公开(公告)号：US10079767B2

公开(公告)日：2018-09-18

申请号：US15181159

申请日：2016-06-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Surendra M. Kumar ,  Aeneas Sean Dodd-Noble ,  Anil Kumar Chandrupatla

IPC: H04L12/851 ,  H04L12/801 ,  H04L12/803 ,  H04L29/08 ,  H04L12/713

CPC classification number: H04L47/2441 ,  H04L45/586 ,  H04L45/64 ,  H04L47/125 ,  H04L47/14 ,  H04L67/1076 ,  H04L67/2842

Abstract: A method is provided in one example embodiment and includes receiving at a network element a packet associated with a flow and determining whether a flow cache of the network element includes an entry for the flow indicating a classification for the flow. The method further includes, if the network element flow cache does not include an entry for the flow, punting the packet over a default path to a classifying service function, in which the classifying service function classifies the flow and determines a control plane service function for handling the flow, and receiving from the classifying service function a service path identifier (“SPI”) of a service path leading to the determined control plane service function. The flow is subsequently offloaded from the classifying service function to the network element.

公开(公告)号：US20180063018A1

公开(公告)日：2018-03-01

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911

CPC classification number: H04L47/76 ,  H04L45/306 ,  H04L47/28 ,  H04L47/822

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.

公开(公告)号：US09379931B2

公开(公告)日：2016-06-28

申请号：US14279724

申请日：2014-05-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Ian McDowell Campbell ,  Humberto J. La Roche ,  James N. Guichard ,  Surendra M. Kumar ,  Paul Quinn ,  Alessandro Duminuco ,  Jeffrey Napper ,  Ravi Shekhar

IPC: H04W4/00 ,  H04L29/06 ,  H04W28/02 ,  H04L12/24

CPC classification number: H04L29/06 ,  H04L41/0896 ,  H04L41/5054 ,  H04W28/0268

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

公开(公告)号：US20160050580A1

公开(公告)日：2016-02-18

申请号：US14457995

申请日：2014-08-12

Applicant: CISCO TECHNOLOGY , INC.

Inventor： Hendrikus G. P. Bosch ,  Louis Gwyn Samuel ,  Alessandro Duminuco ,  Kevin D. Shatzkamer ,  Oliver James Bull ,  Ziv Nuss

IPC: H04W24/10 ,  H04L12/801 ,  H04L29/06

CPC classification number: H04L69/22 ,  H04L1/0026 ,  H04L12/6418 ,  H04L47/115 ,  H04L47/12 ,  H04L47/14

Abstract: An example method is provided in one example embodiment and can include obtaining, within a radio access network, a channel state for a data channel associated with a mobile terminal; including the channel state in a differentiated services (diffserv) marking within an Internet Protocol (IP) header of at least one IP packet associated with the mobile terminal; and transmitting the at least one IP packet including the IP header having the diffserv marking toward a packet data network.

Abstract translation: 在一个示例实施例中提供了示例性方法，并且可以包括在无线电接入网络内获得与移动终端相关联的数据信道的信道状态; 包括在与移动终端相关联的至少一个IP分组的因特网协议（IP）报头中的差分服务（diffserv）标记中的信道状态; 以及向分组数据网络发送包括具有diffserv标记的IP报头的至少一个IP分组。

公开(公告)号：US20150334595A1

公开(公告)日：2015-11-19

申请号：US14279724

申请日：2014-05-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Ian McDowell Campbell ,  Humberto J. La Roche ,  James N. Guichard ,  Surendra M. Kumar ,  Paul Quinn ,  Alessandro Duminuco ,  Jeffrey Napper ,  Ravi Shekhar

IPC: H04W28/02 ,  H04L12/24

CPC classification number: H04L29/06 ,  H04L41/0896 ,  H04L41/5054 ,  H04W28/0268

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

Abstract translation: 在一个示例性实施例中提供了示例性方法，并且可以包括在网关处接收订户的分组，其中所述网关包括用于与一个或多个策略服务器进行接口的本地策略锚点以及用于与一个或多个服务 每个服务链包括由网关可访问的一个或多个服务; 确定服务链以接收订户的分组; 用标题附加订户的分组，其中该报头至少部分地包括用户的标识信息和用于本地策略锚的因特网协议（IP）地址; 以及将包括所述头部的分组注入到为所述用户确定的服务链中。

公开(公告)号：US20150271205A1

公开(公告)日：2015-09-24

申请号：US14521856

申请日：2014-10-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Surendra M. Kumar ,  Humberto J. La Roche ,  Jeffrey Napper ,  Kevin D. Shatzkamer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0281 ,  H04L63/0435 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.

Abstract translation: 在一个实施例中，提供了一种用于实现网络之间的带内数据交换的方法。 该方法可以包括通过位于第一网络中的第一包络代理接收在客户端和服务器之间建立的SSL会话的至少一个常规安全套接字层（SSL）记录; 从位于所述第一网络中的网元接收所述数据; 将数据编码成至少一个自定义SSL记录; 以及将所述至少一个常规SSL记录和所述至少一个定制SSL记录发送到包络代理。 在另一个实施例中，一种方法可以包括：在客户端和服务器之间建立的SSL会话接收至少一个常规安全套接字层（SSL）记录和至少一个定制SSL记录; 从至少一个自定义SSL提取数据; 发送所述至少一个常规SSL记录。

公开(公告)号：US20140379938A1

公开(公告)日：2014-12-25

申请号：US13923257

申请日：2013-06-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  David Richard Barach ,  Michael E. Lipman ,  Alessandro Duminuco ,  James N. Guichard ,  Humberto J. La Roche

IPC: H04L12/803

CPC classification number: H04L47/125

Abstract: An example method for load balancing in a network environment is provided and includes receiving a packet from a first stage load-balancer in a network environment, where the packet is forwarded from the first stage load-balancer to one of a plurality of second stage load-balancers in the network according to a hash based forwarding scheme, and routing the packet from the second stage load-balancer to one of a plurality of servers in the network according to a per-session routing scheme. The per-session routing scheme includes retrieving a session routing state from a distributed hash table in the network. In a specific embodiment, the hash based forwarding scheme includes equal cost multi path routing. The session routing state can include an association between a next hop for the packet and the packet's 5-tuple representing a session to which the packet belongs.

Abstract translation: 提供了一种用于在网络环境中进行负载平衡的示例性方法，并且包括在网络环境中从第一级负载平衡器接收分组，其中分组从第一级负载平衡器转发到多个第二级负载 根据基于散列的转发方案在网络中平衡器，并且根据每会话路由方案将分组从第二阶段负载平衡器路由到网络中的多个服务器之一。 每会话路由方案包括从网络中的分布式哈希表检索会话路由状态。 在具体实施例中，基于散列的转发方案包括相同成本的多路径路由。 会话路由状态可以包括分组的下一跳与分组所属的会话的分组的5元组之间的关联。

公开(公告)号：US20140351452A1

公开(公告)日：2014-11-27

申请号：US13898932

申请日：2013-05-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract translation: 这里提出的是在包括一个或多个服务区域的网络环境中使用的技术，每个服务区域包括要应用于网络业务的在线应用服务的至少一个实例以及一个或多个路由器以将网络流量引导到 至少一个服务，以及被分配给唯一服务区的路由目标，以用作通过控制协议在其他服务区域，目的地网络或源网络的路由器之间路由导入和导出的社区值。 每个服务区域或目标网络中的边缘路由器通过其路由目标标记的目标网络前缀来通告路由。 通过在服务区域或源网络的边缘路由器上的路由目标导入和导出目标网络前缀来创建服务链。

公开(公告)号：US12261847B2

公开(公告)日：2025-03-25

申请号：US18197895

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G P Bosch ,  Jeffrey Michael Napper ,  Alessandro Duminuco ,  Sape Jurrien Mullender ,  Julien Barbot ,  Vinny Parla

IPC: H04L9/40 ,  H04L61/4511

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

公开(公告)号：US12261826B2

公开(公告)日：2025-03-25

申请号：US17857678

申请日：2022-07-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Zohar Kaufman

IPC: G06F21/00 ,  G06F9/455 ,  G06F9/54 ,  H04L9/40

Abstract: A system of one embodiment allows for redirecting service and API calls for containerized applications in a computer network. The system includes a memory and a processor. The system processes a plurality of application workflows of a containerized application workload. The system then identifies at least one application workflow of the plurality of application workflows and at least one workflow-specific routing rule associated with the at least one application workflow. The system then determines at least one proxy server address for each identified application workflow based on the at least one associated workflow-specific routing rule. Then the system determines at least one proxy server address for each identified application workflow based on the at least one associated workflow-specific routing rule. The system then may communicate the at least one identified application workflow to the at least one proxy server using the at least one determined proxy server addresses.