公开(公告)号：US20200076851A1

公开(公告)日：2020-03-05

申请号：US16116521

申请日：2018-08-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ralf Rantzau ,  Rajath Agasthya ,  Sebastian Jeuk ,  Sridar Kandaswamy

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/24 ,  H04L12/931 ,  G06F9/50

Abstract: A method and apparatus for dynamic integration of a covert namespace are provided. A Software-Defined Networking (SDN) controller is configured to send a request for workload transfer to an endpoint where the endpoint is connected to a virtual switch. The SDN controller determines that a connection between the endpoint and the virtual switch is secure based on a tenant-specific policy associated with the endpoint. A first covert namespace is configured to be connected between the endpoint and the virtual switch to communicate to the endpoint and the virtual switch directly. The operations of the virtual switch are executed using the first covert namespace according to the tenant-specific policy. A workload is caused to be transmitted to the endpoint through the first covert namespace.

公开(公告)号：US10382597B2

公开(公告)日：2019-08-13

申请号：US15215503

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/931 ,  H04L29/12 ,  H04L29/08 ,  G06F9/455 ,  H04L12/813

Abstract: Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes receiving, at a component in a network, a packet having a data field, extracting, at a network layer, container identification data from the data field and applying a policy to the packet at the component based on the container identification data. The data field can include one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an optional field of an IPv4 packet.

公开(公告)号：US10367735B2

公开(公告)日：2019-07-30

申请号：US15683108

申请日：2017-08-22

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/28 ,  H04L12/741 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12 ,  H04L12/751

Abstract: A cloud provider provides services to tenants over a network. Each cloud-based service is configured according to a respective service deployment scheme. The cloud provider maintains, for each service, classification information, including: a scheme type; a three-tuple cloud identifier including a cloud identifier, a service identifier, and a tenant identifier; and one or more scheme-specific service identifiers. The cloud provider distributes the classification information within the cloud provider, including to the services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of the service based on the classification information. The IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.

公开(公告)号：US20190123973A1

公开(公告)日：2019-04-25

申请号：US15791587

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro ,  Ralf Rantzau

IPC: H04L12/24 ,  G06N5/04 ,  G06N99/00

CPC classification number: H04L41/145 ,  G06F9/5027 ,  G06F9/5072 ,  G06N5/047 ,  G06N20/00 ,  H04L41/5019 ,  H04L41/5032 ,  H04L67/10

Abstract: The present disclosure involves systems and methods for obtaining and correlating workload performance information from multiple tenants on a computing network and providing deployment improvement suggestions to a cloud operator or tenant based at least on the correlated workload performance information. In one particular implementation, applications deployed and executed on the cloud environment may provide performance logs and/or metrics to an inter-tenant workload engine of the cloud environment. The workload engine may utilize the received performance information to detect performance patterns of an application across the different tenant deployments. A recommendation engine may analyze the performance characteristics across the multiple tenant applications and determine an optimized deployment of the application and generate recommended deployment instructions to a cloud environment administrator and/or one or more tenants of the cloud environment.

公开(公告)号：US20190068495A1

公开(公告)日：2019-02-28

申请号：US15683108

申请日：2017-08-22

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/741 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12 ,  H04L12/751

CPC classification number: H04L45/74 ,  H04L41/50 ,  H04L41/5041 ,  H04L41/5096 ,  H04L45/02 ,  H04L61/15 ,  H04L61/2007 ,  H04L61/6018 ,  H04L67/10

Abstract: A cloud provider provides services to tenants over a network. Each cloud-based service is configured according to a respective service deployment scheme. The cloud provider maintains, for each service, classification information, including: a scheme type; a three-tuple cloud identifier including a cloud identifier, a service identifier, and a tenant identifier; and one or more scheme-specific service identifiers. The cloud provider distributes the classification information within the cloud provider, including to the services, to enable a respective tenant to exchange Internet Protocol (IP) packets with, and thereby access, a respective service and components of the service based on the classification information. The IP packet includes, for the respective service, the scheme type, the cloud identifier, the service identifier, the tenant identifier of the respective tenant, and the one or more scheme-specific service identifiers.

公开(公告)号：US20180255152A1

公开(公告)日：2018-09-06

申请号：US15447346

申请日：2017-03-02

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/28 ,  H04L45/306 ,  H04L67/12 ,  H04L67/327

Abstract: A gateway device is configured to operate as a network function in a service function chain and is connected to a plurality of network connected devices. The gateway device receives a service function chain packet that includes a request to obtain data from one or more of the plurality of network connected devices. The gateway device obtains the data from the one or more network connected devices and modifies the service function chain packet to include the data obtained from the one or more network connected devices. The gateway device sends the service function chain packet that has been modified to include that data obtained from the one or more network connected devices along the service function chain.

公开(公告)号：US20180034703A1

公开(公告)日：2018-02-01

申请号：US15219428

申请日：2016-07-26

Applicant: Cisco Technology, Inc.

Inventor： Paul Anholt ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L41/12 ,  H04L12/4641 ,  H04L41/0893 ,  H04L41/20 ,  H04L43/08 ,  H04L67/10 ,  H04L67/16 ,  H04L69/40

Abstract: Disclosed is a system and method for managing regulatory compliance. The method includes receiving, at a network controller, a compliance regulatory requirement associated with a virtual network function via a network service header field, the virtual network function being part of a service function chain, and receiving, at the network controller, a compliance regulatory status associated with the virtual network function. Based on the compliance regulatory requirement and compliance regulatory status, the method includes determining, at the network controller, that a remedy is required for the virtual network function to comply with the compliance regulatory requirement to yield a determination. When the determination indicates that the remedy is required, the method includes implementing, via the network controller, a compliance regulator action associated with the virtual network function as the remedy.

公开(公告)号：US20180027100A1

公开(公告)日：2018-01-25

申请号：US15215503

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L29/06 ,  H04L12/931 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L69/22 ,  G06F9/45533 ,  H04L47/20 ,  H04L49/70 ,  H04L61/6059 ,  H04L67/02 ,  H04L67/10 ,  H04L67/34 ,  H04L69/326

Abstract: Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes receiving, at a component in a network, a packet having a data field, extracting, at a network layer, container identification data from the data field and applying a policy to the packet at the component based on the container identification data. The data field can include one of a header, an IPv6 extension header, a service function chaining container identification, a network service header, and an optional field of an IPv4 packet.

公开(公告)号：US20160323183A1

公开(公告)日：2016-11-03

申请号：US14806998

申请日：2015-07-23

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro ,  Frederick Juergens Baker

IPC: H04L12/741 ,  H04L12/755

CPC classification number: H04L41/5058 ,  H04L41/5096 ,  H04L45/64 ,  H04L45/74 ,  H04L61/15 ,  H04L61/20 ,  H04L61/3065 ,  H04L61/6004 ,  H04L61/609

Abstract: A cloud provider supports cloud-based services accessible to tenants of the cloud provider over a network. In the cloud provider, classification information including a cloud-identifier to identify the cloud provider, service-identifiers each to identify a respective one of the services, and tenant-identifiers each to identify a respective one of the tenants is maintained. The classification information is distributed within the cloud provider, including to the services, and may also be distributed outside of the cloud provider, to enable a respective tenant to exchange IP packets with, and thereby access, a respective service based on the classification information, wherein each IP packet includes the cloud-identifier, the service-identifier of the respective service, and the tenant-identifier of the respective tenant.

Abstract translation: 云提供商通过网络支持云提供商的租户可以访问的基于云的服务。 在云提供商中，维护包括用于识别云提供商的云标识符的分类信息，每个用于标识相应一个服务的服务标识符和用于标识相应一个租户的租户标识符。 分类信息分布在云提供商中，包括服务，也可以分布在云提供商之外，以使相应的租户可以根据分类信息交换IP分组，从而访问相应的服务， 其中每个IP分组包括云标识符，相应服务的服务标识符和相应租户的租户标识符。