公开(公告)号：US11374806B2

公开(公告)日：2022-06-28

申请号：US17039328

申请日：2020-09-30

Applicant: Cisco Technology, Inc.

Inventor： Navneet Yadav ,  Kannan Ponnuswamy ,  Arvind Chari ,  Chengguo Zhu ,  Tarique Shakil

IPC: G06F15/173 ,  H04L41/046 ,  H04L41/12 ,  H04L41/0873

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

公开(公告)号：US10812315B2

公开(公告)日：2020-10-20

申请号：US16002981

申请日：2018-06-07

Applicant: Cisco Technology, Inc.

Inventor： Navneet Yadav ,  Kannan Ponnuswamy ,  Arvind Chari ,  Chengguo Zhu ,  Tarique Shakil

IPC: G06F15/173 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

公开(公告)号：US10587621B2

公开(公告)日：2020-03-10

申请号：US15794908

申请日：2017-10-26

Applicant: Cisco Technology, Inc.

Inventor： Kannan Ponnuswamy ,  Navneet Yadav ,  Arvind Chari

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for migrating to and maintaining a white-list network security model. Network traffic identified from permit-all access logs can be analyzed to determine whether it should be white-listed, and if so, a specific permit-access, without logging, policy is generated for the identified network traffic. The addition of specific permit-access policies is repeated on permit-all access logs, at which point, permit-all access policy is converted into deny-all access. In some examples, a system or method can obtain hit counts, from both hardware (eg: TCAM) and software tables, for the specific permit-access policy to determine existence of identified network traffic over a period of time. After analyzing hit counts, the specific permit-access policy can either continue to exist or be removed to maintain a white-list network security model.

公开(公告)号：US20200021482A1

公开(公告)日：2020-01-16

申请号：US16032428

申请日：2018-07-11

Applicant: Cisco Technology, Inc.

Inventor： Chien-Ju Lo ,  Bill YuFan Chen ,  Kannan Ponnuswamy ,  Kollivakkam Raghavan ,  Navneet Yadav

IPC: H04L12/24 ,  H04L12/26

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

公开(公告)号：US20170353355A1

公开(公告)日：2017-12-07

申请号：US15686445

申请日：2017-08-25

Applicant: Cisco Technology, Inc.

Inventor： Sachin Waman Danait ,  Kannan Ponnuswamy ,  Paul John Lesiak

IPC: H04L12/24

Abstract: An example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in a network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries. In specific embodiments, the affinity includes a weighted average of network affinity, compute affinity and user specified affinity.

公开(公告)号：US12149399B2

公开(公告)日：2024-11-19

申请号：US18484718

申请日：2023-10-11

Applicant: Cisco Technology, Inc.

Inventor： Chien-Ju Lo ,  Bill Yufan Chen ,  Kannan Ponnuswamy ,  Kollivakkam Raghavan ,  Navneet Yadav

IPC: H04L41/0631 ,  H04L41/0604 ,  H04L41/0659 ,  H04L41/22 ,  H04L41/5074 ,  H04L43/067 ,  H04L43/08

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

公开(公告)号：US20240039781A1

公开(公告)日：2024-02-01

申请号：US18484718

申请日：2023-10-11

Applicant: Cisco Technology, Inc.

Inventor： Chien-Ju Lo ,  Bill YuFan Chen ,  Kannan Ponnuswamy ,  Kollivakkam Raghavan ,  Navneet Yadav

IPC: H04L41/0631 ,  H04L41/0604 ,  H04L41/22 ,  H04L43/08 ,  H04L41/5074 ,  H04L43/067 ,  H04L41/0659

CPC classification number: H04L41/0631 ,  H04L41/0609 ,  H04L41/22 ,  H04L43/08 ,  H04L41/5074 ,  H04L43/067 ,  H04L41/0661

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

公开(公告)号：US11824719B2

公开(公告)日：2023-11-21

申请号：US17936241

申请日：2022-09-28

Applicant: Cisco Technology, Inc.

Inventor： Sachin Waman Danait ,  Kannan Ponnuswamy ,  Paul John Lesiak

IPC: H04L41/0853 ,  H04L41/142 ,  H04L41/0893

CPC classification number: H04L41/0853 ,  H04L41/0893 ,  H04L41/142

Abstract: An example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in a network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries. In specific embodiments, the affinity includes a weighted average of network affinity, compute affinity and user specified affinity.

公开(公告)号：US11102053B2

公开(公告)日：2021-08-24

申请号：US15831708

申请日：2017-12-05

Applicant: Cisco Technology, Inc.

Inventor： Kannan Ponnuswamy ,  Alok Lalit Wadhwa ,  Furong Ma Gisiger ,  Robert Bukofser

IPC: G06F15/16 ,  H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for providing network assurance across a network. In some embodiments, network traffic data of a cluster of nodes in a network environment can be gathered based on first network traffic flowing through the nodes using a first group of sensors implemented in the network environment. Network events occurring in the network environment can be identified, e.g. using sensors deployed in an infrastructure of the network environment. Subsequently, the network events can be correlated with the network traffic data to generate correlated network data for the network environment. The correlated network data for the network environment can be used to provide assurance between at least one server in the cluster of nodes and the network infrastructure of the network environment as part of providing assurance across the network environment.

公开(公告)号：US10805160B2

公开(公告)日：2020-10-13

申请号：US15662439

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Sanchay Harneja ,  Manali Holankar ,  Kannan Ponnuswamy

IPC: H04L12/24 ,  H04L29/12 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media are disclosed for validating endpoint information for nodes in a network. A network assurance appliance is configured to identify an endpoint in a bridge domain is associated with at least one subnet, retrieve at least one IP address associated with the endpoint, determine whether the at least one IP address is within the at least one subnet, and determine there is an inconsistency when the at least one IP address is not within the at least one subnet.