公开(公告)号：US20180278481A1

公开(公告)日：2018-09-27

申请号：US15470499

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hai Vu ,  Varun Malhotra ,  Sunil Gupta ,  Abhishek Singh ,  Navindra Yadav ,  Ali Parandehgheibi ,  Ravi Prasad ,  Praneeth Vallem ,  Paul Lesiak ,  Hoang Nguyen

IPC: H04L12/24 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L41/0893 ,  G06F8/61 ,  G06F17/30094 ,  G06F17/30194 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0856 ,  H04L67/06 ,  H04L67/1097

Abstract: The disclosed technology relates to a distributed policy store. A system is configured to locate, in an index, an entry for a network entity, determine, based on the entry, a file identifier for a file containing a record for the network entity and an offset indicating a location of the record in the file. The system is further configured to locate the file in a distributed file system using the file identifier, locate the record in the file using the offset, and retrieve the record.

公开(公告)号：US09979615B2

公开(公告)日：2018-05-22

申请号：US15135331

申请日：2016-04-21

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha ,  Hai Trong Vu ,  Michael Standish Watts ,  Jackson Ngoc Ki Pang ,  Navindra Yadav ,  Khawar Deen

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: In one embodiment, a monitoring device (or module) monitors messages exchanged between nodes in a communication network. The monitoring device further determines, based on time stamp data associated with each message, one or more latency distributions of paired response times between the nodes, and determines a node topology consistent with each of the one or more latency distributions of paired response times between the nodes. In some embodiments, the monitoring device also generates a graph of the node topology showing one or more communication links between the nodes, and annotates each communication link of the one or more communication links with at least one of a mean response time or a median response time based on at least one of the latency distributions.

公开(公告)号：US20180139132A1

公开(公告)日：2018-05-17

申请号：US15855703

申请日：2017-12-27

Applicant: Cisco Technology, Inc.

Inventor： Thomas James Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Kit Chiu Chu ,  Michael R. Smith ,  Sameer Merchant ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/741 ,  H04L12/933 ,  H04L12/721 ,  H04L12/46 ,  G06F9/455

Abstract: Disclosed herein are methods of forwarding packets on a network, such as a leaf-spine network having leaf devices and spine devices. The methods may include receiving a packet at an ingress leaf device, and determining based, at least in part, on a header of the packet whether the packet is to be transmitted to a spine device. The methods may further include ascertaining based, at least in part, on a header of the packet whether to perform encapsulation on the packet, encapsulating the packet according to a result of the ascertaining, and then transmitting the packet to a spine device according to a result of the determining. Also disclosed herein are network apparatuses which include a processor and a memory, at least one of the processor or the memory being configured to perform some or all of the foregoing described methods.

公开(公告)号：US09935851B2

公开(公告)日：2018-04-03

申请号：US15152293

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Ashutosh Kulshreshtha ,  Supreeth Hosur Nagesh Rao ,  Khawar Deen ,  Navindra Yadav

IPC: H04W4/00 ,  H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Systems, methods, and computer-readable media for determining sensor placement and topology. In some embodiments, a system can receive messages from sensors deployed around a network, each of the messages reporting a respective flow captured by a reporting sensor from the sensors. Next, the system can identify flows reported in the messages and, for each of the flows, generate a respective list of sensors that reported that flow. Based on the respective list of sensors, the system can infer a respective placement of the sensors within the network and a topology of the sensors. For example, the system can determine that a first sensor is deployed in a virtual machine, a second sensor is deployed in a hypervisor hosting the virtual machine, and a third sensor is deployed in a network device configured to route traffic associated with the hypervisor.

公开(公告)号：US20170339054A1

公开(公告)日：2017-11-23

申请号：US15660901

申请日：2017-07-26

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Sameer Merchant

IPC: H04L12/741 ,  H04L12/713

CPC classification number: H04L41/0806 ,  H04L41/0889 ,  H04L41/12 ,  H04L41/5048 ,  H04L41/5054 ,  H04L43/045 ,  H04L45/54 ,  H04L45/586 ,  H04L45/7453 ,  H04L47/125 ,  H04L47/21

Abstract: Systems, methods, and non-transitory computer-readable storage media for forwarding tables for virtual networking devices. The system first identifies local virtual machines hosted on a local host connected to the system, the system having virtual tunneling capabilities. The system then generates a forwarding table for the system. Next, the system populates the forwarding table with local entries including bindings for the local virtual machines hosted on the local host and adds a default route in the forwarding table pointing to a default forwarder function, wherein the default route is configured to handle all non-local traffic relative to the system and the local host.

公开(公告)号：US20170250912A1

公开(公告)日：2017-08-31

申请号：US15596613

申请日：2017-05-16

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/741 ,  H04L12/755 ,  H04L12/46

Abstract: Aspects of the subject technology relate to solutions for transporting network traffic over an overlay network. A first tunnel endpoint in an overlay network can receive an encapsulated packet from a second tunnel endpoint. The encapsulated packet may have been encapsulated at the second tunnel endpoint based on another packet originating from a source host that is associated with the second tunnel endpoint. The encapsulated packet can include a source host address for the source host and a source tunnel endpoint address for the second tunnel endpoint. The first tunnel endpoint can then update a lookup table based on an association between the source host address and the source tunnel endpoint address.

公开(公告)号：US09733973B2

公开(公告)日：2017-08-15

申请号：US14855811

申请日：2015-09-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit C. Prasad ,  Shashidhar R. Gandham ,  Navindra Yadav ,  Khawar Deen ,  Shih-Chun Chang ,  Ashutosh Kulshreshtha ,  Anubhav Gupta

IPC: G06F9/455 ,  H04L12/26

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L43/12

Abstract: A virtualized computing system including software sensors captures network data from one or more traffic flows the sensors. The captured network data from a given sensor indicates one or more traffic flows detected by the given sensor. The received captured network data is analyzed to identify, for each respective sensor, a first group of sensors, a second group of sensors, and a third group of sensors. All traffic flows observed by the first group of sensors are also observed by the second group of sensors. All traffic flows observed by the second group of sensors are also observed by the third group of sensors. A location of each respective sensor relative to other sensors within the virtualized computing system is determined based upon whether the respective sensor belongs to the first group of sensors, the second group of sensors, or the third group of sensors.

公开(公告)号：US09667551B2

公开(公告)日：2017-05-30

申请号：US14532787

申请日：2014-11-04

Applicant: Cisco Technology, Inc.

Inventor： Thomas J. Edsall ,  Navindra Yadav ,  Kit Chiu Chu

IPC: H04L12/813 ,  H04L12/46 ,  H04L12/741 ,  H04L12/823 ,  H04L12/863 ,  H04L12/24 ,  H04L29/06 ,  H04L12/743

CPC classification number: H04L47/20 ,  H04L12/4645 ,  H04L41/0893 ,  H04L45/74 ,  H04L45/7457 ,  H04L47/32 ,  H04L47/62 ,  H04L63/10 ,  H04L63/164 ,  H04L63/20

Abstract: Systems, methods, and non-transitory computer-readable storage media for implementing a policy enforcement proxy are disclosed. A data packet associated with a source endpoint group and a destination endpoint group is received at a network device. The network device performs a policy lookup based on the source endpoint group and the destination endpoint group. The network device determines that the policy is not available and in response, modifies the data packet and forwards it to a policy enforcement proxy.

公开(公告)号：US09654409B2

公开(公告)日：2017-05-16

申请号：US14475349

申请日：2014-09-02

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Satyam Sinha ,  Thomas J. Edsall ,  Mohammadreza Alizadeh Attar ,  Kit Chiu Chu

IPC: H04L12/863 ,  H04L12/937 ,  H04L29/08 ,  H04L12/875 ,  H04L12/06 ,  H04L12/743 ,  H04L12/947 ,  H04L12/741 ,  H04L29/12 ,  H04L12/803 ,  H04L29/06

CPC classification number: H04L47/50 ,  H04L45/74 ,  H04L45/7453 ,  H04L47/125 ,  H04L47/56 ,  H04L49/25 ,  H04L49/254 ,  H04L61/103 ,  H04L61/2084 ,  H04L61/6004 ,  H04L61/6095 ,  H04L67/22 ,  H04L67/322 ,  H04L69/167 ,  H04L69/22

Abstract: Various examples of the present disclosure provide methods for unifying various types of end-point identifiers, such as IPv4 (e.g., Internet protocol version 4 represented by a VRF and an IPv4 address), IPv6 (e.g., Internet protocol version 6 represented by a VRF and an IPv6 address) and L2 (e.g., Layer-2 represented by a bridge domain (BD) and a media access control (MAC) address), by mapping end-point identifiers to a uniform space (e.g., a synthetic IPv4 address and a synthetic VRF) and allowing different forms of lookups to be uniformly handled. In some examples, a lookup database residing on a switch device can be sharded into a plurality of lookup table subsets, each of which resides on a different one of multiple switch chipsets (e.g., Tridents) in the switch device.

公开(公告)号：US20160359915A1

公开(公告)日：2016-12-08

申请号：US15133155

申请日：2016-04-19

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L43/04

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

Abstract translation: 网络可以通过定义和实施一组网络策略来实现合规性，以保护受保护的电子信息。 该网络可以使用提供多个视角的传感器网络来监控网络数据，主机/端点数据，过程数据和流量的用户数据。 传感器网络可以包括用于网络设备，物理服务器，虚拟机管理程序或共享内核，虚拟分区和其他网络组件的传感器。 网络可以分析网络数据，主机/端点数据，过程数据和用户数据，以确定流量策略。 网络可以基于策略来确定预期的网络动作，例如允许流量，拒绝流量，为服务质量（QoS）配置流量，或者沿特定路由重定向流量。 网络可以根据预期的网络动作和实际的网络动作来更新策略数据。 政策数据可以用于遵守。