公开(公告)号：US20230138389A1

公开(公告)日：2023-05-04

申请号：US18148245

申请日：2022-12-29

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali ,  Syed Kamran Raza

IPC: H04L45/745 ,  H04L43/12

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

公开(公告)号：US20230084085A1

公开(公告)日：2023-03-16

申请号：US17474033

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Thomas Szigeti ,  Carlos M. Pignataro ,  Jerome Henry

IPC: H04W12/033 ,  H04L9/32 ,  H04L9/30 ,  H04W48/10

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

公开(公告)号：US20230066759A1

公开(公告)日：2023-03-02

申请号：US17463738

申请日：2021-09-01

Applicant: Cisco Technology, Inc.

Inventor： Nassim Benoussaid ,  David John Zacks ,  Zizhen Gao ,  Carlos M. Pignataro ,  Dmitry Goloubev

IPC: G06N20/00

Abstract: Techniques are provided for segmentation of data points after a dimension reduction. A proxy model is then trained based on results of the segmentation. The proxy model provides low latency high throughput labeling of additional data points, without the need to reduce dimensions of the additional data points. A second segmentation is performed with results of the second segmentation compared to that of the first segmentation. When results of the comparison meet certain criterion, configuration parameters of the segmentation are modified. For example, in some embodiments, a user interface is provided that displays shapley values indicating a mapping from the high dimension data to the segmented data. Input is then received that modifies the configuration parameters.

公开(公告)号：US11539747B2

公开(公告)日：2022-12-27

申请号：US16780047

申请日：2020-02-03

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L9/40 ,  H04L9/08

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

公开(公告)号：US11483238B2

公开(公告)日：2022-10-25

申请号：US16601352

申请日：2019-10-14

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Luca Muscariello

IPC: H04L45/42 ,  H04L45/64 ,  H04L45/74 ,  H04L69/22

Abstract: This disclosure describes techniques for implementing centralized path computation for routing in hybrid information-centric networking protocols implemented as a virtual network overlay. A method includes receiving an interest packet header from a forwarding router node of a network overlay. The method further includes determining an interest path of the interest packet and one or more destination router nodes of the network overlay. The method further includes computing one or more paths over the network overlay. The method further includes determining an addressing method for the one or more computed paths over the network overlay. The method further includes performing at least one of encoding each computed path in a data packet header, and encoding each computed path as state entries of each router node of the network overlay on each respective path. The method further includes returning the computed path information to the forwarding router node.

公开(公告)号：US11444871B1

公开(公告)日：2022-09-13

申请号：US17385520

申请日：2021-07-26

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Robert Edgar Barton ,  Carlos M. Pignataro ,  Jerome Henry ,  Olivier Pelerin ,  Shankar Vemulapalli

IPC: H04L45/00 ,  H04L9/40 ,  H04L12/46 ,  H04L47/2425 ,  H04L61/4511

Abstract: Techniques for utilizing a cloud service to compute an end-to-end SLA-aware path using dynamic software-defined cloud interconnect (SDCI) tunnels between a user device and an access point-of-presence (POP) node and inter-POP tunnels of the SDCI. The cloud service may include a performance aware path instantiation (PAPI) component including a POP database for storing performance metrics associated with the POPs of the SDCI, an enterprise policy database for storing user specific policies, and/or a path computation component. The path computation component may compute the path, based on the user specific policies, performance metrics associated with the POP nodes, and/or real-time contextual data associated with the user device and/or destination device. The path may include a first tunnel between the user device and the most optimal access POP node of the SDCI and a second tunnel between the access POP node, through the internal POP nodes, and to the destination device.

公开(公告)号：US20220182322A1

公开(公告)日：2022-06-09

申请号：US17115451

申请日：2020-12-08

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali ,  Syed Kamran Raza

IPC: H04L12/741 ,  H04L12/26

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

公开(公告)号：US11343152B2

公开(公告)日：2022-05-24

申请号：US16842457

申请日：2020-04-07

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04W36/30 ,  H04L41/12 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/42 ,  H04L45/64 ,  H04L47/125

Abstract: Systems, methods, and computer-readable for load distribution amongst smart network interface cards (sNICs) connected to a host device include a controller. The controller can instantiate an agent in the host device to obtain telemetry information pertaining to the sNICs, where the sNICs can be used for communication between the host device and upstream devices in a software-defined network. The telemetry information indicates service offloading capabilities of the sNICs. The controller can also obtain network topology information pertaining to at least the host device, the sNICs and the upstream devices, and determine load distribution policies for the sNICs based on the network topology information and the telemetry information. The controller can provide the load distribution policies to the one or more upstream devices, where the load distribution policies take into account the service offload capabilities of the sNICs.

公开(公告)号：US11336530B2

公开(公告)日：2022-05-17

申请号：US17079728

申请日：2020-10-26

Applicant: Cisco Technology, Inc.

Inventor： Dmitri Goloubev ,  Nassim Benoussaid ,  Luc De Ghein ,  Carlos M. Pignataro ,  Hugo M. Latapie

IPC: H04L29/08 ,  H04L41/12 ,  H04L41/16 ,  H04L45/00 ,  H04L29/06

Abstract: Presented herein are techniques to analyze network anomaly signals based on both a spatial component and a temporal component. A method includes identifying a plurality of factors that trigger a first anomaly signal by a first network node and a second anomaly signal by a second network node in a network comprising a plurality of network nodes, determining that the first network node is adjacent to the second network node in the plurality of network nodes, calculating an anomaly severity score for the first network node based on a number of co-occurring factors from among the plurality of factors that trigger both the first anomaly signal and the second anomaly signal, and adjusting the anomaly severity score for the first network node based on a value of a prior anomaly severity score for the first network node.

公开(公告)号：US11301690B2

公开(公告)日：2022-04-12

申请号：US16743598

申请日：2020-01-15

Applicant: Cisco Technology, Inc.

Inventor： Hugo Mike Latapie ,  Franck Bachet ,  Enzo Fenoglio ,  Sawsen Rezig ,  Carlos M. Pignataro ,  Guillaume Sauvage De Saint Marc

IPC: G06K9/00 ,  G06N3/08 ,  G06K9/62 ,  G06T7/194 ,  G06T7/292 ,  G06T7/254

Abstract: Systems, methods, and computer-readable for multi-temporal scale analysis include obtaining two or more timescales associated with one or more images. A context associated with a monitoring objective is obtained, based on real time analytics or domain specific knowledge. The monitoring objective can include object detection, event detection, pattern recognition, or other. At least a subset of timescales for performing a differential analysis on the one or more images is determined based on the context. Multi timescale surprise detection and clustering are performed using the subset of timescales to determine whether any alerts are to be generated based on entropy based surprises. A set of rules can be created for the monitoring objective based on the differential analytics and alerts or entropy based surprises, if any.