公开(公告)号：US11558130B2

公开(公告)日：2023-01-17

申请号：US17301203

申请日：2021-03-29

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Bart A. Brinckman

IPC: H04B17/309 ,  H04W76/15 ,  H04W24/10 ,  H04W24/08

Abstract: An apparatus transmits a quality of experience (QoE) support message to an access point (AP) within an access network. The QoE support message queries whether the AP supports providing key performance indicators (KPI(s)) indicative of QoE provided by the access network. An indication of whether the AP supports providing the KPI(s) is received in response to the QoE support message. The KPI(s) are received when the AP supports providing the KPI(s). A determination is made whether to communicate with the AP based at least in part on the KPI(s). The apparatus performs communications in accordance with the determination.

公开(公告)号：US20220353165A1

公开(公告)日：2022-11-03

申请号：US17866465

申请日：2022-07-15

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Pascal Thubert

IPC: H04L43/12 ,  H04L43/0817

Abstract: This disclosure describes techniques for monitoring expected behavior of devices in a computing network. Behavior of network devices may include performing various functions associated with transferring data packets through the computing network. Monitoring expected behavior may include sending a probe packet into the computing network, and determining whether network devices behave as expected with respect to the probe packet. In some examples, behaviors such as replicating, forwarding, eliminating, ordering, and/or other functions regarding data packets may be validated using the present techniques. As computing networks and/or operations become more complex, assuring the expected behavior of network devices may become more important for the continued efficient, smooth, successful, and/or timely flow of data traffic.

公开(公告)号：US11470021B2

公开(公告)日：2022-10-11

申请号：US16172677

申请日：2018-10-26

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric M. Levy-Abegnoli ,  Nagendra Kumar Nainar

IPC: H04L41/0893 ,  H04L47/6275 ,  H04L49/10 ,  H04L49/00 ,  H04L47/80 ,  H04L45/64 ,  G06N20/00

Abstract: Techniques for providing a non-blocking fabric in a network are described. A network controller determines the network requirement for various network traffic types on the network and determines the allocation of resources across the network needed to establish a midlay, including midlay components on the network. The network controller then establishes the midlay on the network according to the determined allocation. At least one of the midlay components is a virtually non-blocking fabric for high-priority traffic or fully non-blocking fabric for deterministic traffic.

公开(公告)号：US20220321449A1

公开(公告)日：2022-10-06

申请号：US17843415

申请日：2022-06-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Joseph Michael Clarke

IPC: H04L45/02 ,  G06F11/30 ,  G06F11/34 ,  G06F11/10 ,  H04L45/021

Abstract: A network device receives a data packet including a source address and a destination address. The network device drops the data packet before it reaches the destination address and generates an error message indicating that the data packet has been dropped. The network device encapsulates the error message with a segment routing header comprising a list of segments. The first segment of the list of segments in the segment routing header identifies a remote server, and at least one additional segment is an instruction for handling the error message. The network device sends the encapsulated error message to the remote server based on the first segment of the segment routing header.

公开(公告)号：US20220303046A1

公开(公告)日：2022-09-22

申请号：US17208293

申请日：2021-03-22

Applicant: Cisco Technology Inc.

Inventor： Mankamana Prasad Mishra ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  IJsbrand Wijnands

IPC: H04L1/00 ,  H04L12/741

Abstract: The present disclosure is directed to BIER forwarding over varying BSL domains, the methods including the steps of receiving, at a border node, a packet comprising a BIER header having a BIER bit string with a first bit string length; reading an incoming label of the packet comprising instructions to split the BIER header into a plurality of smaller headers associated with a plurality of smaller bit strings; generating a set of split bit masks; performing a separate bitwise AND operation on each split bit mask and the BIER bit string to generate the plurality of smaller bit strings, each copied to a corresponding smaller header of the plurality of smaller headers; and performing a lookup for each of the plurality of smaller headers on a respective forwarding table to determine one or more egress routers to which to transmit the packet.

公开(公告)号：US11438371B2

公开(公告)日：2022-09-06

申请号：US16185168

申请日：2018-11-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Robert Edgar Barton ,  Jerome Henry ,  Muthurajah Sivabalan

IPC: H04L9/00 ,  H04L9/40 ,  H04L47/125

Abstract: First data indicative of information that a packet is part of a DDoS attack is received at a management network device. A DDoS remediation network device to be used for remediation of packets associated with the DDoS attack is determined from the first data. Second data, indicative of the DDoS attack and indicative of the DDoS remediation network device, is transmitted from the management network device to an edge network device. The second data is configured to cause the edge network device to route packets associated with the DDoS attack to the DDoS remediation network device.

公开(公告)号：US20220191130A1

公开(公告)日：2022-06-16

申请号：US17123294

申请日：2020-12-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Pascal Thubert ,  Carlos M. Pignataro

IPC: H04L12/733 ,  H04L12/707 ,  H04L12/741

Abstract: A node of a network configured to forward packets based on network programming instructions encoded in the packets, performs a method. The method includes generating a probe packet encoded with a replication network programming instruction. The replication network programming instruction is configured to validate equal-cost multi-path (ECMP) routing in the network from the node to a destination by remotely triggering transit nodes of the network, that are traversed by the probe packet, to each perform replicate-and-forward actions. The replicate-and-forward actions include: identifying ECMP paths toward the destination; generating, for the ECMP paths, replicated probe packets that each include the replication network programming instruction; and forwarding the replicated probe packets along the ECMP paths. The method further includes forwarding the probe packet toward the destination.

公开(公告)号：US20220150105A1

公开(公告)日：2022-05-12

申请号：US17094540

申请日：2020-11-10

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04L12/851 ,  H04L12/703

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

公开(公告)号：US20220078015A1

公开(公告)日：2022-03-10

申请号：US17016046

申请日：2020-09-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L9/32 ,  H04L9/06 ,  G06F9/50

Abstract: Techniques and mechanisms for providing continuous integrity validation-based control plane communication in a container-orchestration system, e.g., the Kubemetes platform. A worker node generates a nonce and forwards the nonce to a master node while requesting an attestation token. Using the nonce, the master node generates the attestation token and replies back to the worker node with the attestation token. The worker node validates the attestation token with a CA server to ensure that the master node is not compromised. The worker node sends its authentication credentials to the master node. The master node generates a nonce and forwards the nonce to the worker node while requesting an attestation token. Using the nonce, the worker node generates the attestation token and replies back to the master node with the attestation token. The master node validates the attestation token with the CA server to ensure that the worker node is not compromised.

公开(公告)号：US11252063B2

公开(公告)日：2022-02-15

申请号：US16745035

申请日：2020-01-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: G06F15/173 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media are disclosed for use of an overlay network termination endpoint as a proxy to collect telemetry data for micro-services or specific applications provided by containers in overlay data centers. In one aspect of the present disclosure, a method includes receiving, at a controller, a probe for flow statistics associated with a service path, the probe including corresponding flow identification information, extracting the corresponding flow identification information from the probe, obtaining the flow statistics from an agent based on the flow identification information, the agent being configured to manage a plurality of containers, generating a response packet including the flow statistics obtained from the agent and sending the response packet to an initiator from which the query is received.