公开(公告)号：US20170302561A1

公开(公告)日：2017-10-19

申请号：US15639398

申请日：2017-06-30

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  David D. Ward ,  Stewart F. Bryant ,  Daniel C. Frost ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/723 ,  H04L12/741

CPC classification number: H04L41/12 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/12 ,  H04L45/46 ,  H04L45/50 ,  H04L45/507 ,  H04L45/54 ,  H04L45/74 ,  H04L45/745 ,  H04L47/724 ,  H04L49/608

Abstract: A method, network device, and computer readable medium are disclosed. In one embodiment of the method, a data packet is received at a node within a first segment routing enabled access network. The first access network is connected, via a first area edge node, to a first area of a subdivided segment routing enabled network, and a specified destination for the data packet is reachable via a second segment routing enabled access network connected to the subdivided network. The method embodiment further includes receiving from a centralized controller a remote segment identifier stack, where the remote segment identifier stack encodes a path extending from the first area edge node to the second access network. The embodiment of the method continues with encapsulating the data packet with a full segment identifier stack comprising the remote segment identifier stack, and forwarding the encapsulated data packet toward the first area edge node.

公开(公告)号：US20170251065A1

公开(公告)日：2017-08-31

申请号：US15056516

申请日：2016-02-29

Applicant: Cisco Technology, Inc.

Inventor： Richard Furr ,  Nagendra Kumar Nainar ,  Carlos Pignataro ,  Joseph Michael Clarke

IPC: H04L29/08 ,  H04L12/741

CPC classification number: H04L67/16 ,  H04L45/566 ,  H04L45/64 ,  H04L45/74 ,  H04L67/327 ,  H04L69/22

Abstract: Presented herein are service-function chaining techniques that enable data plane signaling of a packet as a candidate for capture at various network nodes along a service function path of a service function chain. That is, a capture signal is embedded within the respective packet that carries a user traffic. The signaling occurs in-band, via the data plane, such that classification of the packet for capture beneficially occurs, at the ingress node of the network, once to which subsequent network nodes along a service function path are signaled to capture or further inspect the packet for capture. Service function chaining treats service functions as resources with associated attributes available for scheduled consumption to which selective traffic are steered according to a policy construct to the requisite network-service resources.

公开(公告)号：US20170244631A1

公开(公告)日：2017-08-24

申请号：US15049521

申请日：2016-02-22

Applicant: Cisco Technology, Inc.

Inventor： James N. Guichard ,  Paul Quinn ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati

IPC: H04L12/723 ,  H04L12/741

CPC classification number: H04L45/50 ,  H04L45/306 ,  H04L45/74

Abstract: In one embodiment, a device in a network receives a packet that includes one or more forwarding labels and a service function chaining (SFC) header. The device removes the one or more forwarding labels from the packet. The device inserts an indication of the one or more forwarding labels into metadata of the SFC header. The device forwards the packet with the inserted indication of the one or more forwarding labels to a service function.

公开(公告)号：US09537712B2

公开(公告)日：2017-01-03

申请号：US14600068

申请日：2015-01-20

Applicant: CISCO TECHNOLOGY INC.

Inventor： Nagendra Kumar Nainar ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: H04L1/00 ,  H04L12/24 ,  H04L12/703 ,  H04L12/723 ,  H04L12/701 ,  H04L12/707

CPC classification number: H04L41/0668 ,  H04L45/00 ,  H04L45/22 ,  H04L45/28 ,  H04L45/50

Abstract: A method is provided in one example and includes communicating a first request message to a first network element functioning as a point of local repair for a backup label switched path. The first request message includes a first network address having a predetermined value and an indication of a forwarding equivalence class associated with the backup label switched path. The method further includes receiving a first reply message from the first network element. The first reply message includes at least one backup path parameter associated with the backup label switched path.

Abstract translation: 在一个示例中提供了一种方法，并且包括将第一请求消息传达到用作备份标签交换路径的本地修复点的第一网络元件。 第一请求消息包括具有预定值的第一网络地址和与备份标签交换路径相关联的转发等价类的指示。 该方法还包括从第一网络元件接收第一应答消息。 第一应答消息包括与备份标签交换路径相关联的至少一个备份路径参数。

公开(公告)号：US09497107B1

公开(公告)日：2016-11-15

申请号：US14211710

申请日：2014-03-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nobushige Akiya ,  David D. Ward ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Tarek Saad ,  Muthurajah Sivabalan

IPC: H04L12/707

CPC classification number: H04L45/22 ,  H04L41/0677 ,  H04L43/0811 ,  H04L43/10 ,  H04L45/50

Abstract: An example method for seamless path monitoring and rapid fault isolation using bidirectional forwarding detection (BFD) in a network environment is provided and includes determining a BFD target identifier type for communicating in a BFD session in a network environment, determining a non-zero globally assigned BFD discriminator value associated with the BFD target identifier type, populating a Your Discriminator field in a BFD Control Packet with the non-zero globally assigned BFD discriminator value, with a My Discriminator field in the BFD Control Packet being populated with a locally assigned BFD Discriminator value, and initiating the BFD session by transmitting the BFD Control Packet to a target node in the network. In a specific embodiment, the BFD target identifier type is type 3, and the non-zero globally assigned BFD discriminator is an Alert Discriminator reserved by substantially all nodes in the network exclusively for BFD traceroute operations.

Abstract translation: 提供了一种在网络环境中使用双向转发检测（BFD）进行无缝路径监控和快速故障隔离的示例方法，包括确定BFD目标标识符类型，以在网络环境中的BFD会话中进行通信，确定非零全局分配 与BFD目标标识符类型相关联的BFD鉴别符值，在BFD控制报文中填入非零全局分配BFD鉴别符值的“Discriminator”字段，BFD控制报文中的“我的标识符”字段填入本地分配的BFD鉴别符 通过将BFD控制报文发送到网络中的目标节点来启动BFD会话。 在具体实施例中，BFD目标标识符类型为类型3，非零全局分配的BFD鉴别器是专门用于BFD跟踪路由操作的网络中基本上所有节点保留的警报鉴别器。

公开(公告)号：US20160165014A1

公开(公告)日：2016-06-09

申请号：US14560146

申请日：2014-12-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L29/06

CPC classification number: H04L69/22 ,  H04L45/04 ,  H04L45/64

Abstract: In one embodiment, a method includes receiving a packet in a service function chain at a network device located at a border of a first administrative domain, the packet comprising a service function path identifier and a service index, processing the packet at the network device, wherein processing comprises modifying the packet based on the service function path identifier and the service index to direct the packet to a second administrative domain, and forwarding the packet from the network device to the second administrative domain for processing in the service function chain. The service function chain extends over the first and second administrative domains. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括：在位于第一管理域边界的网络设备的服务功能链中接收分组，所述分组包括服务功能路径标识符和服务索引，在网络设备处理分组， 其中处理包括基于服务功能路径标识符和服务索引来修改分组，以将分组引导到第二管理域，并且将分组从网络设备转发到第二管理域以在服务功能链中进行处理。 服务功能链延伸到第一个和第二个管理域。 本文还公开了一种装置和逻辑。

公开(公告)号：US12267328B2

公开(公告)日：2025-04-01

申请号：US17695265

申请日：2022-03-15

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  John Matthew Swartz ,  Paul Brian Giralt ,  David John Zacks ,  Gonzalo Salgueiro

IPC: H04L9/40

Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

公开(公告)号：US12267314B2

公开(公告)日：2025-04-01

申请号：US18414137

申请日：2024-01-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Robert E. Barton ,  Carlos M. Pignataro ,  Jerome Henry ,  Bart A. Brinckman

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/06 ,  H04W36/00

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

公开(公告)号：US20240394107A1

公开(公告)日：2024-11-28

申请号：US18324000

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Nagendra Kumar Nainar ,  Marcelo Yannuzzi ,  Ayan Banerjee

IPC: G06F9/50 ,  G06F9/445 ,  G06F11/34

Abstract: Devices, systems, methods, and processes for sustainably reallocating resources based on within a plurality of computing nodes of a network, such as a managed network are described herein. Each computing node may be configured to transmit infrastructure data to an infrastructure monitor or ecosystem management tool. Additional sustainability data may also be accessed either internally or externally. The infrastructure data and sustainability data may be utilized to generate one or more scores that can be evaluated against each other. These scores may be configured to reflect various conditions or facts about the computing nodes including the overall sustainability. In order to increase sustainability levels, a variety of different resource configurations can be generated and evaluated against each other and the current configuration. When a more sustainable configuration is located, it may be applied by moving resources from originating computing nodes to destination computing nodes to achieve increased sustainability goals.

公开(公告)号：US20240205186A1

公开(公告)日：2024-06-20

申请号：US18591538

申请日：2024-02-29

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Robert E. Barton ,  Jerome Henry

IPC: H04L61/5014 ,  H04L101/622 ,  H04W12/108 ,  H04W12/71

CPC classification number: H04L61/5014 ,  H04W12/108 ,  H04W12/71 ,  H04L2101/622

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.