公开(公告)号：US20230284288A1

公开(公告)日：2023-09-07

申请号：US17683833

申请日：2022-03-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Domenico FICARA ,  Alessandro ERTA ,  Amine CHOUKIR ,  Patrick WETTERWALD

IPC: H04W74/08 ,  H04W48/20 ,  H04W72/02

CPC classification number: H04W74/085 ,  H04W48/20 ,  H04W72/02

Abstract: In one embodiment, an access point of an overhead mesh of access points in an area selects a range of client identifiers. The access point sends, via a beam cone transmitted in a substantially downward direction towards a floor of the area, a trigger signal that includes the range of client identifiers and prompts client devices having identifiers in that range to send best effort transmissions towards the overhead mesh. The access point detects a collision between the best effort transmissions of the client devices. The access point adjusts the range of client identifiers so as to avoid future collisions between the best effort transmissions of the client devices.

公开(公告)号：US20230216847A1

公开(公告)日：2023-07-06

申请号：US18120889

申请日：2023-03-13

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Jonas Zaddach ,  Eric Levy-Abegnoli

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/108

Abstract: Techniques for adjusting a duration of an authenticated user device session. A baseline session duration is determined for a session for which a user account is authorized in response to a request for authentication. A first session is established on behalf of a user device associated with the user account based at least in part on the user account performing a first authentication. A posture associated with the user device is determined. The baseline duration is then adjusted to a dynamic duration based at least in part upon the posture associated with the user device. Based at least in part on the dynamic duration the user can be required to re-authenticate.

公开(公告)号：US11683286B2

公开(公告)日：2023-06-20

申请号：US17530244

申请日：2021-11-18

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: G06F15/173 ,  H04L61/2503 ,  H04L61/4511

CPC classification number: H04L61/2503 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20230180049A1

公开(公告)日：2023-06-08

申请号：US18103881

申请日：2023-01-31

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jerome Henry ,  Patrick Wetterwald ,  Jean-Philippe Vasseur

IPC: H04W28/02 ,  H04W28/086 ,  H04W28/08

CPC classification number: H04W28/0236 ,  H04W28/0812 ,  H04W28/0975 ,  H04W28/0268

Abstract: In one embodiment, a method comprises causing, by a network controller device, a first access point (AP) device to initiate a reverse sounding operation comprising wireles sly requesting a mobile constrained network device to transmit a null data packet (NDP) at a first transmission interval, wirelessly receiving the NDP at the first transmission interval, and generating a reception report describing reception of the NDP and including beamforming information; causing, by the network controller device, a second AP device to generate a corresponding reception report describing a corresponding wireless detection of the NDP at the first transmission interval; and causing, by the network controller device, the mobile constrained network device to connect to a selected one of the first AP device or the second AP device for an identified data flow based on the respective reception reports from the first and second AP devices.

公开(公告)号：US11564327B2

公开(公告)日：2023-01-24

申请号：US16514623

申请日：2019-07-17

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Charles Calvin Byers

IPC: H05K7/14 ,  H01R13/193 ,  H05K7/20 ,  H05K7/16 ,  G02B6/42 ,  H01R43/26 ,  G01J1/44 ,  H04Q11/00 ,  H04L49/15 ,  G06F1/26 ,  G06F1/3209 ,  H04L49/101 ,  H04B10/60 ,  H04B10/50

Abstract: Connectors for a networking device may be provided. A networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A first one of the first plurality of switch bars may be connected to a first one of the second plurality of switch bars via a retractable mechanical connector mechanism.

公开(公告)号：US20220417213A1

公开(公告)日：2022-12-29

申请号：US17362485

申请日：2021-06-29

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric M. Levy-Abegnoli ,  Patrick M. P. Wetterwald ,  Jonas Zaddach

IPC: H04L29/06

Abstract: The present disclosure is directed to systems and methods for first hop security in a multi-site and multi-vendor cloud. The method may include receiving, at a first hop security (FHS) device located within a defined security perimeter, a message from a first host; validating a security of the message; signing the message with a signature to prove validation of the message, the signature comprising at least a Crypto-ID Parameters Option (CIPO) and a Neighbor Discovery Protocol Signature Option (NDPSO); and transmitting the signed message to one or more network FHS devices within the security perimeter.

公开(公告)号：US11509572B2

公开(公告)日：2022-11-22

申请号：US17038204

申请日：2020-09-30

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Pascal Thubert ,  Ijsbrand Wijnands ,  Krishnaswamy Ananthamurthy ,  Ramakrishnan Chokkanathapuram Sundaram ,  Stig Ingvar Venaas

IPC: H04L12/28 ,  H04L45/00 ,  H04L45/16 ,  H04L45/741 ,  H04L45/021 ,  H04L45/48

Abstract: In one illustrative example, a network node connected in a network fabric may identify that it is established as part of a multicast distribution tree for forwarding multicast traffic from a source node to one or more host receiver devices of a multicast group. In response, the network node may propagate in the network fabric a message for advertising the network node as a candidate local source node at which to join the multicast group. The message for advertising may include data such as a reachability metric. The propagation of the message may be part of a flooding of such messages in the network fabric. The network node serving as the candidate local source node may thereafter “locally” join a host receiver device in the multicast group at the network node so that the device may receive the multicast traffic from the source node via the network node.

公开(公告)号：US11431526B2

公开(公告)日：2022-08-30

申请号：US17146734

申请日：2021-01-12

Applicant: Cisco Technology, Inc.

Inventor： Rekha Ramachandran ,  Pascal Thubert

IPC: H04L12/46 ,  H04L45/50 ,  H04L69/324 ,  H04L69/325 ,  H04L101/622 ,  H04L61/10 ,  H04L61/5084

Abstract: According to one or more embodiments of the disclosure, a first tunnel router may receive a reservation request to establish a deterministic path between a first node and a second node. The first tunnel router may determine, based on the reservation request, a destination address of the second node. The first tunnel router may identify, based on the destination address of the second node, a second tunnel router associated with the second node. The first tunnel router may encapsulate a deterministic packet sent by the first towards the second node into a tunnel packet, wherein a multicast address in a header of the tunnel packet is set to the destination address of the second node. The first tunnel router can forward the tunnel packet along the deterministic path. The multicast address in the header of the tunnel packet causes nodes to send the tunnel packet according to the deterministic path.

公开(公告)号：US11425009B2

公开(公告)日：2022-08-23

申请号：US16709235

申请日：2019-12-10

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Pascal Thubert ,  Eric Levy-Abegnoli ,  Patrick Wetterwald

IPC: H04L43/062 ,  G06N5/04 ,  G06N20/00 ,  H04L41/0826 ,  H04L41/0853 ,  H04L41/14 ,  H04L43/08 ,  H04L41/0631 ,  H04L41/147 ,  G06N3/04 ,  G06N5/00 ,  G06N7/00

Abstract: In one embodiment, a service receives a feature availability report indicative of which telemetry variables are available at a device in a network and resource costs associated with data features that the device could compute from the telemetry variables. The service selects at least a subset of the data features for input to a machine learning model, based on their associated resource costs and on their respective impacts on one or more performance metrics for the machine learning model. The service trains the machine learning model to evaluate the selected data features. The service sends the trained machine learning model to the device. The device computes the selected data features from the telemetry variables available at the device and uses the computed data features as input to the machine learning model.

公开(公告)号：US11418481B2

公开(公告)日：2022-08-16

申请号：US17492214

申请日：2021-10-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jonas Zaddach ,  Patrick Wetterwald

IPC: G06F15/16 ,  H04L61/3015 ,  H04L45/02 ,  H04L61/30 ,  H04L9/40 ,  H04L101/622

Abstract: Systems and methods may include sending, to a network registrar, a first message including a first nonce generated by a host computing device, and receiving, from the network registrar, a second message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PKI) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.