公开(公告)号：US20220385563A1

公开(公告)日：2022-12-01

申请号：US17486349

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Rahim Lalani ,  Christopher Blair Murray ,  Jon Langemak ,  Kyle Andrew Donald Mestery ,  Alvin Wong

IPC: H04L45/00 ,  H04L67/51 ,  H04L45/30 ,  H04L41/0853

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US11436111B2

公开(公告)日：2022-09-06

申请号：US16592613

申请日：2019-10-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US11323516B2

公开(公告)日：2022-05-03

申请号：US17329327

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Dominik Rene Tornow ,  Urmil Vijay Dave ,  Kyle Andrew Donald Mestery ,  Ian Wells

IPC: H04L29/08 ,  H04L67/1097

Abstract: Systems, methods, and computer-readable media are provided for reusing execution environments and code of serverless functions while ensuring isolation in serverless computing environments. In some examples, a method can include, in response to a first request to run a serverless function, executing, at an execution environment on a network, computer-readable code configured to perform the serverless function; after the computer-readable code has executed, modifying a pointer to an area of memory used to store a first state of the serverless function to reference a different area of memory; in response to a second request to run the serverless function, reusing, at the execution environment, the computer-readable code to perform the serverless function; and based on the pointer referencing the different area of memory, using the different area of memory to store a second state of the serverless function.

公开(公告)号：US20220070154A1

公开(公告)日：2022-03-03

申请号：US17002170

申请日：2020-08-25

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: H04L29/06 ,  H04L12/46

Abstract: Techniques and mechanisms to reduce double encryption of packets that are transmitted using encrypted tunnels. The techniques described herein include determining that portions of the packets are already encrypted, identifying portions of the packets that are unencrypted, and selectively encrypting the portions of the packets that are unencrypted prior to transmission through the encrypted tunnel. In this way, potentially private or sensitive data in the packets that is unencrypted, such as information in the packet headers, will be encrypted using the encryption protocol of the encrypted tunnel, but the data of the packets that is already encrypted, such as the payload, may avoid unnecessary double encryption. By reducing (or eliminating) the amount of data in data packets that is double encrypted, the amount of time taken by computing devices, and computing resources consumed, to encrypted traffic for encrypted tunnels may be reduced.

公开(公告)号：US20210359954A1

公开(公告)日：2021-11-18

申请号：US16875524

申请日：2020-05-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Andree Toonk ,  Rahim Lalani ,  Ian James Wells

IPC: H04L12/911 ,  H04L12/927 ,  H04L12/717 ,  H04L29/06 ,  H04L29/08

Abstract: Techniques for load balancing communication sessions in a networked computing environment are described herein. The techniques may include establishing a first communication session between a client device and a first computing resource of a networked computing environment. Additionally, the techniques may include storing, in a data store, data indicating that the first communication session is associated with the first computing resource. The techniques may further include receiving, at a second computing resource of the networked computing environment, traffic associated with a second communication session that was sent by the client device, and based at least in part on accessing the data stored in the data store, establishing a traffic redirect such that the traffic and additional traffic associated with the second communication session is sent from the second computing resource to the first computing resource.

公开(公告)号：US10749790B2

公开(公告)日：2020-08-18

申请号：US16247664

申请日：2019-01-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian Wells ,  Gregory Shepherd

IPC: H04L12/28 ,  H04L12/761 ,  H04L12/707 ,  H04L12/721 ,  H04L12/747

Abstract: In one embodiment, a local content hub device in a network receives content for distribution to a plurality of nodes in the network. The content is sent to the local content hub via a wide area network (WAN) using bit index explicit replication (BIER) messaging. The local content hub device caches the content and multicasts the cached content to the plurality of nodes in the network. The local content device determines that at least one of the plurality of nodes in the network did not receive the multicast content. The local content device retransmits the content to at least one of the plurality of nodes in the network that did not receive the multicast content.

公开(公告)号：US09602415B2

公开(公告)日：2017-03-21

申请号：US14877034

申请日：2015-10-07

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Debojyoti Dutta ,  Edgar Francisco Magana Perdomo

IPC: G01R31/08 ,  H04J3/14 ,  H04L1/00 ,  H04L12/851 ,  H04L12/24 ,  H04L29/08 ,  H04L12/46

CPC classification number: H04L47/2408 ,  H04L12/4633 ,  H04L12/4641 ,  H04L41/12 ,  H04L41/50 ,  H04L67/10

Abstract: Techniques are provided to generate and store a network graph database comprising information that indicates a service node topology, and virtual or physical network services available at each node in a network. A service request is received for services to be performed on packets traversing the network between at least first and second endpoints. A subset of the network graph database is determined that can provide the services requested in the service request. A service chain and service chain identifier is generated for the service based on the network graph database subset. A flow path is established through the service chain by flow programming network paths between the first and second endpoints using the service chain identifier.

公开(公告)号：US20150063102A1

公开(公告)日：2015-03-05

申请号：US14014742

申请日：2013-08-30

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Debojyoti Dutta ,  Edgar Francisco Magana Perdomo

IPC: H04L12/851

CPC classification number: H04L47/2408 ,  H04L12/4633 ,  H04L12/4641 ,  H04L41/12 ,  H04L41/50 ,  H04L67/10

Abstract: Techniques are provided to generate and store a network graph database comprising information that indicates a service node topology, and virtual or physical network services available at each node in a network. A service request is received for services to be performed on packets traversing the network between at least first and second endpoints. A subset of the network graph database is determined that can provide the services requested in the service request. A service chain and service chain identifier is generated for the service based on the network graph database subset. A flow path is established through the service chain by flow programming network paths between the first and second endpoints using the service chain identifier.

Abstract translation: 提供技术来生成和存储包括指示服务节点拓扑的信息和在网络中的每个节点处可用的虚拟或物理网络服务的网络图数据库。 接收对在至少第一和第二端点之间穿过网络的分组执行的服务的服务请求。 确定网络图数据库的子集，其可以提供服务请求中请求的服务。 基于网络图数据库子集为服务生成服务链和服务链标识符。 通过使用服务链标识符的第一和第二端点之间的流程编程网络路径，通过服务链建立流路径。

公开(公告)号：US20250159055A1

公开(公告)日：2025-05-15

申请号：US18507944

申请日：2023-11-13

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey Yi Dar Lo ,  Dan Talayco ,  Robert Rodgers ,  Kyle Andrew Donald Mestery ,  TJ Giuli

IPC: H04L67/146

Abstract: Devices, networks, systems, methods, and processes for dynamically proxying traffic between interconnects of devices in a fabric are described herein. A communication network may include multiple switches, including gateway switches and non-gateway switches. Each switch can run a proxy agent for each port of the switch and for each link on each port. The switch may proxy data traffic within the communication network by utilizing the proxy agent. A non-gateway switch can send a connection request to a gateway switch to connect to an external cloud controller. The gateway switch may proxy the connection request to the external cloud controller and receive a session cookie. The non-gateway switch can establish a logical connection with the external cloud controller based on the session cookie.

公开(公告)号：US20250158904A1

公开(公告)日：2025-05-15

申请号：US18506080

申请日：2023-11-09

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey Yi Dar Lo ,  Dan Talayco ,  Robert Rodgers ,  Kyle Andrew Donald Mestery ,  TJ Giuli

IPC: H04L43/062 ,  H04L43/0817

Abstract: Described herein are devices, systems, methods, and processes for managing the collection and synchronization of telemetry data in a network overseen by a cloud-based network controller. This can be achieved by representing telemetry data as doubly-indexed state blocks within a shared meta-schema. Each type within the schema may be associated with a temporal list of objects of that type, providing ordered indexing by name and by time of last change. Cursors representing data witnesses may be threaded in place within these lists, enabling synchronization of telemetry data between devices without buffering. The system can dynamically adjust telemetry collection cadence in real time across devices in the fabric as users navigate the user interface. This approach can provide an effective mechanism to manage the load created by the telemetry, particularly in the context of network switches and telemetry collection.