辑。 可以从中央控制器接收一些实施例，服务节点属性和在网络中配置的基本上所有服务链中的服务节点的顺序。

公开(公告)号：WO2015094567A1

公开(公告)日：2015-06-25

申请号：PCT/US2014/066629

申请日：2014-11-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus G. P. ,  GUICHARD, James N. ,  WARD, David D. ,  DUMINUCO, Alessandro ,  FERNANDO, Rex E. ,  QUINN, Paul

IPC: H04L12/707 ,  H04L12/713 ,  H04L12/715

CPC classification number: H04L45/20 ,  H04L45/04 ,  H04L45/24 ,  H04L45/28 ,  H04L45/586

Abstract: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.

Abstract translation: 在一个示例实施例中提供了示例性方法，并且包括从服务链的服务区的前一跳路由器接收会话的分组; 记录会话的上一跳路由器; 确定使用负载平衡来服务所述服务区中的分组的设备; 记录在服务区域中为会话服务的设备身份; 使用负载平衡确定所述分组的服务链中的下一跳路由器; 并为会话记录下一跳路由器。

公开(公告)号：WO2016094907A1

公开(公告)日：2016-06-16

申请号：PCT/US2015/065610

申请日：2015-12-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUICHARD, James N. ,  QUINN, Paul ,  WARD, David D. ,  PIGNATARO, Carlos M.

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/721 ,  H04L12/851

CPC classification number: H04L47/125 ,  H04L45/306 ,  H04L45/38 ,  H04L45/74 ,  H04L47/2408 ,  H04L47/2441 ,  H04L67/02 ,  H04L67/1023 ,  H04L67/327 ,  H04L69/22 ,  H04W72/0486

Abstract: A method for load balancing based on metadata in a network service header. The method includes receiving a packet or frame of a traffic flow, wherein the packet or frame has a payload and the network service header including metadata and service path information for the traffic flow identifying the service path, and the metadata comprises classification information of the packet or frame, extracting, by a service header processor of the load balancer, the classification information of the metadata from the packet or frame, and applying, by a load balancing function of the load balancer, a load balancing policy on the packet or frame based on the classification information of the metadata.

Abstract translation: 一种基于网络服务头部元数据的负载均衡方法。 所述方法包括接收业务流的分组或帧，其中所述分组或帧具有有效载荷，并且所述网络服务报头包括标识所述服务路径的业务流的元数据和服务路径信​​息，并且所述元数据包括所述分组的分类信息 或帧，由负载平衡器的服务头处理器从分组或帧中提取元数据的分类信息，并通过负载平衡器的负载平衡功能应用基于分组或帧的负载均衡策略 关于元数据的分类信息。

公开(公告)号：WO2014197193A3

公开(公告)日：2014-12-11

申请号：PCT/US2014/038687

申请日：2014-05-20

Applicant: CISCO TECHNOLOGY INC.

Inventor： GUICHARD, James ,  PIGNATARO, Carlos, M. ,  WARD, David ,  QUINN, Paul ,  KUMAR, Surendra

IPC: H04L12/703 ,  H04L12/725 ,  H04L12/24

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

公开(公告)号：WO2017142934A1

公开(公告)日：2017-08-24

申请号：PCT/US2017/017947

申请日：2017-02-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： QUINN, Paul ,  LIPMAN, Michael, E. ,  MILANO, Mike ,  WARD, David, D. ,  GUICHARD, James ,  SANDLER, Leonid ,  KRAVCHIK, Moshe ,  LIFAR, Alena ,  MILLER, Darrin

IPC: H04L29/06 ,  G06F21/62 ,  H04W12/08

CPC classification number: H04L63/107 ,  G06F21/602 ,  G06F21/6218 ,  H04L63/0428 ,  H04L63/108 ,  H04L63/20 ,  H04W12/08

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract translation: 本文公开了用于确定是否允许或继续允许访问受保护的数据资产的各种系统和方法。 例如，一种方法涉及接收访问受保护的数据资产的请求，其中该请求是从第一用户设备接收的; 确定是否准许访问所述受保护的数据资产，其中所述确定包括评估与所述第一用户设备相关联的一个或多个准则，并且所述准则包括与第一策略约束相关联的第一信息; 并且响应于确定访问受保护的数据资产将被授予，授予访问受保护的数据资产。

公开(公告)号：WO2017015667A1

公开(公告)日：2017-01-26

申请号：PCT/US2016/043913

申请日：2016-07-25

Applicant: CISCO TECHNOLOGY, INC. ,  ERMAGAN, Vina ,  MAINO, Fabio R. ,  CORAS, Florin T. ,  MICLEA, Marius Horia ,  EVANS, John William ,  QUINN, Paul ,  LEWIS, Darrel Jay ,  WEIS, Brian E.

Inventor： ERMAGAN, Vina ,  MAINO, Fabio R. ,  CORAS, Florin T. ,  MICLEA, Marius Horia ,  EVANS, John William ,  QUINN, Paul ,  LEWIS, Darrel Jay ,  WEIS, Brian E.

IPC: H04L12/46 ,  H04L12/715

CPC classification number: H04L63/20 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/54 ,  H04L45/64 ,  H04L45/74 ,  H04L61/251 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/06 ,  H04L69/03

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products to program, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol, the mapping request comprising an EID tuple that includes a source identifier and a destination identifier; identify an RLOC based, at least in part, on the destination identifier of the EID tuple from the mapping database; and transmit the RLOC to the first tunneling router implementing an high level policy that has been dynamically resolved into a state of the mapping database.

Abstract translation: 实施例的方面涉及通过北向接口将端点标识符（EID）和路由定位器（RLOC）之间的映射直接编程到映射系统的映射数据库中的系统，方法和计算机程序产品; 从与第一虚拟网络相关联的第一隧道路由器接收对第二虚拟网络的映射请求，所述第一路由器符合定位符/ ID分离协议，所述映射请求包括包含源标识符和目的地的EID元组 标识符; 至少部分地基于来自映射数据库的EID元组的目的地标识符来识别RLOC; 并将RLOC发送到实现已经被动态地解析成映射数据库的状态的高级策略的第一隧道路由器。