公开(公告)号：US20240291734A1

公开(公告)日：2024-08-29

申请号：US18648889

申请日：2024-04-29

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US11509591B2

公开(公告)日：2022-11-22

申请号：US17334335

申请日：2021-05-28

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Sape Jurriën Mullender ,  Surendra M. Kumar ,  Louis Gwyn Samuel ,  Bart A. Brinckman ,  Aeneas Sean Dodd-Noble ,  Luca Martini

IPC: H04L12/825 ,  H04L12/801 ,  H04L12/715 ,  H04L47/25 ,  H04L47/10 ,  H04L45/64 ,  H04L41/0896

Abstract: An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (data-plane), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more data-plane services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more data-plane services.

公开(公告)号：US20220086061A1

公开(公告)日：2022-03-17

申请号：US17538983

申请日：2021-11-30

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G.P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L12/24 ,  H04L12/801

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US11044203B2

公开(公告)日：2021-06-22

申请号：US15171892

申请日：2016-06-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Sape Jurriën Mullender ,  Surendra M. Kumar ,  Louis Gwyn Samuel ,  Bart A. Brinckman ,  Aeneas Sean Dodd-Noble ,  Luca Martini

IPC: H04L12/26 ,  H04L12/801 ,  H04L12/825 ,  H04L12/715 ,  H04L12/24

Abstract: An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (Gi-LAN), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more Gi-LAN services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more Gi-LAN services.

公开(公告)号：US10931793B2

公开(公告)日：2021-02-23

申请号：US15347349

申请日：2016-11-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Jeffrey Napper ,  Prashant Patadayya Hiremath ,  Vandana Saha

IPC: H04L29/06 ,  H04L29/08

Abstract: In one embodiment, a method includes creating a catalog of service function (“SF”) profiles, wherein each of the profiles is associated with an SF and indicates a type of the associated SF; storing the catalog of SF profiles in a memory device of a service controller associated with the DVS; creating a service profile group template (“SPGT”) that includes at least one SF profile from the catalog of SF profiles, wherein the SPGT includes a service chain definition identifying at least one service chain comprising the SF associated with the at least one SF profile to be executed in connection with a service path and at least one policy for classifying traffic to the at least one service chain; deploying a first SPG instance based on the SPGT; and deploying an additional SPG instance based on the SPGT in accordance with a scaling policy included in the SPGT.

公开(公告)号：US20200252374A1

公开(公告)日：2020-08-06

申请号：US16373055

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  Sape Jurrien Mullender ,  David Delano Ward

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/46

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

公开(公告)号：US10361969B2

公开(公告)日：2019-07-23

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911 ,  H04L12/725 ,  H04L12/841

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.

公开(公告)号：US10284390B2

公开(公告)日：2019-05-07

申请号：US15177021

申请日：2016-06-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Jeffrey Napper ,  Burjiz Pithawala

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/70 ,  H04L29/12 ,  H04L12/725 ,  H04L12/715

Abstract: A method is provided in one example embodiment and includes receiving at a network element an encapsulated packet including an encapsulation header, in which the encapsulation header includes an Analytics Proxy Function (“APF”) flag; determining whether the APF flag is set to a first value; if the APF flag is set to the first value, forwarding the encapsulated packet to a local APF instance associated with the network element, in which the encapsulated packet is processed by the local APF instance to replicate at least a portion of the encapsulated packet, construct a record of the encapsulated packet, or both; and if the APF flag is not set to the first value, omitting forwarding the encapsulated packet to the local APF instance associated with the network element. The local APF instance is implemented as a service function anchored at the forwarding element.

公开(公告)号：US10079767B2

公开(公告)日：2018-09-18

申请号：US15181159

申请日：2016-06-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Surendra M. Kumar ,  Aeneas Sean Dodd-Noble ,  Anil Kumar Chandrupatla

IPC: H04L12/851 ,  H04L12/801 ,  H04L12/803 ,  H04L29/08 ,  H04L12/713

CPC classification number: H04L47/2441 ,  H04L45/586 ,  H04L45/64 ,  H04L47/125 ,  H04L47/14 ,  H04L67/1076 ,  H04L67/2842

Abstract: A method is provided in one example embodiment and includes receiving at a network element a packet associated with a flow and determining whether a flow cache of the network element includes an entry for the flow indicating a classification for the flow. The method further includes, if the network element flow cache does not include an entry for the flow, punting the packet over a default path to a classifying service function, in which the classifying service function classifies the flow and determines a control plane service function for handling the flow, and receiving from the classifying service function a service path identifier (“SPI”) of a service path leading to the determined control plane service function. The flow is subsequently offloaded from the classifying service function to the network element.

公开(公告)号：US20180063018A1

公开(公告)日：2018-03-01

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911

CPC classification number: H04L47/76 ,  H04L45/306 ,  H04L47/28 ,  H04L47/822

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.