公开(公告)号：US10862910B2

公开(公告)日：2020-12-08

申请号：US15915335

申请日：2018-03-08

Applicant: Cisco Technology, Inc.

Inventor： Alejandro Alberto Eguiarte Salazar ,  Nagendra Kumar Nainar ,  Richard Furr ,  Yogesh Thoppae Ramdoss

IPC: H04L29/06 ,  H04L12/24 ,  G06N20/00

Abstract: In one embodiment, a server may receive both layer-2 topology information and layer-2 telemetry information from a plurality of layer-2 switches. The server may then apply behavioral learning to both the layer-2 topology information and the layer-2 telemetry information to detect layer-2 patterns that are indicative of one or more problematic layer-2 behaviors. As such, based on the behavioral learning, the server then creates predictive rules to be applied within layer-2 networks to predict the one or more problematic layer-2 behaviors. The predictive rules may then be used within a particular layer-2 network to cause i) prediction of one or more particular problematic layer-2 behaviors within the particular layer-2 network based on data from a plurality of switches within the particular layer-2 network, and ii) mitigation against the predicted one or more particular problematic layer-2 behaviors within the particular layer-2 network.

公开(公告)号：US10833975B2

公开(公告)日：2020-11-10

申请号：US16230933

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari ,  Nagendra Kumar Nainar

IPC: G06F15/173 ,  H04L12/761 ,  H04L12/749 ,  H04L12/723 ,  H04L12/715

Abstract: In one embodiment, improved operations processing of multiple-protocol packets is performed by a node connected to a network. Received is a multiple-protocol (MP) packet that has multiple protocol headers, each having an operations data field. The operations data field of a first protocol header includes first protocol ordered operations data. Operations data is cohered from the operations data field of each of multiple protocol headers into the operations data field of a second protocol header resulting in the operations data field of the second protocol header including ordered MP operations data evidencing operations data of each of the multiple network nodes in a node traversal order taken by the MP packet among multiple network nodes. The ordered MP operations data includes said first protocol ordered operations data cohered from the operations data field of the first protocol header.

公开(公告)号：US20200322353A1

公开(公告)日：2020-10-08

申请号：US16555869

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L29/06

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US10778572B2

公开(公告)日：2020-09-15

申请号：US16389195

申请日：2019-04-19

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Richard Furr ,  Carlos M. Pignataro ,  Joseph Michael Clarke

IPC: H04L12/741 ,  H04L12/723 ,  H04L12/715 ,  H04L12/46 ,  H04L12/721

Abstract: Presented herein are segment-routing methods and systems that facilitate data plane signaling of a packet as a candidate for capture at various network nodes within a segment routing (SR) network. The signaling occurs in-band, via the data plane—that is, a capture or interrogation signal is embedded within the respective packet that carries a user traffic. The signaling is inserted, preferably when the packet is classified, e.g., at the ingress node of the network, to which subsequent network nodes with the SR network are signaled to capture or further inspect the packet for capture.

公开(公告)号：US20200229042A1

公开(公告)日：2020-07-16

申请号：US16244545

申请日：2019-01-10

Applicant: Cisco Technology, Inc.

Inventor： Vimal Srivastava ,  Srinath Gundavelli ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Timothy Peter Stammers

IPC: H04W36/00 ,  H04L29/06 ,  H04W36/08 ,  H04W28/24 ,  H04W40/02

Abstract: In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.

公开(公告)号：US10673709B2

公开(公告)日：2020-06-02

申请号：US16200002

申请日：2018-11-26

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Joseph M. Clarke

IPC: H04L12/24 ,  H04L12/26

Abstract: An ingress node inserts into a header of a packet service level agreement information and forwards the packet. At an egress node of the network, the packet is received and the service level agreement information is obtained from the header of the packet. The egress node verifies whether there is conformance to a service level agreement based on at least one parameter associated with reception of one or more packets at the egress node and the service level agreement information.

公开(公告)号：US20200153725A1

公开(公告)日：2020-05-14

申请号：US16738508

申请日：2020-01-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Joseph Michael Clarke

IPC: H04L12/751 ,  G06F11/30 ,  G06F11/34 ,  G06F11/10 ,  H04L12/755

Abstract: A network device receives a data packet including a source address and a destination address. The network device drops the data packet before it reaches the destination address and generates an error message indicating that the data packet has been dropped. The network device encapsulates the error message with a segment routing header comprising a list of segments. The first segment of the list of segments in the segment routing header identifies a remote server, and at least one additional segment is an instruction for handling the error message. The network device sends the encapsulated error message to the remote server based on the first segment of the segment routing header.

公开(公告)号：US10536367B2

公开(公告)日：2020-01-14

申请号：US15927334

申请日：2018-03-21

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Vengada Prasad Govindan ,  Pawel Piotr Sowinski

IPC: H04L12/28 ,  H04L12/761 ,  H04L12/707 ,  H04L1/00 ,  H04L12/703 ,  H04L12/723 ,  H04L12/749

Abstract: Multipoint seamless Bi-directional Forwarding Detection (BFD) may be provided. First, a discriminator and data identifying a headend device may be received by a node from the headend device. The discriminator may be received over a point-to-multipoint pseudowire between the node and the headend device. Next, the node may start a reflector session in response to receiving the discriminator. The reflector session may correspond to the discriminator and the data identifying the headend device. The reflector session may then receive a control packet from the headend device and determine that the control packet includes the discriminator. The control packet may be received over the point-to-multipoint pseudowire. Next, the reflector session on the node may send a reply packet to the headend device in response to determining that the control packet includes the discriminator. The reply packet may be sent over a unicast pseudowire between the node and the headend device.

公开(公告)号：US20200007446A1

公开(公告)日：2020-01-02

申请号：US16565891

申请日：2019-09-10

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/741 ,  H04L29/06

Abstract: In one embodiment, a device in a network identifies a packet to be sent to a destination in the network via a path using segment routing. The device determines a list of one or more unique identifiers for one or more of the nodes along the path. The device includes a segment routing header with the packet, the segment routing header comprising a set of segment identifiers and the list of one or more unique identifiers. The device sends the packet with the segment routing header towards the destination in the network. One or more receiving nodes that receive the packet use the set of segment identifiers to route the packet towards the destination and the list of one or more unique identifiers to notify the device when the packet was not sent to the destination via the path.

公开(公告)号：US20190394124A1

公开(公告)日：2019-12-26

申请号：US16018662

申请日：2018-06-26

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L12/721 ,  H04L29/06

Abstract: In one embodiment, a router receives a packet from a network device in a software defined architecture (SDA) network, and obtains iOAM data from an outer header of the packet, the iOAM data inserted into the outer header by one or more network devices that previously processed the packet. The router then copies the iOAM data into a locally pertinent header, and after determining local iOAM data of the router, appends the local iOAM data to the iOAM data copied into the locally pertinent header. The router may then process the packet accordingly. In another embodiment, an SDA router may insert an indication of one or more applied policies into an iOAM header of the packet, such that an edge router can determine any unapplied policies and subsequently apply them.