公开(公告)号：US10462098B2

公开(公告)日：2019-10-29

申请号：US15800274

申请日：2017-11-01

Applicant: Cisco Technology, Inc.

Inventor： Patrick Wetterwald ,  Eric Michel Levy-Abegnoli ,  Pascal Thubert

IPC: H04L29/12

Abstract: In one embodiment, a method comprises detecting, by a network device, an endpoint device attempting to access a data network via a data link; and generating, by the network device, a unique device signature for identifying the endpoint device based on the network device identifying a sequence of link layer data packets transmitted by the endpoint device upon connection to the data link, the unique device signature identifying a behavior of the endpoint device independent of any link layer address used by the endpoint device.

公开(公告)号：US10433191B2

公开(公告)日：2019-10-01

申请号：US15864554

申请日：2018-01-08

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jerome Henry

IPC: H04L12/28 ,  H04W24/02 ,  H04W92/20 ,  H04W72/12 ,  H04W88/08

Abstract: In one embodiment, a supervisory device in a network forms a first virtual access point (VAP) for a first node in the network. A plurality of access points (APs) in the network are mapped to the first VAP as part of a VAP mapping and the first node treats the APs in the VAP mapping as a single AP for purposes of communicating with the network. The supervisory device determines a communication schedule for the first node based on a radio chain of at least one of the APs in the VAP mapping for the first VAP being shared by the first VAP and a second VAP for a second node in the network. The supervisory device, according to the communication schedule for the first node, causes one or more of the APs in the VAP mapping for the first VAP to instruct the first node to stop transmitting for a period of time.

公开(公告)号：US10419293B1

公开(公告)日：2019-09-17

申请号：US16004245

申请日：2018-06-08

Applicant: Cisco Technology, Inc.

Inventor： Huimin She ,  Jianzhou Chen ,  Chuanwei Li ,  Pascal Thubert

IPC: H04L12/24 ,  H04L12/759 ,  H04L12/753

Abstract: A network device stores in its nonvolatile memory, in response to detecting a power outage in a tree-based network, an identifier for a preferred parent and a distance identifier for the network device within the network. In response to power restoration, the network device starts a trickle timer based on the ring identifier, for determining whether a beacon request from a transmitting node and destined for the preferred parent is detected during the waiting interval. In response to the network device detecting the beacon request during the waiting interval, the network device sets its channel hopping schedule to the corresponding channel hopping schedule of the transmitting node in response to determining the beacon request is destined for the preferred parent, enabling rejoining with the preferred parent in response to detecting a beacon from the preferred parent to the transmitting node via the corresponding channel hopping schedule of the transmitting node.

公开(公告)号：US10397058B2

公开(公告)日：2019-08-27

申请号：US15599767

申请日：2017-05-19

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W84/12 ,  H04L12/24 ,  H04L12/911 ,  H04W88/08 ,  H04L12/931

Abstract: In one embodiment, a supervisory device in a network assigns different access points in the network to different access point groupings. Each of the different access point groupings uses a different network path to communicate with a given endpoint in the network. The supervisory device selects at least one of the access points in each of the different access point groupings for mapping to a virtual access point (VAP) for a node in the network as part of a VAP mapping. The supervisory device instructs the selected access points to form a VAP for the node. The node treats the access points in the VAP mapping as a single access point for purposes of communicating with the network.

公开(公告)号：US20190253452A1

公开(公告)日：2019-08-15

申请号：US15896182

申请日：2018-02-14

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Pascal Thubert ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  G06F17/30 ,  G06N3/08 ,  G06F15/18

Abstract: In one embodiment, a device maintains a journal of uncommitted changes to a file system of the device in a layer that is hot-swappable with a writable container layer. The device augments the journal with metadata regarding a particular uncommitted change to the file system of the device. The device applies, within a sandbox environment of the device, a machine learning-based anomaly detector to the particular uncommitted change to the file system and the metadata regarding the change, to determine whether the particular uncommitted change to the file system is indicative of a destruction of service attack on the device. The device causes performance of a mitigation action when the machine learning-based anomaly detector determines that the particular uncommitted change to the file system is indicative of a destruction of service attack on the device.

公开(公告)号：US10367623B2

公开(公告)日：2019-07-30

申请号：US15498715

申请日：2017-04-27

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L5/00 ,  H04W28/02 ,  H04L12/801 ,  H04L12/931 ,  H04L1/00 ,  H04L29/08 ,  H04W84/18 ,  H04W88/00

Abstract: In one embodiment, a supervisory device in a network forms a virtual access point (VAP) for a node in the network whereby a plurality of access points (APs) in the network are mapped to the VAP as part of a VAP mapping. The node treats the APs in the VAP mapping as a single AP for purposes of communicating with the network. The supervisory device determines a data traffic management strategy for the node based on traffic associated with the node. The supervisory device instructs the APs in the VAP mapping to implement the data traffic management strategy for the node.

公开(公告)号：US10320652B2

公开(公告)日：2019-06-11

申请号：US15401217

申请日：2017-01-09

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Michel Levy-Abegnoli ,  Jean-Philippe Vasseur

IPC: H04L12/24 ,  H04L12/44 ,  H04L12/751 ,  H04L12/753 ,  H04L12/721

Abstract: In one embodiment, a method comprises promiscuously detecting, by a network device in a wireless data network having a tree-based topology for reaching a root device, a wireless data packet transmitted by a source network device and specifying a destination device in the wireless data network; determining, by the network device, that the destination device is within a first sub-topology provided by the network device to reach the root device, wherein the source network device is within a second distinct sub-topology provided by a parent device of the source network device to reach the root device; and causing installation of a bypass path, bypassing the root device, based on the network device generating and transmitting an instruction to the parent device to install a route entry causing a data packet destined for the destination device to be routed by the parent device directly to the network device.

公开(公告)号：US10298542B2

公开(公告)日：2019-05-21

申请号：US15485708

申请日：2017-04-12

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L12/46 ,  H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a networking device in a local area network (LAN) establishes a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis. The networking device receives an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN and adjusts the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server. The networking device collects characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay and sends the collected characteristic information to the server for analysis.

公开(公告)号：US10270606B2

公开(公告)日：2019-04-23

申请号：US15863297

申请日：2018-01-05

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  IJsbrand Wijnands ,  Gregory Shepherd

IPC: H04L1/16 ,  H04L12/18 ,  H04L1/18 ,  H04W52/02 ,  H04W72/00 ,  H04L1/00 ,  H04W84/18

Abstract: In one embodiment, a device in a network sends a first multicast message to a plurality of destinations in the network. The first multicast message includes a first bitmap that identifies the destinations. The device receives one or more acknowledgements from a subset of the destinations. The device determines a retransmission bitmap that identifies those of the plurality of destinations that did not acknowledge the first multicast message, based on the received one or more acknowledgements. The device sends a retransmission multicast message to those of the plurality of destinations that did not acknowledge the first multicast message. The retransmission multicast message includes the retransmission bitmap.

公开(公告)号：US10218602B2

公开(公告)日：2019-02-26

申请号：US14816108

申请日：2015-08-03

Applicant: Cisco Technology, Inc.

Inventor： Eric Michel Levy-Abegnoli ,  Pascal Thubert ,  Patrick Wetterwald

IPC: H04L12/761

Abstract: In one embodiment, a method comprises identifying, by an apparatus in a deterministic network, a multicast forwarding tree comprising a single multicast source as a root of the multicast forwarding tree, a plurality of terminal destination devices as respective leaves of the multicast forwarding trees, and forwarding network devices configured for forwarding a message, transmitted by the root, to the terminal destination devices; and causing, by the apparatus, the forwarding network devices to deliver the message to each of the terminal destination devices simultaneously at a same arrival time.