公开(公告)号：US20190238448A1

公开(公告)日：2019-08-01

申请号：US15880910

申请日：2018-01-26

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L12/721

Abstract: Seamless Bidirectional Forwarding Detection (S-BFD) discriminator-based return path determination is provided. In one embodiment, a method is provided that includes assigning a first discriminator associated with a first discriminator identifier and a second discriminator associated with a second discriminator identifier different from the first discriminator. The method also includes receiving an S-BFD control packet that includes one of the first discriminator identifier or the second discriminator identifier. The method includes determining whether the first discriminator identifier or the second discriminator identifier is included in the S-BFD control packet, and based on the determination, initiating an S-BFD reflector session to transmit a response along a return path determined based on whether the first discriminator identifier or the second discriminator identifier is included in the S-BFD control packet.

公开(公告)号：US20190222612A1

公开(公告)日：2019-07-18

申请号：US15870957

申请日：2018-01-14

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04L29/12

Abstract: In one embodiment, a system includes a first host computer including a host interface configured to receive traffic from a domain ingress node of a first domain, and processing machinery configured to instantiate worker nodes, instantiate a master node and a security gateway agent on the master node, instantiate a plurality of security clients on the worker nodes, wherein each worker node includes at least one security client, wherein each security client is configured to monitor at least part of the traffic being forwarded in the one worker node for malicious traffic, and report a first data item about the malicious traffic to the security gateway agent, and wherein the security gateway agent is configured to forward a second data item about the malicious traffic to a security server to determine at least one security policy to mitigate the malicious traffic, and to be enforced by a node.

公开(公告)号：US10333855B2

公开(公告)日：2019-06-25

申请号：US15491352

申请日：2017-04-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rajiv Asati

IPC: H04L29/08 ,  H04L12/841 ,  H04L29/06 ,  H04L12/851

Abstract: In some aspects, a method of the technology can include steps for sending a packet along a service function chain (SFC) to an egress node, the SFC comprising a plurality of service function forwarders (SFFs), wherein each SFF is associated with at least one service function (SF), and receiving the packet at a first SFF in the SFC, wherein the first SFF is associated with a first SF. In some aspects, the first SFF can also be configured to perform operations including: reading an option flag of the packet, and determining whether to forward the packet to the first based on the option flag. Systems and machine-readable media are also provided.

公开(公告)号：US10320664B2

公开(公告)日：2019-06-11

申请号：US15216334

申请日：2016-07-21

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Deepak Kumar

IPC: H04L12/723 ,  H04L12/46 ,  H04L12/715 ,  H04L12/24 ,  H04L29/08

Abstract: Systems, methods, and computer-readable media are provided for facilitating the implementation of an operations, administration, and management (OAM) protocol in a network overlay environment. In particular, aspects of the technology facilitating the transport of OAM communications across overlay environments of different types. Aspects of the technology can include steps for receiving a packet comprising an OAM payload, and encapsulating the packet with an OAM transport header, wherein the transport header is configured to be read by transit nodes of different overlay types.

公开(公告)号：US20190158398A1

公开(公告)日：2019-05-23

申请号：US16252036

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  James N. Guichard ,  Paul Quinn

IPC: H04L12/715 ,  H04L12/46

CPC classification number: H04L45/64 ,  H04L12/4633 ,  H04L12/4641

Abstract: An apparatus having logic elements to receive an incoming packet associated with a first service function chain; identify a next hop service function for the incoming packet as a non-reactive service function; create a duplicate packet; forward the duplicate packet to the non-reactive service function; and forward the incoming packet to a next reactive service function. An apparatus having logic to receive an incoming packet associated with a first service function chain (SFC), having a first service path identifier (SPI); determine that the incoming packet has a first service index (SI), and that a next-hop SI identifies a non-reactive service function (NRSF); receive a duplicate packet of the incoming packet; rewrite a service header of the duplicate packet to identify a second SFC having a second SPI; and alter the first SI of the incoming packet to identify a next reactive service function in the first SFC.

公开(公告)号：US20190149441A1

公开(公告)日：2019-05-16

申请号：US16247048

申请日：2019-01-14

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  James Guichard

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L43/0829 ,  H04L43/026 ,  H04L43/10 ,  H04L67/025 ,  H04L67/16

Abstract: Embodiments are directed to a service function configured to receive, from a service function forwarder, a data packet comprising a bit field to indicate that a packet drop is to be monitored; apply a policy for the data packet; determine that the data packet is to be dropped based on the policy; set a drop-propagate bit in a header of the data packet; and transmit the data packet to the service function forwarder. Embodiments are directed to a service function forwarder configured to receive a data packet from a service function, the data packet comprising a bit set to indicate that a packet drop is to be monitored; generate an Internet Control Message Protocol (ICMP) message, the ICMP message comprising a destination address for the ICMP message identified from the data packet; transmit the ICMP message to the destination address; and drop the data packet from the service function chain.

公开(公告)号：US10270690B2

公开(公告)日：2019-04-23

申请号：US15056483

申请日：2016-02-29

Applicant: Cisco Technology, Inc.

Inventor： Carlos Pignataro ,  Richard Furr ,  Nagendra Kumar Nainar ,  Joseph Michael Clarke

IPC: H04L12/741 ,  H04L12/26

Abstract: Presented herein are methods and systems that facilitate data plane signaling of a packet as a candidate for capture at various network nodes within an IPv6 network. The signaling occurs in-band, via the data plane—that is, a capture or interrogation signal is embedded within the respective packet (e.g., in the packet header) that carries a user traffic. The signaling is inserted, preferably when the packet is classified, e.g., at the ingress node of the network, to which subsequent network nodes with the IPv6 network are signaled to capture or further inspect the packet for capture.

公开(公告)号：US10237175B2

公开(公告)日：2019-03-19

申请号：US15409249

申请日：2017-01-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Carlos M. Pignataro ,  Clarence Filsfils ,  Nagendra Kumar Nainar

IPC: H04L12/28 ,  H04L12/723 ,  H04L12/721 ,  H04L12/803

Abstract: In one embodiment, a method includes receiving at an ingress node in a segment routing network, an entropy prefix segment identifier, generating a label stack comprising the entropy prefix segment identifier and an entropy label beneath the entropy prefix segment identifier, and transmitting a packet comprising the label stack using the entropy prefix segment identifier as a transport label and an entropy label identifier. An apparatus and logic are also disclosed herein.

公开(公告)号：US20190081882A1

公开(公告)日：2019-03-14

申请号：US16156734

申请日：2018-10-10

Applicant: Cisco Technology, Inc.

Inventor： Faisal Iqbal ,  Sagar Soni ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/751 ,  H04L12/723 ,  H04L12/803

CPC classification number: H04L45/02 ,  H04L45/306 ,  H04L45/50 ,  H04L47/125

Abstract: One embodiment is a method including creating at an ingress node of a communications network a request message identifying a hashing parameter for a network application, and including range of values for the identified hashing parameter to enable load balancing for packets associated with the network application; forwarding the created request message to a node associated with a next hop along a first path through the network between the ingress node and an egress node; and receiving a response message from the node associated with the next hop, wherein the response message includes load balancing information for the node associated with the next hop corresponding to the range of values for the identified hashing parameter.

公开(公告)号：US10218616B2

公开(公告)日：2019-02-26

申请号：US15216294

申请日：2016-07-21

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: H04L12/741 ,  H04L12/733 ,  H04L12/46 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for improving the reliability of service function (SF) application in a service function chain (SFC) are provided. In some aspects, the subject technology facilitates automatic service function type validation by a service function forwarder (SFF), for example, by using a probe configured query a function type of a SF module associated with the validating SFF.