公开(公告)号：US09866383B2

公开(公告)日：2018-01-09

申请号：US14925033

申请日：2015-10-28

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing

IPC: H04L9/32 ,  H04L9/30 ,  H04W12/04

CPC classification number: H04L9/3066 ,  H04L9/30 ,  H04L9/3213 ,  H04L9/3247 ,  H04L12/1822 ,  H04L63/06 ,  H04L63/068 ,  H04L63/126 ,  H04L65/403 ,  H04L65/608 ,  H04W12/04

Abstract: In one embodiment, a device in a network establishes a trust relationship between the device and a key management service. The device receives keying information from the key management service based on the established trust relationship. The device applies a digital signature to media data for a conference using the keying information, whereby the device is designated as a speaker of the conference. The device provides the signed media data to one or more conference participant devices. The one or more conference participant devices use the signed media data to validate that the media data was signed by the designated speaker of the conference.

公开(公告)号：US20170331780A1

公开(公告)日：2017-11-16

申请号：US15152841

申请日：2016-05-12

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/851

CPC classification number: H04L47/2483 ,  H04L45/306 ,  H04L45/66 ,  H04L61/1511 ,  H04L61/6009 ,  H04L61/6013 ,  H04L67/02 ,  H04L69/16

Abstract: An optimized approach to whitelisting includes, at a domain name service server, determining whether a first domain and a second domain resolve to a same Internet Protocol (IP) address, and in response to a request from a domain name service proxy as to whether the first domain resolves to an IP address shared by another domain, notifying the domain name service proxy that the first domain resolves to an IP address shared by another domain. The method further includes the domain name service proxy receiving from the domain name service server a response that indicates that the first domain resolves to an IP address shared by another domain, and storing, in memory, the IP address and an indication that the IP address is shared by another domain. A data flow associated with a shared IP address is subjected to further scrutiny even if the IP address is on a whitelist.

公开(公告)号：US20170195133A1

公开(公告)日：2017-07-06

申请号：US14989132

申请日：2016-01-06

Applicant: Cisco Technology, Inc.

Inventor： Gonzalo Salgueiro ,  Prashanth Patil ,  K. Tirumaleswar Reddy ,  Carlos M. Pignataro

IPC: H04L12/46 ,  H04L12/741 ,  H04L12/751

CPC classification number: H04L12/4633 ,  H04L45/02 ,  H04L45/74 ,  H04L67/146 ,  H04L67/16

Abstract: A classifier node in a service function chaining system receives a media stream from an endpoint device. The media stream is associated with a media session between the endpoint and at least one other endpoint. The classifier node determines a service function path for the media stream. The service function path includes an ordered list of service functions to process the media stream. The classifier node determines a session identifier for the media stream and encapsulates the media stream with a Network Service Header. The Network Service Header includes an indication of the service function path and a metadata header with the session identifier.

公开(公告)号：US20160352628A1

公开(公告)日：2016-12-01

申请号：US14724635

申请日：2015-05-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  Ram Mohan Ravindranath ,  William C. VerSteeg ,  Charles U. Eckel

IPC: H04L12/721

CPC classification number: H04L45/38 ,  H04L12/4633 ,  H04L45/302

Abstract: A computer-implemented method includes sending a first request message to a first server associated with a first access network indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic, receiving a first response message from the first server indicative of whether the first server is configured to support prioritization of tunneled traffic, establishing one or more first tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, sending first flow characteristics and a first tunnel identifier to the first server; and receiving the first flow characteristics for each first tunnel from the first server at a first network controller. The first network controller is configured to apply a quality of service policy within the first access network for each tunnel in accordance with the flow characteristics.

Abstract translation: 计算机实现的方法包括向与第一接入网络相关联的第一服务器发送指示对第一服务器是否被配置为支持隧道通信的优先级的指示的请求的第一请求消息，从第一接入网络接收第一响应消息 服务器，其指示第一服务器是否被配置为支持隧道传输的流量的优先级，当第一响应消息指示第一服务器被配置为支持隧道传输的流量的优先级时，建立与安全服务的一个或多个第一隧道，发送第一流特性 以及到所述第一服务器的第一隧道标识符; 以及在第一网络控制器处从第一服务器接收针对每个第一隧道的第一流特性。 第一网络控制器被配置为根据流量特性为每个隧道在第一接入网络内应用服务质量策略。

公开(公告)号：US20160013985A1

公开(公告)日：2016-01-14

申请号：US14328421

申请日：2014-07-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  William C. VerSteeg ,  Christopher Wild

IPC: H04L12/24 ,  H04L12/825 ,  H04L29/06

CPC classification number: H04L41/0896 ,  H04L41/18 ,  H04L41/5003 ,  H04L43/10 ,  H04L47/25 ,  H04L63/0807 ,  H04L63/0892 ,  H04L67/42

Abstract: An example method for facilitating on-demand bandwidth provisioning in a network environment is provided and includes receiving a request from a client at a first network for accommodating flow characteristics at a second network that is associated with executing an application at the first network, determining that the request cannot be fulfilled with available network resources allocated to the client by the second network, advising the client of additional cost for accommodating the flow characteristics, and authorizing additional network resources in the second network to accommodate the flow characteristics after receiving notification from the client of payment of the additional cost.

Abstract translation: 提供了一种用于促进网络环境中的按需带宽供应的示例性方法，并且包括从第一网络的客户端接收请求，以便在与在第一网络处执行应用相关联的第二网络处容纳流特性， 该请求无法通过第二网络分配给客户端的可用网络资源来满足，向客户端通知用于适应流量特性的额外成本，以及授权第二网络中的附加网络资源以在从客户端接收到通知之后适应流量特性 支付额外费用。

公开(公告)号：US11711336B2

公开(公告)日：2023-07-25

申请号：US17466370

申请日：2021-09-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  David McGrew ,  Blake Harrell Anderson ,  Daniel G. Wing

IPC: H04L61/4511 ,  H04L9/40 ,  H04L61/4541 ,  H04L67/61 ,  H04L69/22 ,  H04L47/2425

CPC classification number: H04L61/4511 ,  H04L61/4541 ,  H04L63/0428 ,  H04L67/61 ,  H04L47/2433 ,  H04L69/22

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

公开(公告)号：US20230146962A1

公开(公告)日：2023-05-11

申请号：US18096143

申请日：2023-01-12

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1458 ,  H04L63/1425 ,  G06N20/00 ,  H04L2463/144

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US20190386921A1

公开(公告)日：2019-12-19

申请号：US16555149

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati ,  K. Tirumaleswar Reddy

IPC: H04L12/801 ,  H04L12/911 ,  H04L29/06 ,  H04L12/707 ,  H04L12/24

Abstract: In one embodiment, a device in a network receives in-situ operations administration and management (iOAM) data regarding a plurality of traffic flows in the network. The iOAM data comprises entropy values for the plurality of traffic flows. The device receives network topology information indicative of network paths available in the network. The device generates a machine learning-based entropy topology model for the network based on the received iOAM data and the received network topology information. The entropy topology model maps path selection predictions for the network paths with entropy values. The device uses the entropy topology model to cause a particular traffic flow to use a particular network path.

公开(公告)号：US20190288945A1

公开(公告)日：2019-09-19

申请号：US16434523

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L12/801 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851 ,  H04L12/911

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

公开(公告)号：US20190014124A1

公开(公告)日：2019-01-10

申请号：US15644982

申请日：2017-07-10

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro ,  Puneeth Rao Lokapalli ,  Judith Ying Priest

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/108 ,  H04L9/3236 ,  H04L41/5019 ,  H04L41/5051 ,  H04L41/5096 ,  H04L63/1458 ,  H04L63/164 ,  H04L63/20 ,  H04L67/125 ,  H04L2209/20 ,  H04L2209/38 ,  H04L2209/56

Abstract: Managing policies for a chain of administrative domains, from end-to-end, includes receiving, at a network device associated with an administrative domain that is part of a chain of administrative domains provisioning an Internet-based application or an Internet-based service to a network, a root block for a blockchain. The root block is generated by a network device in the network and includes a request for a specific network parameter over a specific time period. The network device associated with the administrative domain appends a first block to the blockchain including the root block to accept the request and configures the administrative domain in accordance with the specific network parameter when an end-to-end path in the chain of administrative domains accepts the request. The network device associated with the administrative domain also generates blockchain transactions that append network status updates to the blockchain during the specific time period.