公开(公告)号：US20150026362A1

公开(公告)日：2015-01-22

申请号：US13944050

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  Surendra Kumar ,  Govind P. Sharma ,  Abhijit Patra

IPC: H04L12/725

CPC classification number: H04L45/30 ,  H04L67/16 ,  H04L67/18

Abstract: Presented herein are techniques for dynamic creation of a unique service path for a service chain. In one example, a service controller and a plurality of service nodes are provided, each service node configured to apply a service function to traffic that passes through the respective service node. The service controller defines a service chain identifying a set of service functions and an order in which they are applied. The service controller receives an indication that the service chain has been instantiated at a classifier, and creates a unique service path for the service chain, wherein the unique service path includes the service chain and the classifier at which the service chain is instantiated.

Abstract translation: 这里提出的是用于动态创建服务链的唯一服务路径的技术。 在一个示例中，提供服务控制器和多个服务节点，每个服务节点被配置为将服务功能应用于通过相应服务节点的业务。 服务控制器定义了标识服务功能集合的服务链和应用它们的顺序。 服务控制器接收到在分类器处已经被实例化的服务链的指示，并且为服务链创建唯一的服务路径，其中唯一服务路径包括服务链和实例化服务链的分类器。

公开(公告)号：US20140334295A1

公开(公告)日：2014-11-13

申请号：US13891247

申请日：2013-05-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： James Guichard ,  Paul Quinn ,  Rex Fernando ,  Govind P. Sharma ,  David Ward ,  Hendrikus G.P. Bosch ,  Luyuan Fang

IPC: H04L12/859 ,  H04L12/851

CPC classification number: H04L47/2475 ,  H04L47/2441

Abstract: A plurality of network nodes are deployed in a network, each network node configured to apply a service function to traffic that passes through the respective network nodes. A controller generates information for a service chain that involves application to traffic of one or more service functions at corresponding ones of the plurality of network nodes along a forward path through the one or more network nodes. The controller identifies one or more of the service functions within the service chain that is stateful. When one or more of the service functions of the service chain is stateful, the controller generates information for a reverse path through the one or more service nodes for the one or more stateful service functions. The controller binds a forward chain identifier for the forward path with a reverse chain identifier for the reverse path for the service chain.

Abstract translation: 多个网络节点部署在网络中，每个网络节点被配置为向通过各个网络节点的业务应用服务功能。 控制器生成用于服务链的信息，其涉及通过所述一个或多个网络节点沿着前向路径应用于所述多个网络节点中的对应的一个或多个服务功能的业务。 控制器识别服务链中的一个或多个服务功能是有状态的。 当服务链的一个或多个服务功能是有状态时，控制器通过用于一个或多个有状态服务功能的一个或多个服务节点生成用于反向路径的信息。 控制器将正向路径的前向链标识符与用于服务链的反向路径的反向链标识符绑定。

公开(公告)号：US10728142B2

公开(公告)日：2020-07-28

申请号：US16204464

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  James Guichard ,  Darrin Joseph Miller ,  Carlos M. Pignataro

IPC: H04L12/723 ,  H04L12/725 ,  H04L12/721 ,  H04L12/715 ,  H04L29/08 ,  H04L12/911 ,  H04L29/06

Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.

公开(公告)号：US10609042B2

公开(公告)日：2020-03-31

申请号：US15387123

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Michael E. Lipman ,  Mike Milano ,  David D. Ward ,  James Guichard ,  Leonid Sandler ,  Moshe Kravchik ,  Alena Lifar ,  Darrin Miller

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/08 ,  G06F21/62 ,  H04W12/00

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

公开(公告)号：US20190288923A1

公开(公告)日：2019-09-19

申请号：US16383956

申请日：2019-04-15

Applicant: Cisco Technology, Inc.

Inventor： Nobushige Akiya ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Paul Quinn ,  James Guichard

IPC: H04L12/24

Abstract: In one embodiment, a system and method are disclosed for sending a request and receiving a reply. The request contains a network service header including a flow label field and a target index field. The flow label field contains a set of available flow labels. The target index field includes a value indicating a target node. The reply contains information indicating which of the flow labels can be used to route a packet to each of the next hop nodes downstream from the device that sent the reply. This process can be repeated for other nodes on a path, and other paths in a service topology layer. The information determined by this process can be used to perform other necessary functionalities at the service topology layer.

公开(公告)号：US10158561B2

公开(公告)日：2018-12-18

申请号：US14966737

申请日：2015-12-11

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Yavindra Yadav ,  Michael R. Smith ,  Nagaraj A. Bagepalli

IPC: H04L12/725 ,  H04L12/851 ,  H04L29/06 ,  H04L12/24

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

公开(公告)号：US10015208B2

公开(公告)日：2018-07-03

申请号：US14734164

申请日：2015-06-09

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel G. Wing ,  James Guichard

IPC: G06F13/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L65/1069 ,  H04L63/0281 ,  H04L63/0471 ,  H04L63/166 ,  H04L67/141 ,  H04L67/28

Abstract: A first service node receives a message configured to set up a secure communication session between a client and a server, in which the first service node acts as a proxy. Data packets in the secure communication session are subject to multiple service functions that require decryption of the data packets. A service function chain assigns a service node to each of the service functions. A service header is generated including metadata instructing the service nodes other than the first service node not to act as proxies in the secure communication session. The message and the service header are transmitted to a second service node in the service function chain.

公开(公告)号：US20180013821A1

公开(公告)日：2018-01-11

申请号：US15711235

申请日：2017-09-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08 ,  H04L12/715 ,  H04L12/751

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

公开(公告)号：US20180013638A1

公开(公告)日：2018-01-11

申请号：US15711625

申请日：2017-09-21

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Carlos M. Pignataro ,  David Ward ,  Paul Quinn ,  Surendra Kumar

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/703 ,  H04L29/08 ,  H04L12/723

CPC classification number: H04L41/5009 ,  H04L41/0654 ,  H04L41/0668 ,  H04L41/5038 ,  H04L41/5077 ,  H04L43/0823 ,  H04L43/50 ,  H04L45/28 ,  H04L45/302 ,  H04L45/50 ,  H04L67/10

Abstract: Presented herein are techniques performed in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes the respective network nodes in a service path. At a network node, an indication is received of a failure or degradation of one or more service functions or applications applied to traffic at the network node. Data descriptive of the failure or degradation is generated. A previous service hop network node at which a service function or application was applied to traffic in the service path is determined. The data descriptive of the failure or degradation is communicated to the previous service hop network node.

公开(公告)号：US09826025B2

公开(公告)日：2017-11-21

申请号：US13898932

申请日：2013-05-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08 ,  H04L12/715 ,  H04L12/751

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.