公开(公告)号：US20230370370A1

公开(公告)日：2023-11-16

申请号：US18223731

申请日：2023-07-19

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali

IPC: H04L45/50 ,  H04L45/02 ,  H04L43/50 ,  H04L43/10 ,  H04L45/42

CPC classification number: H04L45/50 ,  H04L45/02 ,  H04L43/50 ,  H04L43/10 ,  H04L45/42

Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.

公开(公告)号：US11784928B2

公开(公告)日：2023-10-10

申请号：US17727933

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Richard Furr ,  Nagendra Kumar Nainar ,  Joseph Michael Clarke

IPC: H04L45/74 ,  H04L43/028 ,  H04L43/04 ,  H04L43/10 ,  H04L45/00

CPC classification number: H04L45/74 ,  H04L43/028 ,  H04L43/04 ,  H04L43/10 ,  H04L45/566

Abstract: Presented herein are methods and systems that facilitate data plane signaling of a packet as a candidate for capture at various network nodes within an IPv6 network. The signaling occurs in-band, via the data plane—that is, a capture or interrogation signal is embedded within the respective packet (e.g., in the packet header) that carries a user traffic. The signaling is inserted, preferably when the packet is classified, e.g., at the ingress node of the network, to which subsequent network nodes with the IPv6 network are signaled to capture or further inspect the packet for capture.

公开(公告)号：US20230300138A1

公开(公告)日：2023-09-21

申请号：US17695265

申请日：2022-03-15

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  John Matthew Swartz ,  Paul Brian Giralt ,  David John Zacks ,  Gonzalo Salgueiro

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L63/029 ,  H04L63/0435

Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

公开(公告)号：US11765050B1

公开(公告)日：2023-09-19

申请号：US17695085

申请日：2022-03-15

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Paul Brian Giralt ,  Gonzalo Salgueiro ,  David John Zacks

IPC: H04L41/5009 ,  H04L41/5041

CPC classification number: H04L41/5009 ,  H04L41/5045

Abstract: A device associated with an enterprise receives, from a user device, a message indicating that a user of the user device has requested a service level for accessing a service while performing teleworking activities for the enterprise. The user device accesses the service via a network that includes a portion controlled by an Internet Service Provider (ISP). The enterprise has established an agreement with the ISP indicating that the ISP is to provide service levels for users who are performing teleworking activities for the enterprise via the ISP. The ISP associated with the user device is identified based on the message. A request is transmitted to the ISP to provide the service level for the portion of the network that is controlled by the ISP and the ISP provides the service level for accessing the service based on the request.

公开(公告)号：US20230283595A1

公开(公告)日：2023-09-07

申请号：US18197867

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Nagendra Kumar Nainar ,  Arvind Tiwari ,  Rajiv Asati

IPC: H04L9/40 ,  H04L67/56 ,  H04L43/08 ,  H04L67/10

CPC classification number: H04L63/0281 ,  H04L67/56 ,  H04L43/08 ,  H04L63/0263 ,  H04L63/10 ,  H04L63/1408 ,  H04L67/10 ,  G16Y10/75

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

公开(公告)号：US20230261928A1

公开(公告)日：2023-08-17

申请号：US17674686

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  David John Zacks ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan ,  Cesar Obediente ,  Craig Thomas Hill

IPC: H04L41/0604 ,  H04L41/0654 ,  H04L41/0631 ,  H04L67/133 ,  H04L61/103 ,  H04L9/40

CPC classification number: H04L41/0627 ,  H04L41/0654 ,  H04L41/0631 ,  H04L67/40 ,  H04L61/103 ,  H04L63/101

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

公开(公告)号：US11711288B2

公开(公告)日：2023-07-25

申请号：US17843415

申请日：2022-06-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Joseph Michael Clarke

IPC: G06F15/16 ,  H04L45/02 ,  G06F11/30 ,  G06F11/34 ,  G06F11/10 ,  H04L45/021 ,  H04L45/64 ,  G06F11/07 ,  H04L45/74

CPC classification number: H04L45/02 ,  G06F11/1076 ,  G06F11/302 ,  G06F11/3466 ,  H04L45/021 ,  G06F11/0709 ,  G06F11/0754 ,  G06F11/3065 ,  G06F2201/86 ,  H04L45/64 ,  H04L45/74

Abstract: A network device receives a data packet including a source address and a destination address. The network device drops the data packet before it reaches the destination address and generates an error message indicating that the data packet has been dropped. The network device encapsulates the error message with a segment routing header comprising a list of segments. The first segment of the list of segments in the segment routing header identifies a remote server, and at least one additional segment is an instruction for handling the error message. The network device sends the encapsulated error message to the remote server based on the first segment of the segment routing header.

公开(公告)号：US11689505B2

公开(公告)日：2023-06-27

申请号：US17304891

申请日：2021-06-28

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Nagendra Kumar Nainar ,  Arvind Tiwari ,  Rajiv Asati

IPC: G06F15/173 ,  H04L9/40 ,  H04L67/56 ,  H04L43/08 ,  H04L67/10 ,  G16Y10/75

CPC classification number: H04L63/0281 ,  H04L43/08 ,  H04L63/0263 ,  H04L63/10 ,  H04L63/1408 ,  H04L67/10 ,  H04L67/56 ,  G16Y10/75

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

公开(公告)号：US11687798B2

公开(公告)日：2023-06-27

申请号：US16811823

申请日：2020-03-06

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David Delano Ward

IPC: G06F17/00 ,  G06N5/025 ,  G06N5/022

CPC classification number: G06N5/025 ,  G06N5/022

Abstract: In one embodiment, a deep fusion reasoning engine receives network telemetry data collected from a network. The deep fusion reasoning engine learns resource utilizations for different heuristic packages that can be used in the network to evaluate operation of the network. The deep fusion reasoning engine selects one of the heuristic packages based on the resource utilizations learned for the different heuristic packages. The selected heuristic package comprises a subservice and a set of rules to be evaluated. The deep fusion reasoning engine deploys the selected heuristic package for execution by a device in the network to evaluate operation of the network using the set of rules.

公开(公告)号：US20230198946A1

公开(公告)日：2023-06-22

申请号：US17557865

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Dmitry Goloubev ,  Zizhen Gao ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L9/40 ,  H04L47/2441 ,  H04L47/2483

CPC classification number: H04L63/0236 ,  H04L63/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L63/0245

Abstract: Methods are provided for predictive policy enforcement using encapsulated metadata. The methods involve obtaining a packet of an encapsulated traffic flow that is transported in a software-defined wide area network (SD-WAN) or in a cloud network. The packet includes a network virtualization tunneling header with an appended service plane protocol header and a payload. The methods further involve extracting, from the appended service plane protocol header, without performing deep packet inspection, enriched metadata that includes fields for one or more attributes related to a source of the packet or a destination of the packet, determining at least one network policy based on the enriched metadata, and applying, to the packet, the at least one network policy that relates to gathering analytics and/or transporting the encapsulated traffic flow to the destination.