知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

165 records (took 0.028 seconds)

    AUTOMATIC ENCRYPTION FOR CLOUD-NATIVE WORKLOADS
    11.
    发明公开
    AUTOMATIC ENCRYPTION FOR CLOUD-NATIVE WORKLOADS 审中-公开

    公开(公告)号:US20240080308A1

    公开(公告)日:2024-03-07

    申请号:US18389417

    申请日:2023-11-14

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Vincent E. Parla

    IPC: H04L9/40 H04L12/46

    CPC classification number: H04L63/0485 H04L12/4633 H04L63/0236 H04L63/166

    Abstract: Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.

    Classification and forwarding node for integrating disparate headend traffic ingress services with disparate backend services
    12.
    发明授权
    Classification and forwarding node for integrating disparate headend traffic ingress services with disparate backend services 有权

    公开(公告)号:US11888740B2

    公开(公告)日:2024-01-30

    申请号:US17193411

    申请日:2021-03-05

    Applicant: Cisco Technology, Inc.

    Inventor: Leonardo Rangel Augusto Stephen John Hassard Kyle Andrew Donald Mestery Bernardo De Moraes Soares

    IPC: H04L45/74

    CPC classification number: H04L45/74 H04L2212/00

    Abstract: Techniques for integrating disparate headend traffic ingress services with disparate backend services are disclosed herein. The techniques may include receiving, at a classification and forwarding node of a networked computing environment, a data packet encapsulated according to a first encapsulation protocol that is supported by the classification and forwarding node. The techniques may also include determining, by the classification and forwarding node, that the data packet is to be sent to a service from among a group of services associated with the networked computing environment. The classification and forwarding node may also determine whether the first encapsulation protocol is supported by the service. Based at least in part on determining that the service supports a second encapsulation protocol different than the first encapsulation protocol, the classification and forwarding node may encapsulate the data packet according to the second encapsulation protocol and send the data packet to the service.

    WORKLOAD MIGRATION FOR MULTIPATH ROUTED NETWORK SESSIONS
    13.
    发明公开
    WORKLOAD MIGRATION FOR MULTIPATH ROUTED NETWORK SESSIONS 审中-公开

    公开(公告)号:US20240022521A1

    公开(公告)日:2024-01-18

    申请号:US17866932

    申请日:2022-07-18

    Applicant: Cisco Technology, Inc.

    Inventor: Vincent E. Parla Kyle Andrew Donald Mestery

    IPC: H04L47/726 H04L47/11 H04L47/70 H04L47/74

    CPC classification number: H04L47/726 H04L47/11 H04L47/827 H04L47/745

    Abstract: Techniques for migrating on-premises and/or cloud-based workloads to follow a network session as it potentially migrates, due to multipathing techniques, across multiple edge and/or cloud datacenters. The techniques may include determining, by a controller of a network, that a traffic flow between an endpoint device and a workload has migrated to a different path of a multipath flow such that the traffic flow terminates at a different termination point than the workload. Based at least in part on determining that the traffic flow has migrated, the controller may cause a migration of a state of the workload to a location associated with the different termination point. That is, the controller may cause the workload to be migrated in its current state, which may be specific to the endpoint device, to follow the traffic flow.

    Partial packet encryption for encrypted tunnels
    16.
    发明授权
    Partial packet encryption for encrypted tunnels 有权

    公开(公告)号:US11765146B2

    公开(公告)日:2023-09-19

    申请号:US17002170

    申请日:2020-08-25

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Ian James Wells Grzegorz Boguslaw Duraj

    IPC: H04L9/40 H04L12/46 H04L9/32

    CPC classification number: H04L63/0478 H04L9/321 H04L12/4633 H04L63/08

    Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.

    POLICY-BASED WORKLOAD ORCHESTRATION FOR ENTERPRISE NETWORKS
    17.
    发明公开
    POLICY-BASED WORKLOAD ORCHESTRATION FOR ENTERPRISE NETWORKS 审中-公开

    公开(公告)号:US20230269292A1

    公开(公告)日:2023-08-24

    申请号:US18122571

    申请日:2023-03-16

    Applicant: Cisco Technology, Inc.

    Inventor: Vincent E. Parla Kyle Andrew Donald Mestery

    IPC: H04L41/0894 H04L41/0803

    CPC classification number: H04L41/0894 H04L41/0803

    Abstract: Techniques for operationalizing workloads at edge network nodes, while maintaining centralized intent and policy controls. The techniques may include storing, in a cloud-computing network, a workload image that includes a function capability. The techniques may also include receiving, at the cloud-computing network, a networking policy associated with an enterprise network. Based at least in part on the networking policy, a determination may be made at the cloud-computing network that the function capability is to be operationalized on an edge device of the enterprise network. The techniques may also include sending the workload image to the edge device to be installed on the edge device to operationalize the function capability. In some examples, the function capability may be a security function capability (e.g., proxy, firewall, etc.), a routing function capability (e.g., network address translation, load balancing, etc.), or any other function capability.

    Distributed tenant overlay network with centralized routing control plane
    18.
    发明授权
    Distributed tenant overlay network with centralized routing control plane 有权

    公开(公告)号:US11689454B2

    公开(公告)日:2023-06-27

    申请号:US17223486

    申请日:2021-04-06

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Rahim Lalani

    IPC: H04L45/00 H04L45/02 H04L45/24 H04L45/42

    CPC classification number: H04L45/566 H04L45/02 H04L45/22 H04L45/24 H04L45/42

    Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.

    Using a domain-specific language to describe network-level behavior
    19.
    发明授权
    Using a domain-specific language to describe network-level behavior 有权

    公开(公告)号:US11418394B1

    公开(公告)日:2022-08-16

    申请号:US17469670

    申请日:2021-09-08

    Applicant: Cisco Technology, Inc.

    Inventor: Ian James Wells Kyle Andrew Donald Mestery Grzegorz Boguslaw Duraj

    IPC: G06F15/173 H04L41/0823 H04L41/12 H04L45/64 H04L45/586 H04L41/14

    Abstract: Techniques and mechanisms for using a domain-specific language (DSL) to express overall network behaviors by describing what network-level behavior is desired. A compiler breaks down the DSL into portions of executable code that are to be run at different network devices and locations of the network architecture. In some instances, the executable code output from the compiler may be used to determine what network functions, network devices, and/or network topology is required to implement the overall network behavior that is desired. In other examples, an inventory and/or topology of available network devices may be fed into the compiler, and the compiler may compile the DSL into executable code that is able to be supported by the inventory and/or topology of available network devices. Thus, the DSL can be used to describe overall network behaviors to easily generate executable code that is used to implement a desired network-level behavior.

Patent Agency Ranking