公开(公告)号：US20230376879A1

公开(公告)日：2023-11-23

申请号：US17747165

申请日：2022-05-18

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: G06Q10/06 ,  H04L67/306 ,  H04L67/141 ,  H04L43/0876

CPC classification number: G06Q10/06398 ,  H04L67/306 ,  H04L67/141 ,  H04L43/0876

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

公开(公告)号：US11818137B2

公开(公告)日：2023-11-14

申请号：US17490004

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L29/06 ,  H04L9/40 ,  G06V40/16

CPC classification number: H04L63/104 ,  G06V40/173 ,  H04L63/20

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

公开(公告)号：US11811784B2

公开(公告)日：2023-11-07

申请号：US17832159

申请日：2022-06-03

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L9/32 ,  H04L9/40 ,  H04L45/00

CPC classification number: H04L63/126 ,  H04L9/3213 ,  H04L9/3265 ,  H04L45/22 ,  H04L45/46 ,  H04L45/54

Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.

公开(公告)号：US11792065B2

公开(公告)日：2023-10-17

申请号：US17674686

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  David John Zacks ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan ,  Cesar Obediente ,  Craig Thomas Hill

IPC: H04L41/0604 ,  H04L41/0654 ,  H04L9/40 ,  H04L61/103 ,  H04L41/0631 ,  H04L67/133

CPC classification number: H04L41/0627 ,  H04L41/0631 ,  H04L41/0654 ,  H04L61/103 ,  H04L63/101 ,  H04L67/133

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

公开(公告)号：US20230268650A1

公开(公告)日：2023-08-24

申请号：US17678154

申请日：2022-02-23

Applicant: Cisco Technology, Inc.

Inventor： John Matthew Swartz ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Matthew Aaron Silverman ,  Ardalan Alizadeh

IPC: H01Q3/46 ,  H04W12/02 ,  H04B7/0426

CPC classification number: H01Q3/46 ,  H04W12/02 ,  H04B7/043

Abstract: A system and methods by which a reconfigurable intelligent surface device is dynamically configured to control the reflection of transmissions made between an access point and one or more client devices so as to protect the transmissions from being properly received by an unauthorized device. These methods may be used to maintain data confidentiality, particular for remote workers. The positions of the access point and client devices are used to configure the reconfigurable intelligent surface device to reflect the transmissions inward and avoid/minimize leakage outside a physical space.

公开(公告)号：US11716288B2

公开(公告)日：2023-08-01

申请号：US16730522

申请日：2019-12-30

Applicant: Cisco Technology, Inc.

Inventor： Charles Calvin Byers ,  Gonzalo Salgueiro ,  Joseph Michael Clarke ,  Chidambaram Arunachalam ,  Nagendra Kumar Nainar ,  Avraham Poupko

IPC: H04L47/80 ,  H04L47/70 ,  G06F16/11

CPC classification number: H04L47/823 ,  G06F16/119 ,  H04L47/80

Abstract: Systems, methods, and computer-readable media for orchestrating data center resources and user access to data. In some examples, a system can determine, at a first time, that a user will need, at a second time, access to data stored at a first location, from a second location. The system can identify a node which is capable of storing the data and accessible by a device from the second location. The system can also determine a first service parameter associated with a network connection between the device and the first location and a second service parameter associated with a network connection between the device and the node. When the second service parameter has a higher quality than the first service parameter, the system can migrate the data from the first location to the node so the device has access to the data from the second location through the node.

公开(公告)号：US20230179471A1

公开(公告)日：2023-06-08

申请号：US18103918

申请日：2023-01-31

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L41/0668 ,  H04L45/28 ,  H04L41/12 ,  H04L47/24

CPC classification number: H04L41/0668 ,  H04L45/28 ,  H04L41/12 ,  H04L47/24

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

公开(公告)号：US20230135261A1

公开(公告)日：2023-05-04

申请号：US18147158

申请日：2022-12-28

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Zafar Ali ,  Syed Kamran Raza ,  Ahmed Bashandy ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Jaganbabu Rajamanickam ,  Rakesh Gandhi ,  Bhupendra Yadav ,  Faisal Iqbal

IPC: H04L45/00 ,  H04L43/106 ,  H04L45/02 ,  H04L41/0246

Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.

公开(公告)号：US11601296B2

公开(公告)日：2023-03-07

申请号：US16987017

申请日：2020-08-06

Applicant: Cisco Technology, Inc.

Inventor： Ijsbrand Wijnands ,  Gregory J. Shepherd ,  Nagendra Kumar Nainar

IPC: H04L12/18 ,  H04L45/74 ,  H04L45/16 ,  H04L45/00 ,  H04L45/50

Abstract: Functionality for creating a bit routing table for use in a bit-indexed explicit replication (“BIER”) environment in disclosed herein. In one embodiment, this functionality includes receiving information from a host, and determining whether the information comprises a MAC address that is a bit-indexed explicit replication (“BIER”) MAC address. In response to determining that the information comprises a BIER MAC address, this functionality creates an entry corresponding to the MAC address in a bit routing table. This functionality also analyzes the information to determine a bit position that is associated with the host, and also determines a port via which the host is reachable. The functionality updates the bit routing table by storing information identifying the bit position and the port in the entry, such that the bit position and the port both correspond to the MAC address. This functionality can be used to route packets in a BIER environment.

公开(公告)号：US11563622B2

公开(公告)日：2023-01-24

申请号：US17070648

申请日：2020-10-14

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  Madhan Sankaranarayanan ,  Prakash Jain

IPC: H04L41/06 ,  H04L43/0805

Abstract: A method is performed by a node configured to implement an Operation, Administration, and Maintenance (OAM) protocol for rapid link failure detection. The node receives peer OAM packets sent by a peer node over a link at a peer periodic interval. While in a first mode of the OAM protocol, the node determines whether the peer node is reachable based on the peer OAM packets, sends OAM packets to the peer node at a periodic interval to indicate to the peer node that the node is reachable, and responsive to detecting a critical condition of the node that impairs the sending the OAM packets, transitions to a second mode of the OAM protocol. While in the second mode, the node adds, to the peer OAM packets, a code to indicate the critical condition, and reflects the peer OAM packets with the code back to the peer node.