公开(公告)号：US20200177629A1

公开(公告)日：2020-06-04

申请号：US16535550

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L29/06 ,  H04L12/803

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US10142254B1

公开(公告)日：2018-11-27

申请号：US14028514

申请日：2013-09-16

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L12/28 ,  H04L12/911

Abstract: A method for routing is disclosed. The method comprises establishing an overlay network, comprising a plurality of network elements and an overlay controller; wherein the overlay controller is in communication with each network element via a secure tunnel established through an underlying transport network; receiving by the overlay controller, information from each service-hosting network element information said information identifying a service hosted at that service-hosting network element, and label associated with the service-hosting network element; identifying by the overlay controller, at least one policy that associates traffic from a site with a service; and causing by said overly controller, the at least one policy to be executed so that traffic from the site identified in the policy is routed using the underlying transport network to the service-hosting network element associated with the said service.

公开(公告)号：USRE50148E1

公开(公告)日：2024-09-24

申请号：US17085767

申请日：2020-10-30

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Syed Khalid Raza ,  Nehal Bhau ,  Himanshu H. Shah

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/701 ,  H04L12/715 ,  H04L12/751 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L12/28

CPC classification number: H04L63/0209 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L63/0272 ,  H04L63/205 ,  H04L12/2854 ,  H04L63/166

Abstract: A method for creating a secure network is provided. The method comprises establishing an overlay domain to control routing between overlay edge routers based on an underlying transport network, wherein said establishing comprises running an overlay management protocol to exchange information within the overlay domain; in accordance with the overlay management protocol defining service routes that exist exclusively within the overlay domain wherein each overlay route includes information on at least service availability within the overlay domain; and selectively using the service routes to control routing between the overlay edge routers; wherein the said routing is through the underlying transport network in a manner in which said overlay routes is shared with the overlay edge routers but not with the underlying transport network via the overlay management protocol.

公开(公告)号：US11671450B2

公开(公告)日：2023-06-06

申请号：US17569285

申请日：2022-01-05

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L9/40 ,  H04L47/125 ,  H04L45/02 ,  H04L45/50

CPC classification number: H04L63/1491 ,  H04L47/125 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L45/04 ,  H04L45/50

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US10938714B2

公开(公告)日：2021-03-02

申请号：US16551381

申请日：2019-08-26

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Himanshu H. Shah ,  Nehal Bhau

IPC: H04L12/24 ,  H04L12/723 ,  H04L12/745 ,  H04L12/715

Abstract: A system may include a first border network device located between a first network domain and a third network domain, and a first edge network device in the first network domain, where the first edge network device may be configured to receive a packet. The packet may be directed to a second edge network device in a second network domain. The first edge network device may also be configured to add a second label to the packet that identifies a second border network device located at the border of a second network domain and the third network domain. The third network domain may be located between the first network domain and the second network domain. The first edge network device may additionally be configured to add a first label to the packet that identifies the first border network device, and route the packet to the first border network device.

公开(公告)号：US11233822B2

公开(公告)日：2022-01-25

申请号：US16535550

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Victor Moreno

IPC: H04L29/06 ,  H04L12/803 ,  H04L12/715 ,  H04L12/723

Abstract: A mapping system, under administrative control of a Wide Area Network (WAN) controller, can track each host, authorized to access a plurality of Local Area Networks (LANs), in one or more mapping databases including a first network address representing an identifier and a second network addressing representing a locator for each host. The mapping system can receive a request for resolution of a first identifier of a host not presently connected to the network. The mapping system can determine the mapping databases exclude a mapping for the first identifier. The mapping system can update the mapping databases with a first mapping including the first identifier and a first locator corresponding to a honeypot network device. The mapping system can transmit, to one or more LANs of the plurality of LANs, routing information to route traffic destined for the first identifier to the honeypot network device.

公开(公告)号：US10999197B2

公开(公告)日：2021-05-04

申请号：US16535519

申请日：2019-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anand Oswal ,  Nehal Bhau ,  Anil Edathara ,  Munish Mehta

IPC: H04L12/715 ,  H04L12/46

Abstract: Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.

公开(公告)号：US20200036686A1

公开(公告)日：2020-01-30

申请号：US16536756

申请日：2019-08-09

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L29/06 ,  H04L12/46 ,  H04L9/08 ,  H04L12/715 ,  H04L29/08

Abstract: A method for operating a network is provided. The method comprises segmenting the network into a plurality of virtual private networks, wherein each virtual private network runs on an underlying physical network; and wherein each virtual private network represents a particular context; and configuring at least some nodes within the network to send and receive traffic based on context.

公开(公告)号：USRE50121E1

公开(公告)日：2024-09-10

申请号：US17104933

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L12/28 ,  H04L12/911 ,  H04L45/64 ,  H04L47/70

CPC classification number: H04L47/70 ,  H04L45/64

Abstract: A method for routing is disclosed. The method comprises establishing an overlay network, comprising a plurality of network elements and an overlay controller; wherein the overlay controller is in communication with each network element via a secure tunnel established through an underlying transport network; receiving by the overlay controller, information from each service-hosting network element information said information identifying a service hosted at that service-hosting network element, and label associated with the service-hosting network element; identifying by the overlay controller, at least one policy that associates traffic from a site with a service; and causing by said overly controller, the at least one policy to be executed so that traffic from the site identified in the policy is routed using the underlying transport network to the service-hosting network element associated with the said service.

公开(公告)号：USRE49485E1

公开(公告)日：2023-04-04

申请号：US17160178

申请日：2021-01-27

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Syed Khalid Raza ,  Nehal Bhau ,  Himanshu H. Shah

IPC: H04L29/06 ,  H04L12/751 ,  H04L12/715 ,  H04L12/701 ,  H04L9/40 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L12/28

Abstract: A method for creating a secure network is provided. The method comprises establishing an overlay domain to control routing between overlay edge routers based on an underlying transport network, wherein said establishing comprises running an overlay management protocol to exchange information within the overlay domain; in accordance with the overlay management protocol defining service routes that exist exclusively within the overlay domain wherein each overlay route includes information on at least service availability within the overlay domain; and selectively using the service routes to control routing between the overlay edge routers; wherein the said routing is through the underlying transport network in a manner in which said overlay routes is shared with the overlay edge routers but not with the underlying transport network via the overlay management protocol.