公开(公告)号：US10938671B2

公开(公告)日：2021-03-02

申请号：US16162636

申请日：2018-10-17

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard

IPC: H04L12/24 ,  H04L12/911

Abstract: A method comprising obtaining from a first service-providing device, a plurality of service capability indicators for a set of interconnected devices. The plurality of service capability indicators are indicative of a corresponding plurality of service capabilities according to which the first service-providing device is providing services to one or more nodes. The method further comprises mapping the plurality of service capability indicators to a service capability label according to satisfaction of a continuity criterion. The service capability label corresponds to a representation of the plurality of service capabilities associated with a connection to the first service-providing device. The method further comprises providing the service capability label to the one or more nodes in order to provide the representation of the plurality of service capabilities associated with the connection to the first service-providing device.

公开(公告)号：US11960607B2

公开(公告)日：2024-04-16

申请号：US17547084

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.

公开(公告)号：US20230370453A1

公开(公告)日：2023-11-16

申请号：US17743758

申请日：2022-05-13

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L9/40 ,  H04L61/5014 ,  G06F9/455

CPC classification number: H04L63/0876 ,  H04L63/101 ,  H04L63/20 ,  H04L61/5014 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/45587

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

公开(公告)号：US20200328948A1

公开(公告)日：2020-10-15

申请号：US16380009

申请日：2019-04-10

Applicant: Cisco Technology, Inc.

Inventor： Munish Nayyar ,  Shyam Naren Kandala ,  Harjinder Singh ,  Rajan Narayanan ,  Einar Nilsen-Nygaard

IPC: H04L12/24 ,  G06F8/60 ,  G06F16/21

Abstract: A data model can be customized by a user and executed in real-time at a network device. The user provides definitions for the customized data model based on a data model locally stored on the network device. The user provided definitions are used to generate a mapping contract which is processed by a mapping package generator to generate a mapping package. The mapping package can then be processed by a translation engine to dynamically execute a customized data model in real-time.

公开(公告)号：US10397127B2

公开(公告)日：2019-08-27

申请号：US15654927

申请日：2017-07-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Eric A. Voit ,  Einar Nilsen-Nygaard

IPC: H04L12/861 ,  H04L12/863 ,  H04L12/865 ,  G06F13/38 ,  H04L12/927

Abstract: A method is provided in one example and includes allocating a first queue, allocating at least two default queues, where the at least two default queues depend from the first queue, allocating a plurality of local queues that each depend from one of the at least two defaults queues, receiving data in a data stream, determining a quality of service (QoS) associated with the data, and assigning the data to one of the plurality of local queues based on the determined QoS. In an example, the QoS is a differentiated services code point.

公开(公告)号：US12289640B2

公开(公告)日：2025-04-29

申请号：US17882859

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Einar Nilsen-Nygaard ,  Vivek Agarwal ,  Ajeet Pal Singh Gill ,  Ravi Sankar Mantha ,  Saravanan Radhakrishnan

IPC: H04W28/12 ,  H04L41/40 ,  H04W40/24

Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.

公开(公告)号：US12262450B2

公开(公告)日：2025-03-25

申请号：US18476737

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Simone Arena ,  Darrin Joseph Miller ,  Sudhir Kumar Jain ,  Einar Nilsen-Nygaard

IPC: H04W8/24 ,  H04L61/5053 ,  H04L101/622 ,  H04W28/02 ,  H04W28/086

Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

公开(公告)号：US12069051B2

公开(公告)日：2024-08-20

申请号：US17743758

申请日：2022-05-13

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/40 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  G06F9/45558 ,  H04L61/5014 ,  H04L63/101 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

公开(公告)号：US11849344B2

公开(公告)日：2023-12-19

申请号：US17236659

申请日：2021-04-21

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Simone Arena ,  Darrin Joseph Miller ,  Sudhir Kumar Jain ,  Einar Nilsen-Nygaard

IPC: H04W28/02 ,  H04W8/24 ,  H04W28/086

CPC classification number: H04W28/0205 ,  H04W8/245 ,  H04W28/0215 ,  H04W28/086

Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

公开(公告)号：US11121932B2

公开(公告)日：2021-09-14

申请号：US16380009

申请日：2019-04-10

Applicant: Cisco Technology, Inc.

Inventor： Munish Nayyar ,  Shyam Naren Kandala ,  Harjinder Singh ,  Rajan Narayanan ,  Einar Nilsen-Nygaard

IPC: G06F15/177 ,  H04L12/24 ,  G06F16/21 ,  G06F8/60 ,  G06F9/455

Abstract: A data model can be customized by a user and executed in real-time at a network device. The user provides definitions for the customized data model based on a data model locally stored on the network device. The user provided definitions are used to generate a mapping contract which is processed by a mapping package generator to generate a mapping package. The mapping package can then be processed by a translation engine to dynamically execute a customized data model in real-time.