公开(公告)号：US20150124822A1

公开(公告)日：2015-05-07

申请号：US14477791

申请日：2014-09-04

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/741 ,  H04L29/06 ,  H04L12/751

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: Systems, methods, and non-transitory computer-readable storage media for managing routing information in overlay networks. A first tunnel endpoint in an overlay network may receive an encapsulated packet from a second tunnel endpoint. The encapsulated packet may have been encapsulated at the second tunnel endpoint based on another packet originating from a source host that is associated with the second tunnel endpoint. The encapsulated packet can include a source host address for the source host and a source tunnel endpoint address for the second tunnel endpoint. The first tunnel endpoint can then update a lookup table based on an association between the source host address and the source tunnel endpoint address.

Abstract translation: 用于在覆盖网络中管理路由信息的系统，方法和非暂时计算机可读存储介质。 覆盖网络中的第一隧道端点可以从第二隧道端点接收封装的分组。 基于来自与第二隧道端点相关联的源主机的另一分组，封装的分组可能已经在第二隧道端点被封装。 封装的分组可以包括源主机的源主机地址和第二隧道端点的源隧道端点地址。 然后，第一个隧道端点可以基于源主机地址和源隧道端点地址之间的关联来更新查找表。

公开(公告)号：US20150124820A1

公开(公告)日：2015-05-07

申请号：US14472148

申请日：2014-08-28

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Satyam Sinha ,  Thomas J. Edsall ,  Kit Chiu Chu

IPC: H04L12/743 ,  H04L12/947

CPC classification number: H04L47/50 ,  H04L45/74 ,  H04L45/7453 ,  H04L47/125 ,  H04L47/56 ,  H04L49/25 ,  H04L49/254 ,  H04L61/103 ,  H04L61/2084 ,  H04L61/6004 ,  H04L61/6095 ,  H04L67/22 ,  H04L67/322 ,  H04L69/167 ,  H04L69/22

Abstract: Various embodiments of the present disclosure provide methods for randomly mapping entries in a suitable lookup table across multiple switch devices and/or multiple switch chipsets in each of the multiple switch devices by using two or more independent hash functions. In some embodiments, the number of entries in the lookup table is equal to be the least common multiple of all possible M (i.e., a number of switch devices) choosing R values (i.e., a desired redundancy level).

Abstract translation: 本公开的各种实施例提供了通过使用两个或多个独立散列函数在多个交换设备中的多个交换设备和/或多个交换机设备中的多个交换机芯片组中随机映射合适的查找表中的条目的方法。 在一些实施例中，查找表中的条目数量等于选择R值的所有可能的M（即，多个交换设备）的最小公倍数（即，期望的冗余级别）。

公开(公告)号：US20140334488A1

公开(公告)日：2014-11-13

申请号：US13891245

申请日：2013-05-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Navindra Yadav ,  Michael R. Smith ,  Nagaraj A. Bagepalli

IPC: H04L12/851

CPC classification number: H04L45/306 ,  H04L41/0893 ,  H04L47/2441 ,  H04L69/22

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

Abstract translation: 提供了技术来将服务链结构与底层网络转发状态分离，并允许服务链转发要求的数据平面学习和服务功能状态要求与服务链的前向和后向转发路径之间的任何关联。 在包括多个网络节点的网络中，每个网络节点被配置为对通过相应网络节点的业务应用服务功能，在网络节点处接收分组。 当网络节点确定其应用的服务功能是有状态时，它更新分组的网络服务报头中的上下文信息，以指示在网络节点处应用的服务功能是有状态的，并且用于与分类标准匹配的反向路径的业务 将被返回到网络节点。

公开(公告)号：US12278746B2

公开(公告)日：2025-04-15

申请号：US18470406

申请日：2023-09-19

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  H04L67/50

Abstract: Systems, methods, and computer-readable media for updating configurations in sensors deployed in multi-layer virtualized environments. In some examples, a system can track information of sensors and collectors in the network. In response to determining that a specific collector becomes unavailable (e.g., the specific collector is down, offline or becomes unsupported), the system can determine affected sensors corresponding to the specific collector, determine a new collector among active collectors of the network for each of the affected sensors, and dynamically update configuration and settings of the affected sensors to maintain proper collector-to-sensor mappings and other settings on the affected sensors.

公开(公告)号：US20250080436A1

公开(公告)日：2025-03-06

申请号：US18949393

申请日：2024-11-15

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/50 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18

Abstract: This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

公开(公告)号：US20240380680A1

公开(公告)日：2024-11-14

申请号：US18429022

申请日：2024-01-31

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/50 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

公开(公告)号：US20240348625A1

公开(公告)日：2024-10-17

申请号：US18751871

申请日：2024-06-24

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425 ,  H04L43/062

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US12039031B2

公开(公告)日：2024-07-16

申请号：US17023035

申请日：2020-09-16

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha ,  Andy Sloane ,  Hiral Shashikant Patel ,  Uday Krishnaswamy Chettiar ,  Oliver Kempe ,  Bharathwaj Sankara Viswanathan ,  Navindra Yadav

IPC: G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/57 ,  G06N20/00

CPC classification number: G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/577 ,  G06N20/00

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

公开(公告)号：US20240205118A1

公开(公告)日：2024-06-20

申请号：US18593403

申请日：2024-03-01

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/50 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/556 ,  G06F21/566 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L7/10 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

公开(公告)号：US11924240B2

公开(公告)日：2024-03-05

申请号：US17105409

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Shashi Gandham ,  Navindra Yadav ,  Janardhanan Radhakrishnan ,  Hoang-Nam Nguyen ,  Umesh Paul Mahindra ,  Sunil Gupta ,  Praneeth Vallem ,  Supreeth Rao ,  Darshan Shrinath Purandare ,  Xuan Zou ,  Joseph Daniel Beshay ,  Jothi Prakash Prabakaran

IPC: H04L9/40 ,  G06F9/455 ,  G06F21/53 ,  H04L41/08 ,  H04L41/14 ,  H04L43/028

CPC classification number: H04L63/1433 ,  G06F9/45558 ,  G06F21/53 ,  H04L41/0886 ,  H04L41/145 ,  H04L43/028 ,  H04L63/1425 ,  H04L63/1458 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Aspects of the subject technology relate to a system configured to receive a set of network snapshot segments from an output stream of a stream processing service, compile the set of network snapshot segments from the set of messages into a first network snapshot and a second network snapshot, and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot.