公开(公告)号：US11677650B2

公开(公告)日：2023-06-13

申请号：US17487100

申请日：2021-09-28

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Andrew Zawadowskiy

IPC: G06F15/173 ,  H04L43/0882 ,  H04L43/0811 ,  H04L43/062 ,  H04L41/22 ,  H04L67/1023 ,  H04L67/1008 ,  H04L67/561 ,  G06F15/16

CPC classification number: H04L43/0882 ,  H04L41/22 ,  H04L43/062 ,  H04L43/0811 ,  H04L67/1008 ,  H04L67/1023 ,  H04L67/561

Abstract: In one embodiment, a monitoring engine obtains mesh flow data for traffic flows between nodes in a service mesh. The monitoring engine associates the mesh flow data with network traffic between an endpoint device and an edge of the service mesh. The monitoring engine identifies, based on the mesh flow data, a particular container workload associated with the traffic flows. The monitoring engine provides an indication that the particular container workload is associated with the network traffic between the endpoint device and the edge of the service mesh.

公开(公告)号：US20230137181A1

公开(公告)日：2023-05-04

申请号：US18148276

申请日：2022-12-29

Applicant: Cisco Technology, Inc.

Inventor： Dominik Rene Tornow ,  Urmil Vijay Dave ,  Kyle Andrew Donald Mestery ,  Ian Wells

IPC: H04L67/1097

Abstract: Systems, methods, and computer-readable media are provided for reusing execution environments and code of serverless functions while ensuring isolation in serverless computing environments. In some examples, a method can include, in response to a first request to run a serverless function, executing, at an execution environment on a network, computer-readable code configured to perform the serverless function; after the computer-readable code has executed, modifying a pointer to an area of memory used to store a first state of the serverless function to reference a different area of memory; in response to a second request to run the serverless function, reusing, at the execution environment, the computer-readable code to perform the serverless function; and based on the pointer referencing the different area of memory, using the different area of memory to store a second state of the serverless function.

公开(公告)号：US20230081782A1

公开(公告)日：2023-03-16

申请号：US17719921

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L45/00 ,  H04L45/42 ,  H04L61/103 ,  H04L12/46

Abstract: Techniques for tunneling Layer 2 ethernet frames over a connection tunnel using the MASQUE protocol are described herein. The MASQUE protocol may be extended to include a new entity, configured to proxy ethernet frames using a MASQUE proxy connection, and an associated CONNECT method, CONNECT-ETH. Using the extended MASQUE protocol, an Ethernet over MASQUE (EoMASQUE) tunnel may then be established between various networks that are remote from one another and connected to the internet. An EoMASQUE tunnel, established between separate remote client premises, and/or between a remote client premise and an enterprise premise, may tunnel ethernet packets between the endpoints. Additionally, a first EoMASQUE tunnel, established between a first client router provisioned in a first remote client premise and an EoMASQUE proxy node, and a second EoMASQUE tunnel, established between a second client premise and the EoMASQUE proxy node, may tunnel ethernet packets between the first and second client premise.

公开(公告)号：US11588749B2

公开(公告)日：2023-02-21

申请号：US16875524

申请日：2020-05-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Andree Toonk ,  Rahim Lalani ,  Ian James Wells

IPC: H04L47/726 ,  H04L45/42 ,  H04L47/78 ,  H04L47/80 ,  H04L9/40 ,  H04L67/1097 ,  H04L45/7453 ,  H04L45/12 ,  H04L47/125 ,  H04L67/10 ,  H04L67/1027 ,  H04L67/146

Abstract: Techniques for load balancing communication sessions in a networked computing environment are described herein. The techniques may include establishing a first communication session between a client device and a first computing resource of a networked computing environment. Additionally, the techniques may include storing, in a data store, data indicating that the first communication session is associated with the first computing resource. The techniques may further include receiving, at a second computing resource of the networked computing environment, traffic associated with a second communication session that was sent by the client device, and based at least in part on accessing the data stored in the data store, establishing a traffic redirect such that the traffic and additional traffic associated with the second communication session is sent from the second computing resource to the first computing resource.

公开(公告)号：US20230019374A1

公开(公告)日：2023-01-19

申请号：US17951896

申请日：2022-09-23

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: H04L12/46 ,  H04L41/12 ,  H04L9/40

Abstract: Techniques for detecting inactive peers of a tunneled communication session, while allowing for a scalable tunneled protocol that includes split control plane nodes and data plane nodes are described herein. A method according to a technique described herein may include establishing a communication session between a first node and a second node in a network such that control plane traffic of the communication session flows through one or more control nodes and data plane traffic of the communication session flows through one or more data nodes different than the one or more control nodes. The method may also include receiving, at a control node, an indication from a data node that a probe message is to be generated. The probe message may be configured to determine data plane connectivity in the communication session. Additionally, the control node may generate the probe message and send it to the first node.

公开(公告)号：US20220413975A1

公开(公告)日：2022-12-29

申请号：US17902677

申请日：2022-09-02

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58 ,  H04L101/00

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US20220385575A1

公开(公告)日：2022-12-01

申请号：US17486546

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Jon Langemak ,  Christopher Blair Murray ,  Kyle Andrew Donald Mestery

IPC: H04L12/741 ,  H04L12/715 ,  H04L12/717 ,  H04L12/713 ,  H04L12/46

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20220385564A1

公开(公告)日：2022-12-01

申请号：US17486687

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Jon Langemak ,  Christopher Blair Murray ,  Kyle Andrew Donald Mestery

IPC: H04L12/715 ,  H04L12/723 ,  H04L12/749

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20220385563A1

公开(公告)日：2022-12-01

申请号：US17486349

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Rahim Lalani ,  Christopher Blair Murray ,  Jon Langemak ,  Kyle Andrew Donald Mestery ,  Alvin Wong

IPC: H04L45/00 ,  H04L67/51 ,  H04L45/30 ,  H04L41/0853

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US11436111B2

公开(公告)日：2022-09-06

申请号：US16592613

申请日：2019-10-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.