公开(公告)号：US11916701B2

公开(公告)日：2024-02-27

申请号：US17502141

申请日：2021-10-15

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Vinay Saini ,  Ram Mohan Ravindranath ,  Nagendra Kumar Nainar

IPC: H04L12/46 ,  H04L12/66

CPC classification number: H04L12/4641 ,  H04L12/66

Abstract: In one embodiment, a method herein comprises: establishing, by a process, a virtual private network connection (VPN connection) with a particular VPN gateway; requesting, by the process, observability monitoring through the particular VPN gateway, wherein requesting results in a controller being informed about the particular VPN gateway and a domain of the particular VPN gateway; receiving, by the process, test specifics from the controller based on the particular VPN gateway and the domain of the particular VPN gateway; and executing, by the process, one or more tests to the particular VPN gateway based on the test specifics.

公开(公告)号：US11770334B2

公开(公告)日：2023-09-26

申请号：US17856593

申请日：2022-07-01

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Robert Edgar Barton ,  Carlos M. Pignataro ,  Jerome Henry ,  Olivier Pelerin ,  Shankar Vemulapalli

IPC: H04L45/00 ,  H04L9/40 ,  H04L12/46 ,  H04L47/2425 ,  H04L61/4511

CPC classification number: H04L45/70 ,  H04L12/4633 ,  H04L47/2425 ,  H04L61/4511 ,  H04L63/029

Abstract: Techniques for utilizing a cloud service to compute an end-to-end SLA-aware path using dynamic software-defined cloud interconnect (SDCI) tunnels between a user device and an access point-of-presence (POP) node and inter-POP tunnels of the SDCI. The cloud service may include a performance aware path instantiation (PAPI) component including a POP database for storing performance metrics associated with the POPs of the SDCI, an enterprise policy database for storing user specific policies, and/or a path computation component. The path computation component may compute the path, based on the user specific policies, performance metrics associated with the POP nodes, and/or real-time contextual data associated with the user device and/or destination device. The path may include a first tunnel between the user device and the most optimal access POP node of the SDCI and a second tunnel between the access POP node, through the internal POP nodes, and to the destination device.

公开(公告)号：US11770251B2

公开(公告)日：2023-09-26

申请号：US17016046

申请日：2020-09-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/50 ,  H04L9/06

CPC classification number: H04L9/3213 ,  G06F9/5072 ,  H04L9/0656 ,  H04L9/3268

Abstract: Techniques and mechanisms for providing continuous integrity validation-based control plane communication in a container-orchestration system, e.g., the Kubernetes platform. A worker node generates a nonce and forwards the nonce to a master node while requesting an attestation token. Using the nonce, the master node generates the attestation token and replies back to the worker node with the attestation token. The worker node validates the attestation token with a CA server to ensure that the master node is not compromised. The worker node sends its authentication credentials to the master node. The master node generates a nonce and forwards the nonce to the worker node while requesting an attestation token. Using the nonce, the worker node generates the attestation token and replies back to the master node with the attestation token. The master node validates the attestation token with the CA server to ensure that the worker node is not compromised.

公开(公告)号：US11729220B2

公开(公告)日：2023-08-15

申请号：US17301928

申请日：2021-04-19

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Bart A. Brinckman ,  Jerome Henry ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Matthew MacPherson

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/08

Abstract: A method includes receiving, at an access node of a local network, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method further includes receiving an indication that the device previously violated a network policy of a network different from the local network and after the device is authenticated with the identity provider, determining, by the access node and based on the indication, whether to allow the device to communicate over the access node.

公开(公告)号：US20230254379A1

公开(公告)日：2023-08-10

申请号：US17667890

申请日：2022-02-09

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David John Zacks ,  John Matthew Swartz ,  Akram Ismail Sheriff

IPC: H04L67/141

CPC classification number: H04L67/141

Abstract: Presented herein are techniques to facilitate infrastructure and policy orchestration in a shared workspace network environment. In one example, a method may include obtaining, by a service broker, a reservation request from a consumer network for a consumer, wherein the reservation request seeks a reservation to reserve, at least in part, at least one workspace device for the consumer for a workspace for a particular day and a particular time period; based on determining that the at least one workspace device is available, providing a response to the consumer network that includes a first indicator for identifying the reservation of the workspace and at least one second indicator identifying the at least one workspace device; and upon receiving a session request from the consumer network that includes the second indicator, establishing a management tunnel to interconnect the consumer network and the at least one workspace device via the service broker.

公开(公告)号：US11671360B2

公开(公告)日：2023-06-06

申请号：US17089481

申请日：2020-11-04

Applicant: Cisco Technology, Inc.

Inventor： Jaganbabu Rajamanickam ,  Nagendra Kumar Nainar ,  Darren Russell Dukes ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan

IPC: H04L45/00 ,  H04L43/087 ,  H04L43/12 ,  H04L45/02 ,  H04L45/74

CPC classification number: H04L45/70 ,  H04L43/087 ,  H04L43/12 ,  H04L45/02 ,  H04L45/74

Abstract: Techniques for utilizing edge nodes disposed throughout a multi-site cloud computing network to generate a probe packet including indicators that guarantee the use of forward and return route paths to accurately measure the network performance of a route path between two endpoints in a wide area network (WAN). An edge node disposed in a site of the multi-site cloud computing network may store in virtual memory associated with the edge node, a mapping between route paths, usable to send data from the edge node to remote edge nodes in remote sites, and route indicators. A probe packet may include a data portion for measuring the network performance of a route path, a portion including local and remote discriminators, and/or an inner and an outer header.

公开(公告)号：US11665079B1

公开(公告)日：2023-05-30

申请号：US17744853

申请日：2022-05-16

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Hans F. Ashlock ,  Thomas Szigeti ,  Prapanch Ramamoorthy

IPC: G06F15/173 ,  H04L43/12 ,  H04L43/06

CPC classification number: H04L43/12 ,  H04L43/06

Abstract: A method comprising: at a management entity configured to communicate with a network: upon detecting a performance problem on a network path in the network, generating a trigger probe having a correlation identifier, the trigger probe configured to transit the network path and, on one or more designated network nodes of the network path, trigger (i) capturing a full device state, including a control plane state and a data plane state, and (ii) exporting a report of the full device state with the correlation identifier; sending the trigger probe along the network path; receiving, from each of the one or more designated network nodes, the report that includes the correlation identifier and the full device state; and correlating each report to the performance problem based on the correlation identifier in each report, to diagnose a root cause of the performance problem using the full device state in each report.

公开(公告)号：US20230138389A1

公开(公告)日：2023-05-04

申请号：US18148245

申请日：2022-12-29

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali ,  Syed Kamran Raza

IPC: H04L45/745 ,  H04L43/12

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

公开(公告)号：US11483238B2

公开(公告)日：2022-10-25

申请号：US16601352

申请日：2019-10-14

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Luca Muscariello

IPC: H04L45/42 ,  H04L45/64 ,  H04L45/74 ,  H04L69/22

Abstract: This disclosure describes techniques for implementing centralized path computation for routing in hybrid information-centric networking protocols implemented as a virtual network overlay. A method includes receiving an interest packet header from a forwarding router node of a network overlay. The method further includes determining an interest path of the interest packet and one or more destination router nodes of the network overlay. The method further includes computing one or more paths over the network overlay. The method further includes determining an addressing method for the one or more computed paths over the network overlay. The method further includes performing at least one of encoding each computed path in a data packet header, and encoding each computed path as state entries of each router node of the network overlay on each respective path. The method further includes returning the computed path information to the forwarding router node.

公开(公告)号：US11444871B1

公开(公告)日：2022-09-13

申请号：US17385520

申请日：2021-07-26

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Robert Edgar Barton ,  Carlos M. Pignataro ,  Jerome Henry ,  Olivier Pelerin ,  Shankar Vemulapalli

IPC: H04L45/00 ,  H04L9/40 ,  H04L12/46 ,  H04L47/2425 ,  H04L61/4511

Abstract: Techniques for utilizing a cloud service to compute an end-to-end SLA-aware path using dynamic software-defined cloud interconnect (SDCI) tunnels between a user device and an access point-of-presence (POP) node and inter-POP tunnels of the SDCI. The cloud service may include a performance aware path instantiation (PAPI) component including a POP database for storing performance metrics associated with the POPs of the SDCI, an enterprise policy database for storing user specific policies, and/or a path computation component. The path computation component may compute the path, based on the user specific policies, performance metrics associated with the POP nodes, and/or real-time contextual data associated with the user device and/or destination device. The path may include a first tunnel between the user device and the most optimal access POP node of the SDCI and a second tunnel between the access POP node, through the internal POP nodes, and to the destination device.