公开(公告)号：US20150358850A1

公开(公告)日：2015-12-10

申请号：US14300865

申请日：2014-06-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Humberto J. La Roche, JR. ,  Hendrikus G.P. Bosch ,  James N. Guichard ,  Paul Quinn ,  Surendra M. Kumar ,  Kevin D. Shatzkamer

IPC: H04W28/02 ,  H04L12/721 ,  H04L12/851 ,  H04L12/46

CPC classification number: H04W28/0215 ,  H04L12/4633 ,  H04L45/306 ,  H04L45/38

Abstract: A method provided in one embodiment includes receiving, at a first network element, a first data packet of a data flow, wherein the data flow is associated with a subscriber. The method further includes receiving subscriber information associated with the subscriber, and encapsulating the subscriber information with the first data packet to form an encapsulated data packet. The method still further includes determining a service chain including one or more services to which the encapsulated data packet is to be forwarded, and forwarding the encapsulated data packet to the service chain.

Abstract translation: 在一个实施例中提供的方法包括在第一网络元件处接收数据流的第一数据分组，其中所述数据流与订户相关联。 该方法还包括接收与用户相关联的用户信息，以及用第一数据分组封装用户信息以形成封装的数据分组。 该方法还包括确定包括一个或多个服务的服务链，封装的数据分组将被转发到该服务链上，并将封装的数据分组转发到服务链。

公开(公告)号：US20150295831A1

公开(公告)日：2015-10-15

申请号：US14249636

申请日：2014-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Paul Quinn ,  James N. Guichard ,  Michael R. Smith

IPC: H04L12/803 ,  H04L12/851

CPC classification number: H04L47/125 ,  H04L12/28 ,  H04L12/56 ,  H04L47/2483 ,  H04L61/2514

Abstract: An example method for network address translation (NAT) offload to network infrastructure for service chains in a network environment is provided and includes receiving a packet at a network infrastructure in a network comprising a plurality of service nodes interconnected through the network infrastructure, each service node executing at least one service function, identifying the packet as belonging to a first flow based on a cookie in a network service header of the packet that indicates a service chain that includes a sequence of service functions to be executed on the packet at the service nodes, determining that a service function in the service chain is to be offloaded from one of the service nodes to the network infrastructure for subsequent packets of the first flow, and executing the offloaded service function at the network infrastructure for subsequent packets of the first flow.

Abstract translation: 提供了一种用于网络地址转换（NAT）卸载到网络环境中的服务链的网络基础设施的示例性方法，并且包括在网络中的网络基础设施处接收包括通过网络基础设施互连的多个服务节点的分组，每个服务节点 执行至少一个服务功能，基于所述分组的网络服务报头中的cookie来将分组标识为属于第一流的分组，其指示服务链，所述服务链包括将在所述服务节点处对所述分组执行的服务功能序列 确定所述服务链中的服务功能将从所述服务节点之一卸载到所述网络基础设施以用于所述第一流的后续分组，以及在所述网络基础设施处执行所述卸载的服务功能以用于所述第一流的后续分组。

公开(公告)号：US20150271204A1

公开(公告)日：2015-09-24

申请号：US14520118

申请日：2014-10-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

公开(公告)号：US10084703B2

公开(公告)日：2018-09-25

申请号：US15143253

申请日：2016-04-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Hendrikus G. P. Bosch ,  Kent K. Leung ,  Abhijit Patra

IPC: H04L12/741 ,  H04L12/935 ,  H04L12/743 ,  H04L12/701

CPC classification number: H04L45/74 ,  H04L45/00 ,  H04L45/7453 ,  H04L49/3009

Abstract: A method is provided in one example embodiment and includes receiving at a network element a packet including a Network Services Header (“NSH”), in which the NSH includes an Infrastructure (“I”) flag and a service path header comprising a Service Index (“SI”), and a Service Path ID (“SPI”) and determining whether the I flag is set to a first value. The method further includes, if the I flag is set to the first value, setting the I flag to a second value and forwarding the packet to the service function that corresponds to the SI for processing. The method still further includes, if the I flag is not set to the first value, decrementing the SI and making a forwarding decision based on a new value of the SI and the SPI.

公开(公告)号：US10063468B2

公开(公告)日：2018-08-28

申请号：US14997212

申请日：2016-01-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco

IPC: H04L12/50 ,  H04L12/721 ,  H04L12/741

CPC classification number: H04L45/38 ,  H04L45/745

Abstract: Particular embodiments described herein provide for a communication system that can be configured for receiving, at a network element, a flow offload decision for a first service node. The flow offload decision can include a portion of a service chain for processing a flow and updating next hop flow based routing information for the flow. A next hop in the flow can insert flow specific route information in its routing tables to bypass a packet forwarder serving the service that offloaded the flow in the reverse direction.

公开(公告)号：US20180027101A1

公开(公告)日：2018-01-25

申请号：US15711768

申请日：2017-09-21

Applicant: Cisco Technology, Inc.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/725 ,  H04L12/713

CPC classification number: H04L69/22 ,  H04L12/4641 ,  H04L45/302 ,  H04L45/586

Abstract: An example method for distributed service chaining is provided and includes receiving a packet belonging to a service chain in a distributed virtual switch (DVS) network environment, the packet includes a network service header (NSH) indicating a service path identifier identifying the service chain. The packet is provided to a virtual Ethernet module (VEM) connected to an agentless service node (SN) providing an edge service such as a server load balancer (SLB). The VEM associates a service path identifier corresponding to the service chain with a local identifier such as a virtual local area network (VLAN). The agentless SN returns the packet to the VEM for forwarding on the VLAN. Because the VLAN corresponds exactly to the service path and service chain, the packet is forwarded directly to the next node in the service chain. This can enable agentless SNs to efficiently provide a service chain for network traffic.

公开(公告)号：US20170310611A1

公开(公告)日：2017-10-26

申请号：US15347349

申请日：2016-11-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Jeffrey Napper ,  Prashant Patadayya Hiremath ,  Vandana Saha

IPC: H04L12/931 ,  H04L12/947 ,  H04L12/813

CPC classification number: H04L69/00 ,  H04L67/2842

Abstract: In one embodiment, a method includes creating a catalog of service function (“SF”) profiles, wherein each of the profiles is associated with an SF and indicates a type of the associated SF; storing the catalog of SF profiles in a memory device of a service controller associated with the DVS; creating a service profile group template (“SPGT”) that includes at least one SF profile from the catalog of SF profiles, wherein the SPGT includes a service chain definition identifying at least one service chain comprising the SF associated with the at least one SF profile to be executed in connection with a service path and at least one policy for classifying traffic to the at least one service chain; deploying a first SPG instance based on the SPGT; and deploying an additional SPG instance based on the SPGT in accordance with a scaling policy included in the SPGT.

公开(公告)号：US20170208011A1

公开(公告)日：2017-07-20

申请号：US15171892

申请日：2016-06-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G.P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Sape Jurriën Mullender ,  Surendra M. Kumar ,  Louis Gwyn Samuel ,  Bart A. Brinckman ,  Aeneas Sean Dodd-Noble ,  Luca Martini

IPC: H04L12/825 ,  H04L12/26 ,  H04L12/801

CPC classification number: H04L47/25 ,  H04L41/0896 ,  H04L45/64 ,  H04L47/29

Abstract: An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (Gi-LAN), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more Gi-LAN services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more Gi-LAN services.

公开(公告)号：US09559970B2

公开(公告)日：2017-01-31

申请号：US15055691

申请日：2016-02-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Nagaraj A. Bagepalli ,  Dileep K. Devireddy ,  Abhijit Patra

IPC: H04L12/859 ,  H04L12/721 ,  H04L12/801 ,  H04L12/54 ,  H04L12/26 ,  H04L12/753 ,  H04L12/715

CPC classification number: H04L47/2475 ,  H04L12/56 ,  H04L43/026 ,  H04L45/12 ,  H04L45/38 ,  H04L45/48 ,  H04L45/64 ,  H04L47/12 ,  H04L47/17

Abstract: A method is provided in one embodiment and includes receiving at a network element a flow offload decision for a first service node that includes a portion of a service chain for processing a flow; recording the flow offload decision against the first service node at the network element; and propagating the flow offload decision backward on a service path to which the flow belongs if the first service node is hosted at the network element. Embodiments may also include propagating the flow offload decision backward on a service path to which the flow belongs if the flow offload decision is a propagated flow offload decision and the network element hosts a second service node that immediately precedes the service node on behalf of which the propagated flow offload decision was received and a flow offload decision has already been received by the network element from the second service node.

Abstract translation: 在一个实施例中提供了一种方法，并且包括在网络元件处接收包括用于处理流的服务链的一部分的第一服务节点的流卸载决定; 记录网元上的第一服务节点的流量卸载决定; 并且如果第一服务节点驻留在网络元件处，则在流所属的服务路径上向后传播流卸载决策。 实施例还可以包括：如果流卸载决定是传播的流卸载决定，并且网络主机驻留在服务节点之前的第二服务节点，则在流所属的服务路径上向后传播流卸载决策， 接收到传播流卸载决定，网元从第二服务节点已经接收到流卸载决定。

公开(公告)号：US09479534B2

公开(公告)日：2016-10-25

申请号：US14522064

申请日：2014-10-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

Abstract translation: 在一个实施例中，提供了一种用于实现网络之间的带内数据交换的方法。 该方法可以包括通过位于第一网络中的第一包络代理接收在客户端和服务器之间建立的SSL会话的至少一个常规安全套接字层（SSL）记录; 从位于所述第一网络中的网元接收所述数据; 将数据编码成至少一个自定义SSL记录; 以及将所述至少一个常规SSL记录和所述至少一个定制SSL记录发送到包络代理。 在另一个实施例中，一种方法可以包括：在客户端和服务器之间建立的SSL会话接收至少一个常规安全套接字层（SSL）记录和至少一个定制SSL记录; 从至少一个自定义SSL提取数据; 发送所述至少一个常规SSL记录。