公开(公告)号：US20210006546A1

公开(公告)日：2021-01-07

申请号：US17027424

申请日：2020-09-21

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Mosaddaq Hussain Turabi ,  Lars Olaf Stefan Olofsson ,  Atif Khan ,  Praveen Raju Kariyanahalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

公开(公告)号：US20200036686A1

公开(公告)日：2020-01-30

申请号：US16536756

申请日：2019-08-09

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L29/06 ,  H04L12/46 ,  H04L9/08 ,  H04L12/715 ,  H04L29/08

Abstract: A method for operating a network is provided. The method comprises segmenting the network into a plurality of virtual private networks, wherein each virtual private network runs on an underlying physical network; and wherein each virtual private network represents a particular context; and configuring at least some nodes within the network to send and receive traffic based on context.

公开(公告)号：US10511590B1

公开(公告)日：2019-12-17

申请号：US16413411

申请日：2019-05-15

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  David Delano Ward ,  Syed Khalid Raza ,  Sape Jurrien Mullender

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/721

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

公开(公告)号：US10412122B1

公开(公告)日：2019-09-10

申请号：US15004882

申请日：2016-01-22

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Syed Khalid Raza ,  Murtuza Attarwala

IPC: H04L29/06 ,  H04L29/12

Abstract: A method for establishing a communication sessions based on a Network Address Translation (NAT) device is provided. The method comprises configuring the NAT device with policy to control the creation of NAT translation entries to support communications between devices residing behind the NAT device, and devices residing outside the NAT device; wherein said policy allows the NAT device to establish multiple communications sessions, each with a dynamic NAT traversal behavior; and configuring the NAT device to maintain a control plane session with an orchestrator device whereby the NAT device learns parameters required to establish a translation entry for each communications session.

公开(公告)号：US10225174B2

公开(公告)日：2019-03-05

申请号：US15156215

申请日：2016-05-16

Applicant: Cisco Technology, Inc.

Inventor： Yi Yang ,  Alvaro E. Retana ,  James L. Ng ,  Abhay Roy ,  Alfred C. Lindem ,  Sina Mirtorabi ,  Timothy M. Gage ,  Syed Khalid Raza

IPC: H04L12/751 ,  H04L12/755 ,  H04L12/741 ,  H04L12/773 ,  H04L12/801 ,  H04L29/06

Abstract: In one embodiment, a first router determines whether an interface coupling the first router to one or more second routers is transit-only. When the interface is transit-only, the first router generates an Open Shortest Path First (OSPF) Link State Advertisement (LSA) that includes an address for the interface and a designated network mask. The designated network mask operates as a transit-only identification that indicates the address should not be installed in a Routing Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers. When the network is not transit-only, the first router generates an OSPF LSA that includes the address for the interface but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the OSPF LSA at the one or more second routers.

公开(公告)号：US09356856B2

公开(公告)日：2016-05-31

申请号：US14013990

申请日：2013-08-29

Applicant: Cisco Technology, Inc.

Inventor： Yi Yang ,  Alvaro E. Retana ,  James Ng ,  Abhay Roy ,  Alfred C. Lindem, III ,  Sina Mirtorabi ,  Timothy M. Gage ,  Syed Khalid Raza

IPC: H04L12/28 ,  H04L12/751 ,  H04L12/741 ,  H04L29/06

CPC classification number: H04L45/021 ,  H04L45/02 ,  H04L45/025 ,  H04L45/54 ,  H04L45/60 ,  H04L47/10 ,  H04L63/0407

Abstract: In one embodiment, a first router determines whether a network coupling the first router to one or more second routers is transit-only, wherein transit-only indicates connecting only routers to provide for transmission of data from router to router. When the network is transit-only, the first router generates an Open Shortest Path First (OSPF) Link State Advertisement (LSA) that includes an address for the network and a designated network mask. The designated network mast operates as a transit-only identification that indicates the address should not be installed in a Routing Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers. When the network is not transit-only, the first router generates an OSPF LSA that includes the address for the network but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the OSPF LSA at the one or more second routers.

Abstract translation: 在一个实施例中，第一路由器确定将第一路由器耦合到一个或多个第二路由器的网络是否是仅运输，其中，传输仅指示仅连接路由器以提供从路由器到路由器的数据传输。 当网络仅传输时，第一路由器生成包括网络地址和指定网络掩码的开放最短路径优先（OSPF）链路状态通告（LSA）。 指定的网络桅杆作为仅传输标识操作，其指示在一个或多个第二路由器上接收到OSPF LSA时，该地址不应安装在路由信息库（RIB）中。 当网络不通过时，第一个路由器生成包含网络地址但不包括指定网络掩码的OSPF LSA，以便在接收到OSPF LSA时在一个RIB中安装该地址 或更多的第二路由器。

公开(公告)号：USRE50121E1

公开(公告)日：2024-09-10

申请号：US17104933

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L12/28 ,  H04L12/911 ,  H04L45/64 ,  H04L47/70

CPC classification number: H04L47/70 ,  H04L45/64

Abstract: A method for routing is disclosed. The method comprises establishing an overlay network, comprising a plurality of network elements and an overlay controller; wherein the overlay controller is in communication with each network element via a secure tunnel established through an underlying transport network; receiving by the overlay controller, information from each service-hosting network element information said information identifying a service hosted at that service-hosting network element, and label associated with the service-hosting network element; identifying by the overlay controller, at least one policy that associates traffic from a site with a service; and causing by said overly controller, the at least one policy to be executed so that traffic from the site identified in the policy is routed using the underlying transport network to the service-hosting network element associated with the said service.

公开(公告)号：US11863434B2

公开(公告)日：2024-01-02

申请号：US17534101

申请日：2021-11-23

Applicant: Cisco Technology, Inc.

Inventor： Fabio Maino ,  Syed Khalid Raza ,  Alberto Rodriguez Natal ,  Marc Portoles Comeras

IPC: H04L45/302 ,  H04L12/46 ,  H04L47/2441 ,  H04L9/40 ,  H04L45/64 ,  H04L47/20 ,  H04L67/63

CPC classification number: H04L45/306 ,  H04L12/4633 ,  H04L45/64 ,  H04L47/20 ,  H04L47/2441 ,  H04L63/20 ,  H04L67/63

Abstract: Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.

公开(公告)号：USRE49485E1

公开(公告)日：2023-04-04

申请号：US17160178

申请日：2021-01-27

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Syed Khalid Raza ,  Nehal Bhau ,  Himanshu H. Shah

IPC: H04L29/06 ,  H04L12/751 ,  H04L12/715 ,  H04L12/701 ,  H04L9/40 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L12/28

Abstract: A method for creating a secure network is provided. The method comprises establishing an overlay domain to control routing between overlay edge routers based on an underlying transport network, wherein said establishing comprises running an overlay management protocol to exchange information within the overlay domain; in accordance with the overlay management protocol defining service routes that exist exclusively within the overlay domain wherein each overlay route includes information on at least service availability within the overlay domain; and selectively using the service routes to control routing between the overlay edge routers; wherein the said routing is through the underlying transport network in a manner in which said overlay routes is shared with the overlay edge routers but not with the underlying transport network via the overlay management protocol.

公开(公告)号：US20230090829A1

公开(公告)日：2023-03-23

申请号：US18059693

申请日：2022-11-29

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Murtuza Attarwala

IPC: H04L61/2592 ,  H04L45/74 ,  H04L61/2514

Abstract: In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.