公开(公告)号：US11129023B2

公开(公告)日：2021-09-21

申请号：US16574963

申请日：2019-09-18

Applicant: Cisco Technology Inc.

Inventor： Stefan Olofsson ,  Ijsbrand Wijnands ,  Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04W12/086 ,  H04L29/06 ,  H04W12/37 ,  H04L12/715

Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.

公开(公告)号：US11115387B2

公开(公告)日：2021-09-07

申请号：US16373055

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  Sape Jurrien Mullender ,  David Delano Ward

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/46

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

公开(公告)号：US10904240B2

公开(公告)日：2021-01-26

申请号：US16705652

申请日：2019-12-06

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  David Delano Ward ,  Syed Khalid Raza ,  Sape Jurrien Mullender

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/721

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

公开(公告)号：US10798187B2

公开(公告)日：2020-10-06

申请号：US15627084

申请日：2017-06-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper

IPC: H04L29/08 ,  H04L29/06

Abstract: In one embodiment, secure service chaining can be implemented efficiently for content delivery systems. An orchestrator can determine a service chain for processing a request from a client for content. The orchestrator can determine a capability identifying nodes of the service chain. The orchestrator can then transmit, to the client, a redirect message having the capability, wherein the redirect message redirects the request to a first node of the service chain. The nodes of the service chain can verify the capability and carry out the service chain. Service functions can be applied to the traffic flow associated with delivering the content to the user.

公开(公告)号：US20190356590A1

公开(公告)日：2019-11-21

申请号：US16531549

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L29/08 ,  H04L12/761 ,  H04L29/06 ,  H04L12/717

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US10469379B2

公开(公告)日：2019-11-05

申请号：US15436540

申请日：2017-02-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L12/761 ,  H04L29/08 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US10303450B2

公开(公告)日：2019-05-28

申请号：US15704904

申请日：2017-09-14

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward

IPC: H04L29/08 ,  G06F8/60 ,  G06F8/61

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

公开(公告)号：US20190082004A1

公开(公告)日：2019-03-14

申请号：US15899179

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward ,  Baton Daullxhi ,  Florin Stelian Balus

IPC: H04L29/08 ,  G06F9/50

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

公开(公告)号：US20190079744A1

公开(公告)日：2019-03-14

申请号：US15704904

申请日：2017-09-14

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward

IPC: G06F9/445 ,  H04L29/08

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

公开(公告)号：US20180367621A1

公开(公告)日：2018-12-20

申请号：US15627084

申请日：2017-06-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper

IPC: H04L29/08

Abstract: In one embodiment, secure service chaining can be implemented efficiently for content delivery systems. An orchestrator can determine a service chain for processing a request from a client for content. The orchestrator can determine a capability identifying nodes of the service chain. The orchestrator can then transmit, to the client, a redirect message having the capability, wherein the redirect message redirects the request to a first node of the service chain. The nodes of the service chain can verify the capability and carry out the service chain. Service functions can be applied to the traffic flow associated with delivering the content to the user.