公开(公告)号：US20240406144A1

公开(公告)日：2024-12-05

申请号：US18205464

申请日：2023-06-02

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L9/40 ,  H04L61/4511

Abstract: Techniques for using Locator ID Separation Protocol (LISP), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to obfuscate server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns an endpoint identifiers (EID) that is mapped to the client device and at least one routing locator (RLOC) of the endpoint device. In this way, IP addresses of servers are obfuscated by a network mapping of EIDs and RLOCs. The client device may then communicate data packets to the server using the EIDs as the destination address, and a virtual network service that works in conjunction with DNS can encapsulate the data packet with the RLOC using LISP and forward the data packet onto the server.

公开(公告)号：US12155622B1

公开(公告)日：2024-11-26

申请号：US18237590

申请日：2023-08-24

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric A. Voit ,  Eric Levy-Abegnoli ,  Patrick Wetterwald ,  Jonas Zaddach

IPC: H04L61/5007 ,  H04L9/40 ,  H04L61/2503 ,  H04L61/4511

Abstract: Techniques for varying locations of virtual networks associated with endpoints using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS). Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. The VIP address may be selected based on a number of factors (e.g., power usage, privacy requirements, virtual distances, etc.). In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses that can be periodically rotated and/or load balanced. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20240372735A1

公开(公告)日：2024-11-07

申请号：US18143470

申请日：2023-05-04

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Pascal Thubert ,  Frank Brockners

IPC: H04L9/32 ,  G06F9/50

Abstract: Techniques performed by offload computing devices that establish and advertise confidential computing environments for use by other computing devices. The offload computing devices may each be executing an attestable bootloader that creates the confidential computing environments, advertises the available resources to the other computing devices, establish secure encrypted channels with the other devices, and run processes in the confidential computing environments on behalf of the other computing devices. In addition to advertising the availability of computing resources in the confidential environments, the offload computing devices may additionally advertise performance metrics associated with the confidential computing environments. Computing devices may receive the advertisements, and send requests to the offload computing devices to run processes on their behalf in the confidential computing environments.

公开(公告)号：US20240333590A1

公开(公告)日：2024-10-03

申请号：US18194253

申请日：2023-03-31

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Pascal Thubert ,  Eric A Voit ,  Nagendra Kumar Nainar ,  Marcelo Yannuzzi

IPC: H04L41/0833 ,  H04L41/12

CPC classification number: H04L41/0833 ,  H04L41/12

Abstract: A network of devices can be stabilized by administering an energy-aware topology that corresponds to a desired state derived in part from one or more sustainability metrics. Devices suitable for stabilization can include a processor, a memory, a plurality of elements, a communication port coupled with one or more neighboring devices, and an energy-aware topology logic. The energy-aware topology logic can monitor incoming traffic from one or more neighboring devices, receive current state data associated with the plurality of elements, and receive update data from the one or more neighboring devices via a sustainability-related augmented IGP. Also, the energy-aware topology logic can generate a desired state for the device based on at least the received current state data and update data. One or more of the plurality of elements may be modified in response to the generated desired state, wherein the modification involves changing one or more sustainability-related capabilities.

公开(公告)号：US12089089B2

公开(公告)日：2024-09-10

申请号：US17581188

申请日：2022-01-21

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Domenico Ficara ,  Patrick Wetterwald ,  Alessandro Erta ,  Amine Choukir

IPC: H04B10/00 ,  H04B10/114 ,  H04W16/26 ,  H04W16/28 ,  H04W28/16 ,  H04W84/18

CPC classification number: H04W28/16 ,  H04B10/1149 ,  H04W16/26 ,  H04W16/28 ,  H04W84/18

Abstract: In one embodiment, a controller identifies access points forming an overhead mesh of access points in an area, each access point comprising one or more directional transmitters each configured to transmit a beam cone in a substantially downward direction towards a floor of the area. The controller assigns the access points to access point groups. The controller generates communication schedules for the access points such that each access point in an access point group is on a common channel and only one of neighboring directional transmitters of access points in that group is able to transmit at any given time. The controller sends the communication schedules to the access points forming the overhead mesh of access points in the area.

公开(公告)号：US20240154826A1

公开(公告)日：2024-05-09

申请号：US18344561

申请日：2023-06-29

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Gonzalo A. Salgueiro ,  Derek W. Engi ,  Marisol Palmero Amador

IPC: H04L12/12 ,  H04L12/46 ,  H04L45/745

CPC classification number: H04L12/12 ,  H04L12/4633 ,  H04L45/74591

Abstract: Described herein are devices, systems, methods, and processes for intelligently managing power consumption in a network by allocating a power budget for packet processing. The power budget can be allocated based on criticality and/or the trust level of the flow. A network device may determine which subsets of features can be executed within the power budget for specific flows. Network devices can signal their capability to run features based on power consumption and adherence to the power budget, allowing for cooperative end-to-end power-based decision-making and policy enforcement. Network devices unable to run all features can select a subset of the features within their power budget and a viable path where other network devices can execute the missing features. Source route information can be added to indicate the path and missing features to be executed by network devices down the segment routing path.

公开(公告)号：US20240098063A1

公开(公告)日：2024-03-21

申请号：US17932754

申请日：2022-09-16

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jonas Zaddach ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L9/40

CPC classification number: H04L63/0263

Abstract: In one embodiment, a method includes identifying, using a Static Context Header Compression (SCHC) rules engine, one or more packets matching a rule, selecting a firewall decision based on the identified one or more packets and the rule, and applying the firewall decision to the one or more identified packets.

公开(公告)号：US11930541B2

公开(公告)日：2024-03-12

申请号：US17683833

申请日：2022-03-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Domenico Ficara ,  Alessandro Erta ,  Amine Choukir ,  Patrick Wetterwald

IPC: H04W74/08 ,  H04W48/20 ,  H04W72/02

CPC classification number: H04W74/085 ,  H04W48/20 ,  H04W72/02

Abstract: In one embodiment, an access point of an overhead mesh of access points in an area selects a range of client identifiers. The access point sends, via a beam cone transmitted in a substantially downward direction towards a floor of the area, a trigger signal that includes the range of client identifiers and prompts client devices having identifiers in that range to send best effort transmissions towards the overhead mesh. The access point detects a collision between the best effort transmissions of the client devices. The access point adjusts the range of client identifiers so as to avoid future collisions between the best effort transmissions of the client devices.

公开(公告)号：US11894939B2

公开(公告)日：2024-02-06

申请号：US17317124

申请日：2021-05-11

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Levy- Abegnoli ,  Jonas Zaddach

IPC: H04L12/18 ,  G06V40/40 ,  G06V40/16

CPC classification number: H04L12/1822 ,  G06V40/168 ,  G06V40/40

Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.

公开(公告)号：US11838198B2

公开(公告)日：2023-12-05

申请号：US16919793

申请日：2020-07-02

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Jean-Philippe Vasseur ,  Eric Michel Levy-Abegnoli

IPC: H04L45/02 ,  H04L45/42 ,  H04L49/25

CPC classification number: H04L45/02 ,  H04L45/42 ,  H04L49/251

Abstract: In one embodiment, a method comprises identifying, by a path computation element, essential parent devices from a nonstoring destination oriented directed acyclic graph (DODAG) topology as dominating set members belonging to a dominating set; receiving, by the path computation element, an advertisement message specifying a first dominating set member having reachability to a second dominating set member, the reachability distinct from the nonstoring DODAG topology; and generating, by the path computation element based on the advertisement message, an optimized path for reaching a destination network device in the nonstoring DODAG topology via a selected sequence of dominating set members, the optimized path providing cut-through optimization across the nonstoring DODAG topology.