公开(公告)号：US20180365121A1

公开(公告)日：2018-12-20

申请号：US15663594

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Sanchay Harneja ,  Navneet Yadav ,  Sanjay Sundaresan ,  Harsha Jagannati ,  Ramadoss Venkatesan

IPC: G06F11/22 ,  H04L12/24 ,  G06F17/30 ,  G06F11/07

CPC classification number: G06F11/2289 ,  G06F11/0709 ,  G06F11/0766 ,  G06F16/2365 ,  H04L41/0866 ,  H04L41/145

Abstract: Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment. The network assurance can be performed using logical configurations, software configurations and/or hardware configurations

公开(公告)号：US20240146774A1

公开(公告)日：2024-05-02

申请号：US18495305

申请日：2023-10-26

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L9/40 ,  G06F16/22 ,  H04L43/08

CPC classification number: H04L63/20 ,  G06F16/2246 ,  H04L43/08 ,  G06F2009/45595

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

公开(公告)号：US11902082B2

公开(公告)日：2024-02-13

申请号：US17752329

申请日：2022-05-24

Applicant: Cisco Technology, Inc.

Inventor： Navneet Yadav ,  Kannan Ponnuswamy ,  Arvind Chari ,  Chengguo Zhu ,  Tarique Shakil

IPC: H04L12/24 ,  H04L41/046 ,  H04L41/0873 ,  H04L41/12

CPC classification number: H04L41/046 ,  H04L41/0873 ,  H04L41/12

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

公开(公告)号：US11374806B2

公开(公告)日：2022-06-28

申请号：US17039328

申请日：2020-09-30

Applicant: Cisco Technology, Inc.

Inventor： Navneet Yadav ,  Kannan Ponnuswamy ,  Arvind Chari ,  Chengguo Zhu ,  Tarique Shakil

IPC: G06F15/173 ,  H04L41/046 ,  H04L41/12 ,  H04L41/0873

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

公开(公告)号：US10911495B2

公开(公告)日：2021-02-02

申请号：US16217607

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L12/26 ,  H04L29/06 ,  H04L29/08 ,  G06F9/50 ,  G06F15/16 ,  G06F16/22 ,  G06F9/455

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

公开(公告)号：US10812315B2

公开(公告)日：2020-10-20

申请号：US16002981

申请日：2018-06-07

Applicant: Cisco Technology, Inc.

Inventor： Navneet Yadav ,  Kannan Ponnuswamy ,  Arvind Chari ,  Chengguo Zhu ,  Tarique Shakil

IPC: G06F15/173 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

公开(公告)号：US10587621B2

公开(公告)日：2020-03-10

申请号：US15794908

申请日：2017-10-26

Applicant: Cisco Technology, Inc.

Inventor： Kannan Ponnuswamy ,  Navneet Yadav ,  Arvind Chari

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for migrating to and maintaining a white-list network security model. Network traffic identified from permit-all access logs can be analyzed to determine whether it should be white-listed, and if so, a specific permit-access, without logging, policy is generated for the identified network traffic. The addition of specific permit-access policies is repeated on permit-all access logs, at which point, permit-all access policy is converted into deny-all access. In some examples, a system or method can obtain hit counts, from both hardware (eg: TCAM) and software tables, for the specific permit-access policy to determine existence of identified network traffic over a period of time. After analyzing hit counts, the specific permit-access policy can either continue to exist or be removed to maintain a white-list network security model.

公开(公告)号：US20200021482A1

公开(公告)日：2020-01-16

申请号：US16032428

申请日：2018-07-11

Applicant: Cisco Technology, Inc.

Inventor： Chien-Ju Lo ,  Bill YuFan Chen ,  Kannan Ponnuswamy ,  Kollivakkam Raghavan ,  Navneet Yadav

IPC: H04L12/24 ,  H04L12/26

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

公开(公告)号：US20200007584A1

公开(公告)日：2020-01-02

申请号：US16217607

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L29/06 ,  G06F16/22 ,  H04L12/26

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

公开(公告)号：US20200007582A1

公开(公告)日：2020-01-02

申请号：US16217500

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for configuring and verifying compliance requirements in a network. An example method can include receiving, via a user interface, endpoint group (EPG) inclusion rules defining which EPGs on a network should be included in specific EPG selectors; selecting EPGs that satisfy the EPG inclusion rules for inclusion in the specific EPG selectors; creating the specific EPG selectors based on the selected EPGs; creating a traffic selector including parameters identifying traffic corresponding to the traffic selector; creating a compliance requirement based on a first and second EPG selector from the specific EPG selectors, the traffic selector, and a communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector; determining whether policies on the network comply with the compliance requirement; and generating compliance events indicating whether the policies comply with the compliance requirement.