公开(公告)号：US11489769B2

公开(公告)日：2022-11-01

申请号：US16400386

申请日：2019-05-01

Applicant: Cisco Technology, Inc.

Inventor： Om Prakash Suthar ,  Arghya Mukherjee ,  Aeneas Dodd-Noble ,  Carlos M. Pignataro

IPC: H04L45/00 ,  H04L12/46 ,  H04W8/18 ,  H04L43/0876 ,  H04L67/141

Abstract: Techniques associated with localizing data traffic for a time sensitive network within a virtualized radio access network are provided. In one embodiment, a method includes determining that a user equipment (UE) is associated with a time sensitive network; and localizing data traffic for the UE within a virtualized radio access network based on determining that the data traffic for the UE can be localized at one centralized user plane component of the virtualized radio access network for the time sensitive network. The data traffic can be Layer-2 data traffic or unstructured data traffic.

公开(公告)号：US20220294806A1

公开(公告)日：2022-09-15

申请号：US17832159

申请日：2022-06-03

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Ismail Sheriff

IPC: H04L9/40 ,  H04L9/32 ,  H04L45/00

Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.

公开(公告)号：US11431617B2

公开(公告)日：2022-08-30

申请号：US15930803

申请日：2020-05-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Reshad Rahman ,  Pascal Thubert

IPC: G06F15/16 ,  H04L45/00 ,  H04L43/10

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

公开(公告)号：US20220272006A1

公开(公告)日：2022-08-25

申请号：US17183664

申请日：2021-02-24

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Nagendra Kumar Nainar ,  Hazim Hashim Dahir ,  Carlos M. Pignataro ,  Rajesh Indira Viswambharan

IPC: H04L12/24 ,  H04L12/42

Abstract: According to one or more embodiments of the disclosure, a particular networking device located in a ring of networking devices of a network receives an indication from a supervisory service that the particular networking device has been designated a ring manager for the ring of networking devices. The particular networking device determines that the supervisory service is unreachable by the ring of networking devices. The particular networking device obtains telemetry data regarding a new device connected to the ring of networking devices. The particular networking device onboards, based on the telemetry data, the new device to the network, when the supervisory service is unreachable by the ring of networking devices.

公开(公告)号：US20220255913A1

公开(公告)日：2022-08-11

申请号：US17178234

申请日：2021-02-17

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L29/06 ,  G06F21/31

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.

公开(公告)号：US20220247757A1

公开(公告)日：2022-08-04

申请号：US17728333

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L9/40 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US11368386B2

公开(公告)日：2022-06-21

申请号：US17104146

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Joseph Michael Clarke

IPC: G06F15/16 ,  H04L45/02 ,  G06F11/30 ,  G06F11/34 ,  G06F11/10 ,  H04L45/021 ,  H04L45/64 ,  G06F11/07 ,  H04L45/74

Abstract: A network device receives a data packet including a source address and a destination address. The network device drops the data packet before it reaches the destination address and generates an error message indicating that the data packet has been dropped. The network device encapsulates the error message with a segment routing header comprising a list of segments. The first segment of the list of segments in the segment routing header identifies a remote server, and at least one additional segment is an instruction for handling the error message. The network device sends the encapsulated error message to the remote server based on the first segment of the segment routing header.

公开(公告)号：US20220158937A1

公开(公告)日：2022-05-19

申请号：US17592215

申请日：2022-02-03

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali

IPC: H04L45/50 ,  H04L45/02 ,  H04L43/50 ,  H04L43/10 ,  H04L45/42

Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.

公开(公告)号：US11321337B2

公开(公告)日：2022-05-03

申请号：US16203725

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Antonio Nucci ,  Ahmed Khattab ,  Carlos M. Pignataro ,  Ravi K. Papisetti ,  Prasad Potipireddi ,  Richard M. Plane

IPC: G06F16/25 ,  G06F16/21 ,  G06F21/62 ,  G06F16/2458 ,  G06F16/383 ,  G06F16/2457

Abstract: A Services Delivery Platform (SDP) architecture is provided that is configured to onboard new data sets into an SDP data lake. The SDP enables the crowdsourcing of data on-boarding by configuring this process into an interactive, intuitive, step-by-step guided workflow while governing/controlling key functions like verification, acceptance and execution.

公开(公告)号：US20210328915A1

公开(公告)日：2021-10-21

申请号：US16852932

申请日：2020-04-20

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali

IPC: H04L12/723 ,  H04L12/751 ,  H04L12/717 ,  H04L12/26

Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.