公开(公告)号：US11973843B2

公开(公告)日：2024-04-30

申请号：US17846146

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Walter T. Hulick, Jr. ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L67/50 ,  G06Q10/10 ,  H04L67/10 ,  H04L67/1396

CPC classification number: H04L67/535 ,  G06Q10/10 ,  H04L67/10 ,  H04L67/1396

Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.

公开(公告)号：US20240064075A1

公开(公告)日：2024-02-22

申请号：US18488407

申请日：2023-10-17

Applicant: Cisco Technology, Inc.

Inventor： Hans F. Ashlock ,  Cameron Esdaile ,  Walter T. Hulick, JR. ,  Carlos M. Pignataro ,  Renato Quedas

IPC: H04L43/045 ,  H04L43/0817 ,  H04L43/12 ,  H04L43/10

CPC classification number: H04L43/045 ,  H04L43/0817 ,  H04L43/12 ,  H04L43/10

Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.

公开(公告)号：US11805112B2

公开(公告)日：2023-10-31

申请号：US17178234

申请日：2021-02-17

Applicant: Cisco Technology, Inc.

Inventor： David J Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L9/40 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L63/102 ,  H04L63/107 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L2463/082

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.

公开(公告)号：US11805029B2

公开(公告)日：2023-10-31

申请号：US17968242

申请日：2022-10-18

Applicant: Cisco Technology, Inc.

Inventor： Benoit Claise ,  Carlos M. Pignataro ,  Eric Vyncke ,  Joseph M. Clarke ,  Mioljub Jovanovic ,  Harjinder Singh

IPC: H04L41/5009 ,  H04L41/046 ,  H04L41/5025 ,  H04L41/50

CPC classification number: H04L41/5009 ,  H04L41/046 ,  H04L41/5025 ,  H04L41/5032

Abstract: A method is performed at one or more entities configured to configure and provide assurance for a service enabled on a network. The service is configured as a collection of subservices on network devices of the network. A definition of the service is decomposed into a subservice dependency graph that indicates the subservices and dependencies between the subservices that collectively implement the service. Based on the subservice dependency graph, the subservices are configured to record and report subservice metrics indicative of subservice health states of the subservices. The subservice metrics are obtained from the subservices, and the subservice health states of the subservices are determined based on the subservice metrics. A health state of the service is determined based on the subservice health states. One or more of the subservices are reconfigured based on the health state of the service.

公开(公告)号：US11770334B2

公开(公告)日：2023-09-26

申请号：US17856593

申请日：2022-07-01

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Robert Edgar Barton ,  Carlos M. Pignataro ,  Jerome Henry ,  Olivier Pelerin ,  Shankar Vemulapalli

IPC: H04L45/00 ,  H04L9/40 ,  H04L12/46 ,  H04L47/2425 ,  H04L61/4511

CPC classification number: H04L45/70 ,  H04L12/4633 ,  H04L47/2425 ,  H04L61/4511 ,  H04L63/029

Abstract: Techniques for utilizing a cloud service to compute an end-to-end SLA-aware path using dynamic software-defined cloud interconnect (SDCI) tunnels between a user device and an access point-of-presence (POP) node and inter-POP tunnels of the SDCI. The cloud service may include a performance aware path instantiation (PAPI) component including a POP database for storing performance metrics associated with the POPs of the SDCI, an enterprise policy database for storing user specific policies, and/or a path computation component. The path computation component may compute the path, based on the user specific policies, performance metrics associated with the POP nodes, and/or real-time contextual data associated with the user device and/or destination device. The path may include a first tunnel between the user device and the most optimal access POP node of the SDCI and a second tunnel between the access POP node, through the internal POP nodes, and to the destination device.

公开(公告)号：US11770251B2

公开(公告)日：2023-09-26

申请号：US17016046

申请日：2020-09-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/50 ,  H04L9/06

CPC classification number: H04L9/3213 ,  G06F9/5072 ,  H04L9/0656 ,  H04L9/3268

Abstract: Techniques and mechanisms for providing continuous integrity validation-based control plane communication in a container-orchestration system, e.g., the Kubernetes platform. A worker node generates a nonce and forwards the nonce to a master node while requesting an attestation token. Using the nonce, the master node generates the attestation token and replies back to the worker node with the attestation token. The worker node validates the attestation token with a CA server to ensure that the master node is not compromised. The worker node sends its authentication credentials to the master node. The master node generates a nonce and forwards the nonce to the worker node while requesting an attestation token. Using the nonce, the worker node generates the attestation token and replies back to the master node with the attestation token. The master node validates the attestation token with the CA server to ensure that the worker node is not compromised.

公开(公告)号：US11729220B2

公开(公告)日：2023-08-15

申请号：US17301928

申请日：2021-04-19

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Bart A. Brinckman ,  Jerome Henry ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Matthew MacPherson

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/08

Abstract: A method includes receiving, at an access node of a local network, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method further includes receiving an indication that the device previously violated a network policy of a network different from the local network and after the device is authenticated with the identity provider, determining, by the access node and based on the indication, whether to allow the device to communicate over the access node.

公开(公告)号：US20230254379A1

公开(公告)日：2023-08-10

申请号：US17667890

申请日：2022-02-09

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David John Zacks ,  John Matthew Swartz ,  Akram Ismail Sheriff

IPC: H04L67/141

CPC classification number: H04L67/141

Abstract: Presented herein are techniques to facilitate infrastructure and policy orchestration in a shared workspace network environment. In one example, a method may include obtaining, by a service broker, a reservation request from a consumer network for a consumer, wherein the reservation request seeks a reservation to reserve, at least in part, at least one workspace device for the consumer for a workspace for a particular day and a particular time period; based on determining that the at least one workspace device is available, providing a response to the consumer network that includes a first indicator for identifying the reservation of the workspace and at least one second indicator identifying the at least one workspace device; and upon receiving a session request from the consumer network that includes the second indicator, establishing a management tunnel to interconnect the consumer network and the at least one workspace device via the service broker.

公开(公告)号：US11671360B2

公开(公告)日：2023-06-06

申请号：US17089481

申请日：2020-11-04

Applicant: Cisco Technology, Inc.

Inventor： Jaganbabu Rajamanickam ,  Nagendra Kumar Nainar ,  Darren Russell Dukes ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan

IPC: H04L45/00 ,  H04L43/087 ,  H04L43/12 ,  H04L45/02 ,  H04L45/74

CPC classification number: H04L45/70 ,  H04L43/087 ,  H04L43/12 ,  H04L45/02 ,  H04L45/74

Abstract: Techniques for utilizing edge nodes disposed throughout a multi-site cloud computing network to generate a probe packet including indicators that guarantee the use of forward and return route paths to accurately measure the network performance of a route path between two endpoints in a wide area network (WAN). An edge node disposed in a site of the multi-site cloud computing network may store in virtual memory associated with the edge node, a mapping between route paths, usable to send data from the edge node to remote edge nodes in remote sites, and route indicators. A probe packet may include a data portion for measuring the network performance of a route path, a portion including local and remote discriminators, and/or an inner and an outer header.

公开(公告)号：US11665079B1

公开(公告)日：2023-05-30

申请号：US17744853

申请日：2022-05-16

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Hans F. Ashlock ,  Thomas Szigeti ,  Prapanch Ramamoorthy

IPC: G06F15/173 ,  H04L43/12 ,  H04L43/06

CPC classification number: H04L43/12 ,  H04L43/06

Abstract: A method comprising: at a management entity configured to communicate with a network: upon detecting a performance problem on a network path in the network, generating a trigger probe having a correlation identifier, the trigger probe configured to transit the network path and, on one or more designated network nodes of the network path, trigger (i) capturing a full device state, including a control plane state and a data plane state, and (ii) exporting a report of the full device state with the correlation identifier; sending the trigger probe along the network path; receiving, from each of the one or more designated network nodes, the report that includes the correlation identifier and the full device state; and correlating each report to the performance problem based on the correlation identifier in each report, to diagnose a root cause of the performance problem using the full device state in each report.