公开(公告)号：US10686695B1

公开(公告)日：2020-06-16

申请号：US16296896

申请日：2019-03-08

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Pascal Thubert ,  Carlos M. Pignataro

IPC: H04L12/703 ,  H04L12/24 ,  H04L12/741 ,  H04L12/753 ,  H04L12/745

Abstract: The present disclosure provides a proactive method of prefix disaggregation in a network fabric when one or more communication failures are detected. In one aspect, a method includes determining, by a first node of a network fabric, a corresponding prefix disaggregation policy for at least one second node of the network fabric, the corresponding prefix disaggregation policy identifying one or more network prefixes that are inaccessible via the first node when at least one communication failure is detected in association with the first node; sending the corresponding prefix disaggregation policy to the second node; and causing the second node to implement the prefix disaggregation policy upon detecting the at least one communication failure.

公开(公告)号：US20200153856A1

公开(公告)日：2020-05-14

申请号：US16185168

申请日：2018-11-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Robert Edgar Barton ,  Jerome Henry ,  Muthurajah Sivabalan

IPC: H04L29/06 ,  H04L12/803

Abstract: First data indicative of information that a packet is part of a DDoS attack is received at a management network device. A DDoS remediation network device to be used for remediation of packets associated with the DDoS attack is determined from the first data. Second data, indicative of the DDoS attack and indicative of the DDoS remediation network device, is transmitted from the management network device to an edge network device. The second data is configured to cause the edge network device to route packets associated with the DDoS attack to the DDoS remediation network device.

公开(公告)号：US10581732B2

公开(公告)日：2020-03-03

申请号：US16259435

申请日：2019-01-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Faisal Iqbal

IPC: H04L1/00 ,  H04L12/723 ,  H04L12/911 ,  H04L12/721 ,  H04L12/701 ,  H04L12/751 ,  H04L12/703 ,  H03M13/47 ,  H04L12/733 ,  H04W12/10

Abstract: In one embodiment, a method includes generating a trace request at an initiator node configured for segment routing, the trace request comprising an FEC (Forwarding Equivalence Class) query corresponding to a label in an FEC stack with an unknown FEC, transmitting the trace request on a path with the unknown FEC, and receiving a response to the trace request, the response comprising FEC information including an identifier associated with a label and a forwarding path and representing a class or category of packets. An apparatus is also disclosed herein.

公开(公告)号：US20200057860A1

公开(公告)日：2020-02-20

申请号：US16105910

申请日：2018-08-20

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Ram Mohan Ravindranath ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: G06F21/62

Abstract: Disclosed herein is a distributed ledger method for a fifth-generation (5G) network. A network slice is created in the 5G network and a root block is generated in response, containing parameters of the network slice and contracts between participants in the network slice. A blockID of the root block is transmitted to identified participants in the network slice, who sequentially commit a plurality of new blocks to a blockchain beginning from the root block. The plurality of new blocks comprises auditing information of the network slice, wherein the information is collected by the participants in the network slice. The blockchain is stored in a blockchain network of a plurality of disparate blockchains. Desired auditing information for the network slice is retrieved by using the blockID of the root block to traverse the blockchain beginning at the root block until all blocks with the desired auditing information have been read.

公开(公告)号：US20200052982A1

公开(公告)日：2020-02-13

申请号：US16102395

申请日：2018-08-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rajiv Asati

IPC: H04L12/26 ,  G06F9/48 ,  G06F8/41

Abstract: The present technology is directed to a system and method for automatic triggering of relevant code segments corresponding to a sequence of code segments or function codes having a preferred execution order. The automatic triggering action is based on the snooping of a response generated from an execution of a previous code segment. Information with respect to the next code segment in the preferred execution order may be obtained by directing a network proxy, such as Envoy to snoop the Uniform Resource Identifier (URI) field of a response packet being forwarded to a client entity. In this way, a network proxy may preemptively spawn and instantiate the following function codes (pointed to by the snooped Uniform Resource Identifier) prior to receiving the corresponding client request. As such, by the time a client request for the subsequent function code is received the code ready for execution.

公开(公告)号：US20190394701A1

公开(公告)日：2019-12-26

申请号：US16188627

申请日：2018-11-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Pascal Thubert ,  Carlos M. Pignataro

IPC: H04W40/26 ,  H04L12/715 ,  H04L12/753 ,  H04L12/741 ,  H04L12/707 ,  H04W40/04 ,  H04W40/34

Abstract: In one embodiment, a method is performed. A fat tree route miner (FT-RM) entity may be used to establish a control plane session with a first spine node in communication with a network. The FT-RM entity may identify a prefix that is unreachable by the first spine node. The FT-RM entity may instruct a spine node to disaggregate the prefix.

公开(公告)号：US20190386921A1

公开(公告)日：2019-12-19

申请号：US16555149

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati ,  K. Tirumaleswar Reddy

IPC: H04L12/801 ,  H04L12/911 ,  H04L29/06 ,  H04L12/707 ,  H04L12/24

Abstract: In one embodiment, a device in a network receives in-situ operations administration and management (iOAM) data regarding a plurality of traffic flows in the network. The iOAM data comprises entropy values for the plurality of traffic flows. The device receives network topology information indicative of network paths available in the network. The device generates a machine learning-based entropy topology model for the network based on the received iOAM data and the received network topology information. The entropy topology model maps path selection predictions for the network paths with entropy values. The device uses the entropy topology model to cause a particular traffic flow to use a particular network path.

公开(公告)号：US20190327165A1

公开(公告)日：2019-10-24

申请号：US16458699

申请日：2019-07-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Reinaldo Penno ,  Paul Quinn ,  Carlos M. Pignataro

IPC: H04L12/26

Abstract: In one embodiment, a method includes receiving a trace request packet at a service node on a service chain, the trace request packet comprising a service index limit that remains constant for use in identifying at least one service node in the service chain to generate a trace report packet, and processing the trace request packet and determining whether to forward the trace request packet on the service chain or to generate the trace report packet based on a comparison of a service index to the service index limit in the trace request packet, wherein the trace report packet includes service function information of a plurality of service functions in the service chain, and the trace request packet is forwarded on the service chain according to a service path identifier and the service index.

公开(公告)号：US10454822B2

公开(公告)日：2019-10-22

申请号：US15661540

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/741 ,  H04L29/06 ,  H04L29/08

Abstract: In one embodiment, a device in a network identifies a packet to be sent to a destination in the network via a path using segment routing. The device determines a list of one or more unique identifiers for one or more of the nodes along the path. The device includes a segment routing header with the packet, the segment routing header comprising a set of segment identifiers and the list of one or more unique identifiers. The device sends the packet with the segment routing header towards the destination in the network. One or more receiving nodes that receive the packet use the set of segment identifiers to route the packet towards the destination and the list of one or more unique identifiers to notify the device when the packet was not sent to the destination via the path.

公开(公告)号：US10382480B2

公开(公告)日：2019-08-13

申请号：US15292503

申请日：2016-10-13

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Daniel G. Wing ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04W12/08 ,  H04W4/70

Abstract: Presented herein are techniques for remediating a distributed denial of service attack. A methodology includes, at a network device, such as a constrained resource Internet of Things (IoT) device, receiving from an authorization server cryptographic material sufficient to validate and decrypt tokens carried in packets, detecting a denial of service attack that employs packets containing invalid tokens, and in response to detecting the denial of service attack, signaling a remediation server for assistance to remediate the denial of service attack, and sending to the remediation server the cryptographic material over a secure communication channel such that the remediation server enables validation and decryption of tokens carried in packets, subsequent to detection of the denial of service attack, that are destined for the network device.