公开(公告)号：US11979384B2

公开(公告)日：2024-05-07

申请号：US18197867

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Nagendra Kumar Nainar ,  Arvind Tiwari ,  Rajiv Asati

IPC: H04L67/56 ,  H04L9/40 ,  H04L43/08 ,  H04L67/10 ,  G16Y10/75

CPC classification number: H04L63/0281 ,  H04L43/08 ,  H04L63/0263 ,  H04L63/10 ,  H04L63/1408 ,  H04L67/10 ,  H04L67/56 ,  G16Y10/75

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

公开(公告)号：US11888912B1

公开(公告)日：2024-01-30

申请号：US17736637

申请日：2022-05-04

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Rajiv Asati ,  Nitin Kumar ,  Luc De Ghein

IPC: H04L65/611 ,  H04L65/60

CPC classification number: H04L65/611 ,  H04L65/60

Abstract: This disclosure describes techniques for configuring an edge router of a communication provider network, the edge router coupled to communicate with a plurality of media streaming playback devices. Based at least in part on an indication of characteristics associated with the plurality of media streaming playback devices, a first multicast join for the edge router is configured to the communication provider network such that one or more media servers delivers a first plurality of media streams to the edge router via the communication provider network. Based at least in part on an indication of a request for an additional media stream not included in the first plurality of media streams, a second multicast join for the edge router is configured to the communication provider network such that the one or more media servers delivers the additional media stream to the edge router via the communication provider network.

公开(公告)号：US11444941B2

公开(公告)日：2022-09-13

申请号：US16748965

申请日：2020-01-22

Applicant: Cisco Technology, Inc.

Inventor： Alan Robert Lynn ,  Frank Michaud ,  Carlos M. Pignataro ,  Rajiv Asati

IPC: H04L29/06 ,  H04L9/40 ,  G06F7/58

Abstract: The present technology pertains to a system that authenticates the identity of a user trying to access a service. The system comprises an authentication provider configured to communicate authentication requirements to a continuous multifactor authentication device and the continuous multifactor authentication device configured to receive authentication requirements, to fuse multiple identification factors into an identification credential for a user according to the authentication requirements, and to send the authentication credential to the authentication provider. After receiving the identification credential meeting the authentication requirements, the authentication provider is configured to instruct a service provider to initiate a session.

公开(公告)号：US20220239585A1

公开(公告)日：2022-07-28

申请号：US17160508

申请日：2021-01-28

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Rajiv Asati ,  IJsbrand Wijnands ,  Stephane Litkowski ,  Nitin Kumar

IPC: H04L12/761 ,  H04L12/707 ,  H04L12/18 ,  H04L29/06 ,  H04L12/46

Abstract: A method is performed at a router configured to perform Bit Index Explicit Replication (BIER) for forwarding of multicast packets in a network. The method includes, upon receiving a multicast packet of a multicast flow, accessing flow mappings in which multicast flows are mapped to fixed accounting values corresponding to the multicast flows. The method further comprises generating a BIER header for the multicast packet by encoding a multi-segment entropy field of the BIER header with (i) a variable entropy value for equal-cost multi-path (ECMP) load balancing, and (ii) a fixed accounting value among the fixed accounting values that is mapped to the multicast flow in the flow mappings. The method also includes encapsulating the multicast packet with the BIER header to produce an encapsulated multicast packet, and forwarding the encapsulated multicast packet.

公开(公告)号：US20220109604A1

公开(公告)日：2022-04-07

申请号：US17552884

申请日：2021-12-16

Applicant: Cisco Technology, Inc.

Inventor： Raghavendra Suryanarayanarao ,  Om Prakash Suthar ,  Aeneas Sean Dodd-Noble ,  Vivek Agarwal ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: H04L41/0668 ,  H04W76/10 ,  H04L47/125 ,  H04W72/10 ,  H04L41/0893

Abstract: Techniques are presented in which a new information element signaling priority of a management entity is included in a setup (e.g., S1-Setup) response or configuration update message sent by a management entity to a base station entity. The base station entity interprets this priority information along with the relative capacity information in an appropriate way to load-distribute the traffic/calls to highly preferable management entity instances (at a local site) when they are available, and switchover/failover to lower preference management entity instances (at a remote site) when there is a local site outage/failure or insufficient capacity in a geo-resilient pooled network.

公开(公告)号：US11252063B2

公开(公告)日：2022-02-15

申请号：US16745035

申请日：2020-01-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: G06F15/173 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media are disclosed for use of an overlay network termination endpoint as a proxy to collect telemetry data for micro-services or specific applications provided by containers in overlay data centers. In one aspect of the present disclosure, a method includes receiving, at a controller, a probe for flow statistics associated with a service path, the probe including corresponding flow identification information, extracting the corresponding flow identification information from the probe, obtaining the flow statistics from an agent based on the flow identification information, the agent being configured to manage a plurality of containers, generating a response packet including the flow statistics obtained from the agent and sending the response packet to an initiator from which the query is received.

公开(公告)号：US11228651B2

公开(公告)日：2022-01-18

申请号：US16559526

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Edward A. Warnicke ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rajiv Asati

IPC: H04L29/08 ,  H04L12/26

Abstract: Techniques for network validation are provided. A first request is received at a first manager component, from a first client. The first client and the first manager component are on a first node of a plurality of nodes, and the first request specifies a desired network service. A first network service endpoint that is capable of providing the desired network service is identified, where the first network service endpoint is on a second node of the plurality of nodes. A connection is established between a first validation agent on the first node and a second validation agent on the second node. Finally, upon determining that the connection between the first and second validation agents satisfies predefined criteria, a connection is established between the first client and the first network service endpoint.

公开(公告)号：US11128546B2

公开(公告)日：2021-09-21

申请号：US15834291

申请日：2017-12-07

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati

IPC: G06F15/173 ,  H04L12/24 ,  G06N20/00

Abstract: A method is provided to generate a network risk heatmap. The method includes obtaining first data related to technical support and operations issues of a network that includes a plurality of network elements and second data related to updates and configurations of the network. The method involves analyzing the first data and the second to generate a device risk heatmap rule that determines a level of predictive failure risk as a function of network telemetry data indicative of real-time operations of the network. The method further includes applying the device risk heatmap rule to network telemetry data collected from the network to create a network heatmap representing a level of predictive failure risk for the plurality of network elements in the network. The method then includes instantiating a path or tunnel in the network based on the network heatmap.

公开(公告)号：US11102135B2

公开(公告)日：2021-08-24

申请号：US16449991

申请日：2019-06-24

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rajiv Asati

IPC: H04L12/841 ,  H04L29/06 ,  H04L29/08 ,  H04L12/721 ,  H04L12/725 ,  H04L12/717 ,  H04L12/851

Abstract: In some aspects, a method of the technology can include steps for sending a packet along a service function chain (SFC) to an egress node, the SFC comprising a plurality of service function forwarders (SFFs), wherein each SFF is associated with at least one service function (SF), and receiving the packet at a first SFF in the SFC, wherein the first SFF is associated with a first SF. In some aspects, the first SFF can also be configured to perform operations including: reading an option flag of the packet, and determining whether to forward the packet to the first based on the option flag. Systems and machine-readable media are also provided.

公开(公告)号：US11082342B2

公开(公告)日：2021-08-03

申请号：US16511730

申请日：2019-07-15

Applicant: Cisco Technology, Inc.

Inventor： Rajiv Asati ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/741 ,  H04L29/08 ,  H04L29/06 ,  H04L12/715

Abstract: A method is provided in one example embodiment and may include receiving a packet by a forwarder in an Information-Centric Networking (ICN) network; determining Bit Index Explicit Replication (BIER) information associated with the packet; and forwarding the packet based, at least in part, on the BIER information associated with the packet. The packet can be an interest packet or a data packet received by the forwarder in the ICN network.