公开(公告)号：US11678228B2

公开(公告)日：2023-06-13

申请号：US17542826

申请日：2021-12-06

Applicant: Cisco Technology, Inc.

Inventor： Vimal Srivastava ,  Srinath Gundavelli ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Timothy Peter Stammers

IPC: H04W36/00 ,  H04L69/22 ,  H04W28/24 ,  H04W36/08 ,  H04W40/02

CPC classification number: H04W36/0011 ,  H04L69/22 ,  H04W28/24 ,  H04W36/08 ,  H04W40/02

Abstract: In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.

公开(公告)号：US11646969B2

公开(公告)日：2023-05-09

申请号：US17388754

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L47/24 ,  H04L45/50

CPC classification number: H04L47/24 ,  H04L45/507

Abstract: This disclosure describes techniques for performing application-based tagging. An example method is performed by a virtual socket of a device. The method includes receiving non-packetized data from an application, generating a label based on the application, and providing the non-packetized data and the label to a kernel of the device.

公开(公告)号：US11632290B2

公开(公告)日：2023-04-18

申请号：US17094540

申请日：2020-11-10

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04L12/851 ,  H04L41/0668 ,  H04L45/28 ,  H04L41/12 ,  H04L47/24

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

公开(公告)号：US20230098281A1

公开(公告)日：2023-03-30

申请号：US17490004

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L29/06 ,  G06K9/00

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

公开(公告)号：US20230076447A1

公开(公告)日：2023-03-09

申请号：US17988908

申请日：2022-11-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Jaganbabu Rajamanickam ,  Madhan Sankaranarayanan

IPC: H04L45/00 ,  H04L45/7453 ,  H04L45/24

Abstract: Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.

公开(公告)号：US20230044088A1

公开(公告)日：2023-02-09

申请号：US17969345

申请日：2022-10-19

Applicant: Cisco Technology, Inc.

Inventor： Shankar Ramanathan ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L47/80

Abstract: A method of orchestrating one or more radio resources among various services executing within a container. The method includes obtaining, by an orchestration engine executing on a network device, a request, from a first service of a plurality of services, for use of a physical/hardware resource that connects a container running on the network device to a network. The request from the first service has a particular priority. The plurality of services execute within the container. The method further includes determining whether to connect the first service to the network via the physical/hardware resource based on the priority and an availability status of the physical/hardware resource and establishing, at a kernel level, a connection between the first service and the physical/hardware resource based on the determining.

公开(公告)号：US20230041526A1

公开(公告)日：2023-02-09

申请号：US17972545

申请日：2022-10-24

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Luca Muscariello

IPC: H04L45/64 ,  H04L45/42 ,  H04L45/74 ,  H04L69/22

Abstract: This disclosure describes techniques for implementing centralized path computation for routing in hybrid information-centric networking protocols implemented as a virtual network overlay. A method includes receiving an interest packet header from a forwarding router node of a network overlay. The method further includes determining an interest path of the interest packet and one or more destination router nodes of the network overlay. The method further includes computing one or more paths over the network overlay. The method further includes determining an addressing method for the one or more computed paths over the network overlay. The method further includes performing at least one of encoding each computed path in a data packet header, and encoding each computed path as state entries of each router node of the network overlay on each respective path. The method further includes returning the computed path information to the forwarding router node.

公开(公告)号：US11558295B2

公开(公告)日：2023-01-17

申请号：US17115451

申请日：2020-12-08

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali ,  Syed Kamran Raza

IPC: H04L45/74 ,  H04L45/745 ,  H04L43/12

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

公开(公告)号：US20220417219A1

公开(公告)日：2022-12-29

申请号：US17304891

申请日：2021-06-28

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Nagendra Kumar Nainar ,  Arvind Tiwari ,  Rajiv Asati

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

公开(公告)号：US20220417137A1

公开(公告)日：2022-12-29

申请号：US17811570

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Zafar Ali ,  Syed Kamran Raza ,  Ahmed Refaat Bashandy ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Jaganbabu Rajamanickam ,  Rakesh Gandhi ,  Bhupendra Yadav ,  Faisal Iqbal

IPC: H04L45/00 ,  H04L43/106 ,  H04L45/02 ,  H04L41/0246

Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.