公开(公告)号：US11711299B2

公开(公告)日：2023-07-25

申请号：US16863713

申请日：2020-04-30

Applicant: Cisco Technology, Inc.

Inventor： Xueqiang Ma ,  Dave Persaud ,  Kalyan Ghosh

IPC: H04L45/74 ,  G06F9/455 ,  H04L67/1095

CPC classification number: H04L45/74 ,  G06F9/45558 ,  H04L67/1095 ,  G06F2009/45595

Abstract: This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

公开(公告)号：US11343234B2

公开(公告)日：2022-05-24

申请号：US16709188

申请日：2019-12-10

Applicant: Cisco Technology, Inc.

Inventor： Xueqiang Ma ,  Dave Persaud ,  Kalyan Ghosh

IPC: H04L29/06

Abstract: Presented herein are methodologies for implementing multi-domain cloud security and ways to partition end-points in data center/cloud network topologies into hierarchical domains to increase security and key negotiation efficiency. The methodology includes receiving, from a first endpoint, at a cloud security protocol stack, a packet encrypted in accordance with a cloud security key negotiated between the first endpoint and a second endpoint; extracting a cloud security globally unique domain-id from the packet; querying a cloud security domain repository using the cloud security globally unique domain-id as an index to identify a first cloud security domain, among a plurality of cloud security domains, to which the first endpoint and the second endpoint belong; and selecting the first cloud security domain to process the packet.

公开(公告)号：US11290436B2

公开(公告)日：2022-03-29

申请号：US16249785

申请日：2019-01-16

Applicant: Cisco Technology, Inc.

Inventor： Dave Persaud ,  Xueqiang Ma ,  Kalyan K. Ghosh ,  Kondal R. Boreddy

IPC: H04L29/06 ,  H04L9/08

Abstract: Techniques for key distribution are provided. A first symmetric key is generated for a first downstream site, and a second symmetric key is generated for a second downstream site. The first symmetric key is transmitted to the first downstream site, and the second symmetric key is transmitted to the second downstream site. Upon receiving an indication that the first symmetric key was successfully deployed at the first downstream site, the first symmetric key is deployed on a first network node of an upstream site. Finally, upon determining that the second symmetric key was not successfully deployed at the second downstream site, techniques include refraining from deploying the second symmetric key to a second network node of the upstream site, where the second network node continues to communicate with the second downstream site using an original symmetric key.

公开(公告)号：US20210218673A1

公开(公告)日：2021-07-15

申请号：US16863713

申请日：2020-04-30

Applicant: Cisco Technology, Inc.

Inventor： Xueqiang Ma ,  Dave Persaud ,  Kalyan Ghosh

IPC: H04L12/741 ,  H04L29/08 ,  G06F9/455

Abstract: This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

公开(公告)号：US20210176224A1

公开(公告)日：2021-06-10

申请号：US16709188

申请日：2019-12-10

Applicant: Cisco Technology, Inc.

Inventor： Xueqiang Ma ,  Dave Persaud ,  Kalyan Ghosh

IPC: H04L29/06

Abstract: Presented herein are methodologies for implementing multi-domain cloud security and ways to partition end-points in data center/cloud network topologies into hierarchical domains to increase security and key negotiation efficiency. The methodology includes receiving, from a first endpoint, at a cloud security protocol stack, a packet encrypted in accordance with a cloud security key negotiated between the first endpoint and a second endpoint; extracting a cloud security globally unique domain-id from the packet; querying a cloud security domain repository using the cloud security globally unique domain-id as an index to identify a first cloud security domain, among a plurality of cloud security domains, to which the first endpoint and the second endpoint belong; and selecting the first cloud security domain to process the packet.