公开(公告)号：US12184661B2

公开(公告)日：2024-12-31

申请号：US17183900

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells

IPC: H04L9/40 ,  H04L41/0894 ,  H04L67/14

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US12170644B2

公开(公告)日：2024-12-17

申请号：US17678472

申请日：2022-02-23

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L61/2557 ,  H04L9/40 ,  H04L61/256 ,  H04L61/4511

Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

公开(公告)号：US12166677B2

公开(公告)日：2024-12-10

申请号：US17171679

申请日：2021-02-09

Applicant: Cisco Technology, Inc.

Inventor： Grzegorz Boguslaw Duraj ,  Leonardo Rangel Augusto ,  Kyle Andrew Donald Mestery

IPC: H04L47/24 ,  H04L9/08 ,  H04L9/40 ,  H04L12/46 ,  H04L47/10 ,  H04L47/125 ,  H04L47/2425 ,  H04L47/2441 ,  H04L69/22

Abstract: Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein.

公开(公告)号：US20240372896A1

公开(公告)日：2024-11-07

申请号：US18771800

申请日：2024-07-12

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L9/40

Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

公开(公告)号：US12095665B2

公开(公告)日：2024-09-17

申请号：US17572320

申请日：2022-01-10

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla ,  Ian James Wells

IPC: H04L45/74 ,  H04L69/165

CPC classification number: H04L45/74 ,  H04L69/165

Abstract: Techniques for Network Address Translation (NAT)-based steering of traffic in cloud-based networks. The techniques may include establishing, by a frontend node of a network, a connection with a client device. The frontend node may receive, via the connection, a packet including an indication of an identity of a service hosted on a backend node of the network. Based at least in part on the indication, the frontend node may establish a second connection with the backend node. Additionally, the frontend node may store a mapping indicating that packets received from the client device are to be sent to the backend node. The techniques may also include receiving another packet at the frontend node or another frontend node of the network. Based at least in part on the mapping, the frontend node or other frontend node may alter one or more network addresses of the other packet and forward it to the backend node.

公开(公告)号：US12069103B2

公开(公告)日：2024-08-20

申请号：US17678560

申请日：2022-02-23

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/0254 ,  H04L63/0272

Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

公开(公告)号：US12028248B2

公开(公告)日：2024-07-02

申请号：US17486647

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Christopher Blair Murray ,  Jon Langemak ,  Alvin Wong ,  Alvaro Cesar Pereira ,  Kyle Andrew Donald Mestery

IPC: H04L12/46 ,  H04L41/0816 ,  H04L41/0853 ,  H04L45/00 ,  H04L45/02 ,  H04L45/30 ,  H04L45/42 ,  H04L45/50 ,  H04L45/586 ,  H04L45/74 ,  H04L45/741 ,  H04L45/745 ,  H04L67/51

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L41/0816 ,  H04L41/0853 ,  H04L45/02 ,  H04L45/04 ,  H04L45/22 ,  H04L45/30 ,  H04L45/42 ,  H04L45/50 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L67/51

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US12021754B2

公开(公告)日：2024-06-25

申请号：US17183977

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L47/2441 ,  H04L47/10 ,  H04L47/193 ,  H04L47/32 ,  H04L67/133

CPC classification number: H04L47/2441 ,  H04L47/193 ,  H04L47/29 ,  H04L47/32 ,  H04L67/133

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US20240176672A1

公开(公告)日：2024-05-30

申请号：US18434276

申请日：2024-02-06

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian Wells ,  David Delano Ward

IPC: G06F9/50 ,  H04L43/16 ,  H04L67/1008 ,  H04L67/1031 ,  H04L67/53

CPC classification number: G06F9/505 ,  H04L67/53 ,  H04L43/16 ,  H04L67/1008 ,  H04L67/1031

Abstract: A method includes receiving a DNS request, notifying a serverless orchestrator system of data associated with the DNS request, provisioning a function on a serverless function node based on the DNS request, notifying a load balancer regarding the serverless function node, providing a response to the DNS request and routing an API request associated with the DNS request to the serverless function node.

公开(公告)号：US11979284B2

公开(公告)日：2024-05-07

申请号：US17462781

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L41/082 ,  H04L12/46 ,  H04L45/00 ,  H04L67/1031 ,  H04L67/563

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L45/22 ,  H04L67/1031 ,  H04L67/563

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.