公开(公告)号：US20230261999A1

公开(公告)日：2023-08-17

申请号：US18139449

申请日：2023-04-26

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/00 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

CPC classification number: H04L47/20 ,  H04L67/10 ,  H04L12/28 ,  H04L41/20 ,  H04L45/50 ,  H04L69/16 ,  H04L67/14 ,  H04L67/02

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US11528270B2

公开(公告)日：2022-12-13

申请号：US16867739

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L9/40 ,  H04L61/2503 ,  H04L67/52 ,  G06F21/41 ,  H04L101/622

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

公开(公告)号：US20210266262A1

公开(公告)日：2021-08-26

申请号：US16983346

申请日：2020-08-03

Applicant: Cisco Technology, Inc.

Inventor： Sridhar Subramanian ,  Fabio Rodolfo Maino ,  Alberto Rodriguez Natal ,  Vijoy Anand Pandey ,  Edward A. Warnicke ,  John Andrew Joyce ,  Timothy James Swanson ,  Loránd Jakab

IPC: H04L12/813 ,  H04L29/08 ,  H04L12/28 ,  H04L12/723 ,  H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.

公开(公告)号：US10003569B2

公开(公告)日：2018-06-19

申请号：US15411299

申请日：2017-01-20

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Pagalavan Krishnamoorthy ,  Peter Geoffrey Jones ,  Sridhar Subramanian

IPC: H04L29/12 ,  H04L12/741

CPC classification number: H04L61/2015 ,  H04L12/462 ,  H04L12/4633 ,  H04L45/745 ,  H04L61/103

Abstract: A system, computer-readable media, and methods for network resource sharing of routing and forwarding information are disclosed. The method may include receiving a first address for a device connected to a network and receiving one or more second addresses for the device. The method may also include identifying a first switch through which the device connects to the network and identifying a second switch for storing the first address and the one or more second addresses. Further, the method may include storing the first address in the first switch and storing the first address and the one or more second addresses in the second switch.

公开(公告)号：US20160261579A1

公开(公告)日：2016-09-08

申请号：US15154464

申请日：2016-05-13

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sridhar Subramanian

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L45/24 ,  H04L45/48 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0209 ,  H04L63/10 ,  H04L63/101 ,  H04L63/107 ,  H04L67/141 ,  H04L67/18 ,  H04L67/32 ,  H04L67/327

Abstract: A method, system, and computer readable medium is disclosed which utilizes the LISP control plane to increase communications and access to enterprise resources in a network with multiple subnetworks, such as a university setting. As a result, the various embodiments of the present invention provide a routing and services dimension to enterprise discovery protocol traffic, such as Apple Bonjour traffic. A LISP instance ID, which is carried in the LISP header, is used to associate one or more end user devices with specific enterprise resources in a particular subnetwork or a service domain, wherein these resources may be accessed by the end user device even if the end user device migrates to another subnetwork. Another embodiment of the invention limits routing services advertisements from enterprise services to a subset of end user devices associated with particular user EIDs by using L2-LISP multicast techniques.

公开(公告)号：US09049127B2

公开(公告)日：2015-06-02

申请号：US13793148

申请日：2013-03-11

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Pags Krishnamoorthy ,  Sridhar Subramanian ,  Venkataraman Natham

IPC: H04L12/803 ,  H04L12/801 ,  H04L12/721 ,  H04L29/08

CPC classification number: H04L47/10 ,  H04L45/38 ,  H04L45/66 ,  H04L47/125 ,  H04L67/1023

Abstract: The methods and devices discussed herein provide service clustering within a TRILL network without relying on an additional service insertion framework. A TRILL network can include one or more flow distribution RBridges for distributing flows to service nodes. Each flow distribution RBridge can have a virtual base identifier and one or more virtual cluster identifiers. An example method can include maintaining N service cluster load balancing structures and receiving a packet that is encapsulated with an inner header (source/destination addresses) and an outer header (ingress/egress RBridge identifiers). The method can include determining whether the egress RBridge identifier is a virtual cluster identifier, and if so, applying a hash function to a predetermined flow tuple and selecting a service node associated with the hash value from one of the N service cluster load balancing structures. The method can include forwarding the packet to the selected service node.

Abstract translation: 本文讨论的方法和设备提供TRILL网络内的服务集群，而不依赖于附加的服务插入框架。 TRILL网络可以包括用于将流分发到服务节点的一个或多个流分配RBridge。 每个流分布RBridge可以具有虚拟基本标识符和一个或多个虚拟集群标识符。 示例性方法可以包括维护N个服务集群负载平衡结构并且接收用内部报头（源/目标地址）和外部报头（入口/出口RBridge标识符）封装的分组。 该方法可以包括确定出口RBridge标识符是否是虚拟集群标识符，如果是，则将散列函数应用于预定流元组，并从N个业务集群负载平衡结构之一中选择与该散列值相关联的业务节点。 该方法可以包括将分组转发到所选择的服务节点。

公开(公告)号：US20200267147A1

公开(公告)日：2020-08-20

申请号：US16867739

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.

公开(公告)号：US20170373936A1

公开(公告)日：2017-12-28

申请号：US15193482

申请日：2016-06-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Victor Moreno ,  Mark Montanez ,  Sridhar Subramanian

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L41/0816 ,  H04L41/12 ,  H04L45/64 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/104 ,  H04L67/306

Abstract: Changes are made to a virtual network for an endpoint based on the authenticated user identity of the endpoint. The system includes a server and a controller associated with a network fabric to which the endpoint is connected. The network fabric includes network elements to carry network traffic for the endpoint. The server authenticates the endpoint associated with a network address and determines a user identity of the endpoint based on the authentication. The server determines a first virtual network associated with the user identity. The controller receives a notification from the server that the network traffic for the endpoint associated with the network address is to be routed over the first virtual network. The controller updates routing information to associate the network address with the first virtual network and sends the updated routing information to the network elements of the network fabric.

公开(公告)号：US09680751B2

公开(公告)日：2017-06-13

申请号：US14709125

申请日：2015-05-11

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Pags Krishnamoorthy ,  Sridhar Subramanian ,  Venkataraman Natham

IPC: H04L12/801 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08

CPC classification number: H04L47/10 ,  H04L45/38 ,  H04L45/66 ,  H04L47/125 ,  H04L67/1023

Abstract: The methods and devices discussed herein provide service clustering within a TRILL network without relying on an additional service insertion framework. A TRILL network can include one or more flow distribution RBridges for distributing flows to service nodes. Each flow distribution RBridge can have a virtual base identifier and one or more virtual cluster identifiers. An example method can include maintaining service cluster load balancing structures and receiving a packet that is encapsulated with an inner header and an outer header. The method can include determining whether the egress RBridge identifier is a virtual cluster identifier, and if so, selecting a service node from one of the service cluster load balancing structures. The method can include forwarding the packet to the selected service node.

公开(公告)号：US20180176218A1

公开(公告)日：2018-06-21

申请号：US15384365

申请日：2016-12-20

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.