公开(公告)号：US20160357587A1

公开(公告)日：2016-12-08

申请号：US15152163

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Anubhav Gupta ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Shih-Chun Chang ,  Hai Trong Vu

IPC: G06F9/455 ,  H04L12/723 ,  H04L12/26

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

Abstract translation: 用于为网络流注释流程和用户信息的系统，方法和计算机可读介质。 在一些实施例中，在网络中的第一设备上执行的捕获代理可以监视与第一设备相关联的网络流。 第一设备可以是例如虚拟机，管理程序，服务器或网络设备。 接下来，捕获代理可以基于网络流生成控制流。 控制流可以包括描述网络流的元数据。 然后，捕获代理可以确定在第一设备上执行的哪个进程与网络流程相关联，并用该信息标记控制流。 最后，捕获代理可以将标记的控制流传送到网络中的第二设备，例如收集器。

公开(公告)号：US20160315811A1

公开(公告)日：2016-10-27

申请号：US15199752

申请日：2016-06-30

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Sameer Merchant ,  Pirabhu Raman ,  Amit Jain

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/0806 ,  H04L41/0889 ,  H04L41/12 ,  H04L41/5048 ,  H04L41/5054 ,  H04L43/045 ,  H04L45/54 ,  H04L45/586 ,  H04L45/7453 ,  H04L47/125 ,  H04L47/21

Abstract: An administrator can define or modify one or more service graphs. Next, the administrator can register service appliances along with their device package files with a controller. Then, the controller can establish the capabilities of the service devices, and classify the service devices as legacy or service tag switching (STS) capable devices. Then, the controller can create one or more instances of the service graph, by populating the service nodes into the service graph. Then, the application owner can attach their endpoint groups (EPGs) to the service graphs created by the administrator. Then, a service in the network can be automatically provisioned using the service graph to configure one or more nodes in an associated service chain of the service according to information in the service graph.

公开(公告)号：US09270560B2

公开(公告)日：2016-02-23

申请号：US14175284

申请日：2014-02-07

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Atul Mahamuni

IPC: G06F15/173 ,  H04L12/26

CPC classification number: H04L43/0876 ,  H04L43/04 ,  H04L43/08 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/16 ,  H04L43/18

Abstract: Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.

Abstract translation: 提供技术以便于监控公用应用业务流。 在用于实用设备路由实用程序应用程序流量的网络设备上，接收控制信息，其中控制信息被配置为使得网络设备监视通过网络设备的应用程序流量。 网络设备基于控制信息监视插入到应用程序业务消息中的报头。

公开(公告)号：US09178812B2

公开(公告)日：2015-11-03

申请号：US13910179

申请日：2013-06-05

Applicant: Cisco Technology, Inc.

Inventor： James Guichard ,  Paul Quinn ,  David Ward ,  Surendra Kumar ,  Nagaraj A. Bagepalli ,  Michael R. Smith ,  Navindra Yadav

IPC: H04L12/721 ,  H04L12/725

CPC classification number: H04L45/566 ,  H04L45/306 ,  H04L69/22

Abstract: Presented herein are techniques useful in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes through the respective network nodes. A network node receives packets encapsulated in a service header that includes information defining a variable set of context headers stacked into an association of metadata that is relevant to one or more service functions within a service path comprised of one or more network nodes. The network node interprets a forwarding state and a next-hop network node for the service path from the service header, and determines a service action or associated metadata from the set of context headers.

Abstract translation: 这里呈现的是在网络中有用的技术，其包括多个网络节点，每个网络节点被配置为将一个或多个服务功能应用于通过各个网络节点的业务。 网络节点接收封装在服务头部中的分组，该分组包括定义一组上下文标题的信息，这些信息堆叠成与由一个或多个网络节点组成的服务路径内的一个或多个服务功能相关的元数据关联。 网络节点从服务头解释用于服务路径的转发状态和下一跳网络节点，并且从上下文头集合中确定服务动作或相关联的元数据。

公开(公告)号：US09160552B2

公开(公告)日：2015-10-13

申请号：US14168487

申请日：2014-01-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jeffrey D. Taft ,  Navindra Yadav

IPC: H04L12/18 ,  H04L12/933 ,  H04L12/931 ,  H04L12/761

CPC classification number: H04L12/1863 ,  H04L12/1836 ,  H04L12/185 ,  H04L45/16 ,  H04L49/15 ,  H04L49/35 ,  H04L67/125 ,  H04L69/22

Abstract: A method is provided in one example embodiment and includes receiving a request for a service that involves phasor measurement unit (PMU) data; identifying a service device in a network to perform the service; and multicasting one or more results of the service to a group of subscribers identified by a multicast group address. In more particular embodiments, particular PMU data is redirected to the service device via a service insertion architecture (SIA) protocol. In addition, the service can include replicating packets and masking a subset of traffic for forwarding to a first hop router of the network. In certain example instances, metadata is used in order to apply the service to certain traffic propagating in the network.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括接收对涉及相量测量单元（PMU）数据的服务的请求; 识别网络中的服务设备来执行所述服务; 以及将一个或多个服务结果多播到由多播组地址标识的一组订户。 在更具体的实施例中，特定PMU数据经由服务插入架构（SIA）协议被重定向到服务设备。 此外，该服务可以包括复制分组并且掩蔽用于转发到网络的第一跳路由器的流量子集。 在某些示例实例中，使用元数据来将服务应用于在网络中传播的某些流量。

公开(公告)号：US20150124817A1

公开(公告)日：2015-05-07

申请号：US14301239

申请日：2014-06-10

Applicant: Cisco Technology, Inc.

Inventor： Sameer Merchant ,  Thomas James Edsall ,  Navindra Yadav

IPC: H04L12/741

CPC classification number: H04L45/74 ,  H04L61/103

Abstract: Disclosed herein are methods of forwarding data over an IP network. The methods may include receiving a packet from a source host connected to the IP network, identifying the IP address of a destination host designated in the packet, determining the location on the IP network where the destination host designated by the packet is connected, without reference to the MAC address specified in the packet, by using location-identification information stored on the IP network, and forwarding the packet to the location on the IP network where the destination host is connected without reference to the MAC address specified in the packet. Also disclosed herein are related network devices implementing such techniques and operations, as well as IP networks which include such network devices.

Abstract translation: 这里公开的是通过IP网络转发数据的方法。 所述方法可以包括从连接到IP网络的源主机接收分组，识别在分组中指定的目的地主机的IP地址，确定IP分组上指定的目的地主机连接的IP网络上的位置，而不参考 通过使用存储在IP网络上的位置识别信息，将分组转发到目的地主机连接的IP网络上的位置，而不参考分组中指定的MAC地址，来分配给分组中指定的MAC地址。 本文还公开了实现这种技术和操作的相关网络设备以及包括这种网络设备的IP网络。

公开(公告)号：US20150124645A1

公开(公告)日：2015-05-07

申请号：US14486828

申请日：2014-09-15

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Sameer Merchant ,  Pirabhu Raman ,  Amit Jain

IPC: H04L12/24

CPC classification number: H04L41/0806 ,  H04L41/0889 ,  H04L41/12 ,  H04L41/5048 ,  H04L41/5054 ,  H04L43/045 ,  H04L45/54 ,  H04L45/586 ,  H04L45/7453 ,  H04L47/125 ,  H04L47/21

Abstract: An administrator can define or modify one or more service graphs. Next, the administrator can register service appliances along with their device package files with a controller. Then, the controller can establish the capabilities of the service devices, and classify the service devices as legacy or service tag switching (STS) capable devices. Then, the controller can create one or more instances of the service graph, by populating the service nodes into the service graph. Then, the application owner can attach their endpoint groups (EPGs) to the service graphs created by the administrator. Then, a service in the network can be automatically provisioned using the service graph to configure one or more nodes in an associated service chain of the service according to information in the service graph.

Abstract translation: 管理员可以定义或修改一个或多个服务图。 接下来，管理员可以使用控制器向其设备包文件注册服务设备。 然后，控制器可以建立服务设备的能力，并将服务设备分类为具有传统功能或服务标签交换（STS）能力的设备。 然后，控制器可以通过将服务节点填充到服务图中来创建服务图的一个或多个实例。 然后，应用程序所有者可以将其端点组（EPG）附加到由管理员创建的服务图。 然后，可以使用服务图自动地提供网络中的服务，以根据服务图中的信息在服务的相关联的服务链中配置一个或多个节点。

公开(公告)号：US20150124590A1

公开(公告)日：2015-05-07

申请号：US14508909

申请日：2014-10-07

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Thomas J. Edsall ,  Navindra Yadav ,  Francisco M. Matus ,  Krishna Doddapaneni ,  Satyam Sinha

IPC: H04L12/703 ,  H04L12/24 ,  H04L12/931 ,  H04L12/741

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: Aspects of the subject disclosure relate to methods for detecting a link failure between the first network device and a destination node, receiving a data packet addressed to the destination node, and rewriting encapsulation information of the first data packet. Subsequent to rewriting the encapsulation information of the first data packet, the first data packet is forwarded to a second network device (e.g., using updated address information in the packet header), wherein the second network device is paired with the first network device in the virtual port channel. In certain aspects, systems and computer readable media are also provided.

Abstract translation: 本公开的方面涉及用于检测第一网络设备和目的地节点之间的链路故障的方法，接收寻址到目的地节点的数据分组以及重写第一数据分组的封装信息。 在重写第一数据分组的封装信息之后，将第一数据分组转发到第二网络设备（例如，使用分组报头中的更新的地址信息），其中第二网络设备与第一网络设备配对 虚拟端口通道。 在某些方面，还提供了系统和计算机可读介质。

公开(公告)号：US20150106625A1

公开(公告)日：2015-04-16

申请号：US14576723

申请日：2014-12-19

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Wei Hong ,  Alec Woo

IPC: H04L9/08 ,  H04L9/14

CPC classification number: H04L9/0819 ,  H04L9/0827 ,  H04L9/0833 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3273 ,  H04L63/065 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W84/18

Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.

Abstract translation: 根据一个实施例，提供了使用组时间密钥来实现网状网络中的设备之间的安全通信的技术。 与网状网络相关联的认证装置在对各个装置进行认证时，为网状网络中的多个装置中的每一个存储成对的主密钥。 使用成对主密钥，认证器设备发起与网状网络中的特定设备的握手过程，以从成对主密钥互相导出成对的时间密钥。 认证器设备使用特定设备的成对时间密钥对组临时密钥进行加密和签名，并将具有成对临时密钥加密和签名的组时间密钥发送到特定设备。

公开(公告)号：US20140156840A1

公开(公告)日：2014-06-05

申请号：US14175284

申请日：2014-02-07

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Atul Mahamuni

IPC: H04L12/26

CPC classification number: H04L43/0876 ,  H04L43/04 ,  H04L43/08 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/16 ,  H04L43/18

Abstract: Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.

Abstract translation: 提供技术以便于监控公用应用业务流。 在用于实用设备路由实用程序应用程序流量的网络设备上，接收控制信息，其中控制信息被配置为使得网络设备监视通过网络设备的应用程序流量。 网络设备基于控制信息监视插入到应用程序业务消息中的报头。