公开(公告)号：US11190445B2

公开(公告)日：2021-11-30

申请号：US16531549

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L12/761 ,  H04L29/08 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US10511590B1

公开(公告)日：2019-12-17

申请号：US16413411

申请日：2019-05-15

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  David Delano Ward ,  Syed Khalid Raza ,  Sape Jurrien Mullender

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/721

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

公开(公告)号：US10270843B2

公开(公告)日：2019-04-23

申请号：US15711235

申请日：2017-09-21

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  James Guichard ,  Dave Barach ,  Alessandro Duminuco ,  Luyuan Fang ,  Paul Quinn ,  Rex Fernando ,  David Ward

IPC: H04L29/08 ,  H04L12/715 ,  H04L12/751

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

公开(公告)号：US10218704B2

公开(公告)日：2019-02-26

申请号：US15287454

申请日：2016-10-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Louis Gwyn Samuel

IPC: H04L29/06 ,  H04L12/927 ,  H04L12/911 ,  G06F9/455 ,  H04L9/32 ,  G06F21/60

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products embodied at a server managing a resource for providing access to a resource in a distributed network. Embodiments include receiving a request from a client for access to a resource, the request comprising a named capability identifying the resource and identifying a server managing the resource; determining, from the named capability, whether the client is authorized to access the resource identified by the named capability; and granting access to the resource named by the named capability based on the named capability received with the request.

公开(公告)号：US20180241671A1

公开(公告)日：2018-08-23

申请号：US15436540

申请日：2017-02-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US10015289B2

公开(公告)日：2018-07-03

申请号：US14457995

申请日：2014-08-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Louis Gwyn Samuel ,  Alessandro Duminuco ,  Kevin D. Shatzkamer ,  Oliver James Bull ,  Ziv Nuss

IPC: H04L12/801 ,  H04L29/06 ,  H04L1/00 ,  H04L12/64

CPC classification number: H04L69/22 ,  H04L1/0026 ,  H04L12/6418 ,  H04L47/115 ,  H04L47/12 ,  H04L47/14

Abstract: An example method is provided in one example embodiment and can include obtaining, within a radio access network, a channel state for a data channel associated with a mobile terminal; including the channel state in a differentiated services (diffserv) marking within an Internet Protocol (IP) header of at least one IP packet associated with the mobile terminal; and transmitting the at least one IP packet including the IP header having the diffserv marking toward a packet data network.

公开(公告)号：US09979704B2

公开(公告)日：2018-05-22

申请号：US14573564

申请日：2014-12-17

Applicant: Cisco Technology, Inc.

Inventor： Kevin D. Shatzkamer ,  Hendrikus G. P. Bosch ,  Warren Scott Wainner ,  James N. Guichard ,  Surendra M. Kumar

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/60

CPC classification number: H04L63/0428 ,  G06F9/45558 ,  G06F21/606 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A first virtual machine is established in a virtual private service chain to provide a first network service to virtual private service chain traffic. A second virtual machine is also established the virtual private service chain to provide a second network service to the virtual private service chain traffic. The virtual private service chain traffic is encrypted for transmission within the virtual private service chain from the first virtual machine to the second virtual machine, wherein the encryption uses a key shared by the first and second virtual machines.

公开(公告)号：US20180103037A1

公开(公告)日：2018-04-12

申请号：US15287454

申请日：2016-10-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Louis Gwyn Samuel

IPC: H04L29/06 ,  H04L12/927 ,  H04L12/911 ,  H04L29/08 ,  G06F9/455 ,  H04L9/32

CPC classification number: H04L63/101 ,  G06F9/45558 ,  G06F21/604 ,  G06F2009/45587 ,  H04L9/3265 ,  H04L63/0428 ,  H04L63/0823

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products embodied at a server managing a resource for providing access to a resource in a distributed network. Embodiments include receiving a request from a client for access to a resource, the request comprising a named capability identifying the resource and identifying a server managing the resource; determining, from the named capability, whether the client is authorized to access the resource identified by the named capability; and granting access to the resource named by the named capability based on the named capability received with the request.

公开(公告)号：US20170359252A1

公开(公告)日：2017-12-14

申请号：US15177021

申请日：2016-06-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Jeffrey Napper ,  Burjiz Pithawala

IPC: H04L12/721 ,  H04L29/12 ,  H04L29/06 ,  H04L12/70

CPC classification number: H04L12/4633 ,  H04L45/306 ,  H04L45/64 ,  H04L61/2503 ,  H04L69/22 ,  H04L2012/5625

Abstract: A method is provided in one example embodiment and includes receiving at a network element an encapsulated packet including an encapsulation header, in which the encapsulation header includes an Analytics Proxy Function (“APF”) flag; determining whether the APF flag is set to a first value; if the APF flag is set to the first value, forwarding the encapsulated packet to a local APF instance associated with the network element, in which the encapsulated packet is processed by the local APF instance to replicate at least a portion of the encapsulated packet, construct a record of the encapsulated packet, or both; and if the APF flag is not set to the first value, omitting forwarding the encapsulated packet to the local APF instance associated with the network element. The local APF instance is implemented as a service function anchored at the forwarding element.

公开(公告)号：US20170163531A1

公开(公告)日：2017-06-08

申请号：US15143253

申请日：2016-04-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Hendrikus G. P. Bosch ,  Kent K. Leung ,  Abhijit Patra

IPC: H04L12/741 ,  H04L12/743 ,  H04L12/935

CPC classification number: H04L45/74 ,  H04L45/00 ,  H04L45/7453 ,  H04L49/3009

Abstract: A method is provided in one example embodiment and includes receiving at a network element a packet including a Network Services Header (“NSH”), in which the NSH includes an Infrastructure (“I”) flag and a service path header comprising a Service Index (“SI”), and a Service Path ID (“SPI”) and determining whether the I flag is set to a first value. The method further includes, if the I flag is set to the first value, setting the I flag to a second value and forwarding the packet to the service function that corresponds to the SI for processing. The method still further includes, if the I flag is not set to the first value, decrementing the SI and making a forwarding decision based on a new value of the SI and the SPI.