公开(公告)号：US11212221B1

公开(公告)日：2021-12-28

申请号：US16891194

申请日：2020-06-03

Applicant: Cisco Technology, Inc.

Inventor： Swadesh Agrawal ,  Dhananjaya Rao ,  Bertrand Duvivier ,  Sameer R. Gulrajani ,  Yuri Tsier

IPC: H04L12/723 ,  H04L12/46 ,  H04L12/703 ,  H04L12/707

Abstract: First and second egress nodes are each multi-homed to a customer edge (CE) that participates in virtual routing and forwarding (VRF). First forwarding information is configured on the first egress node. The first information includes VRF labels and defines forwarding of traffic based on the VRF labels and a status of a primary path to the CE. The VRF labels include a per-VRF label for the VRF and a per-CE label for the CE. Second forwarding information is configured on the second egress node. The second forwarding information includes the per-VRF label and the per-CE label, and defines traffic forwarding based on the VRF labels. Upon receiving traffic for the CE that carries the per-VRF label, the first egress node determines the status of the primary path, and forwards the traffic to either the CE over the primary path or to the second egress node, depending on the status.

公开(公告)号：US20210385157A1

公开(公告)日：2021-12-09

申请号：US16891194

申请日：2020-06-03

Applicant: Cisco Technology, Inc.

Inventor： Swadesh Agrawal ,  Dhananjaya Rao ,  Bertrand Duvivier ,  Sameer R. Gulrajani ,  Yuri Tsier

IPC: H04L12/723 ,  H04L12/707 ,  H04L12/703 ,  H04L12/46

Abstract: First and second egress nodes are each multi-homed to a customer edge (CE) that participates in virtual routing and forwarding (VRF). First forwarding information is configured on the first egress node. The first information includes VRF labels and defines forwarding of traffic based on the VRF labels and a status of a primary path to the CE. The VRF labels include a per-VRF label for the VRF and a per-CE label for the CE. Second forwarding information is configured on the second egress node. The second forwarding information includes the per-VRF label and the per-CE label, and defines traffic forwarding based on the VRF labels. Upon receiving traffic for the CE that carries the per-VRF label, the first egress node determines the status of the primary path, and forwards the traffic to either the CE over the primary path or to the second egress node, depending on the status.

公开(公告)号：US12113640B2

公开(公告)日：2024-10-08

申请号：US18357771

申请日：2023-07-24

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Mishra ,  Swadesh Agrawal ,  Ali Sajassi ,  Ijsbrand Wijnands ,  Samir Thoria

IPC: H04L12/18 ,  H04L45/50 ,  H04L1/00 ,  H04L45/16

CPC classification number: H04L12/1859 ,  H04L12/185 ,  H04L12/1895 ,  H04L45/50 ,  H04L2001/0093 ,  H04L45/16

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

公开(公告)号：US20230163968A1

公开(公告)日：2023-05-25

申请号：US18151876

申请日：2023-01-09

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Ketan Jivan Talaulikar ,  Sameer Ranjit Gulrajani ,  Swadesh Agrawal

IPC: H04L9/32

CPC classification number: H04L9/3213 ,  H04L45/16

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

公开(公告)号：US20230054738A1

公开(公告)日：2023-02-23

申请号：US17406321

申请日：2021-08-19

Applicant: Cisco Technology, Inc.

Inventor： Swadesh Agrawal ,  Dhananjaya Kasargod Rao ,  Jakob Heitz ,  Eric Voit

IPC: H04L29/06 ,  H04L12/741 ,  H04L12/751 ,  H04L9/32

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for secure network routing. A method includes: receiving, at a network node, an advertisement message for a network route including an IP address prefix; receiving, at the network node, a route origin authorization associated with the IP address prefix, the route origin authorization including a digital signature and a security requirement of a route to a destination that corresponds to the IP address prefix; determining, by the network node, one or more network nodes satisfies the security requirement to yield a determination; and determining, by the network node, to route network traffic to the IP address prefix based on the determination. In one example, the method can include, when the one or more network nodes satisfies the security requirement, advertising the route to the one or more network nodes that satisfies the security requirement.

公开(公告)号：US11575513B2

公开(公告)日：2023-02-07

申请号：US16867795

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Ketan Jivan Talaulikar ,  Sameer Ranjit Gulrajani ,  Swadesh Agrawal

IPC: H04L9/32 ,  H04L45/16

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

公开(公告)号：US11025444B2

公开(公告)日：2021-06-01

申请号：US16133000

申请日：2018-09-17

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Mishra ,  Swadesh Agrawal ,  Ali Sajassi ,  Ijsbrand Wijnands ,  Samir Thoria

IPC: H04L12/18 ,  H04L12/723 ,  H04L1/00 ,  H04L12/761

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

公开(公告)号：US20200322310A1

公开(公告)日：2020-10-08

申请号：US16825068

申请日：2020-03-20

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Swadesh Agrawal ,  Apoorva Karan

IPC: H04L29/06 ,  G06F21/60

Abstract: In one embodiment, a method by an apparatus of a Border Gateway Protocol (BGP) network includes accessing an attestation token for the apparatus. The method further includes encoding the attestation token in a BGP signaling message. The method further includes sending the BGP signaling message with the encoded attestation token to a second apparatus of the BGP network.

公开(公告)号：US12244509B2

公开(公告)日：2025-03-04

申请号：US18298552

申请日：2023-04-11

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Nitin Kumar ,  Ali Sajassi ,  Swadesh Agrawal

IPC: H04L12/18 ,  H04L45/00 ,  H04L45/02 ,  H04L45/50 ,  H04L47/32

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.

公开(公告)号：US20240195648A1

公开(公告)日：2024-06-13

申请号：US18317895

申请日：2023-05-15

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Sameer R. Gulrajani ,  Ali Sajassi ,  Swadesh Agrawal ,  Nitin Kumar

IPC: H04L12/18 ,  H04L12/46

CPC classification number: H04L12/185 ,  H04L12/4633

Abstract: A system and associated methods provide procedures for establishing multicast connections and forwarding multicast content from a source to a subscriber when an ingress provider edge in communication with the subscriber is connected to an egress provider edge device belonging to an EVPN instance, especially in cases where the egress provider edge device is not receiving content from the source. The system configures “backup” provider edge devices belonging to the EVPN instance to temporarily forward the multicast content to the egress provider edge device on behalf of the source, enabling the ingress provider edge device and subscriber to continue to receive the multicast content from the source while the multicast network adjusts to recognize a new egress provider edge device. Methods of establishing connections between the ingress provider edge device and the correct egress provider edge device are also provided to avoid flooding and inefficient content forwarding throughout the network.