公开(公告)号：US20240163311A1

公开(公告)日：2024-05-16

申请号：US18422075

申请日：2024-01-25

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz ,  Juan Alcaide

IPC: H04L9/40 ,  H04L45/00

CPC classification number: H04L63/1466 ,  H04L45/22 ,  H04L63/0823

Abstract: Techniques for mitigating BGP blackholes and hijackings are disclosed herein. The techniques include methods for determining, by a victim autonomous system (AS), that a first AS is associated with a first BGP route that includes the victim AS as the destination or as an AS along the first BGP route to the destination and sending a message to a second AS directing the second AS to refrain from using the first AS to propagate data to the victim AS. The message can include a set of one or more AS numbers to avoid in refraining from using to propagate data to the victim AS, a timestamp, an expiration interval, a signature of the victim AS, and an identifier identifying a certificate to be used to verify the signature. Systems and computer-readable media are also provided.

公开(公告)号：US20220329621A1

公开(公告)日：2022-10-13

申请号：US17224275

申请日：2021-04-07

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz ,  Juan Alcaide

IPC: H04L29/06 ,  H04L12/707

Abstract: Techniques for mitigating BGP blackholes and hijackings are disclosed herein. The techniques include methods for determining, by a victim autonomous system (AS), that a first AS is associated with a first BGP route that includes the victim AS as the destination or as an AS along the first BGP route to the destination and sending a message to a second AS directing the second AS to refrain from using the first AS to propagate data to the victim AS. The message can include a set of one or more AS numbers to avoid in refraining from using to propagate data to the victim AS, a timestamp, an expiration interval, a signature of the victim AS, and an identifier identifying a certificate to be used to verify the signature. Systems and computer-readable media are also provided.

公开(公告)号：US10951463B2

公开(公告)日：2021-03-16

申请号：US16366053

申请日：2019-03-27

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz ,  Dhananjaya Kasargod Rao ,  Pascal Thubert

IPC: H04L12/24 ,  H04L12/703 ,  H04L12/933 ,  H04L12/745

Abstract: The present disclosure provides Border Gateway Protocol route aggregation in a Clos fabric when one or more communication failures are detected. A method includes receiving a prefix component of a first aggregate route from a first next hop node, the prefix component being associated with a failed network element; announcing, to one or more neighboring nodes, the first aggregate route along with the prefix component and the first next hop node associated with the failed network element; identifying, by the one or more neighboring nodes, a second aggregate route, the second aggregate route being a shortest aggregate route that contains the first aggregate route; and generating, from the second aggregate route, one or more Chad routes to the prefix component of the first aggregate route, wherein the one or more Chad routes are associated with one or more next hop nodes that are different from the first next hop node.

公开(公告)号：US11909763B2

公开(公告)日：2024-02-20

申请号：US17224275

申请日：2021-04-07

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz ,  Juan Alcaide

IPC: H04L9/40 ,  H04L45/00

CPC classification number: H04L63/1466 ,  H04L45/22 ,  H04L63/0823

Abstract: Techniques for mitigating BGP blackholes and hijackings are disclosed herein. The techniques include methods for determining, by a victim autonomous system (AS), that a first AS is associated with a first BGP route that includes the victim AS as the destination or as an AS along the first BGP route to the destination and sending a message to a second AS directing the second AS to refrain from using the first AS to propagate data to the victim AS. The message can include a set of one or more AS numbers to avoid in refraining from using to propagate data to the victim AS, a timestamp, an expiration interval, a signature of the victim AS, and an identifier identifying a certificate to be used to verify the signature. Systems and computer-readable media are also provided.

公开(公告)号：US10979340B2

公开(公告)日：2021-04-13

申请号：US16505377

申请日：2019-07-08

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz ,  Alfred C. Lindem, III

IPC: H04L12/50 ,  H04L12/755 ,  H04L12/721

Abstract: Techniques for updating a routing table based on a single message are described. One technique includes receiving at a first network device a node message from a second network device. The node message includes a sequence number and a list of link state(s) originated by the second network device. The first network device determines whether to withdraw one or more link states originated by the second network device and maintained in a routing table of the first network device based on the sequence number and the list of the link state(s) within the node message. The routing table is updated based on the determinations.

公开(公告)号：US10015081B1

公开(公告)日：2018-07-03

申请号：US15279480

申请日：2016-09-29

Applicant: Cisco Technology, Inc.

Inventor： Jakob Heitz

IPC: H04L12/28 ,  H04L12/707 ,  H04L12/741

CPC classification number: H04L45/748 ,  H04L45/04 ,  H04L63/1466 ,  H04L2463/145

Abstract: In one embodiment a system, method, and related apparatus are described for a router which receives notice of a route including a hijacked prefix having a hijacked prefix netmask length, searches a set of routes with equal or shorter netmask lengths that cover the hijacked prefix in order to find at least one route which has no autonomous system (AS) in common with the particular route comprising the hijacked prefix, if a specific route is found with a netmask length equal to or shorter than the hijacked prefix netmask length, then the specific route which has been found is a determined alternative route, extracts the particular route comprising the hijacked prefix from the specific route if said specific route has a netmask length covering a larger address range than the hijacked prefix netmask length, inserts the determined alternative route in a routing table, and modifies attributes of the determined alternative route in the routing table according to the determined alternative route. Related systems, methods, and apparatus are also described.