公开(公告)号：US20220103570A1

公开(公告)日：2022-03-31

申请号：US17035065

申请日：2020-09-28

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L29/06 ,  H04L9/32 ,  H04L12/707 ,  H04L12/715 ,  H04L12/741

Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.

公开(公告)号：US20220086050A1

公开(公告)日：2022-03-17

申请号：US17079728

申请日：2020-10-26

Applicant: Cisco Technology, Inc.

Inventor： Dmitri Goloubev ,  Nassim Benoussaid ,  Luc De Ghein ,  Carlos M. Pignataro ,  Hugo M. Latapie

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/715

Abstract: Presented herein are techniques to analyze network anomaly signals based on both a spatial component and a temporal component. A method includes identifying a plurality of factors that trigger a first anomaly signal by a first network node and a second anomaly signal by a second network node in a network comprising a plurality of network nodes, determining that the first network node is adjacent to the second network node in the plurality of network nodes, calculating an anomaly severity score for the first network node based on a number of co-occurring factors from among the plurality of factors that trigger both the first anomaly signal and the second anomaly signal, and adjusting the anomaly severity score for the first network node based on a value of a prior anomaly severity score for the first network node.

公开(公告)号：US11170319B2

公开(公告)日：2021-11-09

申请号：US15581719

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Sujit Biswas ,  Milind Naphade ,  Manjula Shivanna ,  Gyana Ranjan Dash ,  Srinivas Ruddaraju ,  Carlos M. Pignataro

IPC: G06N20/00

Abstract: In one embodiment, a computing device scans a plurality of available data sources associated with a profiled identity for an individual, and categorizes instances of the data sources according to recognized terms within the data sources. Once determining whether the profiled identity contributed positively to each categorized instance, categorized instances that have a positive contribution by the profiled identity may be clustered into clusters. The computing device may then rank the clusters based on size of the clusters and frequency of recognized terms within the clusters, and can then infer an expertise of the profiled identity based on one or more best-ranked clusters. The inferred expertise of the profiled identity may then be stored.

公开(公告)号：US20210342543A1

公开(公告)日：2021-11-04

申请号：US16914899

申请日：2020-06-29

Applicant: Cisco Technology, Inc.

Inventor： Dmitri Goloubev ,  Nassim Benoussaid ,  Volodymyr Iashyn ,  Borys Viacheslavovych Berlog ,  Carlos M. Pignataro

IPC: G06F40/30 ,  G06F16/35 ,  G06F16/28 ,  G06N20/00 ,  G06F40/279

Abstract: A method includes associating anomalous first text, from a first unstructured data set, with a first classification; processing the first unstructured data set using at least one of ML or AI to identify a second text that is in close context to the first text, and adding the second text to a text list associated with the first classification; enriching the text list by processing the second text to generate a third text, and adding the third text to the text list to produce an enriched text list and such that the third text is also associated with the first classification; matching the text in the enriched text list to text in a second unstructured data set; and classifying the text in the second unstructured data set as having the first classification when the text in the second unstructured data set matches text in the enriched text list.

公开(公告)号：US11150963B2

公开(公告)日：2021-10-19

申请号：US16289412

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: G06F9/54 ,  G06F9/50 ,  G06F9/455 ,  H04L12/721 ,  H04L12/717 ,  H04L12/723

Abstract: Systems and methods provide for accelerating and offloading network processing to a remote smart network interface card (NIC). A first network element, including a first smart NIC, can transmit capability information of the first smart NIC for receipt by a neighboring second network element. The second network element can determine that a network processing task of a virtualized network function (e.g., virtual network function (VNF), cloud-native network function (CNF), etc.) instantiated on the second network element can be offloaded to the first smart NIC. The second network element can receive processing information from the virtualized network function for performing the network processing task. Based on the processing information, the second network element can transmit control information that causes the first smart NIC to perform the network processing task on at least a portion of network data received by the first network element for transmission to the second network element.

公开(公告)号：US20210314232A1

公开(公告)日：2021-10-07

申请号：US16842457

申请日：2020-04-07

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04L12/751 ,  H04L12/715 ,  H04L12/717 ,  H04L12/803

Abstract: Systems, methods, and computer-readable for load distribution amongst smart network interface cards (sNICs) connected to a host device include a controller. The controller can instantiate an agent in the host device to obtain telemetry information pertaining to the sNICs, where the sNICs can be used for communication between the host device and upstream devices in a software-defined network. The telemetry information indicates service offloading capabilities of the sNICs. The controller can also obtain network topology information pertaining to at least the host device, the sNICs and the upstream devices, and determine load distribution policies for the sNICs based on the network topology information and the telemetry information. The controller can provide the load distribution policies to the one or more upstream devices, where the load distribution policies take into account the service offload capabilities of the sNICs.

公开(公告)号：US11140177B2

公开(公告)日：2021-10-05

申请号：US16118699

申请日：2018-08-31

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Luca Muscariello ,  Alberto Compagno ,  Giovanna Carofiglio

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/32 ,  H04L29/12

Abstract: An electronic device of a content producer generates a chunk of data, associates a location-independent name with the chunk of data, generates a signature for the chunk of data, attaches the signature to the chunk of data, and transmits the chunk of data, with the signature attached, to one or more user devices in response to respective requests. The signature is generated based on the data in the chunk, using a private key of the electronic device. The electronic device also stores information, including a specification of a public key associated with the private key, in a first ledger entry of a blockchain, to provide the one or more user devices with access to the public key. A user device may obtain the public key and use it to verify the chunk of data.

公开(公告)号：US11088928B2

公开(公告)日：2021-08-10

申请号：US16601969

申请日：2019-10-15

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Benoit Claise ,  Nagendra Kumar Nainar

IPC: H04L12/26 ,  H04L12/721 ,  H04L12/707

Abstract: In one embodiment, a method is provided service aware conditional path monitoring. The method includes determining, for a network that includes a plurality of nodes, which particular nodes of the plurality of nodes forward traffic associated with a service. The method involves identifying relevant forwarding instructions within the particular nodes that are used to forward traffic for the service. The method further includes configuring the particular nodes to perform monitoring of traffic with a higher priority given to the relevant forwarding instructions than other forwarding instructions on the particular nodes. Monitoring results are obtained from the monitoring of traffic on the particular nodes on the relevant forwarding instructions. The monitoring results are analyzed to determine assurance of the service in the network.

公开(公告)号：US11038744B2

公开(公告)日：2021-06-15

申请号：US16839273

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： David D. Ward ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/26 ,  H04L12/46 ,  H04L12/723 ,  H04L12/70 ,  H04L12/24 ,  H04L12/54 ,  H04L29/06

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

公开(公告)号：US11018981B2

公开(公告)日：2021-05-25

申请号：US15783010

申请日：2017-10-13

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati

IPC: H04L12/813 ,  H04L29/08 ,  H04L12/823 ,  H04L12/24 ,  H04L12/26 ,  H04L12/851 ,  H04L12/911

Abstract: Systems, methods, and computer-readable media are disclosed for using real time network traffic for validating policy configuration(s) of containers, virtual machines, bare-metals, etc. In one aspect of the present disclosure a method includes receiving, at a controller, an incoming data packet destined for one or more containers; replicating, at the controller, the incoming data packet for validating at least one non-production container to yield a replicated data packet; sending the replicated data packet to the at least one non-production container; and dropping any data packet received from the at least one non-production container at a corresponding incoming port of the controller.