公开(公告)号：US20230112101A1

公开(公告)日：2023-04-13

申请号：US17497079

申请日：2021-10-08

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rahul Rammanohar ,  Kondaveeti Lakshmi Ganesh ,  David John Zacks

IPC: H04L29/06

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

公开(公告)号：US20220417205A1

公开(公告)日：2022-12-29

申请号：US17361647

申请日：2021-06-29

Applicant: Cisco Technology Inc.

Inventor： Nagendra Kumar Nainar ,  Rahul Rammanohar ,  Kondaveeti Lakshmi Ganesh ,  Carlos M. Pignataro

IPC: H04L29/12 ,  H04L12/741

Abstract: The present disclosure is directed systems and methods for control embedding data packets for ARP queries, the methods including the steps of receiving a data plane packet from a first user device, the data plane packet requesting a hardware address associated with a second user device; generating a northbound control plane packet for transmission to a control plane node, the northbound control plane packet for requesting from the control plane node the hardware address associated with the second user device; embedding the data plane packet in the northbound control plane packet; and forwarding the northbound control plane packet with the data plane packet to the control plane node for respective processing of the northbound control plane packet and the data plane packet.

公开(公告)号：US11539637B2

公开(公告)日：2022-12-27

申请号：US17157029

申请日：2021-01-25

Applicant: Cisco Technology, Inc.

Inventor： Shankar Ramanathan ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L47/80

Abstract: A method of orchestrating one or more radio resources among various services executing within a container. The method includes obtaining, by an orchestration engine executing on a network device, a request, from a first service of a plurality of services, for use of a physical/hardware resource that connects a container running on the network device to a network. The request from the first service has a particular priority. The plurality of services execute within the container. The method further includes determining whether to connect the first service to the network via the physical/hardware resource based on the priority and an availability status of the physical/hardware resource and establishing, at a kernel level, a connection between the first service and the physical/hardware resource based on the determining.

公开(公告)号：US11516120B2

公开(公告)日：2022-11-29

申请号：US17101579

申请日：2020-11-23

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L45/48 ,  H04L45/12 ,  H04L45/02 ,  H04W40/24 ,  H04L12/44

Abstract: In one embodiment, a method is performed. A spine node in communication with a network may determine a subtree of a shadow cone of the spine node. The subtree may comprise a plurality of nodes and a plurality of links connecting pairs of the nodes. The spine node may determine a disaggregated route to a first leaf node to which a disaggregated prefix may be attached. The disaggregated route may be propagated to the plurality of the nodes of the subtree.

公开(公告)号：US20220329523A1

公开(公告)日：2022-10-13

申请号：US17727933

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Richard Furr ,  Nagendra Kumar Nainar ,  Joseph Michael Clarke

IPC: H04L45/74 ,  H04L43/028 ,  H04L43/04 ,  H04L43/10 ,  H04L45/00

Abstract: Presented herein are methods and systems that facilitate data plane signaling of a packet as a candidate for capture at various network nodes within an IPv6 network. The signaling occurs in-band, via the data plane—that is, a capture or interrogation signal is embedded within the respective packet (e.g., in the packet header) that carries a user traffic. The signaling is inserted, preferably when the packet is classified, e.g., at the ingress node of the network, to which subsequent network nodes with the IPv6 network are signaled to capture or further inspect the packet for capture.

公开(公告)号：US20220294806A1

公开(公告)日：2022-09-15

申请号：US17832159

申请日：2022-06-03

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L9/40 ,  H04L9/32 ,  H04L45/00

Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.

公开(公告)号：US11431617B2

公开(公告)日：2022-08-30

申请号：US15930803

申请日：2020-05-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Reshad Rahman ,  Pascal Thubert

IPC: G06F15/16 ,  H04L45/00 ,  H04L43/10

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

公开(公告)号：US20220272006A1

公开(公告)日：2022-08-25

申请号：US17183664

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Nagendra Kumar Nainar ,  Hazim Hashim Dahir ,  Carlos M. Pignataro ,  Rajesh Indira Viswambharan

IPC: H04L12/24 ,  H04L12/42

Abstract: According to one or more embodiments of the disclosure, a particular networking device located in a ring of networking devices of a network receives an indication from a supervisory service that the particular networking device has been designated a ring manager for the ring of networking devices. The particular networking device determines that the supervisory service is unreachable by the ring of networking devices. The particular networking device obtains telemetry data regarding a new device connected to the ring of networking devices. The particular networking device onboards, based on the telemetry data, the new device to the network, when the supervisory service is unreachable by the ring of networking devices.

公开(公告)号：US20220247757A1

公开(公告)日：2022-08-04

申请号：US17728333

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L9/40 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US11368386B2

公开(公告)日：2022-06-21

申请号：US17104146

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Joseph Michael Clarke

IPC: G06F15/16 ,  H04L45/02 ,  G06F11/30 ,  G06F11/34 ,  G06F11/10 ,  H04L45/021 ,  H04L45/64 ,  G06F11/07 ,  H04L45/74

Abstract: A network device receives a data packet including a source address and a destination address. The network device drops the data packet before it reaches the destination address and generates an error message indicating that the data packet has been dropped. The network device encapsulates the error message with a segment routing header comprising a list of segments. The first segment of the list of segments in the segment routing header identifies a remote server, and at least one additional segment is an instruction for handling the error message. The network device sends the encapsulated error message to the remote server based on the first segment of the segment routing header.