公开(公告)号：US20230079444A1

公开(公告)日：2023-03-16

申请号：US17719787

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L9/40 ,  H04L67/02 ,  H04L61/4511

Abstract: Techniques for leveraging the MASQUE protocol to provide remote clients with full application access to private enterprise resources are described herein. One or more network nodes may be configured to execute a MASQUE proxy service to provide a remote client device with full access to an enterprise/private application resource executing on an application node and hosted in an enterprise/application network, behind the MASQUE proxy service. In some examples, the MASQUE proxy service may execute on a single proxy node hosted at an edge of a cloud network or at an edge of an enterprise network. Additionally, or alternatively, a first instance of the MASQUE proxy service may execute on a first proxy node hosted at an edge of a cloud network (e.g., an ingress proxy node) and a second instance of the MASQUE proxy service may execute on a second proxy node hosted at an edge of the enterprise network.

公开(公告)号：US20230066784A1

公开(公告)日：2023-03-02

申请号：US17462781

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L12/24 ,  H04L12/707 ,  H04L29/08 ,  H04L12/46

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：US20220385662A1

公开(公告)日：2022-12-01

申请号：US17335292

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L29/06 ,  H04L29/12

Abstract: Techniques for transferring address rights (e.g., internet protocol address(es), media access control address(es), etc.) amongst devices in a data center network fabric. A data center (DC) authority (e.g., network controller and/or a service controller) of a data center network fabric may determine that a device in the network is to communicate on an address in the network. The DC authority may create and sign a token that indicates a verifiable authorization to communicate on the address. The token may allow any device that posses the token to communicate on the address, following verification from an associated network switch. Additionally, the token may be signed by a device in the network in possession of the token, and delegated to another device in the data center network fabric following a migration of a service from one server to another, for example.

公开(公告)号：US20220385572A1

公开(公告)日：2022-12-01

申请号：US17486647

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Christopher Blair Murray ,  Jon Langemak ,  Alvin Wong ,  Alvaro Cesar Pereira ,  Kyle Andrew Donald Mestery

IPC: H04L12/741 ,  H04L12/46

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20220385558A1

公开(公告)日：2022-12-01

申请号：US17486477

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Christopher Blair Murray ,  Jon Langemak ,  Rahim Lalani ,  Alvin Wong

IPC: H04L12/751 ,  H04L12/717 ,  H04L12/715 ,  H04L12/713 ,  H04L12/24

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20220321468A1

公开(公告)日：2022-10-06

申请号：US17223486

申请日：2021-04-06

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Rahim Lalani

IPC: H04L12/721 ,  H04L12/717 ,  H04L12/707 ,  H04L12/751

Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.

公开(公告)号：US20220286392A1

公开(公告)日：2022-09-08

申请号：US17193411

申请日：2021-03-05

Applicant: Cisco Technology, Inc.

Inventor： Leonardo Rangel Augusto ,  Stephen John Hassard ,  Kyle Andrew Donald Mestery ,  Bernardo de Moraes Soares

IPC: H04L12/741

Abstract: Techniques for integrating disparate headend traffic ingress services with disparate backend services are disclosed herein. The techniques may include receiving, at a classification and forwarding node of a networked computing environment, a data packet encapsulated according to a first encapsulation protocol that is supported by the classification and forwarding node. The techniques may also include determining, by the classification and forwarding node, that the data packet is to be sent to a service from among a group of services associated with the networked computing environment. The classification and forwarding node may also determine whether the first encapsulation protocol is supported by the service. Based at least in part on determining that the service supports a second encapsulation protocol different than the first encapsulation protocol, the classification and forwarding node may encapsulate the data packet according to the second encapsulation protocol and send the data packet to the service.

公开(公告)号：US20220272044A1

公开(公告)日：2022-08-25

申请号：US17183977

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L12/851 ,  H04L12/801 ,  H04L12/823 ,  H04L29/06

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US20220271947A1

公开(公告)日：2022-08-25

申请号：US17183825

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells

IPC: H04L9/32 ,  H04L29/12 ,  H04L29/06

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US20220091823A1

公开(公告)日：2022-03-24

申请号：US17028646

申请日：2020-09-22

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: G06F8/34 ,  G06F8/41 ,  H04L29/06

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.