公开(公告)号：US10361969B2

公开(公告)日：2019-07-23

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911 ,  H04L12/725 ,  H04L12/841

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.

公开(公告)号：US10348648B2

公开(公告)日：2019-07-09

申请号：US15156689

申请日：2016-05-17

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Frank Brockners ,  David Delano Ward

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/715 ,  H04L12/935 ,  G06F15/173

Abstract: In one embodiment, a particular service chain data packet is received by a particular service node, with the service chain data packet including a header identifying service chain information. The particular service node applies a service to the particular service chain data packet. The particular service node adds service-layer operations data to the particular service chain data packet, with the service-layer operations data related to the current service function or the particular service node. Subsequently, the particular service node sends the particular service chain data packet with the service-layer operations data from the particular service node. In one embodiment, networking operations data is also added to the particular service chain data packet. In one embodiment, an egress service node removes the service-layer (and possibly networking) operations data and forwards to another system, possibly after processing this operations data.

公开(公告)号：US20190141168A1

公开(公告)日：2019-05-09

申请号：US15844741

申请日：2017-12-18

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Frank Brockners ,  Akshaya Nadahalli ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04L12/741 ,  H04L12/805

CPC classification number: H04L69/22 ,  H04L43/026 ,  H04L43/028 ,  H04L43/04 ,  H04L45/74 ,  H04L47/36 ,  H04L67/2804

Abstract: A method provided that is performed at one or more intermediate nodes in a path in a network. The node receives a packet having a header that includes metadata that has been accumulated as the packet travels along the path in the network. The node detects whether a trigger condition has occurred. In response to detecting that the trigger condition has occurred, the node exports, to a destination entity, at least a portion of the metadata that has been accumulated in the header so that the portion of the metadata is removed from the header after it has been exported.

公开(公告)号：US10211987B2

公开(公告)日：2019-02-19

申请号：US14992114

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L9/32 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06 ,  H04L29/12 ,  H04L12/721

Abstract: A system and methods are provided herein for verifying proof of transit of traffic through a plurality of network nodes in a network. In one embodiment, a method is provided in which information is obtained about a packet at a network node in a network. The information includes in-band metadata. Verification information is read from the in-band metadata. The verification information for use in verifying a path of the packet in the network. Updated verification information is generated from the verification information read from the packet. The updated verification information is written to the in-band metadata of the packet, and the packet is forwarded from the network node in the network.

公开(公告)号：US20180063018A1

公开(公告)日：2018-03-01

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911

CPC classification number: H04L47/76 ,  H04L45/306 ,  H04L47/28 ,  H04L47/822

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.

公开(公告)号：US20250112861A1

公开(公告)日：2025-04-03

申请号：US18981218

申请日：2024-12-13

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L45/7453 ,  H04L41/0695 ,  H04L47/2483 ,  H04L61/5007

Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first signature. The method further includes generating a second signature by inputting the first signature and one or more node details into a hash function. The method includes replacing the first signature with the second signature in the packet. The packet including the second value is forwarded by the node.

公开(公告)号：US20250016092A1

公开(公告)日：2025-01-09

申请号：US18372443

申请日：2023-09-25

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Lukas Krattiger ,  Frank Brockners ,  Nitin Kumar

IPC: H04L45/64 ,  H04L43/0817 ,  H04L43/10

Abstract: Techniques for generating and utilizing overlay-based Border Gateway Protocol (BGP) Operations, Administration, and Maintenance (OAM) packets to detect issues with an underlay network. The techniques may include receiving, from a BGP peer device via a control plane path, an OAM probe indicating a forwarding path to be used for sending the traffic to a destination associated with a prefix. The techniques may also include determining, based at least in part on the OAM probe, that a next-hop device is incapable of being utilized to forward the traffic to the destination, the next-hop device determined based on an origination of the prefix. The techniques may further include performing a policy-based action based at least in part on determining that the next-hop device is incapable of being utilized to forward the traffic to the destination.

公开(公告)号：US20240054318A1

公开(公告)日：2024-02-15

申请号：US17888379

申请日：2022-08-15

Applicant: Cisco Technology, Inc.

Inventor： Thomas Michel-Ange Feltin ,  Benjamin William Ryder ,  Frank Brockners

IPC: G06N3/04 ,  G06N3/10

CPC classification number: G06N3/04 ,  G06N3/10

Abstract: This disclosure describes techniques and mechanisms for enabling a user and third party applications to dynamically partition and place heavy deep learning workloads on standard edge networks to optimize the overall inference throughput of the network while meeting Service Level Objective(s) (SLOs). The techniques may include profiling, partitioning, and splitting of the deep learning workloads, which may be hidden from the user and/or third party application. The user may user interact with a pre-deployed service through a simple SDK that resembles those used for hardware acceleration, such that the current techniques may be easily inserted into their code.

公开(公告)号：US11882176B2

公开(公告)日：2024-01-23

申请号：US18158961

申请日：2023-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F15/173 ,  H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

CPC classification number: H04L67/104 ,  H04L9/3247 ,  H04L61/4511 ,  H04L63/0823 ,  H04L67/1001 ,  H04W24/10

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US11818141B2

公开(公告)日：2023-11-14

申请号：US17546492

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Sujal Sheth ,  Frank Brockners ,  Cesar Obediente

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08

CPC classification number: H04L63/123 ,  H04L9/0838 ,  H04L63/0464 ,  H04L63/20 ,  H04L63/205

Abstract: According to an embodiment, a node comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the node to perform operations. The operations comprise determining security validation information that the node associates with a packet, inserting into the packet an identifier associated with the node and the security validation information that the node associates with the packet, and transmitting the packet comprising the identifier associated with the node and the security validation information that the node associates with the packet. The security validation information comprises one or more proof of security attributes and/or one or more proof of security level attributes.