公开(公告)号：US20220225175A1

公开(公告)日：2022-07-14

申请号：US17542826

申请日：2021-12-06

Applicant: Cisco Technology, Inc.

Inventor： Vimal Srivastava ,  Srinath Gundavelli ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Timothy Peter Stammers

IPC: H04W36/00 ,  H04L69/22 ,  H04W28/24 ,  H04W36/08 ,  H04W40/02

Abstract: In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.

公开(公告)号：US11356461B2

公开(公告)日：2022-06-07

申请号：US17035065

申请日：2020-09-28

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L9/32 ,  H04L9/40 ,  H04L45/00

Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.

公开(公告)号：US11343261B2

公开(公告)日：2022-05-24

申请号：US16555869

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L29/06 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US11296982B2

公开(公告)日：2022-04-05

申请号：US16852932

申请日：2020-04-20

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali

IPC: H04L12/723 ,  H04L45/50 ,  H04L45/02 ,  H04L43/50 ,  H04L43/10 ,  H04L45/42

Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.

公开(公告)号：US11223559B2

公开(公告)日：2022-01-11

申请号：US16566680

申请日：2019-09-10

Applicant: Cisco Technology, Inc.

Inventor： Reshad Rahman ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Eric Vyncke

IPC: H04L12/721 ,  H04L12/46 ,  H04L12/733 ,  H04L12/707 ,  H04L12/703 ,  H04L12/749

Abstract: Techniques and mechanisms to enable a Bidirectional Forwarding Detection (BFD) Echo function to be used for IP multi-hop paths using IP encapsulation. A source device may encapsulate one or more BFD Echo packets as payloads in IP packets. The resulting IP packets may then be sent from a source device to a destination device over a multi-hop path such that one or more intermediary devices forward the IP packets onto the destination device. Upon receiving the IP packets, the destination device may echo back the one or more BFD Echo packets in the forwarding plane to indicate connectivity of the forwarding path between the devices. However, if the BFD Echo packets are not echoed back to the source device, the source device may determine that the multi-hop path has experienced a fault, and that traffic is to be rerouted through other paths.

公开(公告)号：US11202236B2

公开(公告)日：2021-12-14

申请号：US17088030

申请日：2020-11-03

Applicant: Cisco Technology, Inc.

Inventor： Vimal Srivastava ,  Srinath Gundavelli ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Timothy Peter Stammers

IPC: H04W36/00 ,  H04L29/06 ,  H04W28/24 ,  H04W36/08 ,  H04W40/02

Abstract: In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.

公开(公告)号：US20210359932A1

公开(公告)日：2021-11-18

申请号：US15930803

申请日：2020-05-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Reshad Rahman ,  Pascal Thubert

IPC: H04L12/707 ,  H04L12/26

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

公开(公告)号：US11122491B2

公开(公告)日：2021-09-14

申请号：US16561634

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Om Prakash Suthar ,  Nagendra Kumar Nainar ,  Rajiv Asati

IPC: H04W40/12 ,  H04L12/26 ,  H04L12/721 ,  H04L12/707 ,  H04L12/841 ,  H04W24/08 ,  H04W40/28 ,  H04L12/833 ,  H04L12/801 ,  H04L12/803 ,  H04W40/24

Abstract: Techniques are provided that leverage inband metadata techniques for use in a mobile core network in order to create relevant third generation 3rd Generation Partnership Project (3GPP) control plane interfaces between virtual control plane and virtual user plane elements that can be used to instruct the virtual entities to perform various functions, collect telemetry and other data from the virtual entities and signal maintenance messages between control plane and user plane entities. One control plane interface can be used to perform holistic performance analysis functionalities and identify the better performing path and accordingly use primary path and warm paths for control plane exchanges.

公开(公告)号：US20210279602A1

公开(公告)日：2021-09-09

申请号：US16811823

申请日：2020-03-06

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David Delano Ward

IPC: G06N5/02

Abstract: In one embodiment, a deep fusion reasoning engine receives network telemetry data collected from a network. The deep fusion reasoning engine learns resource utilizations for different heuristic packages that can be used in the network to evaluate operation of the network. The deep fusion reasoning engine selects one of the heuristic packages based on the resource utilizations learned for the different heuristic packages. The selected heuristic package comprises a subservice and a set of rules to be evaluated. The deep fusion reasoning engine deploys the selected heuristic package for execution by a device in the network to evaluate operation of the network using the set of rules.

公开(公告)号：US20210234791A1

公开(公告)日：2021-07-29

申请号：US17231445

申请日：2021-04-15

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Jaganbabu Rajamanickam ,  Madhan Sankaranarayanan

IPC: H04L12/721 ,  H04L12/743 ,  H04L12/707

Abstract: Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.