公开(公告)号：US20220239559A1

公开(公告)日：2022-07-28

申请号：US17719792

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Gianluca Mardente ,  Giovanni Meo ,  Patel Amitkumar Valjibhai

IPC: H04L41/0816 ,  H04L12/46 ,  H04L41/0806 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/00 ,  H04L45/44

Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.

公开(公告)号：US11336573B2

公开(公告)日：2022-05-17

申请号：US16801500

申请日：2020-02-26

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Javed Asghar ,  Azeem Muhammad Suleman

IPC: G06F15/16 ,  H04L45/74 ,  H04L43/16 ,  H04L45/00 ,  H04L49/20 ,  H04L49/25 ,  H04L61/5007 ,  H04L67/1001 ,  G06F9/455

Abstract: Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.

公开(公告)号：US11329876B2

公开(公告)日：2022-05-10

申请号：US17244941

申请日：2021-04-29

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Gianluca Mardente ,  Giovanni Meo ,  Patel Amitkumar Valjibhai

IPC: G06F15/177 ,  H04L41/0816 ,  H04L12/46 ,  H04L41/0806 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/00 ,  H04L45/44

Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.

公开(公告)号：US11233721B2

公开(公告)日：2022-01-25

申请号：US16808768

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/46 ,  H04L12/743

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

公开(公告)号：US11082258B1

公开(公告)日：2021-08-03

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: G06F15/177 ,  H04L12/46 ,  H04L12/741 ,  H04L29/06

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.

公开(公告)号：US20210218598A1

公开(公告)日：2021-07-15

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/741

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.

公开(公告)号：US11057350B2

公开(公告)日：2021-07-06

申请号：US16426336

申请日：2019-05-30

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Azeem Suleman ,  Mohammed Javed Asghar ,  Patel Amitkumar Valjibhai ,  Ronak K. Desai

IPC: H04L29/06 ,  H04L12/721 ,  H04L12/46 ,  H04L29/08 ,  H04L29/12

Abstract: Technologies for extending a subnet across on-premises and cloud-based deployments are provided. An example method may include creating a VPC in a cloud for hosting an endpoint being moved from an on-premises site. For the endpoint to retain its IP address, a subnet range assigned to the VPC, based on the smallest subnet mask allowed by the cloud, is selected to include the IP address of the endpoint. The IP addresses from the assigned subnet range corresponding to on-premises endpoints are configured as secondary IP addresses on a Layer 2 (L2) proxy router instantiated in the VPC. The L2 proxy router establishes a tunnel to a cloud overlay router and directs traffic destined to on-premises endpoints, with IP addresses in the VPC subnet range thereto for outbound transmission. The cloud overly router updates the secondary IP addresses on the L2 proxy router based on reachability information for the on-premises site.

公开(公告)号：US11055159B2

公开(公告)日：2021-07-06

申请号：US16393067

申请日：2019-04-24

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Ram Regar ,  Navya Patimalla ,  Sohayb Aiyub

IPC: G06F11/07 ,  G06F12/02 ,  G06F9/50 ,  G06F11/36

Abstract: Disclosed is a method that includes obtaining a list of processes in an application centric infrastructure fabric, sorting the list of processes according to an amount of memory increase associated with each respective process in the list of processes to yield a sorted list, selecting a group of processes from the sorted list and collecting a respective live process core for each process in the group of processes without pausing or killing any process in the group of processes. The method includes applying an offline leak detection tool to each process in the group of processes to yield a list of leaked memory addresses for a given process of the group of processes and transmitting a message to the given process with the list of leaked memory addresses, whereby the given process calls a function to release leaked memory associated with the given process as identified in the message.

公开(公告)号：US20200280587A1

公开(公告)日：2020-09-03

申请号：US16289647

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Ronak K. Desai ,  Sivakumar Ganapathy ,  Mohammed Javed Asghar ,  Azeem Suleman ,  Patel Amitkumar Valjibhai

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.

公开(公告)号：US10601693B2

公开(公告)日：2020-03-24

申请号：US15658215

申请日：2017-07-24

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Kalyan Ghosh ,  Sapan Shah

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/46 ,  H04L12/743

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.