公开(公告)号：US20180241671A1

公开(公告)日：2018-08-23

申请号：US15436540

申请日：2017-02-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US20170359252A1

公开(公告)日：2017-12-14

申请号：US15177021

申请日：2016-06-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Jeffrey Napper ,  Burjiz Pithawala

IPC: H04L12/721 ,  H04L29/12 ,  H04L29/06 ,  H04L12/70

CPC classification number: H04L12/4633 ,  H04L45/306 ,  H04L45/64 ,  H04L61/2503 ,  H04L69/22 ,  H04L2012/5625

Abstract: A method is provided in one example embodiment and includes receiving at a network element an encapsulated packet including an encapsulation header, in which the encapsulation header includes an Analytics Proxy Function (“APF”) flag; determining whether the APF flag is set to a first value; if the APF flag is set to the first value, forwarding the encapsulated packet to a local APF instance associated with the network element, in which the encapsulated packet is processed by the local APF instance to replicate at least a portion of the encapsulated packet, construct a record of the encapsulated packet, or both; and if the APF flag is not set to the first value, omitting forwarding the encapsulated packet to the local APF instance associated with the network element. The local APF instance is implemented as a service function anchored at the forwarding element.

公开(公告)号：US09525703B2

公开(公告)日：2016-12-20

申请号：US14521856

申请日：2014-10-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

公开(公告)号：US09426176B2

公开(公告)日：2016-08-23

申请号：US14520118

申请日：2014-10-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

公开(公告)号：US20150365323A1

公开(公告)日：2015-12-17

申请号：US14301767

申请日：2014-06-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Jeffrey Napper

IPC: H04L12/741 ,  H04L12/851 ,  H04L12/801

CPC classification number: H04L45/745 ,  H04L47/18 ,  H04L47/2441

Abstract: An example method for distributed network address and port translation (NAPT) for migrating flows between service chains in a network environment is provided and includes distributing translation state for a flow traversing the network across a plurality of NAPT service nodes in the network, with packets belonging to the flow being translated according to the translation state, associating the flow with a first service chain at a flow classifier in the network, and updating the association when the flow migrates from the first service chain to a second service chain, with packets belonging to the migrated flow also being translated according to the translation state. The method may be executed at a pool manager in the network. In specific embodiments, the pool manager may include a distributed storage located across the plurality of NAPT service nodes.

Abstract translation: 提供了一种用于在网络环境中的服务链之间迁移流的分布式网络地址和端口转换（NAPT）的示例方法，并且包括：跨越网络中的多个NAPT服务节点的跨流过的流的分发转换状态，分组属于 根据所述翻译状态对所述流进行翻译，将所述流与所述网络中的流分类器处的第一服务链相关联，以及当所述流从所述第一服务链迁移到第二服务链时更新所述关联，其中分组属于 迁移流也根据翻译状态进行翻译。 该方法可以在网络中的池管理器处执行。 在具体实施例中，池管理器可以包括跨越多个NAPT服务节点的分布式存储器。

公开(公告)号：US20150365322A1

公开(公告)日：2015-12-17

申请号：US14304043

申请日：2014-06-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Kevin D. Shatzkamer ,  James N. Guichard ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Jeffrey Napper

IPC: H04L12/741 ,  H04L12/851 ,  H04L12/721

CPC classification number: H04L45/74 ,  H04L45/306 ,  H04L45/38 ,  H04L47/2441 ,  H04L47/2483

Abstract: A method provided in one embodiment includes receiving a first data packet of a data flow at a first classifier in which the first data packet includes a first identifier. The method further includes determining a second classifier associated with the first identifier in which the second classifier is further associated with at least one service chain of a service chain environment. The method still further includes forwarding the first data packet to the second classifier. The second classifier is configured to receive the first data packet, determine a particular service chain of the at least one service chain to which the first data packet is to be forwarded, and forward the first data packet to the particular service chain.

Abstract translation: 在一个实施例中提供的方法包括在第一分类器处接收数据流的第一数据分组，其中第一数据分组包括第一标识符。 该方法还包括确定与第一标识符相关联的第二分类器，其中第二分类器进一步与服务链环境的至少一个服务链相关联。 该方法还包括将第一数据分组转发到第二分类器。 第二分类器被配置为接收第一数据分组，确定要转发第一数据分组的至少一个服务链的特定服务链，并将第一数据分组转发到特定服务链。

公开(公告)号：US20150271204A1

公开(公告)日：2015-09-24

申请号：US14520118

申请日：2014-10-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

公开(公告)号：US20240298180A1

公开(公告)日：2024-09-05

申请号：US18661055

申请日：2024-05-10

Applicant: Cisco Technology, Inc.

Inventor： Stefan Olofsson ,  Ijsbrand Wijnands ,  Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04W12/086 ,  H04L9/40 ,  H04L45/64 ,  H04W12/37

CPC classification number: H04W12/086 ,  H04L63/0272 ,  H04L63/20 ,  H04W12/37 ,  H04L45/64

Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.

公开(公告)号：US20210392492A1

公开(公告)日：2021-12-16

申请号：US16901248

申请日：2020-06-15

Applicant: Cisco Technology Inc.

Inventor： Jeffrey Napper ,  Alessandro Duminuco ,  Hendrikus G.P. (Peter) Bosch

IPC: H04W12/00 ,  H04L29/06 ,  H04L9/32 ,  H04W76/12

Abstract: The present disclosure is directed to systems and methods for clientless virtual private network (VPN) roaming with 802.1x authentication and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more components to perform operations including, receiving, at a local proxy, an 802.1x communication including authentication information from a remote device wirelessly connected to a visited network, wherein the remote device requests access to an enterprise network; authenticating the remote device with the enterprise network using the authentication information; establishing an encrypted tunnel between the visited network and the enterprise network; and transmitting data between the remote device and the enterprise network through the encrypted tunnel.

公开(公告)号：US20210369309A1

公开(公告)日：2021-12-02

申请号：US17403676

申请日：2021-08-16

Applicant: Cisco Technology Inc.

Inventor： Stefan Olofsson ,  Ijsbrand Wijnands ,  Hendrikus G.P. Bosch ,  Jeffrey Napper ,  Anubhav Gupta

IPC: A61B17/72 ,  A61B17/86 ,  A61B17/92

Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.