公开(公告)号：US20240056498A1

公开(公告)日：2024-02-15

申请号：US18062504

申请日：2022-12-06

Applicant: Cisco Technology, Inc.

Inventor： Biju Mathews Mammen ,  Kiran Desai ,  Balaji Sundararajan ,  Basavaraju Halappa ,  Zaheer Aziz

IPC: H04L67/1095 ,  H04L9/40 ,  H04L45/74 ,  H04L45/7453

CPC classification number: H04L67/1095 ,  H04L63/0823 ,  H04L45/742 ,  H04L45/7453

Abstract: A method of creating a connection between a controller and plurality of edge devices may include reading, by a data plane development kit (DPDK) of the controller, a plurality of packets having a common destination port from the plurality of edge devices, and demuxing, by the DPDK, a number of frames of the plurality of packets based on a hash of the plurality of packets, the hash altering the common destination port of the plurality of packets with a corresponding number of sham destination ports. The method may also include, with a TUNTAP interface, injecting the plurality of packets into a network kernel, and with the network kernel, delivering the plurality of packets to a respective one of a plurality of daemon instances.

公开(公告)号：US20230327994A1

公开(公告)日：2023-10-12

申请号：US17718775

申请日：2022-04-12

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

CPC classification number: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US11784875B1

公开(公告)日：2023-10-10

申请号：US17816012

申请日：2022-07-29

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Giorgio Valentini ,  Madhuri Kolli ,  Venkat Venkatapathy ,  Gokul Krishnan ,  Pradeep Kanavihalli Subramanyasetty

IPC: H04L41/0895 ,  H04L41/22 ,  G06F21/10 ,  H04L41/0806 ,  H04L41/0894 ,  H04L41/085

CPC classification number: H04L41/0806 ,  G06F21/105 ,  H04L41/085 ,  H04L41/0894 ,  H04L41/0895 ,  H04L41/22

Abstract: According to some embodiments, a method includes receiving, from a graphical user interface, an indication that a user has purchased licenses associated with a CNF. The method further includes sending, to a second computing system of a CNF, first instructions regarding the licenses purchased by the user. The method further includes receiving an indication that the user wishes to deploy a particular router in the CNF with a particular data connection and retrieving, from the second computing system of the CNF, a list of licenses previously purchased by the user. The method further includes automatically determining, from the list of licenses, appropriate licenses for the particular router that the user wishes to deploy in the CNF. The method further includes sending second instructions that are operable to deploy the particular router in the CNF with the particular data connection and apply the determined licenses to the deployed particular router.

公开(公告)号：US20230208863A1

公开(公告)日：2023-06-29

申请号：US18171322

申请日：2023-02-17

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L9/40 ,  G06F9/455 ,  H04L47/20 ,  H04L43/08 ,  H04L49/25

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  H04L63/20 ,  H04L47/20 ,  H04L43/08 ,  H04L49/25 ,  G06F2009/45595 ,  G06F2009/45587

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

公开(公告)号：US20220417332A1

公开(公告)日：2022-12-29

申请号：US17857212

申请日：2022-07-05

Applicant: Cisco Technology, Inc.

Inventor： Avinash Ashok Kumar Chiganmi ,  Venkatraman Venkatapathy ,  Giorgio Valentini ,  Madhuri Kolli ,  Shu-Fen Lee ,  Balaji Sundararajan

IPC: H04L67/141 ,  H04L45/02 ,  H04L12/46

Abstract: The present technology is directed to controlling and managing resources both in Software-Defined Cloud Interconnect (SDCI) providers and cloud service providers via a single network controller and further connecting virtual networks in a branch site to virtual networks in the cloud service providers. A network controller can establish a network gateway in an SDCI provider, establish a cross-connectivity between the network gateway in the SDCI provider and one or more clouds, group one or more virtual networks in the one or more clouds and one or more virtual networks in a branch site into a tag, and establish a connection between the one or more virtual networks in the one or more clouds and the one or more virtual networks in the branch site using the tag.

公开(公告)号：US11533257B2

公开(公告)日：2022-12-20

申请号：US17164553

申请日：2021-02-01

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Khalil A. Jabr ,  Anand Oswal ,  Vivek Agarwal ,  Chandramouli Balasubramanian

IPC: H04L45/64 ,  H04L12/46 ,  H04L45/02 ,  H04L45/50 ,  H04L47/2441 ,  H04L9/40

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

公开(公告)号：US20220377053A1

公开(公告)日：2022-11-24

申请号：US17817479

申请日：2022-08-04

Applicant: Cisco Technology Inc.

Inventor： Balaji Sundararajan ,  Venkatesh Gota B R ,  Sireesha Yeruva ,  Chandramouli Balasubramanian ,  Anand Oswal

IPC: H04L9/40 ,  H04L1/18 ,  H04L45/00 ,  H04L69/22

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

公开(公告)号：US20220329459A1

公开(公告)日：2022-10-13

申请号：US17390239

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Madhuri Kolli ,  Giorgio Valentini ,  Venkatraman Venkatapathy ,  Avinash Ashok Kumar Chiganmi ,  Vivek Agarwal

IPC: H04L12/46 ,  H04L12/66 ,  H04L12/715 ,  H04L12/741

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

公开(公告)号：US11122008B2

公开(公告)日：2021-09-14

申请号：US16870130

申请日：2020-05-08

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Samar Sharma

IPC: H04W56/00 ,  H04L29/12 ,  H04L12/707 ,  H04L12/725 ,  H04L12/721 ,  H04L12/741 ,  H04L29/06 ,  H04L12/24 ,  H04L12/715

Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.

公开(公告)号：US12255797B2

公开(公告)日：2025-03-18

申请号：US17867389

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Jegan Kumar Somi Ramasamy Subramanian ,  Gokul Krishnan ,  Giorgio Valentini ,  Venkatraman Venkatapathy

IPC: G06F15/16 ,  H04L41/0654 ,  H04L43/08 ,  H04L43/12

Abstract: Techniques for sharing the probing of software-as-a-service clouds among a cluster of routers are described herein. The techniques may include establishing a first path between a cluster of routers and an application infrastructure. Establishing a second path between the cluster of routers and the application infrastructure. Designating a first router in the cluster of routers to send probes over the first path to the application infrastructure. Designating a second router in the cluster of routers to send probes over the second path to the application infrastructure. Distributing, by the first router and to the cluster of routers, first routing performance data indicating a performance of the first path when communicating with the application infrastructure over the first path, distributing, by the second router and to the cluster of routers, second routing performance data indicating a performance of the second path when communicating with the application infrastructure over the second path.