公开(公告)号：US20140169368A1

公开(公告)日：2014-06-19

申请号：US13719510

申请日：2012-12-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hasmit Grover ,  Dhananjaya Rao ,  Victor Moreno

IPC: H04L12/56

CPC classification number: H04L45/745 ,  H04L45/64

Abstract: In one embodiment, a method includes receiving a packet at an edge device in a first network site in communication with a second network site through a transport network, the packet comprising a destination address for a host at the second network site, verifying at the edge device a connection with the host, and inserting the destination address in a forwarding information base at the edge device upon verifying the connection with the host. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在通过传输网络与第二网络站点通信的第一网络站点中的边缘设备处接收分组，该分组包括在第二网络站点处的主机的目的地地址，在边缘验证 设备与主机的连接，以及在验证与主机的连接时将目标地址插入到边缘设备的转发信息库中。 本文还公开了一种装置和逻辑。

公开(公告)号：US20140112349A1

公开(公告)日：2014-04-24

申请号：US13751717

申请日：2013-01-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Victor Moreno ,  Dino Farinacci ,  Fabio Maino

IPC: H04L12/56

CPC classification number: H04L45/64 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/6418 ,  H04L61/103

Abstract: In one embodiment, a method includes receiving a packet from a first host at a first edge device, the packet comprising a layer 3 address of a second host in communication with a second edge device, using the layer 3 address of the second host to receive a layer 2 address and a location identifier for the second host from a database accessible from a core network, the database comprising a mapping of layer 3 host addresses to layer 2 host addresses and location identifiers, and storing a mapping of the layer 2 address to the location identifier at the first edge device for use in forwarding packets to the second host. The first edge device is in communication with the second edge device in an overlay network defined by the edge devices interconnected by the core network. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在第一边缘设备处从第一主机接收分组，该分组包括与第二边缘设备通信的第二主机的第3层地址，使用第二主机的第3层地址来接收 来自可从核心网访问的数据库的第二主机的第二层地址和位置标识符，所述数据库包括层3主机地址到层2主机地址和位置标识符的映射，以及将层2地址的映射存储到 在第一边缘设备处的位置标识符用于将分组转发到第二主机。 第一边缘设备在由由核心网互连的边缘设备定义的覆盖网络中与第二边缘设备通信。 本文还公开了一种装置和逻辑。

公开(公告)号：US12284108B2

公开(公告)日：2025-04-22

申请号：US18343931

申请日：2023-06-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash Jain ,  Sanjay K. Hooda ,  Victor Moreno

IPC: H04L45/02 ,  H04L9/40 ,  H04L12/66 ,  H04L45/00

Abstract: Techniques for network routing border convergence are described. Backup paths for external connections for a network are established and provide for a temporary path for network traffic during network routing convergence, preventing traffic loss at network border nodes.

公开(公告)号：US12021699B2

公开(公告)日：2024-06-25

申请号：US18304890

申请日：2023-04-21

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L41/0893 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US11729089B2

公开(公告)日：2023-08-15

申请号：US17304672

申请日：2021-06-24

Applicant: Cisco Technology, Inc.

Inventor： Prakash Jain ,  Sanjay K. Hooda ,  Victor Moreno

IPC: H04L45/02 ,  H04L12/66 ,  H04L45/00 ,  H04L9/40

CPC classification number: H04L45/02 ,  H04L12/66 ,  H04L45/22 ,  H04L63/0227

Abstract: Techniques for network routing border convergence are described. Backup paths for external connections for a network are established and provide for a temporary path for network traffic during network routing convergence, preventing traffic loss at network border nodes.

公开(公告)号：US11658876B2

公开(公告)日：2023-05-23

申请号：US17377378

申请日：2021-07-16

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  H04L12/46 ,  G06F9/455

CPC classification number: H04L41/0893 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US11652791B2

公开(公告)日：2023-05-16

申请号：US16534783

申请日：2019-08-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L9/40 ,  H04L45/586 ,  H04L45/745

CPC classification number: H04L63/0236 ,  H04L45/586 ,  H04L45/745 ,  H04L63/029 ,  H04L63/0263 ,  H04L63/0272

Abstract: Systems, methods, and computer-readable media for implementing an extranet policy include receiving a request from a source to perform a lookup for a destination address. A lookup for the destination address is performed in a consolidated routing table, the consolidated routing table including a consolidated mapping of address prefixes associated with two or more virtual networks. If the lookup results in a match for the destination address with a matching address prefix, a matching virtual network associated with the matching address prefix is determined. An access policy for the request corresponding to the matching virtual network is obtained, and based on the access policy the request is allowed to access the destination address in the matching virtual network or disallowed. The consolidated routing table can be implemented in a mapping server using a Locator/ID Separation Protocol (LISP).

公开(公告)号：US20210344565A1

公开(公告)日：2021-11-04

申请号：US17377378

申请日：2021-07-16

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US10826775B1

公开(公告)日：2020-11-03

申请号：US16446338

申请日：2019-06-19

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Anand Oswal ,  Rex Emmanuel Fernando ,  Syam Sundar Appala ,  Sanjay Kumar Hooda

IPC: H04L12/24 ,  H04L12/715 ,  H04L29/06 ,  G06F9/455 ,  H04L12/721

Abstract: Systems, methods, and computer-readable media for providing cross-domain policy enforcement. In some examples, transit VRFs for a destination network domain and a source network domain are created. Route advertisements for nodes coupled to source VRFs in the source network domain are created that include identifications of the source VRFs. The route advertisements can be transmitted from a source transit VRF in the source network domain to a destination transit VRF in the destination network domain. The route advertisements can then be filtered at the destination transit VRF based on a cross-domain policy using the identifications of the source VRFs to export routes to destination VRFs in the destination network domain according to the cross-domain policy.

公开(公告)号：US20200267147A1

公开(公告)日：2020-08-20

申请号：US16867739

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sridhar Subramanian ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.