公开(公告)号：US20170264713A1

公开(公告)日：2017-09-14

申请号：US15606267

申请日：2017-05-26

Applicant: Cisco Technology, Inc.

Inventor： Naiming Shen ,  Keyur P. Patel ,  Carlos M. Pignataro ,  James N. Guichard

IPC: H04L29/08 ,  H04L12/721 ,  H04L12/24

CPC classification number: H04L67/327 ,  H04L41/0806 ,  H04L41/5054 ,  H04L41/5058 ,  H04L45/306 ,  H04L45/44

Abstract: A system comprising a plurality of service nodes, a controller and a network device in communication with the controller. Each of the plurality of service nodes is configured to support one or more service functions to establish a service function chain that includes a plurality of service functions to be performed by routing traffic among the plurality of service nodes. The controller is configured to generate provisioning information for the service function chain. The provisioning information includes at least one condition upon which a service function reclassification or branching operation is to be performed by at least one service node. The network device is in communication with the controller, and is configured to distribute the provisioning information for the service function chain to the plurality of service nodes using a distributed routing protocol.

公开(公告)号：US20170244631A1

公开(公告)日：2017-08-24

申请号：US15049521

申请日：2016-02-22

Applicant: Cisco Technology, Inc.

Inventor： James N. Guichard ,  Paul Quinn ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati

IPC: H04L12/723 ,  H04L12/741

CPC classification number: H04L45/50 ,  H04L45/306 ,  H04L45/74

Abstract: In one embodiment, a device in a network receives a packet that includes one or more forwarding labels and a service function chaining (SFC) header. The device removes the one or more forwarding labels from the packet. The device inserts an indication of the one or more forwarding labels into metadata of the SFC header. The device forwards the packet with the inserted indication of the one or more forwarding labels to a service function.

公开(公告)号：US09641430B2

公开(公告)日：2017-05-02

申请号：US14160736

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L12/24 ,  H04L12/26 ,  H04L12/715 ,  H04L9/32

CPC classification number: H04L45/44 ,  H04L9/3265 ,  H04L41/12 ,  H04L43/10 ,  H04L45/04

Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.

公开(公告)号：US09608858B2

公开(公告)日：2017-03-28

申请号：US14336839

申请日：2014-07-21

Applicant: Cisco Technology, Inc.

Inventor： Rajiv Asati ,  Nagendra K. Nainar ,  Carlos M. Pignataro ,  George Swallow

IPC: G01R31/08 ,  H04L12/24 ,  H04L12/707 ,  H04L29/14 ,  H04L12/703

CPC classification number: H04L41/0659 ,  H04L43/0811 ,  H04L45/24 ,  H04L45/28 ,  H04L69/40

Abstract: In one embodiment, an ingress router sends a multipath information query across a computer network toward an egress router, and builds an entropy table based on received query responses. The entropy table maps the egress router to one or more available paths to the egress router, and associated entropy information for each respective available path of the one or more available paths. The ingress router may then forward traffic to the egress router using the entropy table to load share the traffic across the one or more available paths using the associated entropy information for each respective available path. In response to detecting a failure of a particular path of the one or more available paths, however, the ingress router then removes the particular path from the entropy table, thereby ceasing forwarding of traffic over the particular path.

公开(公告)号：US20170061131A1

公开(公告)日：2017-03-02

申请号：US14840419

申请日：2015-08-31

Applicant: Cisco Technology, Inc.

Inventor： Omar Santos ,  Christopher M. McCoy ,  Catherine M. Pearce ,  Carlos M. Pignataro ,  Jeff Apcar

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034 ,  H04L63/123 ,  H04L63/18 ,  H04W4/70 ,  H04W12/10 ,  H04W12/1208

Abstract: Techniques are presented herein that validate integrity of a computing device. A command to a first processor of a security module of the computing device is received through an interface unit of the security module on a communication channel external to the computing device. A configuration of the security module cannot be changed by a second processor of the computing device which executes an operating system and at least one application on the computing device. In response to receiving the command, one or more memory devices of the computing device are directly accessed by the first processor independent from the second processor to validate integrity of the computing device.

Abstract translation: 本文给出了验证计算设备的完整性的技术。 通过安全模块的接口单元在计算设备外部的通信信道上接收对计算设备的安全模块的第一处理器的命令。 安全模块的配置不能由执行操作系统的计算设备的第二处理器和计算设备上的至少一个应用来改变。 响应于接收到命令，独立于第二处理器的第一处理器直接访问计算设备的一个或多个存储器件，以验证计算设备的完整性。

公开(公告)号：US20170019311A1

公开(公告)日：2017-01-19

申请号：US15279469

申请日：2016-09-29

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Rajesh Kumar ,  Marc Holloman

IPC: H04L12/24

CPC classification number: H04L41/145 ,  H04L41/0856 ,  H04L41/12 ,  H04L41/147 ,  H04L41/22 ,  H04L45/02

Abstract: Network topology information may be determined for a plurality of network devices on a network. System identifier information may then be determined for each of the plurality of network devices on the network. The system identifier information may be a list of network solutions that each network device actually or potentially belongs to. The system may then flag the system identifier information to indicate whether each solution is an actual or a potential solution.

Abstract translation: 可以为网络上的多个网络设备确定网络拓扑信息。 然后可以为网络上的多个网络设备中的每一个确定系统标识符信息。 系统标识符信息可以是每个网络设备实际上或可能属于的网络解决方案的列表。 系统然后可以标记系统标识符信息以指示每个解决方案是实际的还是潜在的解决方案。

公开(公告)号：US09537712B2

公开(公告)日：2017-01-03

申请号：US14600068

申请日：2015-01-20

Applicant: CISCO TECHNOLOGY INC.

Inventor： Nagendra Kumar Nainar ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: H04L1/00 ,  H04L12/24 ,  H04L12/703 ,  H04L12/723 ,  H04L12/701 ,  H04L12/707

CPC classification number: H04L41/0668 ,  H04L45/00 ,  H04L45/22 ,  H04L45/28 ,  H04L45/50

Abstract: A method is provided in one example and includes communicating a first request message to a first network element functioning as a point of local repair for a backup label switched path. The first request message includes a first network address having a predetermined value and an indication of a forwarding equivalence class associated with the backup label switched path. The method further includes receiving a first reply message from the first network element. The first reply message includes at least one backup path parameter associated with the backup label switched path.

Abstract translation: 在一个示例中提供了一种方法，并且包括将第一请求消息传达到用作备份标签交换路径的本地修复点的第一网络元件。 第一请求消息包括具有预定值的第一网络地址和与备份标签交换路径相关联的转发等价类的指示。 该方法还包括从第一网络元件接收第一应答消息。 第一应答消息包括与备份标签交换路径相关联的至少一个备份路径参数。

公开(公告)号：US09497107B1

公开(公告)日：2016-11-15

申请号：US14211710

申请日：2014-03-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nobushige Akiya ,  David D. Ward ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Tarek Saad ,  Muthurajah Sivabalan

IPC: H04L12/707

CPC classification number: H04L45/22 ,  H04L41/0677 ,  H04L43/0811 ,  H04L43/10 ,  H04L45/50

Abstract: An example method for seamless path monitoring and rapid fault isolation using bidirectional forwarding detection (BFD) in a network environment is provided and includes determining a BFD target identifier type for communicating in a BFD session in a network environment, determining a non-zero globally assigned BFD discriminator value associated with the BFD target identifier type, populating a Your Discriminator field in a BFD Control Packet with the non-zero globally assigned BFD discriminator value, with a My Discriminator field in the BFD Control Packet being populated with a locally assigned BFD Discriminator value, and initiating the BFD session by transmitting the BFD Control Packet to a target node in the network. In a specific embodiment, the BFD target identifier type is type 3, and the non-zero globally assigned BFD discriminator is an Alert Discriminator reserved by substantially all nodes in the network exclusively for BFD traceroute operations.

Abstract translation: 提供了一种在网络环境中使用双向转发检测（BFD）进行无缝路径监控和快速故障隔离的示例方法，包括确定BFD目标标识符类型，以在网络环境中的BFD会话中进行通信，确定非零全局分配 与BFD目标标识符类型相关联的BFD鉴别符值，在BFD控制报文中填入非零全局分配BFD鉴别符值的“Discriminator”字段，BFD控制报文中的“我的标识符”字段填入本地分配的BFD鉴别符 通过将BFD控制报文发送到网络中的目标节点来启动BFD会话。 在具体实施例中，BFD目标标识符类型为类型3，非零全局分配的BFD鉴别器是专门用于BFD跟踪路由操作的网络中基本上所有节点保留的警报鉴别器。

公开(公告)号：US09419885B2

公开(公告)日：2016-08-16

申请号：US13770624

申请日：2013-02-19

Applicant: Cisco Technology, Inc.

Inventor： Sami Boutros ,  Muthurajah Sivabalan ,  David D. Ward ,  George Swallow ,  Carlos M. Pignataro

IPC: H04L12/26 ,  H04L12/701 ,  H04L12/733 ,  H04L12/723 ,  H04L12/721

CPC classification number: H04L43/50 ,  H04L45/00 ,  H04L45/20 ,  H04L45/50 ,  H04L45/68

Abstract: In one embodiment, a circuit that extends between a head-end label switching router (LSR) and a tail-end LSR and traverses one or more intermediate LSRs is locked to data plane traffic. The head-end LSR transmits a packet along the circuit that includes a particular time-to-live (TTL) value configured to expire at a particular intermediate LSR at which loopback is to occur. The circuit is used in a loopback mode. The head-end LSR transmits along the circuit a packet that includes a cease loopback request. The circuit ceases to be used in the loopback mode. The circuit is unlocked to permit the circuit to pass data plane traffic.

Abstract translation: 在一个实施例中，在头端标签交换路由器（LSR）和尾端LSR之间延伸并且遍历一个或多个中间LSR的电路被锁定到数据平面业务。 前端LSR沿着电路发送包括特定生存时间（TTL）值的数据包，配置为在发生环回的特定中间LSR处到期。 该电路用于环回模式。 前端LSR沿着电路传输包括停止回送请求的数据包。 电路不再用于环回模式。 电路被解锁以允许电路通过数据平面流量。

公开(公告)号：US20160165014A1

公开(公告)日：2016-06-09

申请号：US14560146

申请日：2014-12-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L29/06

CPC classification number: H04L69/22 ,  H04L45/04 ,  H04L45/64

Abstract: In one embodiment, a method includes receiving a packet in a service function chain at a network device located at a border of a first administrative domain, the packet comprising a service function path identifier and a service index, processing the packet at the network device, wherein processing comprises modifying the packet based on the service function path identifier and the service index to direct the packet to a second administrative domain, and forwarding the packet from the network device to the second administrative domain for processing in the service function chain. The service function chain extends over the first and second administrative domains. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括：在位于第一管理域边界的网络设备的服务功能链中接收分组，所述分组包括服务功能路径标识符和服务索引，在网络设备处理分组， 其中处理包括基于服务功能路径标识符和服务索引来修改分组，以将分组引导到第二管理域，并且将分组从网络设备转发到第二管理域以在服务功能链中进行处理。 服务功能链延伸到第一个和第二个管理域。 本文还公开了一种装置和逻辑。