公开(公告)号：US09954774B2

公开(公告)日：2018-04-24

申请号：US15066467

申请日：2016-03-10

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K. Tirumaleswar Reddy ,  Gonzalo Salgueiro ,  James N. Guichard ,  Carlos M. Pignataro

IPC: H04L12/721

CPC classification number: H04L45/566 ,  H04L45/302

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

公开(公告)号：US20170374016A1

公开(公告)日：2017-12-28

申请号：US15191172

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  David McGrew ,  Blake Harrell Anderson ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/721 ,  H04L29/06

CPC classification number: H04L61/1511 ,  H04L47/2433 ,  H04L61/1541 ,  H04L63/0428 ,  H04L67/322 ,  H04L69/22

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

公开(公告)号：US09282040B2

公开(公告)日：2016-03-08

申请号：US14255701

申请日：2014-04-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L12/801 ,  H04L12/911 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L47/10 ,  H04L47/2441 ,  H04L47/70 ,  H04L63/0263 ,  H04L63/10 ,  H04L65/60 ,  H04L65/80 ,  H04L67/10

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

Abstract translation: 现代用户应用程序利用WebRTC，WebEx和Jabber等新型通信技术，允许设备连接和交换包括音频流，视频流和数据流/频道在内的媒体内容。 本公开描述了端口控制协议（PCP）服务器向PCP客户端提供反馈以对网络上的这种媒体内容的传输执行某些策略的机制。 策略可以包括用于为不同类型的媒体流实施差异化服务质量特征的流量处理策略。 另一策略可以包括安全策略，以确保在分组到达另一端点之前通过数据信道从一个端点传送数据文件经由中继元件传播到安全应用。 这些机制对端点是透明的，并且有利地保留这些用户应用的用户体验。

公开(公告)号：US20150249606A1

公开(公告)日：2015-09-03

申请号：US14194348

申请日：2014-02-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L12/801 ,  H04L12/911

CPC classification number: H04L47/10 ,  H04L47/2441 ,  H04L47/70 ,  H04L63/0263 ,  H04L63/10 ,  H04L65/60 ,  H04L65/80 ,  H04L67/10

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

Abstract translation: 现代用户应用程序利用WebRTC，WebEx和Jabber等新型通信技术，允许设备连接和交换包括音频流，视频流和数据流/频道在内的媒体内容。 本公开描述了端口控制协议（PCP）服务器向PCP客户端提供反馈以对网络上的这种媒体内容的传输执行某些策略的机制。 策略可以包括用于为不同类型的媒体流实施差异化服务质量特征的流量处理策略。 另一策略可以包括安全策略，以确保在分组到达另一端点之前通过数据信道从一个端点传送数据文件经由中继元件传播到安全应用。 这些机制对端点是透明的，并且有利地保留这些用户应用的用户体验。

公开(公告)号：US10904149B2

公开(公告)日：2021-01-26

申请号：US16555149

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati ,  K. Tirumaleswar Reddy

IPC: H04L12/24 ,  H04L12/707 ,  H04L12/801 ,  H04L12/911 ,  H04L29/06 ,  H04L12/26

Abstract: In one embodiment, a device in a network receives in-situ operations administration and management (iOAM) data regarding a plurality of traffic flows in the network. The iOAM data comprises entropy values for the plurality of traffic flows. The device receives network topology information indicative of network paths available in the network. The device generates a machine learning-based entropy topology model for the network based on the received iOAM data and the received network topology information. The entropy topology model maps path selection predictions for the network paths with entropy values. The device uses the entropy topology model to cause a particular traffic flow to use a particular network path.

公开(公告)号：US10554614B2

公开(公告)日：2020-02-04

申请号：US15191172

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  David McGrew ,  Blake Harrell Anderson ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L29/06

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

公开(公告)号：US10454828B2

公开(公告)日：2019-10-22

申请号：US15386306

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Rajiv Asati ,  K. Tirumaleswar Reddy

IPC: H04L12/26 ,  H04L12/46 ,  H04L12/733 ,  H04L29/06 ,  H04L12/801 ,  H04L12/911 ,  H04L12/707 ,  H04L12/24

Abstract: In one embodiment, a device in a network receives in-situ operations administration and management (iOAM) data regarding a plurality of traffic flows in the network. The iOAM data comprises entropy values for the plurality of traffic flows. The device receives network topology information indicative of network paths available in the network. The device generates a machine learning-based entropy topology model for the network based on the received iOAM data and the received network topology information. The entropy topology model maps path selection predictions for the network paths with entropy values. The device uses the entropy topology model to cause a particular traffic flow to use a particular network path.

公开(公告)号：US10419446B2

公开(公告)日：2019-09-17

申请号：US15644982

申请日：2017-07-10

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro ,  Puneeth Rao Lokapalli ,  Judith Ying Priest

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/24

Abstract: Managing policies for a chain of administrative domains, from end-to-end, includes receiving, at a network device associated with an administrative domain that is part of a chain of administrative domains provisioning an Internet-based application or an Internet-based service to a network, a root block for a blockchain. The root block is generated by a network device in the network and includes a request for a specific network parameter over a specific time period. The network device associated with the administrative domain appends a first block to the blockchain including the root block to accept the request and configures the administrative domain in accordance with the specific network parameter when an end-to-end path in the chain of administrative domains accepts the request. The network device associated with the administrative domain also generates blockchain transactions that append network status updates to the blockchain during the specific time period.

公开(公告)号：US10305934B2

公开(公告)日：2019-05-28

申请号：US15165032

申请日：2016-05-26

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: A local network element on an enterprise network caches Domain Name System (DNS) responses in association with user identifiers in accordance with a DNS-based access control policy. The network element receives a DNS request from a first endpoint device. The DNS request includes a domain name to resolve. The network element forwards the DNS request to a domain name server along with a first user identifier associated with the first endpoint device. The network element receives a DNS response from the domain name server. The DNS response includes a network address associated with the domain name, as well as the first user identifier and at least one other user identifier. The network element stores the network address in a DNS cache as a cached DNS response for the domain name. The cached DNS response is stored in association with the first user identifier and the other user identifier(s).

公开(公告)号：US20190109717A1

公开(公告)日：2019-04-11

申请号：US15728208

申请日：2017-10-09

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Puneeth Rao Lokapalli ,  Carlos M. Pignataro

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06

Abstract: In an example embodiment, a validating peer of a plurality of validating peers in a blockchain network receives, from a non-validating peer, a request to create a root block of a blockchain. The root block includes information related to a potential computer security threat. The validating peer creates the root block with a root block pending validation status. The validating peer shares, with other validating peers of the plurality of validating peers, a notification of the root block with the root block pending validation status to provide an indication of the information. The validating peer determines whether the information is authentic. If the information is determined to be authentic, the validating peer changes the root block pending validation status to a root block authenticated validation status and shares, with the other validating peers, a notification of the root block authenticated validation status to indicate that the information is authentic.