公开(公告)号：US20200382482A1

公开(公告)日：2020-12-03

申请号：US16997483

申请日：2020-08-19

Applicant: Cisco Technology, Inc.

Inventor： Sourabh Suresh Patwardhan ,  Jalaja Padma ,  Srinivasan Krishnamurthy ,  Rajasekhar Manam

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/44 ,  G06F21/45

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

公开(公告)号：US10764266B2

公开(公告)日：2020-09-01

申请号：US16012597

申请日：2018-06-19

Applicant: Cisco Technology, Inc.

Inventor： Sourabh Suresh Patwardhan ,  Jalaja Padma ,  Srinivasan Krishnamurthy ,  Rajasekhar Manam

IPC: G06F21/44 ,  H04L29/06 ,  G06F9/455 ,  G06F21/45

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

公开(公告)号：US20180019948A1

公开(公告)日：2018-01-18

申请号：US15208133

申请日：2016-07-12

Applicant: Cisco Technology, Inc.

Inventor： Sourabh Patwardhan ,  Rajasekhar Manam

IPC: H04L12/803 ,  H04L12/859 ,  H04L12/723 ,  H04L12/927 ,  H04L12/46

CPC classification number: H04L45/50 ,  H04L12/4645 ,  H04L45/38 ,  H04L45/54 ,  H04L47/22 ,  H04L47/24 ,  H04L47/2483 ,  H04L49/70 ,  H04L2012/4629

Abstract: A virtual networking switch on a host computing device can receive a first data packet of a micro-service data flow from a virtual machine running on the host computing device. The first data packet can include micro-service flow data identifying a first container instance that transmitted the first data packet. The virtual networking switch can provide a subset of the micro-service flow data to a container orchestrator, that utilizes the first subset of the micro-service flow data to assign a label to the first micro-service data flow. The virtual networking switch can pin the first micro-service data flow to a first uplink port of the host computing device based on the label assigned to the first micro-service data flow, causing data packets received from the virtual machine as part of the first micro-service data flow to be forwarded to their intended recipient via the first uplink port.

公开(公告)号：US09225605B2

公开(公告)日：2015-12-29

申请号：US13680503

申请日：2012-11-19

Applicant: Cisco Technology, Inc.

Inventor： Rajasekhar Manam ,  Venkata Naga Ramesh Ponnapalli ,  Sridar Kandaswamy

IPC: H04L12/24 ,  H04L12/931

CPC classification number: H04L41/12 ,  H04L41/0668 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/5054 ,  H04L49/70

Abstract: Embodiments generally provide techniques for mapping service modules on a network device. Embodiments identify a plurality of service modules, each configured to perform a respective service. A first one of the plurality of service modules is mapped to a first one of a plurality of virtual switches on the network device. Service policy information for a plurality of virtual switches is retrieved. The service policy information is indicative of service requirements for each of the plurality of virtual switches. Upon detecting an occurrence of a predefined event, embodiments determine a second one of the plurality of virtual switches to map the first service module to, based on the service policy information. The first service module is then mapped to the second virtual switch.

Abstract translation: 实施例通常提供用于在网络设备上映射服务模块的技术。 实施例识别多个服务模块，每个服务模块被配置为执行相应的服务。 多个服务模块中的第一个被映射到网络设备上的多个虚拟交换机中的第一个。 检索多个虚拟交换机的服务策略信息。 服务策略信息指示多个虚拟交换机中的每一个的服务需求。 在检测到预定事件的发生时，实施例基于服务策略信息确定多个虚拟交换机中的第二虚拟交换机，以将第一服务模块映射到该第一服务模块。 然后将第一个服务模块映射到第二个虚拟交换机。

公开(公告)号：US12182005B2

公开(公告)日：2024-12-31

申请号：US18742077

申请日：2024-06-13

Applicant: Cisco Technology, Inc.

Inventor： Kiran Chunduri ,  Rajasekhar Manam

IPC: G06F11/36 ,  G06F11/34 ,  H04L67/30 ,  H04L67/51

Abstract: Disclosed are systems, computer-readable media and methods for monitoring performance data across microservices. One example method includes establishing a service policy configured on a centralized switch controller, applying the service profile to a virtual interface associated with a microservice, mapping a microservice name for the microservice to an IP address and a port number, tracking a protocol flow for the microservice, wherein the protocol flow is associated with a virtual switch, to yield data, aggregating the data to yield aggregated data and presenting the aggregated data on a user interface.

公开(公告)号：US20240338303A1

公开(公告)日：2024-10-10

申请号：US18742077

申请日：2024-06-13

Applicant: Cisco Technology, Inc.

Inventor： Kiran Chunduri ,  Rajasekhar Manam

IPC: G06F11/36 ,  G06F11/34 ,  H04L67/30 ,  H04L67/51

CPC classification number: G06F11/3664 ,  G06F11/34 ,  H04L67/30 ,  H04L67/51

Abstract: Disclosed are systems, computer-readable media and methods for monitoring performance data across microservices. One example method includes establishing a service policy configured on a centralized switch controller, applying the service profile to a virtual interface associated with a microservice, mapping a microservice name for the microservice to an IP address and a port number, tracking a protocol flow for the microservice, wherein the protocol flow is associated with a virtual switch, to yield data, aggregating the data to yield aggregated data and presenting the aggregated data on a user interface.

公开(公告)号：US12066921B2

公开(公告)日：2024-08-20

申请号：US18114976

申请日：2023-02-27

Applicant: Cisco Technology, Inc.

Inventor： Kiran Chunduri ,  Rajasekhar Manam

IPC: G06F11/36 ,  G06F11/34 ,  H04L67/30 ,  H04L67/51

CPC classification number: G06F11/3664 ,  G06F11/34 ,  H04L67/30 ,  H04L67/51

Abstract: Disclosed are systems, computer-readable media and methods for monitoring performance data across microservices. One example method includes establishing a service policy configured on a centralized switch controller, applying the service profile to a virtual interface associated with a microservice, mapping a microservice name for the microservice to an IP address and a port number, tracking a protocol flow for the microservice, wherein the protocol flow is associated with a virtual switch, to yield data, aggregating the data to yield aggregated data and presenting the aggregated data on a user interface.

公开(公告)号：US11210204B2

公开(公告)日：2021-12-28

申请号：US16692950

申请日：2019-11-22

Applicant: Cisco Technology, Inc.

Inventor： Kiran Chunduri ,  Rajasekhar Manam

IPC: G06F9/44 ,  G06F11/36 ,  H04L29/08 ,  G06F11/34

Abstract: Disclosed are systems, computer-readable media and methods for monitoring performance data across microservices. One example method includes establishing a service policy configured on a centralized switch controller, applying the service profile to a virtual interface associated with a microservice, mapping a microservice name for the microservice to an IP address and a port number, tracking a protocol flow for the microservice, wherein the protocol flow is associated with a virtual switch, to yield data, aggregating the data to yield aggregated data and presenting the aggregated data on a user interface.

公开(公告)号：US20180113790A1

公开(公告)日：2018-04-26

申请号：US15299397

申请日：2016-10-20

Applicant: Cisco Technology, Inc.

Inventor： Kiran Chunduri ,  Rajasekhar Manam

IPC: G06F11/36 ,  H04L12/931 ,  G06F9/455

Abstract: Disclosed are systems, computer-readable media and methods for monitoring performance data across microservices. One example method includes establishing a service policy configured on a centralized switch controller, applying the service profile to a virtual interface associated with a microservice, mapping a microservice name for the microservice to an IP address and a port number, tracking a protocol flow for the microservice, wherein the protocol flow is associated with a virtual switch, to yield data, aggregating the data to yield aggregated data and presenting the aggregated data on a user interface.

公开(公告)号：US20140140221A1

公开(公告)日：2014-05-22

申请号：US13680503

申请日：2012-11-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rajasekhar Manam ,  Venkata Naga Ramesh Ponnapalli ,  Sridar Kandaswamy

IPC: H04L12/24

CPC classification number: H04L41/12 ,  H04L41/0668 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/5054 ,  H04L49/70

Abstract: Embodiments generally provide techniques for mapping service modules on a network device. Embodiments identify a plurality of service modules, each configured to perform a respective service. A first one of the plurality of service modules is mapped to a first one of a plurality of virtual switches on the network device. Service policy information for a plurality of virtual switches is retrieved. The service policy information is indicative of service requirements for each of the plurality of virtual switches. Upon detecting an occurrence of a predefined event, embodiments determine a second one of the plurality of virtual switches to map the first service module to, based on the service policy information. The first service module is then mapped to the second virtual switch.

Abstract translation: 实施例通常提供用于在网络设备上映射服务模块的技术。 实施例识别多个服务模块，每个服务模块被配置为执行相应的服务。 多个服务模块中的第一个被映射到网络设备上的多个虚拟交换机中的第一个。 检索多个虚拟交换机的服务策略信息。 服务策略信息指示多个虚拟交换机中的每一个的服务需求。 在检测到预定事件的发生时，实施例基于服务策略信息确定多个虚拟交换机中的第二虚拟交换机，以将第一服务模块映射到该第一服务模块。 然后将第一个服务模块映射到第二个虚拟交换机。