公开(公告)号：US20230116947A1

公开(公告)日：2023-04-20

申请号：US18066446

申请日：2022-12-15

Applicant: Cisco Technology, Inc.

Inventor： Balaji SUNDARARAJAN ,  Alberto RODRIGUEZ NATAL ,  Yegappan LAKSHMANAN ,  Fabio R. MAINO ,  Anand OSWAL

IPC: H04L9/40 ,  G06F21/56 ,  G06F21/53 ,  G06F21/55

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US20210126927A1

公开(公告)日：2021-04-29

申请号：US16666143

申请日：2019-10-28

Applicant: Cisco Technology, Inc.

Inventor： Balaji SUNDARARAJAN ,  Alberto RODRIGUEZ NATAL ,  Yegappan LAKSHMANAN ,  Fabio R. MAINO ,  Anand OSWAL

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US20220158869A1

公开(公告)日：2022-05-19

申请号：US17649955

申请日：2022-02-04

Applicant: Cisco Technology, Inc.

Inventor： Anand OSWAL ,  Muninder S. SAMBI ,  Sanjay K. HOODA ,  Gangadharan Byju PULARIKKAL ,  Kedar KARMARKAR

IPC: H04L12/46 ,  H04L12/18 ,  H04L61/5014 ,  H04L61/58 ,  H04L101/668

Abstract: Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to an identifier and tag.

公开(公告)号：US20210226817A1

公开(公告)日：2021-07-22

申请号：US16746903

申请日：2020-01-19

Applicant: Cisco Technology, Inc.

Inventor： Anand OSWAL ,  Muninder S. SAMBI ,  Sanjay K. HOODA ,  Gangadharan Byju PULARIKKAL ,  Kedar KARMARKAR

IPC: H04L12/46 ,  H04L12/18 ,  H04L29/12

Abstract: Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to a Virtual Network Identifier (VNI) and Scalable Group Tag (SGT).

公开(公告)号：US20150230274A1

公开(公告)日：2015-08-13

申请号：US14175079

申请日：2014-02-07

Applicant: Cisco Technology, Inc.

Inventor： Shivangi SHARMA ,  Daniel G. WING ,  Parameswaran KUMARASAMY ,  Parag Pritam THAKORE ,  Anand OSWAL ,  Vamsidhar VALLURI

IPC: H04W76/02 ,  H04W72/10

CPC classification number: H04W76/12 ,  H04W72/1242

Abstract: In one embodiment, a method for the prioritized transmission of messages includes monitoring a network link of a mobile device to determine performance characteristics of the network link, establishing a network association between the mobile device and a routing network node, receiving a connection request from an application that is directed to a connection between the mobile device and a destination server, determining a relative priority of the connection, mapping the connection to a stream of the network association that is associated with the relative priority of the connection and identifies the destination server, and transmitting messages for the stream to the routing network node interlaced with messages of other streams of the network association based on the performance characteristics of the network link and the relative priority associated with the stream in comparison to relative priorities associated with the other streams of the network association.

Abstract translation: 在一个实施例中，用于优先发送消息的方法包括监视移动设备的网络链路以确定网络链路的性能特征，建立移动设备与路由网络节点之间的网络关联，从 针对移动设备和目的地服务器之间的连接的应用，确定连接的相对优先级，将连接映射到与连接的相对优先级相关联的网络关联的流并且识别目的地服务器， 以及基于所述网络链路的性能特征和与所述流相关联的相对优先级与与所述网络链路的其他流的相关优先级相关联的相对优先级相比较，将与所述网络关联的其他流的消息隔离的所述流的消息发送到所述路由网络节点 网络协会。