公开(公告)号：US20240129378A1

公开(公告)日：2024-04-18

申请号：US18542094

申请日：2023-12-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L67/561 ,  H04L9/40 ,  H04L12/46 ,  H04L45/00 ,  H04L45/42 ,  H04L61/103 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/141 ,  H04L67/562

CPC classification number: H04L67/561 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/42 ,  H04L45/66 ,  H04L61/103 ,  H04L61/4511 ,  H04L63/0236 ,  H04L63/0281 ,  H04L63/029 ,  H04L63/0435 ,  H04L67/02 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/141 ,  H04L67/562

Abstract: Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.

公开(公告)号：US20240121300A1

公开(公告)日：2024-04-11

申请号：US18529802

申请日：2023-12-05

Applicant: Cisco Technology, Inc.

Inventor： Dominik Rene Tornow ,  Urmil Vijay Dave ,  Kyle Andrew Donald Mestery ,  Ian Wells

IPC: H04L67/1097

CPC classification number: H04L67/1097 ,  G05B2219/23428 ,  G05B2219/34299

Abstract: Systems, methods, and computer-readable media are provided for reusing execution environments and code of serverless functions while ensuring isolation in serverless computing environments. In some examples, a method can include, in response to a first request to run a serverless function, executing, at an execution environment on a network, computer-readable code configured to perform the serverless function; after the computer-readable code has executed, modifying a pointer to an area of memory used to store a first state of the serverless function to reference a different area of memory; in response to a second request to run the serverless function, reusing, at the execution environment, the computer-readable code to perform the serverless function; and based on the pointer referencing the different area of memory, using the different area of memory to store a second state of the serverless function.

公开(公告)号：US11928514B2

公开(公告)日：2024-03-12

申请号：US16518242

申请日：2019-07-22

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian Wells ,  David Delano Ward

IPC: H04L67/53 ,  G06F9/50 ,  H04L43/16 ,  H04L67/1008 ,  H04L67/1031

CPC classification number: G06F9/505 ,  H04L67/53 ,  H04L43/16 ,  H04L67/1008 ,  H04L67/1031

Abstract: A method includes receiving a DNS request, notifying a serverless orchestrator system of data associated with the DNS request, provisioning a function on a serverless function node based on the DNS request, notifying a load balancer regarding the serverless function node, providing a response to the DNS request and routing an API request associated with the DNS request to the serverless function node.

公开(公告)号：US11924299B2

公开(公告)日：2024-03-05

申请号：US17719829

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L67/561 ,  H04L9/40 ,  H04L12/46 ,  H04L45/00 ,  H04L45/42 ,  H04L61/103 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/141 ,  H04L67/562

CPC classification number: H04L67/561 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/42 ,  H04L45/66 ,  H04L61/103 ,  H04L61/4511 ,  H04L63/0236 ,  H04L63/0281 ,  H04L63/029 ,  H04L63/0435 ,  H04L67/02 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/141 ,  H04L67/562

Abstract: Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.

公开(公告)号：US11765083B2

公开(公告)日：2023-09-19

申请号：US17486349

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Rahim Lalani ,  Christopher Blair Murray ,  Jon Langemak ,  Kyle Andrew Donald Mestery ,  Alvin Wong

IPC: H04L67/51 ,  H04L41/0853 ,  H04L45/30 ,  H04L45/74 ,  H04L12/46 ,  H04L45/02 ,  H04L45/50 ,  H04L45/741 ,  H04L45/00 ,  H04L45/42 ,  H04L45/586 ,  H04L45/745 ,  H04L41/0816

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L41/0816 ,  H04L41/0853 ,  H04L45/02 ,  H04L45/04 ,  H04L45/22 ,  H04L45/30 ,  H04L45/42 ,  H04L45/50 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L67/51

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20230291683A1

公开(公告)日：2023-09-14

申请号：US18198437

申请日：2023-05-17

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Rahim Lalani

IPC: H04L45/00 ,  H04L45/02 ,  H04L45/24 ,  H04L45/42

CPC classification number: H04L45/566 ,  H04L45/02 ,  H04L45/22 ,  H04L45/24 ,  H04L45/42

Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.

公开(公告)号：US20230275845A1

公开(公告)日：2023-08-31

申请号：US18111075

申请日：2023-02-17

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Andree Toonk ,  Rahim Lalani ,  Ian James Wells

IPC: H04L47/726 ,  H04L45/42 ,  H04L47/78 ,  H04L47/80 ,  H04L9/40 ,  H04L67/1097

CPC classification number: H04L47/726 ,  H04L45/42 ,  H04L47/781 ,  H04L47/801 ,  H04L63/166 ,  H04L67/1097

Abstract: Techniques for load balancing communication sessions in a networked computing environment are described herein. The techniques may include establishing a first communication session between a client device and a first computing resource of a networked computing environment. Additionally, the techniques may include storing, in a data store, data indicating that the first communication session is associated with the first computing resource. The techniques may further include receiving, at a second computing resource of the networked computing environment, traffic associated with a second communication session that was sent by the client device, and based at least in part on accessing the data stored in the data store, establishing a traffic redirect such that the traffic and additional traffic associated with the second communication session is sent from the second computing resource to the first computing resource.

公开(公告)号：US20230275837A1

公开(公告)日：2023-08-31

申请号：US17681079

申请日：2022-02-25

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Doron Levari

IPC: H04L47/12 ,  H04L67/141 ,  H04L67/148

CPC classification number: H04L47/12 ,  H04L67/141 ,  H04L67/148

Abstract: Techniques for scaling additional capacity for secure access solutions and other workloads of enterprise edge networks in and out of a cloud-computing network based on demand. The techniques may include determining that a capacity associated with a secure access node of an enterprise edge network meets or exceeds a threshold capacity. Based at least in part on the capacity meeting or exceeding the threshold capacity, the techniques may include causing a facsimile of the secure access node to be spun up on a cloud-computing network that is remote from the enterprise edge network. In this way, new connection requests received from client devices can be redirected to the facsimile of the secure access node. Additionally, or alternatively, one or more existing connections between client devices and the secure access node may be migrated to the facsimile of the secure access node in the cloud.

公开(公告)号：US20230269228A1

公开(公告)日：2023-08-24

申请号：US17585204

申请日：2022-01-26

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Mark A. Bakke ,  William Mark Townsley

IPC: H04L9/40 ,  H04L45/00 ,  H04L45/42

CPC classification number: H04L63/0263 ,  H04L45/38 ,  H04L45/42 ,  H04L63/0236

Abstract: The present disclosure is directed to managing network traffic in a cloud-based secure access service. In one aspect, a method includes determining, by a controller of a cloud-based secure access service, that data packets from a user device should be dropped, a plurality of user devices, including the user device, being remotely connected to the controller for access to the cloud-based secure access service; determining, by the controller, a type of remote connection through which the user device is connected to the controller, each type of remote connection having a corresponding communication prototype; and transmitting a message, by the controller, to the user device, over a control protocol corresponding to the type of remote connection through which the user device is connected to the controller, the message providing a signal to the user device to drop packets at the user device prior to sending the packets to the controller.

公开(公告)号：US20230221946A1

公开(公告)日：2023-07-13

申请号：US18114708

申请日：2023-02-27

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: G06F8/65 ,  H04L67/52

CPC classification number: G06F8/65 ,  H04L67/52

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.