公开(公告)号：US10547544B2

公开(公告)日：2020-01-28

申请号：US15855703

申请日：2017-12-27

Applicant: Cisco Technology, Inc.

Inventor： Thomas James Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Kit Chiu Chu ,  Michael R. Smith ,  Sameer Merchant ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/721 ,  H04L12/933 ,  G06F9/455

Abstract: Disclosed herein are methods of forwarding packets on a network, such as a leaf-spine network having leaf devices and spine devices. The methods may include receiving a packet at an ingress leaf device, and determining based, at least in part, on a header of the packet whether the packet is to be transmitted to a spine device. The methods may further include ascertaining based, at least in part, on a header of the packet whether to perform encapsulation on the packet, encapsulating the packet according to a result of the ascertaining, and then transmitting the packet to a spine device according to a result of the determining. Also disclosed herein are network apparatuses which include a processor and a memory, at least one of the processor or the memory being configured to perform some or all of the foregoing described methods.

公开(公告)号：US09876715B2

公开(公告)日：2018-01-23

申请号：US14530550

申请日：2014-10-31

Applicant: Cisco Technology, Inc.

Inventor： Thomas James Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Kit Chiu Chu ,  Michael R. Smith ,  Sameer Merchant ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/721 ,  H04L12/933 ,  G06F9/455

CPC classification number: H04L45/74 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L12/4633 ,  H04L45/66 ,  H04L49/10

Abstract: Disclosed herein are methods of forwarding packets on a network, such as a leaf-spine network having leaf devices and spine devices. The methods may include receiving a packet at an ingress leaf device, and determining based, at least in part, on a header of the packet whether the packet is to be transmitted to a spine device. The methods may further include ascertaining based, at least in part, on a header of the packet whether to perform encapsulation on the packet, encapsulating the packet according to a result of the ascertaining, and then transmitting the packet to a spine device according to a result of the determining. Also disclosed herein are network apparatuses which include a processor and a memory, at least one of the processor or the memory being configured to perform some or all of the foregoing described methods.

公开(公告)号：US20160164833A9

公开(公告)日：2016-06-09

申请号：US14143935

申请日：2013-12-30

Applicant: Cisco Technology, Inc

Inventor： Michael R. Smith

IPC: H04L29/06

CPC classification number: H04L63/0227 ,  H04L12/56 ,  H04L29/12018 ,  H04L45/52 ,  H04L61/10 ,  H04L63/101 ,  H04L69/22

Abstract: A method and system for best effort propagation of security group information is disclosed. The method includes determining if a reserved group identifier is associated with a destination and, if the reserved group identifier is associated with the destination, indicating that a packet received at a network node can be sent to another network node. The packet includes destination information that identifies the destination as a destination of the packet.

Abstract translation: 公开了安全组信息的最佳努力传播的方法和系统。 该方法包括确定保留组标识符是否与目的地相关联，并且如果保留组标识符与目的地相关联，指示在网络节点处接收的分组可以被发送到另一网络节点。 该分组包括将目的地标识为分组的目的地的目的地信息。

公开(公告)号：US09246799B2

公开(公告)日：2016-01-26

申请号：US13891245

申请日：2013-05-10

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Navindra Yadav ,  Michael R. Smith ,  Nagaraj A. Bagepalli

IPC: H04L12/28 ,  H04L12/725

CPC classification number: H04L45/306 ,  H04L41/0893 ,  H04L47/2441 ,  H04L69/22

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

Abstract translation: 提供了技术来将服务链结构与底层网络转发状态分离，并允许服务链转发要求的数据平面学习和服务功能状态要求与服务链的前向和后向转发路径之间的任何关联。 在包括多个网络节点的网络中，每个网络节点被配置为对通过相应网络节点的业务应用服务功能，在网络节点处接收分组。 当网络节点确定其应用的服务功能是有状态时，它更新分组的网络服务报头中的上下文信息，以指示在网络节点处应用的服务功能是有状态的，并且用于与分类标准匹配的反向路径的业务 将被返回到网络节点。

公开(公告)号：US20150195218A1

公开(公告)日：2015-07-09

申请号：US14660463

申请日：2015-03-17

Applicant: Cisco Technology, Inc.

Inventor： Michael R. Smith ,  Jeffrey YM Wang ,  Ali Golshan

IPC: H04L12/939 ,  H04L12/931 ,  H04L12/935

CPC classification number: H04L49/552 ,  H04L45/02 ,  H04L45/583 ,  H04L45/586 ,  H04L49/1553 ,  H04L49/30 ,  H04L49/354 ,  H04L49/70

Abstract: A virtual network device includes several different virtual network device sub-units, which collectively operate as a single logical network device. An interface bundle includes interfaces in more than one of the different virtual network device sub-units included in the virtual network device. The interface bundle is coupled to a virtual link bundle, which connects the virtual network device to another device. The interface bundle is managed as a single logical interface.

Abstract translation: 虚拟网络设备包括几个不同的虚拟网络设备子单元，它们共同作为单个逻辑网络设备操作。 接口束包括虚拟网络设备中包含的不同虚拟网络设备子单元中的一个以上的接口。 接口束耦合到将虚拟网络设备连接到另一设备的虚拟链路束。 接口束作为单个逻辑接口进行管理。

公开(公告)号：US10158561B2

公开(公告)日：2018-12-18

申请号：US14966737

申请日：2015-12-11

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Yavindra Yadav ,  Michael R. Smith ,  Nagaraj A. Bagepalli

IPC: H04L12/725 ,  H04L12/851 ,  H04L29/06 ,  H04L12/24

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

公开(公告)号：US20180139132A1

公开(公告)日：2018-05-17

申请号：US15855703

申请日：2017-12-27

Applicant: Cisco Technology, Inc.

Inventor： Thomas James Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Kit Chiu Chu ,  Michael R. Smith ,  Sameer Merchant ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/741 ,  H04L12/933 ,  H04L12/721 ,  H04L12/46 ,  G06F9/455

Abstract: Disclosed herein are methods of forwarding packets on a network, such as a leaf-spine network having leaf devices and spine devices. The methods may include receiving a packet at an ingress leaf device, and determining based, at least in part, on a header of the packet whether the packet is to be transmitted to a spine device. The methods may further include ascertaining based, at least in part, on a header of the packet whether to perform encapsulation on the packet, encapsulating the packet according to a result of the ascertaining, and then transmitting the packet to a spine device according to a result of the determining. Also disclosed herein are network apparatuses which include a processor and a memory, at least one of the processor or the memory being configured to perform some or all of the foregoing described methods.

公开(公告)号：US09825814B2

公开(公告)日：2017-11-21

申请号：US14809971

申请日：2015-07-27

Applicant: Cisco Technology, Inc.

Inventor： Joji Thomas Mekkattuparamban ,  Vijay Chander ,  Saurabh Jain ,  Van Lieu ,  Badhri Madabusi Vijayaraghavan ,  Praveen Jain ,  Munish Mehta ,  Michael R. Smith ,  Narender Enduri

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/12

CPC classification number: H04L41/0893 ,  H04L41/0886 ,  H04L61/15 ,  H04L61/6022 ,  H04L63/101 ,  H04L63/104

Abstract: Systems, methods, and computer-readable storage media are provided for dynamically setting an end point group for an end point. An endpoint can be assigned a default end point group when added to a network. For example, the default end point group can be a baseline port/security group which is considered an untrusted group. The end point can then be dynamically assigned an end point group based on a set of group selection rules. For example, the group selection rules can identify an end point group based on the MAC address or other attributes. When the end point is added to the network, the MAC address and/or other attributes of the end point can be determined and used to assign an end point group. As another example, an end point group can be assigned based on the amount of traffic or guest operation system.

公开(公告)号：US09461979B2

公开(公告)日：2016-10-04

申请号：US14051854

申请日：2013-10-11

Applicant: Cisco Technology, Inc.

Inventor： Norman W. Finn ,  Michael R. Smith

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L63/104

Abstract: A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.

公开(公告)号：US09438512B2

公开(公告)日：2016-09-06

申请号：US14851236

申请日：2015-09-11

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Nagaraj A. Bagepalli ,  Michael R. Smith ,  Navindra Yadav

IPC: H04L12/721 ,  H04L12/725 ,  H04L29/06

CPC classification number: H04L45/566 ,  H04L45/306 ,  H04L69/22

Abstract: Presented herein are techniques useful in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes through the respective network nodes. A network node receives packets encapsulated in a service header that includes information defining a first set of context headers stacked into an association of metadata that is relevant to one or more service functions within a service path comprised of one or more network nodes. The network node performs at least one of the service functions in the service path and rewrites the service header with a second set of context headers. The second set of context headers include metadata derived from performing the service function(s) at the network node.

Abstract translation: 这里呈现的是在网络中有用的技术，其包括多个网络节点，每个网络节点被配置为将一个或多个服务功能应用于通过各个网络节点的业务。 网络节点接收封装在服务头部中的分组，其包括定义堆叠成与由一个或多个网络节点组成的服务路径内的一个或多个服务功能相关的元数据关联的第一组上下文标题的信息。 网络节点执行服务路径中的至少一个服务功能，并用第二组上下文头重写服务头部。 第二组上下文报头包括从在网络节点处执行服务功能导出的元数据。