公开(公告)号：US11316780B2

公开(公告)日：2022-04-26

申请号：US16833197

申请日：2020-03-27

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Jakob Heitz ,  William Michael Hudson, Jr. ,  Eric Voit

IPC: H04L29/12 ,  H04L9/32 ,  H04L9/06 ,  H04L12/725 ,  H04L12/715 ,  H04L45/302 ,  H04L45/00 ,  H04L101/622

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20200313956A1

公开(公告)日：2020-10-01

申请号：US16366053

申请日：2019-03-27

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz ,  Dhananjaya Kasargod Rao ,  Pascal Thubert

IPC: H04L12/24 ,  H04L12/703 ,  H04L12/933 ,  H04L12/745

Abstract: The present disclosure provides Border Gateway Protocol route aggregation in a Clos fabric when one or more communication failures are detected. A method includes receiving a prefix component of a first aggregate route from a first next hop node, the prefix component being associated with a failed network element; announcing, to one or more neighboring nodes, the first aggregate route along with the prefix component and the first next hop node associated with the failed network element; identifying, by the one or more neighboring nodes, a second aggregate route, the second aggregate route being a shortest aggregate route that contains the first aggregate route; and generating, from the second aggregate route, one or more Chad routes to the prefix component of the first aggregate route, wherein the one or more Chad routes are associated with one or more next hop nodes that are different from the first next hop node.

公开(公告)号：US11689442B2

公开(公告)日：2023-06-27

申请号：US17559640

申请日：2021-12-22

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L45/02

CPC classification number: H04L45/02

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

公开(公告)号：US20220116306A1

公开(公告)日：2022-04-14

申请号：US17559640

申请日：2021-12-22

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L45/02

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

公开(公告)号：US11271844B2

公开(公告)日：2022-03-08

申请号：US16781270

申请日：2020-02-04

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L12/751 ,  H04L45/02

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

公开(公告)号：US10608921B2

公开(公告)日：2020-03-31

申请号：US16160481

申请日：2018-10-15

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L12/751

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

公开(公告)号：US20230054738A1

公开(公告)日：2023-02-23

申请号：US17406321

申请日：2021-08-19

Applicant: Cisco Technology, Inc.

Inventor： Swadesh Agrawal ,  Dhananjaya Kasargod Rao ,  Jakob Heitz ,  Eric Voit

IPC: H04L29/06 ,  H04L12/741 ,  H04L12/751 ,  H04L9/32

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for secure network routing. A method includes: receiving, at a network node, an advertisement message for a network route including an IP address prefix; receiving, at the network node, a route origin authorization associated with the IP address prefix, the route origin authorization including a digital signature and a security requirement of a route to a destination that corresponds to the IP address prefix; determining, by the network node, one or more network nodes satisfies the security requirement to yield a determination; and determining, by the network node, to route network traffic to the IP address prefix based on the determination. In one example, the method can include, when the one or more network nodes satisfies the security requirement, advertising the route to the one or more network nodes that satisfies the security requirement.

公开(公告)号：US20210306256A1

公开(公告)日：2021-09-30

申请号：US16833197

申请日：2020-03-27

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Jakob Heitz ,  William Michael Hudson, JR. ,  Eric Voit

IPC: H04L12/725 ,  H04L12/715 ,  H04L9/32 ,  H04L9/06 ,  H04L29/12

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20200177490A1

公开(公告)日：2020-06-04

申请号：US16781270

申请日：2020-02-04

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L12/751

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

公开(公告)号：US20190327166A1

公开(公告)日：2019-10-24

申请号：US16160481

申请日：2018-10-15

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jakob Heitz

IPC: H04L12/751

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.