公开(公告)号：US20220116354A1

公开(公告)日：2022-04-14

申请号：US17492214

申请日：2021-10-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jonas Zaddach ,  Patrick Wetterwald

IPC: H04L29/12 ,  H04L12/751 ,  H04L29/06

Abstract: Systems and methods may include sending, to a network registrar, a first message including a first nonce generated by a host computing device, and receiving, from the network registrar, a second message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PKI) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.

公开(公告)号：US11283831B2

公开(公告)日：2022-03-22

申请号：US16421858

申请日：2019-05-24

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Eliot Lear ,  Brian E. Weis

IPC: H04L29/06 ,  H04L29/12 ,  H04L61/4511 ,  H04L61/5014 ,  H04L61/103

Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.

公开(公告)号：US11271774B2

公开(公告)日：2022-03-08

申请号：US16747157

申请日：2020-01-20

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Michel Levy-Abegnoli

IPC: H04L12/44 ,  H04L12/18 ,  H04L12/28 ,  H04L12/46 ,  H04L12/64 ,  H04L12/751 ,  H04L12/721 ,  H04L29/06 ,  H04L69/14 ,  H04L45/02 ,  H04L45/00

Abstract: In one embodiment, a method comprises identifying a fat tree network topology comprising top-of-fabric (ToF) switching devices, an intermediate layer of intermediate switching devices connected to each of the ToF switching devices, and a layer of leaf network devices; and causing a first leaf network device to initiate establishment of first and second redundant multicast trees for multicasting of data packets, including: causing first and second ToF switching devices to operate as roots of the first and second multicast trees according to first and second attribute types, respectively, causing the first leaf network device to select first and second of the intermediate switching devices as first and second flooding relays belonging to the first and second attribute types, respectively, and causing the first and second flooding relays to limit propagation of registration messages generated by the first leaf network device to the first and second ToF switching devices, respectively.

公开(公告)号：US20220070156A1

公开(公告)日：2022-03-03

申请号：US17004368

申请日：2020-08-27

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Jonas Zaddach ,  Eric Levy-Abegnoli

IPC: H04L29/06 ,  H04L29/08

Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.

公开(公告)号：US11245738B2

公开(公告)日：2022-02-08

申请号：US17074955

申请日：2020-10-20

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Xiaoqing Zhu ,  Giovanna Carofiglio

IPC: G06F15/16 ,  H04L29/06

Abstract: Embodiments include technologies for creating a manifest for a conferencing event in a network, adding a name tag identifying the conferencing event to the manifest, receiving an interest packet including one or more parameters indicating a named flow being produced at a source node, adding content metadata of the named flow to the manifest, and sending the manifest to the source node. Further embodiments include adding, to the manifest, session-level metadata associated with a user of the source node. Embodiments include receiving a second interest packet with one or more second parameters identifying a user of a client node, where the second interest packet indicates a request to authorize the user of the client node to subscribe to the conferencing event. In further embodiments, session-level metadata associated with the user is added to the manifest if the user is authorized to subscribe to the conferencing event.

公开(公告)号：US11178788B2

公开(公告)日：2021-11-16

申请号：US16514587

申请日：2019-07-17

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Charles Calvin Byers

IPC: H05K7/20 ,  H05K7/16 ,  G06F1/26 ,  G06F1/3209 ,  H05K7/14 ,  H01R13/193 ,  G02B6/42 ,  H01R43/26 ,  G01J1/44 ,  H04Q11/00 ,  H04L12/933 ,  H04B10/60 ,  H04B10/50

Abstract: A cooling system for a networking device may be provided. The networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A plurality of cooling passages may be configured to supply a coolant to the apparatus and to exhaust the coolant from the apparatus. The coolant may pass through the first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars.

公开(公告)号：US11096196B2

公开(公告)日：2021-08-17

申请号：US16575672

申请日：2019-09-19

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Maik Guenter Seewald ,  Pascal Thubert ,  Jerome Henry

IPC: H04W84/12 ,  H04W72/12

Abstract: Time Sensitive Networking (TSN) in wireless environments may be provided. First, a Radio Frequency (RF) profile associated with a station may be received by a computing device. Next, a number of Transmit Opportunities (TxOPs) to use for transmitting data between an Access Point (AP) and the station based on the received RF profile may be determined. The determined number of TxOPs may then be provided to a wireless controller associated with the AP.

公开(公告)号：US11089560B2

公开(公告)日：2021-08-10

申请号：US16511321

申请日：2019-07-15

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Jean-Philippe Vasseur ,  Eric Michel Levy-Abegnoli

IPC: H04W56/00 ,  G06F16/901 ,  G06F9/4401

Abstract: In one embodiment, a method comprises: receiving, by a constrained wireless network device comprising a local clock, a plurality of messages from respective neighboring wireless network devices advertising as available parent devices in a directed acyclic graph of a time-synchronized network that is synchronized to a master clock device; determining, by the constrained wireless network device, a corresponding timing error of the local clock relative to each message output by the corresponding available parent device; and executing, by the constrained wireless network device, a distributed time synchronization of the local clock with the master clock device based on correlating the respective timing errors relative to the local clock.

公开(公告)号：US20210135902A1

公开(公告)日：2021-05-06

申请号：US17146734

申请日：2021-01-12

Applicant: Cisco Technology, Inc.

Inventor： Rekha Ramachandran ,  Pascal Thubert

IPC: H04L12/46

Abstract: According to one or more embodiments of the disclosure, a first tunnel router may receive a reservation request to establish a deterministic path between a first node and a second node. The first tunnel router may determine, based on the reservation request, a destination address of the second node. The first tunnel router may identify, based on the destination address of the second node, a second tunnel router associated with the second node. The first tunnel router may encapsulate a deterministic packet sent by the first towards the second node into a tunnel packet, wherein a multicast address in a header of the tunnel packet is set to the destination address of the second node. The first tunnel router can forward the tunnel packet along the deterministic path. The multicast address in the header of the tunnel packet causes nodes to send the tunnel packet according to the deterministic path.

公开(公告)号：US20210105668A1

公开(公告)日：2021-04-08

申请号：US16594316

申请日：2019-10-07

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Levy-Abegnoli ,  Xiaoguang Jason Chen

IPC: H04W28/22

Abstract: In one embodiment, a device in a mesh network joins a source-destination oriented partial directed acyclic graph (SDO-PDAG) between a source node and a destination node in the network. The device receives operations, administration and maintenance (OAM) packets flooded along reverse paths of the SDO-PDAG. The device determines, based on the received OAM packets, packet drop rate (PDR) capacities of different paths between the device and the destination node. The device replicates a data packet sent from the source node to the destination node along two or more of the paths between the device and the destination node, based on the determined PDR capacities of those paths.