公开(公告)号：US09356856B2

公开(公告)日：2016-05-31

申请号：US14013990

申请日：2013-08-29

Applicant: Cisco Technology, Inc.

Inventor： Yi Yang ,  Alvaro E. Retana ,  James Ng ,  Abhay Roy ,  Alfred C. Lindem, III ,  Sina Mirtorabi ,  Timothy M. Gage ,  Syed Khalid Raza

IPC: H04L12/28 ,  H04L12/751 ,  H04L12/741 ,  H04L29/06

CPC classification number: H04L45/021 ,  H04L45/02 ,  H04L45/025 ,  H04L45/54 ,  H04L45/60 ,  H04L47/10 ,  H04L63/0407

Abstract: In one embodiment, a first router determines whether a network coupling the first router to one or more second routers is transit-only, wherein transit-only indicates connecting only routers to provide for transmission of data from router to router. When the network is transit-only, the first router generates an Open Shortest Path First (OSPF) Link State Advertisement (LSA) that includes an address for the network and a designated network mask. The designated network mast operates as a transit-only identification that indicates the address should not be installed in a Routing Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers. When the network is not transit-only, the first router generates an OSPF LSA that includes the address for the network but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the OSPF LSA at the one or more second routers.

Abstract translation: 在一个实施例中，第一路由器确定将第一路由器耦合到一个或多个第二路由器的网络是否是仅运输，其中，传输仅指示仅连接路由器以提供从路由器到路由器的数据传输。 当网络仅传输时，第一路由器生成包括网络地址和指定网络掩码的开放最短路径优先（OSPF）链路状态通告（LSA）。 指定的网络桅杆作为仅传输标识操作，其指示在一个或多个第二路由器上接收到OSPF LSA时，该地址不应安装在路由信息库（RIB）中。 当网络不通过时，第一个路由器生成包含网络地址但不包括指定网络掩码的OSPF LSA，以便在接收到OSPF LSA时在一个RIB中安装该地址 或更多的第二路由器。

公开(公告)号：US09942145B2

公开(公告)日：2018-04-10

申请号：US14812239

申请日：2015-07-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yi Yang ,  Alvaro E. Retana ,  Steven Edward Moore ,  James L. Ng ,  Timothy M. Gage

IPC: H04L12/741 ,  H04L12/751 ,  H04L12/715

CPC classification number: H04L45/745 ,  H04L45/02 ,  H04L45/04

Abstract: Present disclosure relates to methods for preparing BGP update messages for transmission and processing received update messages. The methods are based on grouping path attributes common to a plurality of IP address prefixes into respective sets identified with respective set identifiers and, instead of duplicating path attributes in each BGP update message, including a respective identifier referring to a certain set of path attributes provided in an earlier BGP update message when sending subsequent update messages. Grouping of path attributes into individual sets associated with respective identifiers provides significant advantages by enabling re-use of the results of previous processing on both the sending and receiving sides associated with transmission of BGP update messages. In addition, such an approach limits the amount of information transmitted in the control plane because duplicate sets of path attributes may only be transmitted once and merely be referred to in subsequent update messages.

公开(公告)号：US09641430B2

公开(公告)日：2017-05-02

申请号：US14160736

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L12/24 ,  H04L12/26 ,  H04L12/715 ,  H04L9/32

CPC classification number: H04L45/44 ,  H04L9/3265 ,  H04L41/12 ,  H04L43/10 ,  H04L45/04

Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.

公开(公告)号：US09413636B2

公开(公告)日：2016-08-09

申请号：US14243510

申请日：2014-04-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alvaro E. Retana ,  Michael Barnes ,  Russell I. White ,  Alan Patrick Sheridan ,  Stanley M. Ratliff

IPC: H04L12/24 ,  H04L12/721 ,  H04L12/729 ,  H04W40/08 ,  H04W40/24

CPC classification number: H04L45/123 ,  H04L41/12 ,  H04L45/125 ,  H04W40/08 ,  H04W40/246 ,  Y02D70/122 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/22 ,  Y02D70/324

Abstract: One embodiment identifies all one-hop neighbor nodes and two-hop neighbor nodes of a node; determines an active set of one-hop neighbor nodes for the node, comprising: includes in the active set each one-hop neighbor node that is either an edge node or connected with at least one two-hop neighbor node with which no other one-hop neighbor nodes are connected; and if the active set is not yet complete, then: determine all combinations of one-hop neighbor nodes that are not already in the active set; and tests each combination in order of each combination's total-energy value to determine whether a specific combination is able to complete the active set; if no combination is able to complete the active set, then including all one-hop neighbor nodes in the active set; and communicates a message to each one-hop neighbor node in the active set indicating that it is in the active set.

Abstract translation: 一个实施例识别节点的所有一跳邻居节点和两跳邻居节点; 确定所述节点的一跳邻居节点的活动集合，包括：在所述活动集合中包括作为边缘节点或与至少一个两跳相邻节点连接的每个一跳邻居节点， 跳邻居节点连接; 并且如果活动集尚未完成，则：确定尚未在活动集中的一跳邻居节点的所有组合; 并按照每个组合的总能量值的顺序测试每个组合，以确定特定组合是否能够完成活动集合; 如果没有组合能够完成活动集，则包括活动集中的所有一跳邻居节点; 并将消息传送到活动集中的每个一跳邻居节点，指示其在活动集中。

公开(公告)号：US20170026288A1

公开(公告)日：2017-01-26

申请号：US14812239

申请日：2015-07-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yi Yang ,  Alvaro E. Retana ,  Steven Edward Moore ,  James L. Ng ,  Timothy M. Gage

IPC: H04L12/741 ,  H04L29/12

CPC classification number: H04L45/745 ,  H04L45/02 ,  H04L45/04

Abstract: Present disclosure relates to methods for preparing BGP update messages for transmission and processing received update messages. The methods are based on grouping path attributes common to a plurality of IP address prefixes into respective sets identified with respective set identifiers and, instead of duplicating path attributes in each BGP update message, including a respective identifier referring to a certain set of path attributes provided in an earlier BGP update message when sending subsequent update messages. Grouping of path attributes into individual sets associated with respective identifiers provides significant advantages by enabling re-use of the results of previous processing on both the sending and receiving sides associated with transmission of BGP update messages. In addition, such an approach limits the amount of information transmitted in the control plane because duplicate sets of path attributes may only be transmitted once and merely be referred to in subsequent update messages.

Abstract translation: 本公开涉及用于准备用于传输和处理接收到的更新消息的BGP更新消息的方法。 这些方法基于将多个IP地址前缀公用的路径属性分组到用各个集合标识符标识的相应集合中，而不是在每个BGP更新消息中复制路径属性，包括参考提供的一组路径属性的相应标识符 在更新的BGP更新消息中发送后续更新消息。 将路径属性分组到与相应标识符相关联的各个集合中通过能够重新使用与BGP更新消息的发送相关联的发送和接收侧的先前处理的结果来提供显着的优点。 此外，这种方法限制了在控制平面中发送的信息量，因为路由属性的重复集合只能被发送一次，并且仅在随后的更新消息中被引用。

公开(公告)号：US20150207818A1

公开(公告)日：2015-07-23

申请号：US14160968

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel

IPC: H04L29/06

CPC classification number: H04L63/108 ,  H04L63/029

Abstract: In one embodiment, a validation server in a computer network determines that an edge router of the computer network has blocked access to a desired server address based on the edge router not having authentication information for the desired server address. In response, the server creates a white-listing policy to temporarily allow access to the desired server address at the edge router, and sends the white-listing policy to the edge router. The validation server may then proceed with performing server fetching operations to the desired server address from the validation server while the white-listing policy is in effect, and instructs the edge device to remove the white-listing policy once the server fetching operations are completed.

Abstract translation: 在一个实施例中，计算机网络中的验证服务器基于没有所需服务器地址的认证信息的边缘路由器确定计算机网络的边缘路由器已经阻止对所需服务器地址的访问。 作为响应，服务器创建一个白名单策略，以临时允许访问边缘路由器上所需的服务器地址，并将白名单策略发送到边缘路由器。 然后，当白名单策略生效时，验证服务器可以继续从验证服务器执行服务器提取操作到所需的服务器地址，并且一旦完成了服务器提取操作，就指示边缘设备删除白名单策略。

公开(公告)号：US20150207728A1

公开(公告)日：2015-07-23

申请号：US14160736

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L12/24

CPC classification number: H04L45/44 ,  H04L9/3265 ,  H04L41/12 ,  H04L43/10 ,  H04L45/04

Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.

Abstract translation: 在一个实施例中，多个分组从原始设备沿着通信路径发送到目的设备。 每个分组包括一个寿命指示符，其对于每个随后发送的分组而递增地增加。 在原始设备上分别从多个中间设备接收多个响应消息。 确定分别包括在多个响应消息中的多个安全路径对象。 另外，基于原始设备可访问的验证信息来验证多个安全路径对象。 检查多个安全路径对象的验证结果以确定从原始设备发送并且由目的地设备接收的分组是否沿着由控制平面信息指定的特定通信路径传播。