公开(公告)号：US20180270127A1

公开(公告)日：2018-09-20

申请号：US15972033

申请日：2018-05-04

Applicant: Cisco Technology, Inc.

Inventor： Jackson Ngoc Ki Pang ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Navindra Yadav

IPC: H04L12/26 ,  H04L12/24

Abstract: The technology visualizes data flows within a datacenter in an interactive hierarchical network chord diagram. Based on analyzed data describing data flows, a portion of the data flows that originate at the same first endpoint and terminate at the same second endpoint can be grouped. Subsequently, the dataflow monitoring system displays an interactive hierarchical network chord diagram to include a chord with a first endpoint and a second endpoint. The chord represents the grouped portion of data flows that originate at the same first endpoint and terminate at the same second endpoint. Upon receiving a selection of the chord or the first endpoint of the chord, the dataflow monitoring system expands the grouped portion of the data flows into a more granular representation of the network.

公开(公告)号：US10033766B2

公开(公告)日：2018-07-24

申请号：US15133155

申请日：2016-04-19

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06 ,  H04L12/26

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

公开(公告)号：US09876711B2

公开(公告)日：2018-01-23

申请号：US14477762

申请日：2014-09-04

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/46 ,  H04L12/741 ,  H04L29/12 ,  H04L12/703 ,  H04L12/26 ,  H04L12/751 ,  H04L29/06 ,  H04L12/58 ,  H04L29/08 ,  H04L12/707 ,  H04L12/709 ,  H04L12/723 ,  H04L12/24 ,  H04L12/931

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: Systems, methods, and non-transitory computer-readable storage media for translating source addresses in an overlay network. An access switch in an overlay network, such as a VXLAN, may receive an encapsulated packet from a tunnel endpoint in the overlay network. The encapsulated packet may originate from a host associated with the tunnel endpoint and be encapsulated at the tunnel endpoint with a first source tunnel endpoint address and a destination tunnel endpoint address. The access switch may replace the first source tunnel endpoint address in the encapsulated packet with a second source tunnel endpoint address of the access switch to yield a translated packet. The access switch may then transmit the translated packet towards the destination tunnel endpoint address.

公开(公告)号：US20170214619A1

公开(公告)日：2017-07-27

申请号：US15482437

申请日：2017-04-07

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha ,  Sameer Merchant

IPC: H04L12/743 ,  H04L12/46 ,  H04L12/753 ,  H04L12/18 ,  H04L12/707

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: The subject technology addresses a need for improving utilization of network bandwidth in a multicast network environment. More specifically, the disclosed technology provides solutions for extending multipathing to tenant multicast traffic in an overlay network, which enables greater bandwidth utilization for multicast traffic. In some aspects, nodes in the overlay network can be connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.

公开(公告)号：US20170075710A1

公开(公告)日：2017-03-16

申请号：US14855811

申请日：2015-09-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit C. Prasad ,  Shashidhar R. Gandham ,  Navindra Yadav ,  Khawar Deen ,  Shih-Chun Chang ,  Ashutosh Kulshreshtha ,  Anubhav Gupta

IPC: G06F9/455 ,  H04L12/26

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L43/12

Abstract: Methods, systems, and computer readable media are provided for determining, in a virtualized network system, a relationship of a sensor relative to other sensors. In a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, captured network data is received from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors indicating one or more traffic flows detected by the given sensor. The received captured network data is analyzed to identify, for each respective sensor, a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, and all traffic flows observed by the second group of sensors are also observed by the third group of sensors. For each respective sensor, a location of each respective sensor relative to other sensors within the virtualized computing system is determined based upon whether the respective sensor belongs to the first group of sensors, the second group of sensors, or the third group of sensors.

Abstract translation: 提供了方法，系统和计算机可读介质，用于在虚拟化网络系统中确定传感器相对于其他传感器的关系。 在其中部署多个软件传感器并且其中存在一个或多个业务流的虚拟化计算系统中，从多个传感器接收捕获的网络数据，来自多个传感器中的给定传感器的所捕获的网络数据指示 由给定传感器检测到的一个或多个交通流量。 分析所接收的捕获的网络数据，以便为每个相应的传感器识别第一组传感器，第二组传感器和第三组传感器，其中由第一组传感器观察到的所有交通流也被 第二组传感器，第二组传感器观测到的所有交通流量也由第三组传感器观察到。 对于每个相应的传感器，基于各个传感器是否属于第一组传感器，第二组传感器或第三组传感器来确定每个相应传感器相对于虚拟化计算系统内的其它传感器的位置。

公开(公告)号：US20170034018A1

公开(公告)日：2017-02-02

申请号：US15153604

申请日：2016-05-12

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Mohammadreza Alizadeh Attar ,  Vimalkumar Jeyakumar ,  Omid Madani ,  Ellen Christine Scheib ,  Navindra Yadav

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: This disclosure generally relates to a method and system for generating a communication graph of a network using an application dependency mapping (ADM) pipeline. In one aspect of the disclosure, the method comprises receiving network data (e.g., flow data and process information at each node) from a plurality of sensors associated with a plurality of nodes of the network, determining a plurality of vectors and an initial graph of the plurality of nodes based upon the network data, determining similarities between the plurality of vectors, clustering the plurality of vectors into a plurality of clustered vectors based upon the similarities between the plurality of vectors, and generating a communication graph of the network system based upon the plurality of clustered vectors.

Abstract translation: 本公开通常涉及用于使用应用依赖关系映射（ADM）流水线生成网络的通信图的方法和系统。 在本公开的一个方面，该方法包括从与网络的多个节点相关联的多个传感器中接收网络数据（例如，每个节点处的流数据和处理信息），确定多个向量和初始图 基于所述网络数据的所述多个节点，确定所述多个向量之间的相似性，基于所述多个向量之间的相似度将所述多个向量聚类成多个向量，并且基于所述多个向量生成所述网络系统的通信图 多个聚类向量。

公开(公告)号：US09544224B2

公开(公告)日：2017-01-10

申请号：US14508909

申请日：2014-10-07

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/709 ,  H04L12/723 ,  H04L12/703 ,  H04L12/26 ,  H04L12/46 ,  H04L29/06 ,  H04L29/08 ,  H04L12/751 ,  H04L12/741 ,  H04L29/12 ,  H04L12/58 ,  H04L12/707

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: Aspects of the subject disclosure relate to methods for detecting a link failure between the first network device and a destination node, receiving a data packet addressed to the destination node, and rewriting encapsulation information of the first data packet. Subsequent to rewriting the encapsulation information of the first data packet, the first data packet is forwarded to a second network device (e.g., using updated address information in the packet header), wherein the second network device is paired with the first network device in the virtual port channel. In certain aspects, systems and computer readable media are also provided.

Abstract translation: 本公开的方面涉及用于检测第一网络设备和目的地节点之间的链路故障的方法，接收寻址到目的地节点的数据分组以及重写第一数据分组的封装信息。 在重写第一数据分组的封装信息之后，将第一数据分组转发到第二网络设备（例如，使用分组报头中的更新的地址信息），其中第二网络设备与第一网络设备配对 虚拟端口通道。 在某些方面，还提供了系统和计算机可读介质。

公开(公告)号：US20160359914A1

公开(公告)日：2016-12-08

申请号：US15095955

申请日：2016-04-11

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Signh ,  Shih-Chun Chang

IPC: H04L29/06

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: An example method includes calculating latency bounds for communications from two sensors to a collector (i.e., maximum and minimum latencies). After the collector receives an event report from the first sensor and an event report form the second sensor, the collector can determine, using the latency bounds, whether one event likely preceded the other.

Abstract translation: 示例性方法包括计算从两个传感器到收集器的通信的延迟范围（即，最大和最小延迟）。 收集器收集第一个传感器的事件报告和第二个传感器的事件报告后，收集器可以使用延迟范围确定一个事件是否可能在另一个事件之前。

公开(公告)号：US20160359913A1

公开(公告)日：2016-12-08

申请号：US15045210

申请日：2016-02-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06 ,  H04L12/823 ,  H04L12/813

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.

Abstract translation: 可以根据网络端点的安全性测量来定义条件策略。 在示例实施例中，网络流量监控系统可以监视端点之间的网络流，并且基于对网络流和其他数据的分析来量化这些端点的安全性。 可以创建条件策略，其在端点的安全测量是第一值或第一范围值时建立用于处理分组的一个或多个第一连接策略，以及用于处理分组的一个或多个第二连接策略。 连接策略可以包括允许连接，拒绝连接，使用特定路由重定向分组，或其他网络动作。 当网络流量监控系统检测到端点的安全性测量发生变化时，可以确定一个或多个适用的策略，并且系统可以更新网络的策略数据以执行策略。

公开(公告)号：US20160359890A1

公开(公告)日：2016-12-08

申请号：US15171879

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen ,  Navindra Yadav ,  Anubhav Gupta ,  Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Shih-Chun Chang

IPC: H04L29/06

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

Abstract translation: 一种方法包括使用部署在第一主机处的第一捕获代理捕获与来自第一主机的第一分组流相关联的第一数据，以产生第一流数据，从第二主捕获与第一主机起源的第二分组流相关联的第二数据 部署在第二主机上的捕获代理产生第二流数据并比较第一流数据和第二流数据以产生差异。 当所述差异高于阈值时，所述方法包括确定所述第二分组流由绕过所述设备的所述第一主机或分组捕获代理的操作堆栈的组件发送以产生确定，检测所述隐藏网络流量 存在并且基于该确定来预测与第一主机的恶意软件问题。