公开(公告)号：US11799948B2

公开(公告)日：2023-10-24

申请号：US16950132

申请日：2020-11-17

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Maik Guenter Seewald

IPC: H04L67/1004

CPC classification number: H04L67/1004

Abstract: Cloud services are provided by a distributed network including a number of geographically distributed datacenters, to client devices in accordance with data sovereignty requirements. A server within the distributed network may receive a service request and determine whether it complies with the data sovereignty requirements of the client. When the geographic location of the server does not comply with the client's data sovereignty requirements, the server may determine and transmit back to the client device a set of alternative datacenters within the distributed network that comply with the client's data sovereignty requirements. The client device may use network probes to select an alternative datacenter, and the cloud service request of the client device may be migrated from the server to the selected datacenter.

公开(公告)号：US11751146B2

公开(公告)日：2023-09-05

申请号：US17831009

申请日：2022-06-02

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Robert Edgar Barton ,  Jerome Henry ,  Eric Michel Levy-Abegnoli

IPC: H04W52/38 ,  H04W40/24 ,  H04W24/02 ,  H04W84/18

CPC classification number: H04W52/383 ,  H04W24/02 ,  H04W40/244 ,  H04W84/18

Abstract: In one embodiment, a method comprises: determining, by a constrained network device in a low power and lossy network (LLN), a self-estimated density value of neighboring LLN devices based on wirelessly receiving an identified number of beacon message transmissions within an identified time interval from neighboring transmitting LLN devices in the LLN; setting, by the constrained network device, a first wireless transmit power value based on the self-estimated density value; and transmitting a beacon message at the first wireless transmit power value, the beacon message specifying the self-estimated density value, a corresponding trust metric for the self-estimated density value, and the first wireless transmit power value used by the constrained network device for transmitting the beacon message.

公开(公告)号：US11729119B2

公开(公告)日：2023-08-15

申请号：US17530376

申请日：2021-11-18

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton

IPC: H04L49/00 ,  H04L49/9005

CPC classification number: H04L49/9005

Abstract: Techniques and systems described herein relate to network system queue management and dynamic real-time re-allocation of resources to prevent oversubscription and packet loss due to oversubscription. The techniques and systems enable monitoring of traffic and initial identification of queues at risk for oversubscription based on a rate of change of traffic load on the queue in advance of oversubscription occurring. After identifying a queue at risk for oversubscription, an Extended Berkeley Packet Filter or other similar component performs a likelihood determination using predictive algorithm techniques to identify a likelihood of oversubscription in the near future and re-allocates to parallel queues for efficient and loss-free use of the queues.

公开(公告)号：US20230040607A1

公开(公告)日：2023-02-09

申请号：US17395766

申请日：2021-08-06

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Elango Ganesan ,  Flemming Stig Andreasen

IPC: H04L29/06

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

公开(公告)号：US20230036547A1

公开(公告)日：2023-02-02

申请号：US17390229

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： David M. Hanes ,  Gonzalo Salgueiro ,  Robert Edgar Barton ,  Sebastian Jeuk

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media are provided for dynamic allocation of network security resources and measures to network traffic between end terminals on a network and a network destination, based in part on an independently sourced reputation score of the network destination. In one aspect, a method includes receiving, at a cloud network controller, a request from an end terminal for information on a network destination; determining, at the cloud network controller, a reputation score for the network destination; determining, at the cloud network controller, one or more security measures to be applied when accessing the network destination, based on the reputation score; and communicating, by the cloud network controller, the one or more security measures to the end terminal, wherein the end terminal communicates the one or more security measures to a third-party security service provider for applying to communications between the end terminal and the network destination.

公开(公告)号：US20230029987A1

公开(公告)日：2023-02-02

申请号：US17930281

申请日：2022-09-07

Applicant: Cisco Technology, Inc.

Inventor： Indermeet Singh Gandhi ,  Robert Edgar Barton ,  Jerome Henry ,  Cesar Obediente

IPC: H04L45/00

Abstract: In one embodiment, a method includes receiving energy efficiency data from a plurality of nodes within a network. The method also includes determining an energy efficiency node quotient for each of the plurality of nodes within the network to generate a plurality of energy efficiency node quotients and determining an energy efficiency path quotient for each of a plurality of paths within the network to generate a plurality of energy efficiency path quotients. The method further includes determining one or more policies associated with the plurality of paths and selecting a path from the plurality of paths based at least on the plurality of energy efficient path quotients and the one or more policies.

公开(公告)号：US11523314B2

公开(公告)日：2022-12-06

申请号：US17142638

申请日：2021-01-06

Applicant: Cisco Technology, Inc.

Inventor： Akram Ismail Sheriff ,  Xiaoguang Jason Chen ,  Jun Liu ,  Robert Edgar Barton ,  Jerome Henry

IPC: H04W36/00 ,  H04W4/40 ,  H04W36/32 ,  H04W36/30 ,  H04W36/38

Abstract: In one embodiment, a device in a wireless network receives telemetry data from a plurality of autonomous vehicles. The telemetry data is indicative of radio signal quality metrics experienced by the vehicles at a particular location over time. The device forms an array of wireless roaming thresholds by applying regression to the telemetry data. The device computes an optimum roaming threshold from the array of wireless roaming thresholds to be used by the vehicles when approaching the location. The device triggers, based on the computed optimum threshold, one or more of the autonomous vehicles to initiate access point roaming when approaching the particular location.

公开(公告)号：US11438371B2

公开(公告)日：2022-09-06

申请号：US16185168

申请日：2018-11-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Robert Edgar Barton ,  Jerome Henry ,  Muthurajah Sivabalan

IPC: H04L9/00 ,  H04L9/40 ,  H04L47/125

Abstract: First data indicative of information that a packet is part of a DDoS attack is received at a management network device. A DDoS remediation network device to be used for remediation of packets associated with the DDoS attack is determined from the first data. Second data, indicative of the DDoS attack and indicative of the DDoS remediation network device, is transmitted from the management network device to an edge network device. The second data is configured to cause the edge network device to route packets associated with the DDoS attack to the DDoS remediation network device.

公开(公告)号：US20220191736A1

公开(公告)日：2022-06-16

申请号：US17684263

申请日：2022-03-01

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Russell Paul Gyurek ,  Jerome Henry

IPC: H04W28/06 ,  H04L45/50 ,  H04W40/02

Abstract: Systems, methods, and computer-readable media for the secure creation of application containers for 5G slices. A MEC application in a MEC layer of a 5G network can be associated with a specific network slice of the 5G network. A backhaul routing policy for the MEC application can be defined based on the association of the MEC application with the specific network slice of the 5G network. Further, a SID for the MEC application that associates the MEC application with a segment routing tunnel through a backhaul of the 5G network can be generated. A MEC layer access policy for the MEC application can be defined based on the SID for the MEC application. As follows, access to the MEC application through the 5G network can be controlled based on both the backhaul routing policy for the MEC application and the MEC layer access policy for the application.

公开(公告)号：US11282160B2

公开(公告)日：2022-03-22

申请号：US16817390

申请日：2020-03-12

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Russell Paul Gyurek ,  Frank Brockners

IPC: G06T1/20 ,  G06F9/50 ,  G06F9/38 ,  G06F9/54 ,  G06F15/80

Abstract: A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.