公开(公告)号：US11102121B2

公开(公告)日：2021-08-24

申请号：US16661540

申请日：2019-10-23

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L29/06 ,  H04L12/743 ,  H04L12/851 ,  H04L29/12 ,  H04L12/24

Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first path signature. The method further includes generating a second path signature by inputting the first path signature and one or more node details into a hash function. The method includes replacing the first path signature with the second path signature in the packet. The packet including the second path signature is forwarded by the node.

公开(公告)号：US20210176255A1

公开(公告)日：2021-06-10

申请号：US16709532

申请日：2019-12-10

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Frank Brockners ,  Shwetha Subray Bhandari ,  Chennakesava Reddy Gaddam

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: Disclosed is a method of establishing secure communications. The method includes receiving an attestation parameter associated with a first peer in a potential peer-to-peer communication, adding the attestation parameter to an MACsec Key Agreement (MKA) protocol key exchange, transmitting the key exchange from the first peer to a second peer in the potential peer-to-peer communication and upon a validation of the attestation parameter by the second peer, enabling secure communication between the first peer and the second peer.

公开(公告)号：US11005756B2

公开(公告)日：2021-05-11

申请号：US16231197

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/715 ,  H04L12/741 ,  H04L12/801 ,  H04L12/54 ,  H04L12/713 ,  H04L12/803 ,  H04L12/70

Abstract: In one embodiment, in-band operations data included in packets being processed is used to signal among entities of a virtualized packet processing apparatus. Using in-band operations data provides insight on actual entities used in processing of the packet within the virtualized packet processing apparatus. The operations data in the packet is modified to signal a detected overload condition of an entity that participates in communicating the packet within the virtualized packet processing apparatus and/or applying a network service to the packet. An In-Situ Operations, Administration, and Maintenance (IOAM) header is used in one embodiment, with the IOAM header typically including a new Overload Flag to signal the detection of the overload condition. In response to the signaled overload condition, a load balancer is adjusted such that future packets are not distributed to the virtualized entity associated with the detected overload condition.

公开(公告)号：US20200322375A1

公开(公告)日：2020-10-08

申请号：US16712584

申请日：2019-12-12

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06 ,  H04L29/12

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder.

公开(公告)号：US10237079B2

公开(公告)日：2019-03-19

申请号：US15479738

申请日：2017-04-05

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Swapna Yelamanchi ,  Amarender Musku ,  Rakesh Reddy Kandula ,  Deep Preet Singh ,  Shwetha Subray Bhandari ,  Shrirang Arvind Bage

IPC: H04L12/12 ,  H04L29/08 ,  H04L29/12

Abstract: In one embodiment, a sleep proxy device identifies one or more services offered by a first node in the network. The sleep proxy device announces the one or more identified services to a second node in the network on behalf of the first node. The sleep proxy device intercepts an attempt by the second node to use the one or more services offered by the first node. The sleep proxy device causes the first node to switch from a low power state to an awake state, based on the intercepted attempt.

公开(公告)号：US10237068B2

公开(公告)日：2019-03-19

申请号：US14992109

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L12/721 ,  H04L9/32 ,  H04L29/06 ,  H04L29/12 ,  H04L12/46 ,  H04L12/24

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. Information is obtained about a packet at a network node in a network. The information may include in-band metadata of the packet. Verification information is read from in-band metadata of the packet. Updated verification information is generated from the verification information read from the packet and based on configuration information associated with the network node. The updated verification information is written back to the in-band metadata in the packet. The packet is forwarded from the network node in the network.

公开(公告)号：US10187209B2

公开(公告)日：2019-01-22

申请号：US14992112

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/12 ,  H04L12/46 ,  H04L12/24 ,  H04L12/721

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.

公开(公告)号：US20180227168A1

公开(公告)日：2018-08-09

申请号：US15949189

申请日：2018-04-10

Applicant: Cisco Technology, Inc.

Inventor： David D. Ward ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/46 ,  H04L12/54 ,  H04L12/26 ,  H04L12/723 ,  H04L12/70

CPC classification number: H04L41/0631 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/56 ,  H04L41/04 ,  H04L41/0677 ,  H04L41/0686 ,  H04L43/024 ,  H04L43/04 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/0876 ,  H04L43/10 ,  H04L45/50 ,  H04L69/22 ,  H04L2012/5625

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

公开(公告)号：US09992056B2

公开(公告)日：2018-06-05

申请号：US15148864

申请日：2016-05-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： David D. Ward ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04W4/00 ,  H04L12/24 ,  H04L12/54 ,  H04L29/06 ,  H04L12/26 ,  H04L12/46 ,  H04L12/723 ,  H04L12/70

CPC classification number: H04L41/0631 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/56 ,  H04L41/04 ,  H04L41/0677 ,  H04L41/0686 ,  H04L43/024 ,  H04L43/04 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/0876 ,  H04L43/10 ,  H04L45/50 ,  H04L69/22 ,  H04L2012/5625

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

公开(公告)号：US09820178B2

公开(公告)日：2017-11-14

申请号：US14844448

申请日：2015-09-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Shwetha Subray Bhandari ,  Samer Salam ,  Kannan Jayaraman ,  Arvind Saproo

IPC: H04W28/02 ,  H04W24/02 ,  H04W40/12 ,  H04L12/751

CPC classification number: H04W28/0236 ,  H04L45/02 ,  H04W24/02 ,  H04W40/12

Abstract: A method is provided in one example and includes receiving a current bandwidth characteristic for a link, where the current bandwidth characteristic is determined under fading conditions associated with signal propagation on the link. The method can also include calculating a new cost for the link that is different from a nominal cost associated with a nominal bandwidth of the link without the fading conditions. The method could also include routing at least a portion of a plurality of flows that are to traverse the link away from the link based, at least in part, on the new cost. Another example method includes receiving the current bandwidth characteristic for the link, comparing the current bandwidth characteristic with a preconfigured low watermark corresponding to a class-specific MTR topology associated with a class of traffic traversing the link, and removing the link from the MTR topology based on the current bandwidth characteristic.