公开(公告)号：US20160315853A1

公开(公告)日：2016-10-27

申请号：US14693244

申请日：2015-04-22

Applicant: Cisco Technology, Inc.

Inventor： Jose Liste ,  Brian Weis

IPC: H04L12/721 ,  H04L29/12 ,  H04L29/06

CPC classification number: H04L45/38 ,  H04L63/00 ,  H04L63/0428 ,  H04L63/10 ,  H04L69/22

Abstract: A network device receives packets for one or more traffic flows to be sent into a network. The network device computes a flow identifier for each of the one or more traffic flows based on information contained in one or more headers of the packets for each of the one or more traffic flows and based on at least one value that is changed on an ongoing basis. The packets for each of the one or more traffic flows are encrypted to produce encrypted packets for each of the one or more traffic flows. An encapsulation is added to the encrypted packets for the one or more traffic flows. The flow identifier is included in a field of the encapsulation for a corresponding traffic flow.

Abstract translation: 网络设备接收要发送到网络中的一个或多个业务流的分组。 网络设备基于针对一个或多个业务流中的每一个的分组的一个或多个报头中包含的信息来计算一个或多个业务流中的每一个的流标识符，并且基于在正在进行中的变化中的至少一个值 基础。 对一个或多个业务流中的每一个的数据包进行加密，以为一个或多个业务流中的每一个产生加密的分组。 对一个或多个流量流的加密分组添加封装。 流标识符被包括在用于相应业务流的封装的字段中。

公开(公告)号：US11611557B2

公开(公告)日：2023-03-21

申请号：US17307446

申请日：2021-05-04

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L9/40 ,  H04L47/2441 ,  H04W80/02 ,  H04L65/1073

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US20210288962A1

公开(公告)日：2021-09-16

申请号：US17235284

申请日：2021-04-20

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Christopher S. Steck ,  Brian Weis

IPC: H04L29/06 ,  H04L9/32

Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.

公开(公告)号：US11025628B2

公开(公告)日：2021-06-01

申请号：US15954875

申请日：2018-04-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Christopher S. Steck ,  Brian Weis

IPC: H04L29/06 ,  H04L9/32

Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.

公开(公告)号：US10904217B2

公开(公告)日：2021-01-26

申请号：US15994590

申请日：2018-05-31

Applicant: Cisco Technology, Inc.

Inventor： Michael L. Sullenberger ,  Brian Weis ,  Warren Scott Wainner ,  Shuxian Lou

IPC: H04L29/00 ,  H04L29/06 ,  H04L9/08

Abstract: A source virtual private network (VPN) gateway supports a local source subnet and communicates over a wide area network (WAN) with a destination VPN gateway that supports a local destination subnet. The source VPN gateway receives from the local source subnet an Internet Protocol (IP) packet destined for the local destination subnet, determines a security association (SA) based on a source IP address and a destination IP address of the IP packet, and encapsulates the IP packet with tunnel encapsulation including a tunnel protocol header and a tunnel outer IP header, to produce a clear-text tunnel packet. The source VPN gateway encrypts the IP packet and the tunnel protocol header but not the tunnel outer IP header using an encryption key and a security parameter index for the SA, to produce an encrypted tunnel packet, and tunnels it to the destination VPN gateway over the WAN.

公开(公告)号：US20200287922A1

公开(公告)日：2020-09-10

申请号：US16296373

申请日：2019-03-08

Applicant: Cisco Technology, Inc.

Inventor： Pengywan Wang ,  Brian Weis

IPC: H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a monitoring process identifies a set of counters maintained by a networking device by comparing a configuration of the networking device to an object relationship model. The monitoring process obtains counter values from the identified set of counters maintained by the networking device. The monitoring process detects an anomaly by using the obtained counter values as input to a machine learning-based anomaly detector. The monitoring process generates an anomaly detection alert for the detected anomaly.

公开(公告)号：US10547503B2

公开(公告)日：2020-01-28

申请号：US15007859

申请日：2016-01-27

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Nancy Cam-Winget ,  Brian Weis

IPC: H04L12/24 ,  H04L29/08

Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).

公开(公告)号：US10404588B2

公开(公告)日：2019-09-03

申请号：US15258444

申请日：2016-09-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/805 ,  H04L29/06 ,  H04L12/46 ,  H04W28/02

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

公开(公告)号：US09807178B2

公开(公告)日：2017-10-31

申请号：US14281690

申请日：2014-05-19

Applicant: Cisco Technology, Inc.

Inventor： Brian Weis

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/26 ,  H04L29/14 ,  H04L29/06

CPC classification number: H04L67/142 ,  H04L43/0811 ,  H04L43/10 ,  H04L63/062 ,  H04L67/145 ,  H04L69/40

Abstract: In an embodiment, a method is performed by one or more processors and comprises obtaining a hiatus declaration that indicates that a network device will be incommunicable; suspending communication with the network device until expiration of a hiatus time period during which the network device is expected to be incommunicable; resuming communication with the network device in response to any of: determining that the hiatus time period has expired; obtaining a keep-alive message from the network device; or obtaining other indication that the network device can communicate.

公开(公告)号：US20170033984A1

公开(公告)日：2017-02-02

申请号：US15007859

申请日：2016-01-27

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Nancy Cam-Winget ,  Brian Weis

IPC: H04L12/24 ,  H04L29/08

Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).

Abstract translation: 这里提出的技术是其中一个或多个网络设备可以使用由专用网络连接设备提供的信息来检索与专用网络连接设备相关联的使用简档（即配置文件）。 检索到的使用简档，其包括/描述与专用网络连接设备相关联的预选（预定）使用说明，然后可以用于配置一个或多个网络设备。 例如，与专用网络连接设备相关联的预定使用说明可以在网络设备上被实例化和实施，或者可以使用预定的使用说明来审核专用网络连接设备（例如，监视网络内的业务） 。