公开(公告)号：US11323416B2

公开(公告)日：2022-05-03

申请号：US16674419

申请日：2019-11-05

Applicant: Cisco Technology, Inc.

Inventor： Peter Psenak ,  Paul Wells ,  Ketan Jivan Talaulikar ,  Clarence Filsfils

IPC: H04L29/06 ,  H04L45/02 ,  H04L47/20 ,  G06F21/72 ,  H04L45/74 ,  H04L45/12

Abstract: In one embodiment, a method includes receiving an OSPF hello message including an attestation token from a second network apparatus, determining that the attestation token is valid for the second network apparatus at a current time, establishing an adjacency to the second network apparatus in response to the determination, computing, based at least on the attestation token, a trust level for a first link from the first network apparatus to the second network apparatus and a trust level for first prefixes associated with the first link, and sending an LSA comprising the trust level for the first link and the trust level for the first prefixes to neighboring network apparatuses, where the trust level for the first link and the trust level for the prefixes are used by the network apparatuses in the network to compute a routing table of the network.

公开(公告)号：US11277264B2

公开(公告)日：2022-03-15

申请号：US16600856

申请日：2019-10-14

Applicant: Cisco Technology, Inc.

Inventor： Peter Psenak ,  Paul Wells ,  Ketan Jivan Talaulikar ,  Clarence Filsfils

IPC: H04L9/32 ,  H04L12/751 ,  H04L45/02

Abstract: In one embodiment, a method includes receiving an ISIS hello message including an attestation token from a second network apparatus, determining that the attestation token is valid for the second network apparatus at a current time, establishing an adjacency to the second network apparatus in response to the determination, computing, based at least on the attestation token, a trust level for a first link from the first network apparatus to the second network apparatus and a trust level for first prefixes associated with the first link, and sending an LSP comprising the trust level for the first link and the trust level for the first prefixes to neighboring network apparatuses, where the trust level for the first link and the trust level for the prefixes are used by the network apparatuses in the network to compute a routing table of the network.

公开(公告)号：US20210377221A1

公开(公告)日：2021-12-02

申请号：US16883285

申请日：2020-05-26

Applicant: Cisco Technology, Inc.

Inventor： Amit Arvind Kadane ,  Baalajee Surendran ,  Bheema Reddy Ramidi ,  Dhananjaya Rao ,  Ketan Jivan Talaulikar ,  Rakesh Reddy Kandula

IPC: H04L29/06 ,  H04L12/46 ,  H04L29/12

Abstract: In one embodiment, a method includes activating a first network apparatus within a network and determining, by the first network apparatus, that a Scalable Group Tag (SGT) Exchange Protocol (SXP) is configured on the first network apparatus. The method also includes costing out the first network apparatus in response to determining that the SXP is configured on the first network apparatus. Costing out the first network apparatus prevents Internet Protocol (IP) traffic from flowing through the first network apparatus. The method further includes receiving, by the first network apparatus, IP-to-SGT bindings from an SXP speaker, receiving an end-of-exchange message from the SXP speaker, and costing in the first network apparatus in response to receiving the end-of-exchange message. Costing in the first network apparatus allows the IP traffic to flow through the first network apparatus.

公开(公告)号：US20210328794A1

公开(公告)日：2021-10-21

申请号：US16867795

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Ketan Jivan Talaulikar ,  Sameer Ranjit Gulrajani ,  Swadesh Agrawal

IPC: H04L9/32

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

公开(公告)号：US20230163968A1

公开(公告)日：2023-05-25

申请号：US18151876

申请日：2023-01-09

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Ketan Jivan Talaulikar ,  Sameer Ranjit Gulrajani ,  Swadesh Agrawal

IPC: H04L9/32

CPC classification number: H04L9/3213 ,  H04L45/16

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

公开(公告)号：US11575513B2

公开(公告)日：2023-02-07

申请号：US16867795

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Ketan Jivan Talaulikar ,  Sameer Ranjit Gulrajani ,  Swadesh Agrawal

IPC: H04L9/32 ,  H04L45/16

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

公开(公告)号：US20210377152A1

公开(公告)日：2021-12-02

申请号：US17399937

申请日：2021-08-11

Applicant: Cisco Technology, Inc.

Inventor： Peter Psenak ,  Paul William Wells ,  Ketan Jivan Talaulikar ,  Clarence Filsfils

IPC: H04L12/721 ,  H04L29/06

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a first type-length-value (TLV) associated with a winning flexible algorithm definition (FAD) from a first element of a network. The operations also include determining a security level for the winning FAD based on the TLV. The operations further include determining a data transmission route through a plurality of elements of the network based on the security level for the winning FAD.

公开(公告)号：US20200322312A1

公开(公告)日：2020-10-08

申请号：US16674419

申请日：2019-11-05

Applicant: Cisco Technology, Inc.

Inventor： Peter Psenak ,  Paul Wells ,  Ketan Jivan Talaulikar ,  Clarence Filsfils

IPC: H04L29/06 ,  H04L12/721 ,  H04L12/741 ,  H04L12/751 ,  H04L12/813 ,  G06F21/72

Abstract: In one embodiment, a method includes receiving an OSPF hello message including an attestation token from a second network apparatus, determining that the attestation token is valid for the second network apparatus at a current time, establishing an adjacency to the second network apparatus in response to the determination, computing, based at least on the attestation token, a trust level for a first link from the first network apparatus to the second network apparatus and a trust level for first prefixes associated with the first link, and sending an LSA comprising the trust level for the first link and the trust level for the first prefixes to neighboring network apparatuses, where the trust level for the first link and the trust level for the prefixes are used by the network apparatuses in the network to compute a routing table of the network.

公开(公告)号：US10742537B2

公开(公告)日：2020-08-11

申请号：US16384219

申请日：2019-04-15

Applicant: Cisco Technology, Inc.

Inventor： Peter Psenak ,  Robert Hanzl ,  Clarence Filsfils ,  Ketan Jivan Talaulikar

IPC: H04L12/26 ,  H04L12/721 ,  H04L12/751

Abstract: Various systems and methods for using strict path forwarding. For example, one method involves receiving an advertisement at a node. The advertisement includes a segment identifier (SID). In response to receiving the advertisement, the node determines whether the SID is a strict SID or not. If the SID is a strict SID, the node generates information, such as forwarding information that indicates how to forward packets along a strict shortest path corresponding to the strict SID.

公开(公告)号：US09237075B2

公开(公告)日：2016-01-12

申请号：US13758501

申请日：2013-02-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Clarence Filsfils ,  Ketan Jivan Talaulikar ,  Balaji Muthuvarathan

IPC: H04L1/00 ,  H04L12/26 ,  H04L12/721 ,  H04L12/24

CPC classification number: H04L43/00 ,  H04L41/00 ,  H04L41/0681 ,  H04L43/04 ,  H04L43/08 ,  H04L43/0805 ,  H04L45/70

Abstract: In one embodiment, a method includes assigning an identifier to a route computation at a network device, grouping route updates for the route computation, marking at least one route update for each group of route updates with the identifier, tracking flow of marked route updates at a plurality of routing components within the network device, and storing tracking data at the network device for use in convergence monitoring. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括将标识符分配给网络设备上的路由计算，分组用于路由计算的路由更新，标识每一组路由更新的至少一个路由更新，跟踪标识的路由更新的流程， 网络设备内的多个路由组件，以及在网络设备处存储跟踪数据，以用于会聚监控。 本文还公开了一种装置和逻辑。