公开(公告)号：US20190245791A1

公开(公告)日：2019-08-08

申请号：US16384464

申请日：2019-04-15

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/813 ,  H04L12/859 ,  H04L12/24 ,  H04L12/851

CPC classification number: H04L47/20 ,  H04L41/5051 ,  H04L47/2441 ,  H04L47/2475

Abstract: Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.

公开(公告)号：US20180026911A1

公开(公告)日：2018-01-25

申请号：US15219105

申请日：2016-07-25

Applicant: Cisco Technology, Inc.

Inventor： Paul Anholt ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L12/927 ,  H04L29/06 ,  H04L12/26 ,  H04L12/46

CPC classification number: H04L12/4641 ,  H04L41/0896 ,  H04L41/5003 ,  H04L69/22

Abstract: Disclosed is a system and method of providing a system for managing resource utilization for a service function chain. A method includes receiving, from a virtual network function operating in a container within a service function chain, and at a container orchestration layer, resource usage data. The method includes determining whether the resource usage data has surpassed a threshold to yield a determination. When the determination indicates that the threshold is met, the method includes migrating the container to a new location within a network. The order of services in a service function chain can remain the same in the migrating but the virtual service functions can move to other virtual or physical locations.

公开(公告)号：US20180026893A1

公开(公告)日：2018-01-25

申请号：US15215499

申请日：2016-07-20

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/813 ,  H04L12/859 ,  H04L12/24 ,  H04L12/851

CPC classification number: H04L47/20 ,  H04L41/5051 ,  H04L47/2441 ,  H04L47/2475

Abstract: Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow.

公开(公告)号：US20170373990A1

公开(公告)日：2017-12-28

申请号：US15190641

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L12/935 ,  H04L29/06

CPC classification number: H04L69/22 ,  H04L45/306 ,  H04L45/38 ,  H04L45/64

Abstract: A packet is received at a device configured to provide a service function within a network service chain. A network overlay and/or segmentation identifier is extracted from a header of the packet. The service function is applied to the packet according to policies specific to a network overlay and/or segmentation identified in the network overlay and/or segmentation identifier.

公开(公告)号：US12052229B2

公开(公告)日：2024-07-30

申请号：US17389708

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk

IPC: H04L29/06 ,  H04L9/40 ,  H04L69/324 ,  H04L9/30 ,  H04L29/12

CPC classification number: H04L63/0471 ,  H04L63/02 ,  H04L63/029 ,  H04L69/324

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

公开(公告)号：US11575580B2

公开(公告)日：2023-02-07

申请号：US17335798

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Sridar Kandaswamy

IPC: H04L41/12 ,  H04L67/1001

Abstract: Techniques are described herein for generating network topologies based on models, and deploying the network topologies across hybrid clouds and other computing environments that include multiple workload resource domains. A topology deployment system may receive data representing a logical topology model, and may generate a network topology for deployment based on the logical model. The network topology may include various services and/or other resources provided by different tenants in the computing environment, and tenant may be associated with different set of resources and deployment constraints. The topology deployment system may determine and generate the network topology to use the various resources and comply with various deployment constraints of the different tenants providing the services, and the tenants consuming the network topology.

公开(公告)号：US20230036547A1

公开(公告)日：2023-02-02

申请号：US17390229

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： David M. Hanes ,  Gonzalo Salgueiro ,  Robert Edgar Barton ,  Sebastian Jeuk

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media are provided for dynamic allocation of network security resources and measures to network traffic between end terminals on a network and a network destination, based in part on an independently sourced reputation score of the network destination. In one aspect, a method includes receiving, at a cloud network controller, a request from an end terminal for information on a network destination; determining, at the cloud network controller, a reputation score for the network destination; determining, at the cloud network controller, one or more security measures to be applied when accessing the network destination, based on the reputation score; and communicating, by the cloud network controller, the one or more security measures to the end terminal, wherein the end terminal communicates the one or more security measures to a third-party security service provider for applying to communications between the end terminal and the network destination.

公开(公告)号：US20230032585A1

公开(公告)日：2023-02-02

申请号：US17390527

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Sridar Kandaswamy ,  Gonzalo Salgueiro

IPC: H04L29/08 ,  H04L12/24 ,  G06N20/00

Abstract: Techniques are described herein for generating and deploying network topologies to implement machine learning systems. A topology deployment system may receive data representing a logical model corresponding to a machine learning system, and may analyze the machine learning system to determine various components and attributes of the machine learning system to be deployed. Based on the components and attributes of the machine learning system, the topology deployment system may select target resources and determine constraints for the deployment of the machine learning system. A corresponding network topology may be generated and deployed across one or a combination of workload resource domains. The topology deployment system also may monitor and update the deployed network topology, based on performance metrics of the machine learning system and/or the current status of the system in a machine learning pipeline.

公开(公告)号：US20220407689A1

公开(公告)日：2022-12-22

申请号：US17349816

申请日：2021-06-16

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk

IPC: H04L9/08 ,  H04L9/06

Abstract: This disclosure describes techniques for exchanging keys associated with encrypted media sessions using blockchains. In an example method, one or more encrypted frames are generated by encrypting one or more media frames based on an encryption key. Data indicating a ledger in a blockchain is transmitted to one or more computing devices. The ledger includes a decryption key configured to decrypt the one or more encrypted frames. Data packets are generated by packetizing the one or more encrypted frames. The data packets are transmitted to the one or more computing devices.

公开(公告)号：US11424989B2

公开(公告)日：2022-08-23

申请号：US16901558

申请日：2020-06-15

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Sridar Kandaswamy

IPC: H04L41/12 ,  G06N20/00 ,  H04L47/70 ,  H04L41/16

Abstract: Techniques are described herein for deploying, monitoring, and modifying network topologies comprising various computing and network nodes deployed across multiple workload resource domains. A deployment system may receive operational data from a network topology deployed across multiple workload resource domains, such as public or private cloud computing environments, on-premise data centers, and the like. The operational data may be provided to a trained machine-learning model, and output from the trained model may be used, along with constraint inputs and resource inventories of the workload resource domains, to determine updated topology models which may be deployed within the workload resource domains.